IETF Logo Mail Archive

Re: [Masque] Proposed draft charter

Mirja Kuehlewind <mirja.kuehlewind@ericsson.com> Mon, 27 January 2020 12:55 UTC

Return-Path: <mirja.kuehlewind@ericsson.com>
X-Original-To: masque@ietfa.amsl.com
Delivered-To: masque@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F22F612008D for <masque@ietfa.amsl.com>; Mon, 27 Jan 2020 04:55:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.002
X-Spam-Level:
X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IIeTPRLlaNmW for <masque@ietfa.amsl.com>; Mon, 27 Jan 2020 04:55:00 -0800 (PST)
Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-eopbgr60059.outbound.protection.outlook.com [40.107.6.59]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C5020120026 for <masque@ietf.org>; Mon, 27 Jan 2020 04:54:59 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Im8vNMP7sYNbG6QqnNTZSCeiJpieL0cV2wgcHgwg4re6S0RE8za9QOc268mcNbEZwRikXxNDRV/KEfvBB6nu8PaQw/YHmwuiQtiwMvuVd3bMOL0UXjYumTkYMb7s0hcr3Qm9dVpzEp9ogT62YbYJc/45v1wCJWj3Eq0u9J0HsmtPxh1deBIQu8orZGiNWxmZ+/DmYLQWgsNsh8nISe60kEfOK2gnl0M0777J59JCBNpmDpxL9QsIX2qQsZR6Q5Jq7ntG823KSjGPdYO0f9F+OwlYP8NXsCeIuDDKblW2VQoYUK7MuS2/BMcelCB0mjikmgV5DBmnNG1+2vZOVSRF1Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=QWdglY2ad/lCcyUuOMdlZFFfQOQ4gR0vXNROBOzzGug=; b=SmORaFeVrvDJ+vrQIJST78NSKAiQqjQOMq6CVfDH7hMVRiS5fgqjQy3ZU4wdTGGgceAJrkQMKG9CoAZGFxXfsIGz4JRhkJQ2c53lPBrA9AfoF/1XG/0wCtfBgZU0db80f8GaSDLeML15sb56JUPgA31fNGVm4IuN3Ze1vLMJIPCmEcOh0Dwro+BlHUklpljwaP84mUv0KZ9W0D+t1EfRJfi4TLQzouhq8LyjfKlS5K+wgMIeO9TIdjExKXtUCC0mJDo15nKQWBp7CUFW92iDdy42x8GCAnDxI2VDS3zosgZgSQD7ZYk+KF9HjW8BBQKqZg62S41/VFX0JUjR0cXbpQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=QWdglY2ad/lCcyUuOMdlZFFfQOQ4gR0vXNROBOzzGug=; b=Or8NgPGaYrDUVykYj5XByTvg2zoGdX1JGvhpQX7nhd0vRGFhDEA2RkP+l1N15IYEWgH9u7Pj/sH4r/jVkeLOR0AMgE4RNTQl0F0+Ycye1jUyeZWyTBga8K4HziERQuaEP/SMC9GmdyJ5Ri5YZ5bG3hhAEeUcxQ4Hly3YN/l766w=
Received: from AM0PR07MB4691.eurprd07.prod.outlook.com (52.135.149.158) by AM0PR07MB4194.eurprd07.prod.outlook.com (52.133.58.156) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2686.14; Mon, 27 Jan 2020 12:54:57 +0000
Received: from AM0PR07MB4691.eurprd07.prod.outlook.com ([fe80::4879:46ae:16e:f5b7]) by AM0PR07MB4691.eurprd07.prod.outlook.com ([fe80::4879:46ae:16e:f5b7%7]) with mapi id 15.20.2686.019; Mon, 27 Jan 2020 12:54:57 +0000
From: Mirja Kuehlewind <mirja.kuehlewind@ericsson.com>
To: Lars Eggert <lars@eggert.org>
CC: "masque@ietf.org" <masque@ietf.org>
Thread-Topic: [Masque] Proposed draft charter
Thread-Index: AQHV0w4aBWkpAZDWB0m+dMAczIB7OKf+HuIAgABtuAA=
Date: Mon, 27 Jan 2020 12:54:57 +0000
Message-ID: <0E417F05-7EB0-42DE-B120-51873E9F464C@ericsson.com>
References: <845946C2-EB98-4F3A-966E-968AE349302C@ericsson.com> <B5A0CBC5-6127-4F47-B1CC-2BFF4934EA62@eggert.org>
In-Reply-To: <B5A0CBC5-6127-4F47-B1CC-2BFF4934EA62@eggert.org>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=mirja.kuehlewind@ericsson.com;
x-originating-ip: [2001:16b8:24af:8600:61cf:3cfd:ed55:942e]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 24193edb-44b8-428d-6676-08d7a3281ce8
x-ms-traffictypediagnostic: AM0PR07MB4194:
x-microsoft-antispam-prvs: <AM0PR07MB4194396F78CA9DE1C7FA1006F40B0@AM0PR07MB4194.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 02951C14DC
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(346002)(376002)(136003)(39860400002)(396003)(366004)(199004)(189003)(6512007)(86362001)(71200400001)(81156014)(2616005)(81166006)(8676002)(8936002)(5660300002)(66946007)(64756008)(66556008)(66446008)(6486002)(66476007)(6916009)(2906002)(76116006)(316002)(6506007)(966005)(478600001)(186003)(44832011)(4001150100001)(36756003)(4326008)(53546011)(33656002); DIR:OUT; SFP:1101; SCL:1; SRVR:AM0PR07MB4194; H:AM0PR07MB4691.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 44gxgWoifLkdGq8jB1PyENyksCuBMcC12y38EeIyOPiBk7OaR9T0cZmYoTfsgCbSi9wnj6X7ey+OIxGRbmxY61TwqwCnLdzp1VvYjUldEz8AOZzsRFVy8L20LHTOVRbm8W3OpyOTu3qdRPn2sMtC8sCvfUdQAiVnWqRZ71lriEcrAYi8LkDyS86L98o5so+sGLivi65tD97o7vILldqv8fh7u+D8zegDCX+B3cmiQEimRWkQKGLmzi1tOs33wp4sp5UNldVfmnHkxDmlio/soDNQJPhSXcnBmtymKjHyMIEhljozqRUFccT2NZJkKIY9vp9Pq8aJXyMGsmPNT89j9XilfoKQmN8gv3+vJulxoSf5JC1yfFVdAEW+QsP11feIsSIIKJ0NWFgsjCDNbI8WuoK+NPywQRkVJP8HqeZMiOvOkgWlZg/1AeyzcUNhNPQG/onU64Z6Tqa/havhTQ3fRqgMlNFZuTTP4ZcOMf8d4Q/01dzbWVGDvTzhOUfq0BV6M6znqu+bcS7UFvQJJyAiGQ==
x-ms-exchange-antispam-messagedata: XUxQ2QASYfRjatKkYUgVF4z1judHx2vhqFvCMv5E7P2GDVxsrgQRgBlNd1g5Qx9QOGpEUtmvCSdFEgbfV1ky1uJcOe8x5iYuMUfc84e8O8Db4fzemKZAQPq2qv4WoXayhDolJRvCkelrOsG9bnZ+GjCMMy20rvwfOr71dzgXCvrNfCsjcVxtbX8HMJW8YigIQ3ZT+HwPjlyzRCAS1C33ug==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <BCD61EF14FE3784284737C153F679411@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 24193edb-44b8-428d-6676-08d7a3281ce8
X-MS-Exchange-CrossTenant-originalarrivaltime: 27 Jan 2020 12:54:57.4596 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Gc60jxQz+ESpwrdeQYhvbMGnILSVcpI0LQAr0zZAJ1NI8XQJXWas208sZ1kujLPe2MhVIrf27DqB7lKAYYdvvqorHib8O+rhGC7Z/YWKRMg=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR07MB4194
Archived-At: <https://mailarchive.ietf.org/arch/msg/masque/R2KS4X47lWA0_S77x7UhAfDAAKs>
Subject: Re: [Masque] Proposed draft charter
X-BeenThere: masque@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Multiplexed Application Substrate over QUIC Encryption <masque.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/masque>, <mailto:masque-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/masque/>
List-Post: <mailto:masque@ietf.org>
List-Help: <mailto:masque-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/masque>, <mailto:masque-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Jan 2020 12:55:03 -0000

Hi Lars,

I think Magnus already provide some good background on the security model for different scenarios for this part of the work. I would just like to quickly also reply to your two questions below:

On 27.01.20, 08:22, "Lars Eggert" <lars@eggert.org> wrote:

    Hi,
    
    what motivates a separate WG vs. doing this in the QUIC WG?

[MK] The focus of this new group will be a signaling protocol on top of QUIC in order to communicate with the proxy and instruct the proxy to tunnel and forward other (unaltered) traffic that may or may not use QUIC as the end-to-end transport protocol. I think any new protocols that "just" uses QUIC as a transport should be in a separate group. Of course there might a closer dependency on QUIC features for this proposed work than for other application protocols, however, having the specification of a completely new protocol for proxy signaling in the QUIC group would be a very high load. As Magnus says this work is probably more link SOCKS or TURN, depending how you look at it...
    
    There are aspects of the charter - e.g., one-sided (transparent to the peer?) cooperation with middleboxes, double-encryption avoidance (does this translated to an "unencrypted" mode for QUIC?)

[MK] So there will be no data send unencrypted. The questions is only if there are ways to remove one layer of encryption if there are two. I think we could/should actually further clarify this point in the charter.

[MK] As Magnus already described, there are different security models here. One could be closely connectd to the security model in QUIC and this work would need to be closely coordinated with the quic group or should potentially even be done in the quic group. Not sure if there could also be a solution that would be based on a smallish extension to quic only, however, if and which extensions could be specified outside the quic group (with tight review from the quic) is something the quic group should probably discuss and decide on at some point.

[MK] Then, I also see an option, as also indicated by Magnus, where  little or no changes to QUIC are needed. The idea here is that you basically send tunneled packets (that are potentially double-encrypted) as well as directly packets of the inner connection but without the outer encapsulation on the same 5-tuple in such a way that an outside observer however would assume that all packets below to the same connection and cannot distinguish which packets are encapsulated with the tunneling QUIC and which ones are not.

[MK] So far we don't have a fully fleshed proposal but people working on this charter believe that there are use cases where double-encryption could be a strong performance impact and we should discuss while doing this work if there is way also support a mode where double-encryption is avoided or at least performance impact are reduced. I see this rather as a requirement at the moment and a final decision if and where to do it depend on the proposed approach. Maybe that is also something to clarify in the charter.

 - that could have a large impact on the base protocol. That suggests to me tight coordination with the base protocol is essential.

[MK] I'd definitely say that in any case close coordination with the QUIC group is needed. Having a separate group would however make it possible to separate discussion on non-quic specific part a bit. Further, this is probably a question of what group of people would be involved in this work and I could imagine that there might additional people from other areas interested that currently are probably not directly active in the quic group.

Mirja


    
    Thanks,
    Lars
    
    On 2020-1-25, at 1:29, Mirja Kuehlewind <mirja.kuehlewind=40ericsson.com@dmarc.ietf.org> wrote:
    > 
    > Hi everybody,
    > 
    > as already indicated by David in his last mail, some of us worked on a proposed draft charter for a new group. Please find the text below and provide comments!
    > 
    > Thanks!
    > Mirja
    > 
    > ---------------------------------
    > MASQUE draft charter text
    > 
    > 
    > Many network topologies lead to situations where transport protocol proxying is beneficial. For example: helping endpoints to communicate when end-to-end connectivity is not possible, applying additional encryption where desirable (such as a VPN), or accommodating differences in network segment characteristics (e.g. long paths such as satellite, or high-loss links). Many existing proxy solutions deployed today rely on transparent intermediation. However, an increasing amount of traffic is using QUIC, and QUIC's improved security model prevents transparent proxies. In order to allow transport protocol proxying when QUIC is in use, we will need a mechanism where at least one of the QUIC endpoints actively collaborates with the proxy. QUIC is a good candidate protocols for tunneling or forwarding this kind of traffic, as QUIC provides secure connection establishment, multiplexed streams, and connection migration. Further, use of HTTP/3 on top of QUIC enables HTTP-level proxying and caching.
    > 
    > This working group will work on MASQUE (Multiplexed Application Substrate over QUIC Encryption) - a framework that allows concurrently running multiple networking applications inside a QUIC connection. The MASQUE framework will specify the actions and processes for establishing tunneled proxy connectivity as well as a signaling protocol that is used between the endpoint(s) and the MASQUE server to negotiate and request proxy service capabilities and parameters, and realize services that require communication between endpoints and proxies. A proxy may provide simple forwarding with optional address translation only, or more advanced services like name resolution, multipath support, or assistance for congestion control on link segments with challenging characteristics, such as high loss or strongly varying delays.
    > 
    > As use-cases for deploying MASQUE have different security or performance requirements, the working group may define multiple MASQUE services for proxying to suit these disparate use-cases. In particular, some deployments may want to avoid double-encryption to reduce computational costs if the inner connection as well as the outer QUIC tunnel connection use encryption, while others might prefer to keep the double-encryption of user data to sure strong privacy guarantees. Such options will need to produce documentation of the resulting security and privacy properties.
    > 
    > Alongside the definition of the MASQUE framework, the group will further work on discovery mechanisms for MASQUE servers and which MASQUE services they support, taking into account deployment across network segments with different operability and end-user relationship characteristics.
    > 
    > Proxy services that extend the signaling of the base MASQUE protocol can be adopted by the group by creating a new milestone with AD review.
    > 
    > If MASQUE requires any extensions to existing protocols, the group will coordinate closely with the respective group responsible for maintaining that protocol, such as the HTTPBIS, QUIC, or TLS working groups.
    > 
    > Milestones
    > 
    > July 2021 MASQUE framework and base protocol to be submitted to the IESG for publication as PS
    > Nov 2021 Discovery mechanism for MASQUE servers to be submitted to the IESG for publication as PS
    > Nov 2021 [Example WG Item] Use Case specific extension to the MASQUE protocol be submitted to the IESG for publication as EXP or PS
    > 
    > 
    > 
    > 
    > --
    > Masque mailing list
    > Masque@ietf.org
    > https://www.ietf.org/mailman/listinfo/masque

v2.23.0 | Report a Bug | By Email