[Masque] RTGDIR review: draft-ietf-masque-connect-ethernet-07
Donald Eastlake <d3e3e3@gmail.com> Sat, 09 August 2025 00:28 UTC
Return-Path: <d3e3e3@gmail.com>
X-Original-To: masque@mail2.ietf.org
Delivered-To: masque@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 6703351E955C; Fri, 8 Aug 2025 17:28:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -1.849
X-Spam-Level:
X-Spam-Status: No, score=-1.849 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MiQ1VAcZ3Lm4; Fri, 8 Aug 2025 17:28:20 -0700 (PDT)
Received: from mail-qt1-x82c.google.com (mail-qt1-x82c.google.com [IPv6:2607:f8b0:4864:20::82c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 073A551E9511; Fri, 8 Aug 2025 17:28:17 -0700 (PDT)
Received: by mail-qt1-x82c.google.com with SMTP id d75a77b69052e-4b062b6d51aso30402941cf.2; Fri, 08 Aug 2025 17:28:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1754699296; x=1755304096; darn=ietf.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=hH+mBNPXWQtDchJ+cb5ws4bL73n3N4UtkK9WFG53aMM=; b=kOswV4tqFJjHOT4sYPtza1h2IWYrHqqbV4SqTYvQsB2umjSxxfBagpz1EA7/UrBxsn Syb76YPPTxkqpGa9zOWrQelv0RnOgCfYFwwAAbnYqHVEu/qJNZQJoxp4AD7osCYZx8Ts ko3klEa8xVaXe+aYHrn/TggQtEE8m8Uk7vBZZWgFUQ7eBna3yywpenUAlvoppNz0Rfi4 9ZXU7KGrHKQgfEf8P5CqviNvluZQVAjD4gMXO3o27VXsoyhQ4FnhjRnEbVLxYkeQf8dA 4pqfi8VqdBfgjmXxao0+UsHLG6sVaLbmlQhykaUope/m5fzmh4yIDhFhY1rx02jbVzsu 0sLw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1754699296; x=1755304096; h=content-transfer-encoding:cc:to:subject:message-id:date:from :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=hH+mBNPXWQtDchJ+cb5ws4bL73n3N4UtkK9WFG53aMM=; b=h4VFLEPd44QuOj+asAYe9UB1wqxRLMpi84r7Sa0Gxzpi7kRn0s0AET/T/4CBXE81Or CyjFKyRih2z7Yv2+sL7eku8pGJ54iDyISUuhsLoZWnvC9OuiTKka86ppG4o8/iTKKgYJ myoZL3GJpQS7SLwGtg2bPIvMwZklp73BYjhQ5R4ZMtkQhasXWvvw37ldAd9iSQuXLj01 ZD2nbND7hT+mhu+k4Uyay+onw1AHH3WYtbK0al+79myhL70xMbluAVu+Ogme6wliU0YX cgnKEgqBVVMNQWYDIhLbPM5JYUf+LORNzXsyqdmkEj5b6IM1zqKRVka11XTLa0EcXvtJ ENIw==
X-Forwarded-Encrypted: i=1; AJvYcCU7zMbLeaufiolBNPhM4Em/ygrKJA99+DduddFytsrGTSlMjxDT89IrnZFFQPQYY9rulkvBkFj6y6oLSenXdQ==@ietf.org, AJvYcCXQXJjxuNFevCIJYay4rn+WUwHfXXaaZ+/ruy2zYJ0qOOZiNcVfJ3xMmOtQMjkhMGQ5/PULCXajaJ52bAArxCY7Zbxa0GtgC/f58eqzRfbEfkcSk8Ldiw==@ietf.org
X-Gm-Message-State: AOJu0YyIGIT07r7I4SZHHzzvBJW3+gpsQzoXvnsTW/c5SV97tUNvEiok e/TjkciGqgL7HYt63wERLc/GoEp5kyJT/qMr20O5APMP7ZizZ4JJH6YU5JK9+6XUF0AHOAU2aaC narpHrzMcDG00nZ4Qwz2Q+uhyX+W85oBDuU3a
X-Gm-Gg: ASbGncsVq7tdBQjNEDVMFUQ0YzhGdQhcETMIsK/337SfYJwZOu7ZyzyVrx6ykWTqrYd dwzwrkQhJ/oPujTEfU0LU4ylPZBLw3Z/IG0pdolVr1ymbyWhuPbXfsUy1Le/7uKNuyGBMDnxd7V tt0LHmWr/4UMluaXzYfIgZSytT2JjYmkVuhSVO7I7d6qxQHnx3jHIA5jDqTh9ZhLmcSB/ifVlYm UATUwFyU51kzH6b
X-Google-Smtp-Source: AGHT+IEbNeNtznaHbPNKzyVujKAjnui08UjcaMZiBX1z0CILYXXSjJRh5lmm8mfr5Oqep4tUPl/LXWh/r4vYNndCEng=
X-Received: by 2002:a05:622a:148d:b0:4ab:42a5:7f1b with SMTP id d75a77b69052e-4b0bd19be5dmr23542311cf.47.1754699295945; Fri, 08 Aug 2025 17:28:15 -0700 (PDT)
MIME-Version: 1.0
From: Donald Eastlake <d3e3e3@gmail.com>
Date: Fri, 08 Aug 2025 20:28:05 -0400
X-Gm-Features: Ac12FXwb7vooo1BrDqd2BZLuXpTTBOBUYNpt-BPFU4ZqquHBSi1gY0E4RO9_EQc
Message-ID: <CAF4+nEG-eynZHGORUmyLPi-5H-9hbtne5Ly-NM9=GwtU4SPuwQ@mail.gmail.com>
To: masque@ietf.org, masque-chairs@ietf.org
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: L2OBXYDTTHQDH3DM5UXVHKELRZJCWSWJ
X-Message-ID-Hash: L2OBXYDTTHQDH3DM5UXVHKELRZJCWSWJ
X-MailFrom: d3e3e3@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Routing Directorate <rtg-dir@ietf.org>, draft-ietf-masque-connect-ethernet.all@ietf.org
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [Masque] RTGDIR review: draft-ietf-masque-connect-ethernet-07
List-Id: Multiplexed Application Substrate over QUIC Encryption <masque.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/masque/L6FJbLq-Jrg-hXILZhR8874wOfU>
List-Archive: <https://mailarchive.ietf.org/arch/browse/masque>
List-Help: <mailto:masque-request@ietf.org?subject=help>
List-Owner: <mailto:masque-owner@ietf.org>
List-Post: <mailto:masque@ietf.org>
List-Subscribe: <mailto:masque-join@ietf.org>
List-Unsubscribe: <mailto:masque-leave@ietf.org>
Hello,
I have been selected to do a routing directorate “early” review of this draft.
The routing directorate will, on request from the working group chair,
perform an “early” review of a draft before it is submitted for
publication to the IESG. The early review can be performed at any time
during the draft’s lifetime as a working group document. The purpose
of the early review depends on the stage that the document has
reached. As this document is in working group last call, my focus for
the review was to determine whether the document is ready to be
published. Please consider my comments along with the other working
group last call comments.
These comments are intended to help improve the document and should be
considered along with other WG Last Call comments that you receive.
Document: draft-ietf-masque-connect-ethernet-07
Reviewer: Donald Eastlake
Review Date: 8 August 2025
IIntended Status: Standards Track
Summary: This document is reasonably well written but I have some
minor concerns about it that I think should be resolved before it is
submitted to the IESG.
Comments and Questions:
This document primarily specifies how to tunnel an Ethernet segment
over various versions of HTTP and I believe it does a good job of that
from my somewhat limited knowledge of the varieties of HTTP.
I found Section 7 to be a bit incomplete (or perhaps confusing).
Looking at the example in Section 8.2, it seems to me that to
implement that example, the Client box and the L2 Proxy boxes must act
as bridges, or perhaps together as one bridge when viewed externally.
In particular, the frames accepted by and sent from the Client and the
L2 Proxy to their local broadcast domain would not have the MAC
address of the Client or L2 Proxy ethernet ports. This potentially
leads to various questions as to which LLDP multicast address those
ports respond to? And are they visible to 802.1 CFM (Connectivity
Fault Management)? Can the ethernet tunneling service really
interoperate if such decisions are not coordinated at the two ends?
I assume the idea is to try to sweep all this under the carpet or
the like. But I think that, at a minimum, the draft needs to say that,
in cases where the Client or L2 Proxy is connected to an ethernet
segment, then the port through which that connection occurs must act
like a bridge port, and not a router port, in that it will receive
ethernet frames despite the frame destination MAC address not being
the port address and will send ethernet frames with a source MAC
address other than the port address.
Section 10: Should mention, perhaps in the 2nd paragraph, the
possibility of 802.1X port based authentication to authenticate access
by devices on the broadcast domain at either end.
Section 4, last paragraph: Why is the requirement to use HTTP over TLS
or QUIC encryption a MUST? What if MACSEC [IEEE Std 802.1AE] is in use
on the virtual Ethernet segment being set up?
Section 9.1, particularly the last paragraph: In the IEEE 802.1
Ethernet world, re-ordering of frames is considered MUCH, worse than
dropping frames. Obviously, if the traffic is actually IP or some
protocol engineered to tolerate re-ordering, this does not apply. But
for general ethernet traffic, in order delivery is commonly assumed.
However, this only applies within a priority level, if the ethernet
frame is VLAN or priority tagged (a priority tag is just a VLAN tag
with a zero VLAN ID).
Section 9.2: Stripping and applying VLAN tags (which can result in
mapping one VLAN to another) is definitely the sort of thing that
bridge ports do, so this further pushes towards the Client and L2
Proxy ports on their local broadcast domain being bridge ports.
Section 12: Should Reference appropriate IEEE 802 standard. 802.1Q and
802.3 at a minimum.
Nits:
-----
Section 4, paragraph 1: Since you have just referred to a Section in
another RFC, it is not immediately obvious which document the final
"Section 6." is referring to. I suggest saying "Section 6 of this
document."
The draft uses SHALL in some cases and MUST in others. Best to be consistent.
Section 4.4: Maybe the paragraph after the list should be a little
more explicit. Something like: "An Ethernet proxying request that does
not conform to these restrictions is malformed and results in an error
response as discussed in Section 8.1.1 of [HTTP/2] and Section 4.1.2
of [HTTP/3]."
Section 4.5, right after the list: "any" -> "either"
Thanks,
Donald
===============================
Donald E. Eastlake 3rd +1-508-333-2270 (cell)
2386 Panoramic Circle, Apopka, FL 32703 USA
d3e3e3@gmail.com
- [Masque] RTGDIR review: draft-ietf-masque-connect… Donald Eastlake
- [Masque] Re: RTGDIR review: draft-ietf-masque-con… Alejandro Sedeño
- [Masque] Re: RTGDIR review: draft-ietf-masque-con… Donald Eastlake