IETF Logo Mail Archive

Re: [Masque] Feedback requested on paper draft that mentions MASQUE

David Schinazi <dschinazi.ietf@gmail.com> Wed, 22 July 2020 17:11 UTC

Return-Path: <dschinazi.ietf@gmail.com>
X-Original-To: masque@ietfa.amsl.com
Delivered-To: masque@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 595093A0B6B for <masque@ietfa.amsl.com>; Wed, 22 Jul 2020 10:11:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2POEbXtsFidd for <masque@ietfa.amsl.com>; Wed, 22 Jul 2020 10:11:46 -0700 (PDT)
Received: from mail-lj1-x22e.google.com (mail-lj1-x22e.google.com [IPv6:2a00:1450:4864:20::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 250EC3A0B65 for <masque@ietf.org>; Wed, 22 Jul 2020 10:11:46 -0700 (PDT)
Received: by mail-lj1-x22e.google.com with SMTP id r19so3259908ljn.12 for <masque@ietf.org>; Wed, 22 Jul 2020 10:11:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=EmZfzVmY8vPyCRclOYTExY8p9/RD7dndRaJ38EdYWig=; b=inegwvMlzmyNr00CjZy6S+7GDZax0yLumueMMzjPhxULKeUYpW3sKQO2YwTXWBYGDC Da74th5Cjz8Z8OyJKL+G8L4k9EzThqKf0YfLXqlwGEIvUKaHBH6MkkTX334Fc+h0apmL OKJIF4xyGyKIitBjmvjqyNrlvDi07T2RAg0z2heT76ol8IfysUx7B5b2S3NZwEZt6H83 aDygGmrH1lJ5waJXWdLOkNA/tSu+h9VXbggnwnopcrMn7F5aZT8RpyiYg1VRnc3o2Rr/ vPnGK8D09aeYVjoDIfZR1Xml5VP52ubyUS60Bg5at9+zcfx9MbKa24J1x7roCRSGNJJI XbQQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=EmZfzVmY8vPyCRclOYTExY8p9/RD7dndRaJ38EdYWig=; b=OJLv3BcAXAqaiPmmFjgpK36R/rlFKbgkkPk3fuUUjLnQ5PR/kKdOXvDPDXIPkv4892 R6yxflS/tcEG5w2kp7EhPQucBnc11i7a3LDB8f5jYsAxLYut9pKTjTebWM814FLCPNMY txzpWS0D3Z6luI2vt93Gtk5I39DJhtT9lM5BKRc42cL9eIkAX+qo/hMg4RjdVxn0OhES C0lPU8KAyXJhu3HDjMXA+F8M/a8934l1WfYyJ/+SMfQ1CevgKxGNv4JPexVUW3HVeRaz EJXuUV2SkEHTVpXZqBbAtn9yq8gRj+yTcI+kRLcoGjVQPVgmgP/WxHIviOhyJJcnAsps yaPA==
X-Gm-Message-State: AOAM533hbFb2hhi2aH5zjp1QrKAXLgZRH39Icmkndwzr0My0qSGmu7p2 E9cCRQkpxxqUsBlRt4twGO4jzW9cXH4kCRXTTzM=
X-Google-Smtp-Source: ABdhPJwJrVrSqdNFIIhiulPKDlynGXhkowSmaNY6pcwMyNrnEazxlAxpKbfhPzE8IBYAbKxX3RQqcZDXqbjQL4M5hKE=
X-Received: by 2002:a2e:858e:: with SMTP id b14mr91934lji.301.1595437904067; Wed, 22 Jul 2020 10:11:44 -0700 (PDT)
MIME-Version: 1.0
References: <20200722053656.4a4qj7j6sedsxu6l@bamsoftware.com>
In-Reply-To: <20200722053656.4a4qj7j6sedsxu6l@bamsoftware.com>
From: David Schinazi <dschinazi.ietf@gmail.com>
Date: Wed, 22 Jul 2020 10:11:32 -0700
Message-ID: <CAPDSy+6zYs0aGTJy8u5SBH4nqwy5NhAfXFgf=YFRoDNpL5OZ1w@mail.gmail.com>
To: David Fifield <david@bamsoftware.com>
Cc: MASQUE <masque@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000088821705ab0ad5ae"
Archived-At: <https://mailarchive.ietf.org/arch/msg/masque/S2jJ69_o6e9fXLcNDNtm2SkbQd8>
Subject: Re: [Masque] Feedback requested on paper draft that mentions MASQUE
X-BeenThere: masque@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Multiplexed Application Substrate over QUIC Encryption <masque.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/masque>, <mailto:masque-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/masque/>
List-Post: <mailto:masque@ietf.org>
List-Help: <mailto:masque-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/masque>, <mailto:masque-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Jul 2020 17:11:48 -0000

Hi David,

Thanks for sharing your paper! I enjoyed it.

Overall I agree that adding a session layer on top of pluggable
transports makes sense, as it allows moving the internal
sessions across different proxies or pluggable transports
without disrupting connectivity.

Regarding your description of MASQUE, it reflects my original
vision for MASQUE, but that has changed a little bit in the
last year of IETF discussions, so I would add some tweaks:

- Obfuscation is no longer the main goal of MASQUE, though
it is a requirement, so I'd rephrase the first sentence to
something along the lines of:
<<   MASQUE is a proposal to colocate proxy servers with
        existing web servers, over HTTP/2 (TLS/TCP) or HTTP/3
        (QUIC/UDP); it allows proxying capability to be
        indistinguishable from regular Web Traffic.>>

- I would link to the charter of the MASQUE working group at
https://datatracker.ietf.org/wg/masque/about/ instead of
draft-schinazi-masque-obfuscation.

- When you say "MASQUE is not really an example of the
Turbo Tunnel idea", I think you're right, though I'll point out
that you could use multiple layers of MASQUE to accomplish
that. In other words, you could run MASQUE as both your
pluggable transport and as your Turbo Tunnel session layer.
We mentioned this briefly in the "Onion Routing" section:
https://tools.ietf.org/html/draft-schinazi-masque-obfuscation-02#section-2.3
So I would perhaps rephrase the rest of the paragraph to
mention that:
  - as a pluggable transport, MASQUE only has the option
    of looking like Web traffic
  - MASQUE could also be used as a Turbo Tunnel session
    layer inside another pluggable transport

I'm happy to chat about this more, I'm sure it'll take more
work to actually get MASQUE to a point where it could be
useful for you, but making sure it meets that use-case is
important to me.

Cheers,
David

On Tue, Jul 21, 2020 at 10:37 PM David Fifield <david@bamsoftware.com>
wrote:

> I'm writing a paper for the upcoming Free and Open Communications on the
> Internet (FOCI) workshop. The topic is somewhat related to MASQUE, in
> that I advocate for the use of QUIC or a similar session/reliability in
> the interior of circumvention protocols. It's not quite the same as
> MASQUE, because I'm not suggesting to use QUIC as the outermost layer
> exposed to the censor, but as an inner layer providing greater
> flexibility in program design.
>
> This is the current draft. The final revision is due 28 July.
> https://www.bamsoftware.com/papers/turbotunnel/turbotunnel-20200721.pdf
>
> My primary concern is to ensure that I am representing MASQUE fairly and
> accurately. Of course I welcome comments in general.
>
>         MASQUE is a proposal to colocate covert proxy servers with
>         existing web servers, over HTTP/2 (TLS/TCP) or HTTP/3
>         (QUIC/UDP). Despite the use of QUIC, MASQUE is not really an
>         example of the Turbo Tunnel idea. The key difference is that
>         MASQUE puts QUIC on the outside of the protocol stack, not the
>         inside, and makes QUIC itself act as the obfuscation layer, with
>         the goal of blending in with normal web traffic. Alternatively,
>         MASQUE could be regarded as an optimization in which the same
>         protocol (QUIC) works across three layers: session/reliability,
>         obfuscation, and network transport (refer to Figure 1). The
>         observation is that not only is QUIC a convenient session
>         protocol, it also makes a good cover protocol, because of its
>         encrypted-by-default nature and its increasing use on the
>         Internet. Collapsing three layers into one avoids the overhead
>         of encapsulating QUIC packets into some other protocol. The
>         efficiency comes at the loss of some flexibility: the
>         obfuscation of MASQUE is not ``pluggable''; the only option for
>         obfuscation is as web traffic.
>
> There's some additional discussion on MASQUE here:
> https://github.com/net4people/bbs/issues/9
>
> Thanks for your work on MASQUE.
>
> --
> Masque mailing list
> Masque@ietf.org
> https://www.ietf.org/mailman/listinfo/masque
>

v2.23.0 | Report a Bug | By Email