Re: [Masque] Proposed MASQUE charter text
Mirja Kuehlewind <mirja.kuehlewind@ericsson.com> Mon, 27 January 2020 22:21 UTC
Return-Path: <mirja.kuehlewind@ericsson.com>
X-Original-To: masque@ietfa.amsl.com
Delivered-To: masque@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 477D43A0F5F for <masque@ietfa.amsl.com>; Mon, 27 Jan 2020 14:21:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.101
X-Spam-Level:
X-Spam-Status: No, score=-2.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id E5XRwTDXlP4A for <masque@ietfa.amsl.com>; Mon, 27 Jan 2020 14:21:14 -0800 (PST)
Received: from EUR03-DB5-obe.outbound.protection.outlook.com (mail-eopbgr40071.outbound.protection.outlook.com [40.107.4.71]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CAE753A0F5E for <masque@ietf.org>; Mon, 27 Jan 2020 14:21:13 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=E8wgjSwZchDM0uDwdB78YcuoBr4u8R+UMZOpfvmVORYiExrglPFP3rJ7R5kWess8/GKQfTNTSoKCbXEf4wWQyY9ZWM6I8HZrtmCNcJqgCWZifVwmAjqxlIarAgfsWJRD0VH14WzfRAqj8xFQE3C0xkp8d66v5MMsnJWra4sxCUjZ8q0P7Q+XdcnnXI9OL1PsHhXgs2G0cFsCDiKfdUXysg3WzMzdSf+qzewumRjLwRXUBKG2anADtip6wHyW1xzerdVZh7ftvdRpGaGZUkfr+0jBLUnM5cu0KZOBEs/+oKBsJM5s8ah1lm7IuTHBCxVMCEI/fF3wsPYj9GXoWmE0aQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=GxuGfEH4xx7wtT2OCU6ZVpsFqjBiYte++DHlzJKcNkA=; b=i79ARsAeRe4H7Byz+wPQD9Le1GHArlDIxuQYX+INdNKyXEwgd+w8MUB7CyeXmDbGBmwpsb/1LdRUDuAmVqsgw15wqSSnrdgP9r7H3jE050mnvBUEPksJu3pmiVISxkqaGud23qJ+kDUmEwGIjIXkTYUb5mWMWEZlPz7xltVDRhNhRxL7X+CbbvSSd1tDH8xQRTXIQxtTgWtVY4YVJB6Hh37huCbNJBG4HUqNaZhTk37KBShAM4s6MeqiBGnBrtFyzaLdrdpsgH+/ZF6eo4nPHrjY0xuyWqPLtoaDszRCWeAb/fUGDZZvYmSy3rcHZMLMHmvDB48dDJYkX54G53BIGA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=GxuGfEH4xx7wtT2OCU6ZVpsFqjBiYte++DHlzJKcNkA=; b=hImmN2k/bdZppq3DFv5HuVJjXy50YtybLTuZ7pmXia+HZTcp+4rMDiwPxAvlF3i7YK80vynvybF1oFRIIQ04pyXSPtIS/MA2XvCySHOlpPCCfaqbo0cOd8tj2N90djv4AVW+QevvpqAanBb1nBJMf3QHo2Ra4brY446mnOLfZok=
Received: from AM0PR07MB4691.eurprd07.prod.outlook.com (52.135.149.158) by AM0PR07MB6020.eurprd07.prod.outlook.com (20.178.114.31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2686.18; Mon, 27 Jan 2020 22:21:11 +0000
Received: from AM0PR07MB4691.eurprd07.prod.outlook.com ([fe80::4879:46ae:16e:f5b7]) by AM0PR07MB4691.eurprd07.prod.outlook.com ([fe80::4879:46ae:16e:f5b7%7]) with mapi id 15.20.2686.019; Mon, 27 Jan 2020 22:21:11 +0000
From: Mirja Kuehlewind <mirja.kuehlewind@ericsson.com>
To: Christian Huitema <huitema@huitema.net>, David Schinazi <dschinazi.ietf@gmail.com>, Tommy Pauly <tpauly@apple.com>
CC: Lucas Pardue <lucaspardue.24.7@gmail.com>, Magnus Westerlund <magnus.westerlund@ericsson.com>, Zaheduzzaman Sarker <zaheduzzaman.sarker@ericsson.com>, Marcus Ihlar <marcus.ihlar@ericsson.com>, Eric Kinnear <ekinnear@apple.com>, "masque@ietf.org" <masque@ietf.org>, Lars Eggert <lars@eggert.org>
Thread-Topic: Proposed MASQUE charter text
Thread-Index: AQHVzU+LCpLapxUIvUqAQMTPXkvSGaf2yWCAgADVuQCAB1q1AIAAPH0A
Date: Mon, 27 Jan 2020 22:21:11 +0000
Message-ID: <AFA8A12F-6F42-465B-BCCD-525781FA5541@ericsson.com>
References: <3C0A1845-F34E-405C-B396-70FB89F4FB3D@ericsson.com> <66410579-0005-448D-A775-08A18554503D@apple.com> <CAPDSy+5eqU=ZMWaGF0x=wEtY2E+LQDaTuXgEB5u3SuEbh-XoiQ@mail.gmail.com> <1c1a4f9a-6269-31e2-c9d0-a4ff1551303b@huitema.net>
In-Reply-To: <1c1a4f9a-6269-31e2-c9d0-a4ff1551303b@huitema.net>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=mirja.kuehlewind@ericsson.com;
x-originating-ip: [2001:16b8:24af:8600:504d:45e4:b5de:e16d]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: aa0f6657-7d1e-452b-90cb-08d7a37736eb
x-ms-traffictypediagnostic: AM0PR07MB6020:|AM0PR07MB6020:
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <AM0PR07MB6020D87340D4E2F6AC2B41D1F40B0@AM0PR07MB6020.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 02951C14DC
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(396003)(39860400002)(346002)(136003)(366004)(376002)(199004)(189003)(4326008)(186003)(478600001)(36756003)(2906002)(6486002)(6512007)(33656002)(6506007)(966005)(71200400001)(8936002)(53546011)(2616005)(81166006)(8676002)(91956017)(30864003)(5660300002)(81156014)(76116006)(44832011)(316002)(110136005)(54906003)(66446008)(66556008)(66946007)(86362001)(64756008)(3480700007)(66476007); DIR:OUT; SFP:1101; SCL:1; SRVR:AM0PR07MB6020; H:AM0PR07MB4691.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 4kzNajNPNZvfx/MSjsil1SHI1C6qvziw4Eyl6BhDD/b3y9jIXSDDGsz73xgZSsYgxDkcQbw3Itwi1cY2W9VA7Ld4D0E2mV7eCjKHjbgBARpSJrHbCwkJzn9kihtpHpyrU3O61pnc4N6c31+/akOjF57OFY0pmygiuPIkFWlukgGTieBI+7Vjf4K2DoFQig6mlj/me+NKPwCUcrHZSKRiQ9dsn3CwbzLAXfNwLl148sU4t30XHjInf3fo/vrsN4vGjkbqCZ5rH8tHD3NerxztimBRs6solRnZ3TgCmGsFuGvSOmVrxRotdgzeuGpQV8DLHtXM874eo+7BysVa02QFzkWa2PumJv7zDjbf/4eEoADko4Iwu1S/NWFbS+N0VQSLb+8JueAlciIY5Y3OfpPoiDz7mEtbT0d/4LtmkrFN8hruqfttqzwFEVI9GXJKniQsPMJfiIRhpFmshfiGoekgmlPZ5FIaikiGhPFmjT9PHHIsbs/q8+5HiUYYQ9/bhxTvZFh7F4JbgIAEvLLvx9g8XQ==
x-ms-exchange-antispam-messagedata: HH5rIwSdZMiXBkqOG99cBj5uD1Z7J0AHKulBA89fDElV6xDdcj0H1B3mo2oZFkAq1okhKQWFr28aSDgtU7iBKIhYuQoA1X03BaRJWP6K4EmHOVLhYmfdHBXz6EzqAe3n8aXNVhwESlkSq25lrAvII/2JK8WJVtKGSyPjfQ5uVdJ2b6BdYFpKWlftZmPI7TuuUwmVm4l4Qe/GU87dw90yyA==
Content-Type: text/plain; charset="utf-8"
Content-ID: <F426A05C3498034AB3EFC407D504AC6A@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-Network-Message-Id: aa0f6657-7d1e-452b-90cb-08d7a37736eb
X-MS-Exchange-CrossTenant-originalarrivaltime: 27 Jan 2020 22:21:11.2548 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: dOQSYyOjyTl4mEhnz8FeyWMz9mJMrMWRyyoQgUOCIsD+6QZ3va1NocxCA8UcvBOW3uZDWkLaM888ueB9r0ZGhxbg5FXpzMOE1bNfqd/3IDE=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR07MB6020
Archived-At: <https://mailarchive.ietf.org/arch/msg/masque/OAUKvVV7Hwn4epb7P_nJsjV-Nbs>
X-Mailman-Approved-At: Mon, 27 Jan 2020 15:29:17 -0800
Subject: Re: [Masque] Proposed MASQUE charter text
X-BeenThere: masque@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Multiplexed Application Substrate over QUIC Encryption <masque.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/masque>, <mailto:masque-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/masque/>
List-Post: <mailto:masque@ietf.org>
List-Help: <mailto:masque-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/masque>, <mailto:masque-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Jan 2020 22:21:16 -0000
Hi Christian, please see inline. Please also note that you didn't comment on the latest version we've sent out to the list (I hope this doesn't confuse others). On 27.01.20, 20:44, "Christian Huitema" <huitema@huitema.net> wrote: On 1/22/2020 7:26 PM, David Schinazi wrote: > [ + Eric & Christian ] > > Thanks for putting this together! Sorry for not replying sooner. I have lots of concerns with this proposed charter. > > Overall, I really like this charter proposal. There is one main point > of discrepancy between the charter and current drafts though that I > think we should resolve: QUIC vs HTTP/3. In particular, the proposed > charter mentioned: > "a framework that allows concurrently running multiple networking > applications inside a QUIC connection" > while the latest draft mentions: > "a framework that allows concurrently running multiple networking > applications inside an HTTP/3 connection". > Some of the use-cases we've discussed require HTTP/3, so I think it's > reasonable to use HTTP/3 as our signaling protocol to exchange MASQUE > information - it enables obfuscation and gives us many HTTP features > for free, such as HTTP-level proxying and caching. I don't like the proposal all that much. The focus appears to be on transport proxying, which is something that Quic deliberately set up to eliminate. The whole first paragraph reads like a lamentation that the old school performance enhancing proxies cannot be deployed anymore because the transport is encrypted. Well, that's very much the point of Quic, so it is questionable to start a working group to bring transport proxies back in. I will comment further in the text, but there are some ground rules that ought to be very clear: 1) Even when proxies are used, the Quic encryption shall be maintained end-to-end between client and server, including the encryption of ACK frames in the Quic payload. 2) Even when proxies are used, it should be possible for client and server to use Quic migration and move the connection to path that does not include the proxy. [MK] Yes, these are two points which we always assumed as precondition (and I don't think the proposed charter text indicates anything other than this). But we can for sure state this more explicitly in the charter. [MK] However, I think the confusion might be about the word "proxy". We mean "proxy" mostly in the sense of providing a forwarding and tunneling service (that is not touching the end to end connection). While you seem to map the word "proxy" to what I would maybe call a "transparent proxy" that tries to mangle with the traffic without having the endpoints noticing or agreeing. I thought it would be clear from the charter that that is not what we are talking about and is therefore also completely out of scope. But we can of course make this clearer in the charter text. > > Another slight difference is the fact that the charter discusses > "proxy services" while the draft discusses "MASQUE applications". I > think we mean the same things, but perhaps "MASQUE applications" is > more generic and will constrain us less. > > I also agree with Magnus that we should not focus too much on > obfuscation or filtering in the charter, as there are still factions > within the IETF that strongly oppose work on such topics. > > Below is my attempt at incorporating the feedback on this thread, and > making the small changes described above: > > ===== > > Many network topologies lead to situations where transport protocol > proxying is > beneficial. For example: helping endpoints to communicate when end-to-end > connectivity is not possible, applying additional encryption where > desirable > (such as a VPN), or accommodating differences in network segment > characteristics > (e.g. long paths such as satellite, or high-loss links). Many existing > proxy solutions > deployed today rely on transparent intermediation. However, an > increasing amount of > traffic is using QUIC, and QUIC's improved security model prevents > transparent proxies. > In order to allow transport protocol proxying when QUIC is in use, we > will need a > mechanism where one of the QUIC endpoints actively collaborates with > the proxy. > HTTP/3 and QUIC are good candidate protocols for tunneling or > forwarding this kind of > traffic, as QUIC provides secure connection establishment, multiplexed > streams, and > connection migration while HTTP/3 allows HTTP-level proxying and caching. I think this discussion is based in unproven requirements. For example, the text mentions long path and high loss path. [MK] Actually that's a good point. I didn't really notice this edit in the final version. I would be more interested in support a mobile network segment with such a proxy. The challenge there is different and as capacity is varying and it's important to have data available to send why the resources are scheduled for the respective client. However, the idea is not to interfere with the end-to-end traffic but to provide the client more information about the mobile network segment that then can be used by the endpoint to optimize transmission. We are planning to submit a draft on this soon. I have running code that shows Quic running just fine over such path, with two simple tunings: allow the Window to grow sufficiently large; and, use a congestion control algorithm like BBR that does not unduly react to small random losses. As I mentioned above, one of the big arguments for Quic is to get rid of the ossification caused by the so called "transparent proxies". This first paragraph in the proposed charter appears like a paean to these proxies. That's a poor motivation for a new working group. [MK] Transparent proxies are not what we want to work on and I don't think that's the charter says anything different anywhere. > > This working group will work on MASQUE (Multiplexed Application > Substrate over > QUIC Encryption) - a framework that allows concurrently running multiple > networking applications inside an HTTP/3 connection. MASQUE will allow > negotiating support for various MASQUE applications, configuring > application > parameters, and provide a signaling protocol for these applications. > The working > group will define specific MASQUE applications that will allow > proxying traffic > and other services that require communication between endpoints and > proxies. > These applications may provide simple forwarding with optional address > translation only, or more advanced services like name resolution, > multipath > support, or assistance for congestion control on link segments with > challenging > characteristics, such as high loss or strongly varying delays. Are we discussing application proxies or transport proxies, or something else? Some applications naturally incorporate application relays -- SMTP comes to mind. Are we here discussing that, something like SMTP over Quic? Or are we discussing HTTP something like HTTP caching proxies? or are we discussing MITM attacks that break the encryption in order to inspect the traffic? [MK] Why does this actually matter? If the assumption is that the end-to-end traffic says untouched, any application traffic can be tunneled over QUIC and then forwarded by the proxy. As I said multiple time, MITM is not what we want and I don't understand how you read this in the charter. > > As use-cases for deploying MASQUE have different security or performance > requirements, the working group may define multiple MASQUE > applications for > proxying to suit these disparate use-cases. In particular, some > deployments may > prefer to double-encrypt user data to provide stronger privacy > guarantees, while > others may rather skip the second encryption to reduce computational > costs. > Such options will need to produce documentation of the resulting > security and > privacy properties. I think that's way too vague. There should be a clear statement that as long as Quic proxying is concerned, then the end-to-end encryption of Quic packets will be preserved. [MK] Yes, we should add this if that wasn't clear! There should also be a list of specific use cases. What applications are we discussing here? HTTP 2? HTTP 1.1? SMTP? A generic framework for random applications over proxies? [MK] There is this draft: https://tools.ietf.org/html/draft-kuehlewind-quic-substrate-00 However, I don't see why we need to list the use cases in the charter. I think it is important to make the scope and requirements clear in the charter. If that is not clear enough, we should make it clearer. > > Alongside the definition of the MASQUE framework, the group will > further work on > discovery mechanisms for MASQUE servers and which MASQUE applications they > support, taking into account deployment across network segments > with different > operability and end-user relationship characteristics. The mention of network segments brings to mind the support for migration, which is a key attribute of Quic. We want to support scenarios like migration from cellular to Wi-Fi. It should be clear that whatever proxying is done shall not prevent this migration. For example, migrate from a cellular path that includes a proxy to a Wi-Fi path that does not. [MK] I don't see how migration could be hindered by this (given the end-to-end connection stays unmodified) but I'd be fine to explicitly state that in the charter. > > New MASQUE Applications can be adopted by the group by creating a new > milestone with AD review. > > If MASQUE requires any extensions to existing protocols, the group will > coordinate closely with the respective group responsible for > maintaining that > protocol, such as the HTTPBIS, QUIC or TLS working groups. Again, the list of protocol being proxied should be specified in the charter, as well as the corresponding design constraints. Proxying HTTP is a very different animal than proxying TLS, which smells of "breaking the encryption". The IETF should not charter working groups to do that! [MK] Again, as the end-to-end connection stays untouched, I don't see why the protocols that can use these proxies should be restricted. Again there is NO "breaking the end-to-end encryption" here! Mirja -- Christian Huitema
- Re: [Masque] Proposed MASQUE charter text Mirja Kuehlewind