IETF Logo Mail Archive

Re: [Masque] Design team PR for QUIC-aware forwarding

Martin Thomson <mt@lowentropy.net> Fri, 26 January 2024 03:10 UTC

Return-Path: <mt@lowentropy.net>
X-Original-To: masque@ietfa.amsl.com
Delivered-To: masque@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6FD12C14F5FE for <masque@ietfa.amsl.com>; Thu, 25 Jan 2024 19:10:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.105
X-Spam-Level:
X-Spam-Status: No, score=-7.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b="D7LhCFzn"; dkim=pass (2048-bit key) header.d=messagingengine.com header.b="MNAKqIhR"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LpBtYNhrfAV7 for <masque@ietfa.amsl.com>; Thu, 25 Jan 2024 19:10:15 -0800 (PST)
Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com [66.111.4.25]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7CA63C14F5FB for <masque@ietf.org>; Thu, 25 Jan 2024 19:10:15 -0800 (PST)
Received: from compute6.internal (compute6.nyi.internal [10.202.2.47]) by mailout.nyi.internal (Postfix) with ESMTP id DC2CB5C00B6; Thu, 25 Jan 2024 22:10:14 -0500 (EST)
Received: from imap41 ([10.202.2.91]) by compute6.internal (MEProxy); Thu, 25 Jan 2024 22:10:14 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=cc:cc:content-transfer-encoding:content-type:content-type :date:date:from:from:in-reply-to:in-reply-to:message-id :mime-version:references:reply-to:subject:subject:to:to; s=fm1; t=1706238614; x=1706325014; bh=ZTc4y6EFZ2uRIsq1X4qdtWlTObFSPcm2 x1n3cT+pqVQ=; b=D7LhCFznuHsmQPiYivmrvuc6/3DFBRcnXVWAAvNyUDd4SSfs Dj3ePDNHj49uairuln42XXB7p9w2eKXZrwkcrnpdcKvwIPi9yNUcHz3P5UKdjZN2 r7UUyn3XzM0rOOb5aBBUm3yVJLkgdWh5vPvUSC7CXO5o/zLmfr+7BJQ1qQwOhG9V RqIY/V3P+CXkE61Abz/0T/pTyOkiQb8Q/AiJpA/fQQgFjFaWc29nvqhMfZbnnjTd pytVooCoTrBChdDYlrSiMweFzePLnMxBPEypJO/lzJcV2ZJ2snsKYCIArB6Y+And rZA9IKhsg6ks1ZRkFh02hslc415v9HS9a354OQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:content-type:date:date:feedback-id:feedback-id :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm3; t=1706238614; x= 1706325014; bh=ZTc4y6EFZ2uRIsq1X4qdtWlTObFSPcm2x1n3cT+pqVQ=; b=M NAKqIhRN764iOrcD93Gl1ALKctno20Bt+dXkTa8WiYJAshpqTIMl26fBNjshYjEt ZrtXXSmCKacgLNyskGSKbVHf8PkuCIABRvuN5++FAOfMuuk0D2MR9EZXzC5QnR/O TTA6wS6JGLYLWWy9u67yy9ZP/rl7KtxOJDPuKRbfApn3zwKRlZLvLOJCjU4ixGjt wzu1pkBnC7EHFDLMj3QynYOr2mTEFWOPSqILWAPaeu4D5j5VpP1ze81TYSQikMAG U6mgHfGJYdA0G97oKcp0a766q0q5VcP7lfgOQqfNoga/4FNc8XWFsQgkWWCHoRbD +5NGcxYAmwjyb++ShGtIQ==
X-ME-Sender: <xms:liKzZarTXSxAoTi29WoiNRthVGuO6-H_aclEce9ccnJgfes99aVbRA> <xme:liKzZYr3ywSGaVrvqBoAh7Oe24fsSV-s59DXFQDsAb9V0MTDXn6_-9OXn-1mNbsBa -1wjDekhRTpzWbwq0w>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvkedrvdeliedgheefucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucgoufhushhpvggtthffohhmrghinhculdegledmne cujfgurhepofgfggfkjghffffhvfevufgtgfesthhqredtreerjeenucfhrhhomhepfdfo rghrthhinhcuvfhhohhmshhonhdfuceomhhtsehlohifvghnthhrohhphidrnhgvtheqne cuggftrfgrthhtvghrnhepudejleffkeekleejffejveeljeettdekjefhjeevgeeijefg lefhleekheetgeeinecuffhomhgrihhnpehivghtfhdrohhrghdpghhithhhuhgsrdhioh dpghhithhhuhgsrdgtohhmnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehm rghilhhfrhhomhepmhhtsehlohifvghnthhrohhphidrnhgvth
X-ME-Proxy: <xmx:liKzZfO51iGXsRSiZ4PbS5TVOt8JE3zJCzsK54q6j7VnaEU77HDlAQ> <xmx:liKzZZ7qZL6fj97xwaqRHw3-fIfdZ1wtlsH-2Vl3MCgnNnhsNArFYw> <xmx:liKzZZ6drUWnJnIpW6JoQNgLgk9i6a8FBcogvOlp-6QRSvxPckvr3Q> <xmx:liKzZWgCmK8sorR66XkD5LOaM1Q8bRvCVSalfmCMCAZHkhVbN_mGMQ>
Feedback-ID: ic129442d:Fastmail
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 9B77C2340080; Thu, 25 Jan 2024 22:10:14 -0500 (EST)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.11.0-alpha0-119-ga8b98d1bd8-fm-20240108.001-ga8b98d1b
MIME-Version: 1.0
Message-Id: <e92645ae-6015-4945-acbc-7d48927c3903@betaapp.fastmail.com>
In-Reply-To: <CAPDSy+6tV70pHAiKAjS=TXaFyoBT5EUABbvLkiwA4NJ4fEXRVQ@mail.gmail.com>
References: <62F6E4BF-7BF5-4829-B17B-F496C5ED934C@apple.com> <CAPDSy+6tV70pHAiKAjS=TXaFyoBT5EUABbvLkiwA4NJ4fEXRVQ@mail.gmail.com>
Date: Fri, 26 Jan 2024 14:09:32 +1100
From: Martin Thomson <mt@lowentropy.net>
To: David Schinazi <dschinazi.ietf@gmail.com>, Tommy Pauly <tpauly=40apple.com@dmarc.ietf.org>
Cc: MASQUE <masque@ietf.org>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/masque/ReCMMJlBHSSEfErrBy7c-5Gq3LE>
Subject: Re: [Masque] Design team PR for QUIC-aware forwarding
X-BeenThere: masque@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Multiplexed Application Substrate over QUIC Encryption <masque.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/masque>, <mailto:masque-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/masque/>
List-Post: <mailto:masque@ietf.org>
List-Help: <mailto:masque-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/masque>, <mailto:masque-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 26 Jan 2024 03:10:20 -0000

So you don't scramble the first byte and you don't pad.

You know... there is a way to achieve both with minimal additional complexity and no additional overhead aside from any added padding:

If you encrypt the first byte, you can also use 0x80 to signal whether padding is present.  Then you can use a zero pad sequence terminated by a non-zero byte at either end of the packet (suggestion: the end).

On Fri, Jan 26, 2024, at 12:13, David Schinazi wrote:
> Thanks Tommy!
>
> In case it's helpful to others, here's a rendered diff between this 
> branch and main:
> https://author-tools.ietf.org/diff?url_1=https://ietf-wg-masque.github.io/draft-ietf-masque-quic-proxy/draft-ietf-masque-quic-proxy.txt&url_2=https://ietf-wg-masque.github.io/draft-ietf-masque-quic-proxy/design-team/draft-ietf-masque-quic-proxy.txt
>
> David
>
> On Thu, Jan 25, 2024 at 2:23 PM Tommy Pauly 
> <tpauly=40apple.com@dmarc.ietf.org> wrote:
>> Hi MASQUErs,
>> 
>> On behalf of the design team for draft-ietf-masque-quic-proxy that was tasked on adding a proposal to add encryption on the forwarding path, I’d like to share the pull request to the document that represents the proposal of the team. This is largely what was presented at the last IETF meeting, adding support for negotiating protocol transforms, and defining the “scramble” transform.
>> 
>> Here is the PR against the base document: https://github.com/ietf-wg-masque/draft-ietf-masque-quic-proxy/pull/99
>> Here is the rendered version: https://ietf-wg-masque.github.io/draft-ietf-masque-quic-proxy/design-team/draft-ietf-masque-quic-proxy.html
>> 
>> Please take a look and feel free to add comments to the PR or the mailing list!
>> 
>> Thanks,
>> Tommy (& David, Ben, Eric, Mirja, Antoine, & Tiru)
>> -- 
>> Masque mailing list
>> Masque@ietf.org
>> https://www.ietf.org/mailman/listinfo/masque
> -- 
> Masque mailing list
> Masque@ietf.org
> https://www.ietf.org/mailman/listinfo/masque

v2.23.0 | Report a Bug | By Email