IETF Logo Mail Archive

Re: [Masque] Unified CONNECT-IP document

Tommy Pauly <tpauly@apple.com> Mon, 25 October 2021 15:55 UTC

Return-Path: <tpauly@apple.com>
X-Original-To: masque@ietfa.amsl.com
Delivered-To: masque@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6A08D3A0B0A for <masque@ietfa.amsl.com>; Mon, 25 Oct 2021 08:55:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.101
X-Spam-Level:
X-Spam-Status: No, score=-2.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=apple.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id b6ilvzbXvEvL for <masque@ietfa.amsl.com>; Mon, 25 Oct 2021 08:55:28 -0700 (PDT)
Received: from ma1-aaemail-dr-lapp02.apple.com (ma1-aaemail-dr-lapp02.apple.com [17.171.2.68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DAE673A0D38 for <masque@ietf.org>; Mon, 25 Oct 2021 08:55:17 -0700 (PDT)
Received: from pps.filterd (ma1-aaemail-dr-lapp02.apple.com [127.0.0.1]) by ma1-aaemail-dr-lapp02.apple.com (8.16.0.42/8.16.0.42) with SMTP id 19PFP2vK051211; Mon, 25 Oct 2021 08:55:15 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=apple.com; h=from : message-id : content-type : mime-version : subject : date : in-reply-to : cc : to : references; s=20180706; bh=ghI2t6CxH5+loCCsK81bqZDYpokEm61YMfNUc4eEggA=; b=YRHonVMMC5T33EXA5dfiGW+WYUYVNqJvWkykQTRGaB3enWlzM4+cCCexxyCn9PyU1RDq a3gifz43Me/Bl0rEwq1tcV7hkcT8jKflJ/RT/oxiE2CRdEK7QJ9yrBWTen2bYuJ1ONWn vIYGZ1obxnLDT0jgmXlZ6V9nDOTaxV2Cneig6Uwq0GiFeO/zYzPnlUlO0wpXdmfaQlhM 2R/z2zQ9u17NIUiFQufkNtrtLhp+KNIrR/jvkgzWoOac8YuxWVY3YDbzSTUtC5p/9A8q XPB2rVo8E0bmvHf8R49PqmZIZEPd2sjErpLSVrYFuWk2sghJnKOaGff8WVdXJoaFkByF 0A==
Received: from rn-mailsvcp-mta-lapp02.rno.apple.com (rn-mailsvcp-mta-lapp02.rno.apple.com [10.225.203.150]) by ma1-aaemail-dr-lapp02.apple.com with ESMTP id 3bvf2t39mv-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Mon, 25 Oct 2021 08:55:14 -0700
Received: from rn-mailsvcp-mmp-lapp03.rno.apple.com (rn-mailsvcp-mmp-lapp03.rno.apple.com [17.179.253.16]) by rn-mailsvcp-mta-lapp02.rno.apple.com (Oracle Communications Messaging Server 8.1.0.12.20210903 64bit (built Sep 3 2021)) with ESMTPS id <0R1J006OLIW2Y830@rn-mailsvcp-mta-lapp02.rno.apple.com>; Mon, 25 Oct 2021 08:55:14 -0700 (PDT)
Received: from process_milters-daemon.rn-mailsvcp-mmp-lapp03.rno.apple.com by rn-mailsvcp-mmp-lapp03.rno.apple.com (Oracle Communications Messaging Server 8.1.0.12.20210903 64bit (built Sep 3 2021)) id <0R1J00300INC5900@rn-mailsvcp-mmp-lapp03.rno.apple.com>; Mon, 25 Oct 2021 08:55:14 -0700 (PDT)
X-Va-A:
X-Va-T-CD: dfc86da510652575580ff00346bca277
X-Va-E-CD: d3a960d7abe0d6de30dc453518860af7
X-Va-R-CD: bc58c1ec0d92aa0f3cf0d3d166d1c3a6
X-Va-CD: 0
X-Va-ID: 1c1cf2f2-e007-4680-8637-6d0ffd5ced0a
X-V-A:
X-V-T-CD: dfc86da510652575580ff00346bca277
X-V-E-CD: d3a960d7abe0d6de30dc453518860af7
X-V-R-CD: bc58c1ec0d92aa0f3cf0d3d166d1c3a6
X-V-CD: 0
X-V-ID: 86d13c3d-8ccc-4dbf-b99b-9311e82c8722
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.425, 18.0.790 definitions=2021-10-25_05:2021-10-25, 2021-10-25 signatures=0
Received: from smtpclient.apple (unknown [17.234.59.124]) by rn-mailsvcp-mmp-lapp03.rno.apple.com (Oracle Communications Messaging Server 8.1.0.12.20210903 64bit (built Sep 3 2021)) with ESMTPSA id <0R1J00NN8IW1G100@rn-mailsvcp-mmp-lapp03.rno.apple.com>; Mon, 25 Oct 2021 08:55:13 -0700 (PDT)
From: Tommy Pauly <tpauly@apple.com>
Message-id: <932797C1-5EEC-4FFB-9A44-B8BE7E1F1093@apple.com>
Content-type: multipart/alternative; boundary="Apple-Mail=_D2AF7633-84B4-4A21-A91B-7236B6C6C553"
MIME-version: 1.0 (Mac OS X Mail 15.0 \(3691.0.3\))
Date: Mon, 25 Oct 2021 08:55:13 -0700
In-reply-to: <20F079CA-5FBC-4AFD-8341-81420F737AD0@apple.com>
Cc: David Schinazi <dschinazi.ietf@gmail.com>, Ben Schwartz <bemasc@google.com>, MASQUE <masque@ietf.org>
To: Tommy Pauly <tpauly=40apple.com@dmarc.ietf.org>
References: <163483333684.11698.8923115285341694672@ietfa.amsl.com> <A073E49D-DA79-4C19-AA90-AD4C9484EA08@apple.com> <CAPDSy+6Ny2F5kRiA=cExjWtKVE1KYLKd6K3=gYCpW9_N_uWp2w@mail.gmail.com> <CAHbrMsDkfs-EsQxOa=-1e=YwcPm5CuAbryEBtUz-DKRgL+VHoA@mail.gmail.com> <CAPDSy+7TPGWGD6UzwSH+ZiawuJeaKOtnsNNdQtfzmK-wJczEwA@mail.gmail.com> <CAHbrMsAWueLtPj-Eex62ibAi-FLPm=tdexkQ2NzS1De77Yxieg@mail.gmail.com> <CAPDSy+4jzZb58k1LFPw_ntD3ZMQ-dS_zCF-GZz7sNBVD4OV4Xw@mail.gmail.com> <20F079CA-5FBC-4AFD-8341-81420F737AD0@apple.com>
X-Mailer: Apple Mail (2.3691.0.3)
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.425, 18.0.790 definitions=2021-10-25_05:2021-10-25, 2021-10-25 signatures=0
Archived-At: <https://mailarchive.ietf.org/arch/msg/masque/JNlNftzEuf56l5qY06S_9W7XSm8>
Subject: Re: [Masque] Unified CONNECT-IP document
X-BeenThere: masque@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Multiplexed Application Substrate over QUIC Encryption <masque.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/masque>, <mailto:masque-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/masque/>
List-Post: <mailto:masque@ietf.org>
List-Help: <mailto:masque-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/masque>, <mailto:masque-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Oct 2021 15:55:32 -0000

We pushed an -01 version with these corrections here:

 https://www.ietf.org/archive/id/draft-age-masque-connect-ip-01.html <https://www.ietf.org/archive/id/draft-age-masque-connect-ip-01.html>

Best,
Tommy

> On Oct 21, 2021, at 2:33 PM, Tommy Pauly <tpauly=40apple.com@dmarc.ietf.org> wrote:
> 
> 
> 
>> On Oct 21, 2021, at 2:11 PM, David Schinazi <dschinazi.ietf@gmail.com <mailto:dschinazi.ietf@gmail.com>> wrote:
>> 
>> 
>> 
>> On Thu, Oct 21, 2021 at 2:05 PM Ben Schwartz <bemasc@google.com <mailto:bemasc@google.com>> wrote:
>> 
>> 
>> On Thu, Oct 21, 2021 at 4:55 PM David Schinazi <dschinazi.ietf@gmail.com <mailto:dschinazi.ietf@gmail.com>> wrote:
>> ... 
>> I think our options for both CONNECT-IP and CONNECT-UDP are:
>> 1) represent proxy via URI templates (what both drafts have today)
>> 2) represent proxy via URL, and use explicit query parameters to convey host/port/etc information
>> 3) represent proxy via URL, and use HTTP headers to convey host/port/etc information
>>  
>> Having recently implemented URI templates, I agree that there be dragons in (1). Between (2) and (3), I think that (3) is easier to implement and reason about personally.
>> 
>> That makes sense to me.  I don't have any strong preferences here; I just wanted to raise the issue.
>> 
>> Can I ask you to also raise the issue on GitHub? I think it makes sense to discuss this in the context of CONNECT-UDP at 112:
>> https://github.com/ietf-wg-masque/draft-ietf-masque-connect-udp/issues/new <https://github.com/ietf-wg-masque/draft-ietf-masque-connect-udp/issues/new>
>> 
>> > If the target is a hostname, the server is expected to perform DNS resolution to determine which route(s) to advertise to the client.
>> 
>> This is fascinating, but perhaps underspecified.  I think the proxy SHOULD return route advertisements for _all_ addresses for the target name (in all families).  Then the client can implement racing and failover as appropriate.  (Also, some clients have policies that depend on whether two hostnames resolve to _overlapping_ RRSets, which requires them to learn all the addresses.)
>> 
>> I'm not sure I follow, can you elaborate?
>> 
>> Section 6.2 shows the proxy advertising a single IP address route for "server.example.com <http://server.example.com/>".  Section 4.1 says "route(s)", implying that the proxy might choose to advertise multiple routes to the target host, presumably because DNS resolution returned multiple A/AAAA records.
>> 
>> I see the current text as an implicit "MAY return all the IP addresses", and I'm suggesting an upgrade to SHOULD.
>> 
>> That makes sense to me. Esteemed co-authors, any thoughts on this?
> 
> Yes, I agree that it SHOULD return all addresses. I filed this: https://github.com/tfpauly/draft-age-masque-connect-ip/issues/37 <https://github.com/tfpauly/draft-age-masque-connect-ip/issues/37>
> 
> Thanks,
> Tommy
>> 
>> David 
>> -- 
>> Masque mailing list
>> Masque@ietf.org <mailto:Masque@ietf.org>
>> https://www.ietf.org/mailman/listinfo/masque <https://www.ietf.org/mailman/listinfo/masque>
> 
> -- 
> Masque mailing list
> Masque@ietf.org <mailto:Masque@ietf.org>
> https://www.ietf.org/mailman/listinfo/masque <https://www.ietf.org/mailman/listinfo/masque>

v2.23.0 | Report a Bug | By Email