IETF Logo Mail Archive

Re: [Masque] WGLC for "Requirements for a MASQUE Protocol to Proxy IP Traffic"

Mark Nottingham <mnot@mnot.net> Tue, 08 June 2021 07:29 UTC

Return-Path: <mnot@mnot.net>
X-Original-To: masque@ietfa.amsl.com
Delivered-To: masque@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AF2973A25EE for <masque@ietfa.amsl.com>; Tue, 8 Jun 2021 00:29:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mnot.net header.b=F+Nqrt5p; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=KYDFiWwQ
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id H0WyPwgHNJW6 for <masque@ietfa.amsl.com>; Tue, 8 Jun 2021 00:29:37 -0700 (PDT)
Received: from wout1-smtp.messagingengine.com (wout1-smtp.messagingengine.com [64.147.123.24]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D5A3F3A25EC for <masque@ietf.org>; Tue, 8 Jun 2021 00:29:37 -0700 (PDT)
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.west.internal (Postfix) with ESMTP id 9790617CF; Tue, 8 Jun 2021 03:29:36 -0400 (EDT)
Received: from mailfrontend2 ([10.202.2.163]) by compute4.internal (MEProxy); Tue, 08 Jun 2021 03:29:36 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mnot.net; h= content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; s=fm2; bh=P MRV6PJ3sPAr3q3whdVL8iKqWrVmOORf+UjF+m+FlzA=; b=F+Nqrt5px/0Qo9ofA Vjtkv8d8K8WKsIvo0OKgPC+Om74WEHW7GouzUjNq1TQmK4t8zqJY4ZayRUTp8fMk uLxcpfr/SuRvRddgw1Q5YeexJZU455TzuCxghbyr4W98SmFwiIN21DxNoPZr17g1 KgzlBDqeBkqnnvy/3xDyhqJPh0rhYNAL5qXYjVngof+DaI5KPti/mfE3CVYjOPgI G60iY0/urJYs80AASYx+EjSsSqW7QNgdhV5IfPUzrUrU6STUKM1+a7xbQGZOlgVn hVU05QfwnTTX0cEfNExfKwMaQOGqtMS8E5Pk4WCJSTRfQ4JAT4kHkECXFTJoHxag aRKnA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm3; bh=PMRV6PJ3sPAr3q3whdVL8iKqWrVmOORf+UjF+m+Fl zA=; b=KYDFiWwQ6oo7DDaV74ETASt44JL92SnpDCh35bQu6O3pXCaO9SIbmcYQs 5nrxf7JL5xF7UNzsCRS6rxjLJhcbZQZUt0Hhxge98tEPYwepr/Kcz9NOwHo5ch1x uqrwvLAII5VtkwMePZqcgj+2TaetX+SADKUqxBeMA9z19mIqw8rXymeuGYb7GM3p t0LwrAYW9/lOu/j3GsZNiCgYUDGdcDPushxZ0oLgDSc1EM+V9q1CKyVJfmPQqGRQ EKje0XVmwajfVjVC3YJN/jWotAMg5XspL5AWQRxB6jfuwSDc8laalMDDcaCxdrM7 PPoHAE/1WVpH50TtS0lZ5uvGbMGGg==
X-ME-Sender: <xms:Xhy_YIioi_YR-oHHmOQRFcBjkBx24r_io4haeSRQgUGszhXAA9ZLQA> <xme:Xhy_YBAONwirUtt9J1R7aNG1gyxfUFLf2BTdIZvup5gr2ZRbbBoNc82TbG5Gne85H hjpGFo8Fjku8qGj8Q>
X-ME-Received: <xmr:Xhy_YAG1M8RzyL_jMFvoDYxLQg-gp1AW73IjjpYyuHQ0aORy2tKFbayDISY46HhNfKCa03rr8NJQIBoLQhXIcUemqW_U5plIYleg_gHhl-V0m559XoRLPy-g>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduledrfedtkedgudduvdcutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecunecujfgurheptggguffhjgffgffkfhfvofesth hqmhdthhdtvdenucfhrhhomhepofgrrhhkucfpohhtthhinhhghhgrmhcuoehmnhhothes mhhnohhtrdhnvghtqeenucggtffrrghtthgvrhhnpeefhefhieeukefgiefhveefheekgf evueehgfeigffhffduvddtteekfeefvdehueenucffohhmrghinhepthhhihhsughotghu mhgvnhhtuggvshgtrhhisggvshhthhgvshgvthhofhhrvghquhhirhgvmhgvnhhtshhfoh hrshhutghhrghprhhothhotgholhdrnhgvfidphhhtthhprdhnvgifpdhhthhtphifghdr ohhrghdpihgvthhfrdhorhhgpdhgihhthhhusgdrtghomhdpmhhnohhtrdhnvghtnecuve hluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomhepmhhnohhtsehm nhhothdrnhgvth
X-ME-Proxy: <xmx:Xhy_YJRjcv6r3mj__jxby0UGm6zccijxpRBIKVga6r6s2JA46hCbsQ> <xmx:Xhy_YFwi33xfzWdCUHjBqhbSunywunvbImaxI7pTvnFg-a3XFc-C0A> <xmx:Xhy_YH7llpka_c-vkaGTqZ02v1DRKRsq3PILgADQN9nY4FQ8onJL2Q> <xmx:YBy_YN8829cgHlBEI6qkgzdnIvxmV39y8uWlDgvb6oA0ELRqCIqsgg>
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Tue, 8 Jun 2021 03:29:33 -0400 (EDT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.100.0.2.22\))
From: Mark Nottingham <mnot@mnot.net>
In-Reply-To: <d314198b-6c01-4b15-84d8-9896b5fdee80@www.fastmail.com>
Date: Tue, 08 Jun 2021 17:29:29 +1000
Cc: masque@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <F47265D0-C3B6-47F6-A723-CE3FB319A0E2@mnot.net>
References: <d314198b-6c01-4b15-84d8-9896b5fdee80@www.fastmail.com>
To: Christopher Wood <caw@heapingbits.net>
X-Mailer: Apple Mail (2.3654.100.0.2.22)
Archived-At: <https://mailarchive.ietf.org/arch/msg/masque/ItzmCxQ8XHNU8sPSg_kXK8QkRfE>
Subject: Re: [Masque] WGLC for "Requirements for a MASQUE Protocol to Proxy IP Traffic"
X-BeenThere: masque@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Multiplexed Application Substrate over QUIC Encryption <masque.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/masque>, <mailto:masque-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/masque/>
List-Post: <mailto:masque@ietf.org>
List-Help: <mailto:masque-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/masque>, <mailto:masque-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Jun 2021 07:29:44 -0000

Hello,

This document seems to be asking for one or more HTTP extensions, but is expressed almost entirely in terms of IP. That's not terribly helpful to readers; what's needed is a mapping between IP and HTTP (in the direction opposite to that defined by RFC7230 and RFC7540!) to guide expectations. Some suggested edits:

OLD:
'There is interest among MASQUE working group participants in designing a protocol that can proxy IP traffic over HTTP. This document describes the set of requirements for such a protocol.'
NEW:
'MASQUE working group participants are interested in extending HTTP to allow it to tunnel IP traffic. This document describes the relevant requirements.'

OLD:
'This document describes the set of requirements for a protocol that can proxy IP traffic over HTTP.'
NEW:
'This document describes the set of requirements for extending HTTP to tunnel IP traffic.'

QUESTION:
'The server will have the ability to accept or deny the client's request.'  <-- which server? Any server along the request chain, or the origin server? next hop?

QUESTION:
'The Data Transports MUST be able to take IP datagrams input on one side and egress them unmodified in their entirety on the other side,' <-- are these sides the user agent and the origin server, or something else? Similar questions about 'client' and 'server' in subsequent text.

OLD:
'The IP proxying protocol discussed in this document will run over HTTP.'
NEW:
'The requirements discussed in this document will be met by the definition of HTTP/2 extension(s), HTTP/3 extension(s), and possibly one or more HTTP semantic extensions.'

Along those lines, it'd probably be helpful to add a note that if HTTP semantic extensions are defined, they are by nature usable in all versions of HTTP, although the WG might choose not to define their operation in a given protocol version.

Additionally, wherever 'protocol' is used, 'HTTP extension(s)' should be substituted. Likewise, wherever 'proxy' is used, 'tunnel' should be substituted (see <https://httpwg.org/http-core/draft-ietf-httpbis-semantics-latest.html#intermediaries>).

Finally, I don't see anywhere where it's explicitly said that after these extensions are used, the connection still needs to be usable for HTTP traffic. That seems like something that's important to establish one way or another (I have my preferences here, of course).

Cheers,


> On 27 May 2021, at 12:33 am, Christopher Wood <caw@heapingbits.net> wrote:
> 
> This email starts the working group last call for "Requirements for a MASQUE Protocol to Proxy IP Traffic", located here:
> 
>    https://datatracker.ietf.org/doc/draft-ietf-masque-ip-proxy-reqs/
> 
> This last call serves to solidify requirements for subsequent work on CONNECT-IP solutions, as discussed in [1].
> 
> Please review the document and send your comments to the list by June 11.
> 
> Note the the GitHub repository for this draft can be found here: 
> 
>    https://github.com/ietf-wg-masque/draft-ietf-masque-ip-proxy-reqs
> 
> Thanks,
> Chris and Eric
> 
> [1] https://mailarchive.ietf.org/arch/msg/masque/LXObvy1DDuxLs-3dndyNKY0W4Gs/
> 
> -- 
> Masque mailing list
> Masque@ietf.org
> https://www.ietf.org/mailman/listinfo/masque

--
Mark Nottingham   https://www.mnot.net/

v2.23.0 | Report a Bug | By Email