IETF Logo Mail Archive

Re: [Masque] Updated proposed charter text

Mark Nottingham <mnot@mnot.net> Thu, 02 April 2020 02:35 UTC

Return-Path: <mnot@mnot.net>
X-Original-To: masque@ietfa.amsl.com
Delivered-To: masque@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C0A963A0BE3 for <masque@ietfa.amsl.com>; Wed, 1 Apr 2020 19:35:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mnot.net header.b=OZR7GALH; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=QYteRU+g
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mhp471BVb7_l for <masque@ietfa.amsl.com>; Wed, 1 Apr 2020 19:35:19 -0700 (PDT)
Received: from wout4-smtp.messagingengine.com (wout4-smtp.messagingengine.com [64.147.123.20]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CE6403A0BE4 for <masque@ietf.org>; Wed, 1 Apr 2020 19:35:18 -0700 (PDT)
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.west.internal (Postfix) with ESMTP id 4B8E0561; Wed, 1 Apr 2020 22:35:17 -0400 (EDT)
Received: from mailfrontend1 ([10.202.2.162]) by compute4.internal (MEProxy); Wed, 01 Apr 2020 22:35:17 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mnot.net; h= content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; s=fm2; bh=R nIiw5tyYr4uZ4T1jL8VeDiAuAhU1a9gBQzLsDKm4hg=; b=OZR7GALHmNIM6bj8e eyrMZsbPo9cMmB3LB0lx242LFxKnknmqhsKOdPxrGL9VKHQVo2erExTM1/NBOAXU oi3tHvrLsQbKF6ksy8CfNOxuGEc5npxPYUq67kObtzUyxSbqee4nWQXsgb7xhbbQ MBoOLx2CZ2YKJzmD5gvZIK2RZ55NvvpvsaMBzB1kAqqFsxARhVUNAp3e6l7LAtmr woDfupFy4WAMbOOMlDeNMxD+78PBl1LhjkpHOTVlWD1v5R3NY3N3eTuY+HxJ9vao D8T4TUUHwmlkcf5Wt70TzvNXFljAeT6aAbcTheDqCq08fdLJDf0D4rfg3saSFcXP nkJ8w==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm2; bh=RnIiw5tyYr4uZ4T1jL8VeDiAuAhU1a9gBQzLsDKm4 hg=; b=QYteRU+gVp6aMVtz7HfzG4XV6iRmmBib7214pGjDn3XDv5AHMyNSZgTgJ uBjds44J6Ai66KUa6ihSAwPgjog2PkCl0CiwCDFuByeEiJRhZraOtWWnhDzjxkTO evjde9cyJ2nRR+wdSDT5hIN1V2PCq34qCQNLIfSQDGk3h/u4AecQtVarUgP1nuvX K6Tm8miYTT/FdKGKa/dAPS262bw5/toZZODULCVe6HpCWyG92aPXGx1lU1aNpB25 adUMyUG2vd8O4YetRDIAsyTJwLVybvsGXFlsQ5yhDwaqqxUAhviWSxN33x7NqgeK l2RahnYTzk6Dk29tzn5i0+2/CZBPQ==
X-ME-Sender: <xms:Y0-FXp5CyzItcz0lxxuHtsV41csKl4uPyQEgXZdbe_PC1hi4hG-rwg>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduhedrtdefgdeivdcutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurheptggguffhjgffgffkfhfvofesthhqmh dthhdtjeenucfhrhhomhepofgrrhhkucfpohhtthhinhhghhgrmhcuoehmnhhothesmhhn ohhtrdhnvghtqeenucffohhmrghinhephhhtthhptghonhhnvggtthhishgtuhhrrhgvnh htlhihlhhimhhithgvughtohhttghprdhinhdpihgvthhfrdhorhhgpdhmnhhothdrnhgv thenucfkphepudduledrudejrdduheekrddvhedunecuvehluhhsthgvrhfuihiivgeptd enucfrrghrrghmpehmrghilhhfrhhomhepmhhnohhtsehmnhhothdrnhgvth
X-ME-Proxy: <xmx:Y0-FXjM-uG32_hpsBiNW-6izA6OzuSd2zzIIw2FTKuhUOSY5xZ7DSA> <xmx:Y0-FXjNXV99Rwr3rCv5Lg1S4M6WQfxBYwQxLoIk7btQmyjVccKo5Dw> <xmx:Y0-FXj-SHwY9l_O2TEISir5PuZsQC-XdYTTPcMYf_8V_YzFjTuKHNQ> <xmx:ZE-FXs4B7SDHR_8-Dz8ob0MUvLKqjhU5vB6DTxBCmU-UAh6H3yicpg>
Received: from macbook-air.mnot.net (119-17-158-251.77119e.mel.static.aussiebb.net [119.17.158.251]) by mail.messagingengine.com (Postfix) with ESMTPA id 0C161328005E; Wed, 1 Apr 2020 22:35:14 -0400 (EDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.80.23.2.2\))
From: Mark Nottingham <mnot@mnot.net>
In-Reply-To: <89136f8b-70bd-40a0-b6d1-0e8a62a50ece@www.fastmail.com>
Date: Thu, 02 Apr 2020 13:35:13 +1100
Cc: masque@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <2D476A82-6884-48FF-B629-74C7FE5EB9AD@mnot.net>
References: <89136f8b-70bd-40a0-b6d1-0e8a62a50ece@www.fastmail.com>
To: Christopher Wood <caw@heapingbits.net>
X-Mailer: Apple Mail (2.3608.80.23.2.2)
Archived-At: <https://mailarchive.ietf.org/arch/msg/masque/OUsH7mRFboJHQwE-uPLss9GddeA>
Subject: Re: [Masque] Updated proposed charter text
X-BeenThere: masque@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Multiplexed Application Substrate over QUIC Encryption <masque.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/masque>, <mailto:masque-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/masque/>
List-Post: <mailto:masque@ietf.org>
List-Help: <mailto:masque-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/masque>, <mailto:masque-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Apr 2020 02:35:21 -0000

Hi Chris,

My only feedback is that it would be good to be a bit more crisp about deliverables -- the "such as" in "such as IP, UDP, and TCP proxying" makes me nervous.

Cheers,


> On 1 Apr 2020, at 3:42 am, Christopher Wood <caw@heapingbits.net> wrote:
> 
> Based on last week's meeting, it seems folks are generally enthusiastic about some form of MASQUE moving forward. To help scope that particular form, here's an update to the proposed charter. 
> 
> ~~~
> Many network topologies lead to situations where transport protocol proxying is beneficial. For example, proxying enables endpoints to communicate when end-to-end connectivity is not possible and can apply additional encryption where desirable (such as a VPN). Proxying can also improve client privacy, e.g., by hiding a client's IP address from a target server.
> 
> Proxying technologies such as SOCKS and HTTP(S) CONNECT exist, albeit with their own shortcomings. For example, SOCKS signalling is not encrypted and HTTP CONNECT is currently limited to TCP. In contrast, HTTP/3 is a viable candidate protocol for proxying arbitrary traffic, as it provides secure connectivity, multiplexed streams, and migration for a single connection while taking advantage of a unified congestion controller. HTTP/3 datagrams provide for unreliable data transmission, which enables transporting UDP and other unreliable flows via a proxy without introducing potentially redundant or unnecessary recovery mechanisms. Further, HTTP/3 supports an established request/response semantic that can set up and configure flows for different services.
> 
> The primary goal of this working group is to develop mechanisms that allow configuring and concurrently running multiple proxied stream- and datagram-based flows inside a HTTP/3 connection. The group will specify an HTTP-based signaling protocol for creating and configuring each service flow. The group will first focus on a limited set of client-initiated services such as IP, UDP, and TCP proxying. Specifying proxy server discovery mechanisms is out of scope for the group. However, the group may specify techniques for identifying proxy servers to aid future discovery mechanisms.
> 
> The group will coordinate closely with other working groups responsible for maintaining relevant protocol extensions, such as HTTPBIS, QUIC, or TLS.
> ~~~
> 
> This should address most of the issues raised during the meeting [1]. We'd like to hear what people think about this as a viable path forward.
> 
> Thanks,
> Chris, on behalf of the chairs
> 
> [1] These issues include, though are not limited to:
> 
> 1. Whether or not this is a new protocol or an extension of an existing protocol must be clear before moving forward.
> 2. Motivation for proxy technologies requires improvement. In particular, there’s no mention of privacy objectives.
> 3. The proxy threat model is unclear or underspecified. Does it model Tor’s threat model, or is it something simpler? (Meta question: should this be part of an existing document?)
> 4. Why are services beyond simple “CONNECT for UDP or IP” in scope? Should we focus on the simple datagram proxy case first and carve out room for extensibility?
> 5. To what extent is discovery out of scope?
> 6. Framework is perhaps not the best word to describe MASQUE.
> 
> Any errors or omissions from this list are entirely my fault!
> 
> -- 
> Masque mailing list
> Masque@ietf.org
> https://www.ietf.org/mailman/listinfo/masque

--
Mark Nottingham   https://www.mnot.net/

v2.23.0 | Report a Bug | By Email