IETF Logo Mail Archive

Re: [Masque] Unified CONNECT-IP document

Tommy Pauly <tpauly@apple.com> Thu, 21 October 2021 21:33 UTC

Return-Path: <tpauly@apple.com>
X-Original-To: masque@ietfa.amsl.com
Delivered-To: masque@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AC23D3A0CD0 for <masque@ietfa.amsl.com>; Thu, 21 Oct 2021 14:33:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.552
X-Spam-Level:
X-Spam-Status: No, score=-2.552 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.452, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=apple.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RC4V1DFWE_ze for <masque@ietfa.amsl.com>; Thu, 21 Oct 2021 14:33:26 -0700 (PDT)
Received: from rn-mailsvcp-ppex-lapp15.apple.com (rn-mailsvcp-ppex-lapp15.rno.apple.com [17.179.253.34]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 662C43A0CCB for <masque@ietf.org>; Thu, 21 Oct 2021 14:33:26 -0700 (PDT)
Received: from pps.filterd (rn-mailsvcp-ppex-lapp15.rno.apple.com [127.0.0.1]) by rn-mailsvcp-ppex-lapp15.rno.apple.com (8.16.1.2/8.16.1.2) with SMTP id 19LLEH1B000372; Thu, 21 Oct 2021 14:33:22 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=apple.com; h=from : message-id : content-type : mime-version : subject : date : in-reply-to : cc : to : references; s=20180706; bh=PgmVPGEVisJgqO+7k/47hcj4EhUKrhTajM3vNQPplKA=; b=VfXvSnpFwBetj5JruFHqxRzmj3LjA4vWjTBG7Pl9mJLDx3mT+56awbpHtnH4FVwDNo7Z 5RLgkuLCdR08oWhAZbPp2O5BtAQad2tMzii/hK80g1uBMNU9YJvVaA1c4vvv7R5DEXeM cl6zpWK0k4bsLdM5MwygKuEza9fT5l1HoOSuERAEgl83vhTeiBUo8F9pWQKqbA9ZZvzf w9GSGZqBxzG0+xEJgWa6xv3L07NI8aWluX3nWXMDS3oC1u00yrNlOKcknLyKb8HOCz1c j38Z3fcwJqljnb3J0nKSCF3QgWNeR013Qj1WMLRl4vj0jITEq29ZJZ2IghCB4MzPhZLp Cg==
Received: from rn-mailsvcp-mta-lapp01.rno.apple.com (rn-mailsvcp-mta-lapp01.rno.apple.com [10.225.203.149]) by rn-mailsvcp-ppex-lapp15.rno.apple.com with ESMTP id 3bqvad0v3y-6 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Thu, 21 Oct 2021 14:33:22 -0700
Received: from rn-mailsvcp-mmp-lapp03.rno.apple.com (rn-mailsvcp-mmp-lapp03.rno.apple.com [17.179.253.16]) by rn-mailsvcp-mta-lapp01.rno.apple.com (Oracle Communications Messaging Server 8.1.0.12.20210903 64bit (built Sep 3 2021)) with ESMTPS id <0R1C004XHJVH6YF0@rn-mailsvcp-mta-lapp01.rno.apple.com>; Thu, 21 Oct 2021 14:33:17 -0700 (PDT)
Received: from process_milters-daemon.rn-mailsvcp-mmp-lapp03.rno.apple.com by rn-mailsvcp-mmp-lapp03.rno.apple.com (Oracle Communications Messaging Server 8.1.0.12.20210903 64bit (built Sep 3 2021)) id <0R1C00G00J9GLK00@rn-mailsvcp-mmp-lapp03.rno.apple.com>; Thu, 21 Oct 2021 14:33:17 -0700 (PDT)
X-Va-A:
X-Va-T-CD: cdaa14cfcfc144345f8b3130a3d22b5b
X-Va-E-CD: d3a960d7abe0d6de30dc453518860af7
X-Va-R-CD: bc58c1ec0d92aa0f3cf0d3d166d1c3a6
X-Va-CD: 0
X-Va-ID: 42599ca7-8e9e-4ca7-8cd3-d6fd64bb2a66
X-V-A:
X-V-T-CD: cdaa14cfcfc144345f8b3130a3d22b5b
X-V-E-CD: d3a960d7abe0d6de30dc453518860af7
X-V-R-CD: bc58c1ec0d92aa0f3cf0d3d166d1c3a6
X-V-CD: 0
X-V-ID: 5f3c142c-30ff-4dab-86f2-acfc394393a0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.425, 18.0.790 definitions=2021-10-21_06:2021-10-21, 2021-10-21 signatures=0
Received: from smtpclient.apple (unknown [17.11.178.134]) by rn-mailsvcp-mmp-lapp03.rno.apple.com (Oracle Communications Messaging Server 8.1.0.12.20210903 64bit (built Sep 3 2021)) with ESMTPSA id <0R1C00J37JVGFX00@rn-mailsvcp-mmp-lapp03.rno.apple.com>; Thu, 21 Oct 2021 14:33:17 -0700 (PDT)
From: Tommy Pauly <tpauly@apple.com>
Message-id: <20F079CA-5FBC-4AFD-8341-81420F737AD0@apple.com>
Content-type: multipart/alternative; boundary="Apple-Mail=_4ECF9F34-E042-428B-A4F5-A47D3E237B88"
MIME-version: 1.0 (Mac OS X Mail 14.0 \(3654.80.0.2.43\))
Date: Thu, 21 Oct 2021 14:33:16 -0700
In-reply-to: <CAPDSy+4jzZb58k1LFPw_ntD3ZMQ-dS_zCF-GZz7sNBVD4OV4Xw@mail.gmail.com>
Cc: Ben Schwartz <bemasc@google.com>, MASQUE <masque@ietf.org>
To: David Schinazi <dschinazi.ietf@gmail.com>
References: <163483333684.11698.8923115285341694672@ietfa.amsl.com> <A073E49D-DA79-4C19-AA90-AD4C9484EA08@apple.com> <CAPDSy+6Ny2F5kRiA=cExjWtKVE1KYLKd6K3=gYCpW9_N_uWp2w@mail.gmail.com> <CAHbrMsDkfs-EsQxOa=-1e=YwcPm5CuAbryEBtUz-DKRgL+VHoA@mail.gmail.com> <CAPDSy+7TPGWGD6UzwSH+ZiawuJeaKOtnsNNdQtfzmK-wJczEwA@mail.gmail.com> <CAHbrMsAWueLtPj-Eex62ibAi-FLPm=tdexkQ2NzS1De77Yxieg@mail.gmail.com> <CAPDSy+4jzZb58k1LFPw_ntD3ZMQ-dS_zCF-GZz7sNBVD4OV4Xw@mail.gmail.com>
X-Mailer: Apple Mail (2.3654.80.0.2.43)
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.425, 18.0.790 definitions=2021-10-21_06:2021-10-21, 2021-10-21 signatures=0
Archived-At: <https://mailarchive.ietf.org/arch/msg/masque/MNmtMXESXNfuAshKuh4r4cALmVM>
Subject: Re: [Masque] Unified CONNECT-IP document
X-BeenThere: masque@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Multiplexed Application Substrate over QUIC Encryption <masque.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/masque>, <mailto:masque-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/masque/>
List-Post: <mailto:masque@ietf.org>
List-Help: <mailto:masque-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/masque>, <mailto:masque-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Oct 2021 21:33:32 -0000


> On Oct 21, 2021, at 2:11 PM, David Schinazi <dschinazi.ietf@gmail.com> wrote:
> 
> 
> 
> On Thu, Oct 21, 2021 at 2:05 PM Ben Schwartz <bemasc@google.com <mailto:bemasc@google.com>> wrote:
> 
> 
> On Thu, Oct 21, 2021 at 4:55 PM David Schinazi <dschinazi.ietf@gmail.com <mailto:dschinazi.ietf@gmail.com>> wrote:
> ... 
> I think our options for both CONNECT-IP and CONNECT-UDP are:
> 1) represent proxy via URI templates (what both drafts have today)
> 2) represent proxy via URL, and use explicit query parameters to convey host/port/etc information
> 3) represent proxy via URL, and use HTTP headers to convey host/port/etc information
>  
> Having recently implemented URI templates, I agree that there be dragons in (1). Between (2) and (3), I think that (3) is easier to implement and reason about personally.
> 
> That makes sense to me.  I don't have any strong preferences here; I just wanted to raise the issue.
> 
> Can I ask you to also raise the issue on GitHub? I think it makes sense to discuss this in the context of CONNECT-UDP at 112:
> https://github.com/ietf-wg-masque/draft-ietf-masque-connect-udp/issues/new <https://github.com/ietf-wg-masque/draft-ietf-masque-connect-udp/issues/new>
> 
> > If the target is a hostname, the server is expected to perform DNS resolution to determine which route(s) to advertise to the client.
> 
> This is fascinating, but perhaps underspecified.  I think the proxy SHOULD return route advertisements for _all_ addresses for the target name (in all families).  Then the client can implement racing and failover as appropriate.  (Also, some clients have policies that depend on whether two hostnames resolve to _overlapping_ RRSets, which requires them to learn all the addresses.)
> 
> I'm not sure I follow, can you elaborate?
> 
> Section 6.2 shows the proxy advertising a single IP address route for "server.example.com <http://server.example.com/>".  Section 4.1 says "route(s)", implying that the proxy might choose to advertise multiple routes to the target host, presumably because DNS resolution returned multiple A/AAAA records.
> 
> I see the current text as an implicit "MAY return all the IP addresses", and I'm suggesting an upgrade to SHOULD.
> 
> That makes sense to me. Esteemed co-authors, any thoughts on this?

Yes, I agree that it SHOULD return all addresses. I filed this: https://github.com/tfpauly/draft-age-masque-connect-ip/issues/37

Thanks,
Tommy
> 
> David 
> -- 
> Masque mailing list
> Masque@ietf.org
> https://www.ietf.org/mailman/listinfo/masque

v2.23.0 | Report a Bug | By Email