Re: [Masque] Feedback requested on paper draft that mentions MASQUE
David Fifield <david@bamsoftware.com> Tue, 28 July 2020 00:15 UTC
Return-Path: <david@bamsoftware.com>
X-Original-To: masque@ietfa.amsl.com
Delivered-To: masque@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 938DC3A07D6 for <masque@ietfa.amsl.com>; Mon, 27 Jul 2020 17:15:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=bamsoftware.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0AWFK2R7zPKT for <masque@ietfa.amsl.com>; Mon, 27 Jul 2020 17:15:06 -0700 (PDT)
Received: from melchior.bamsoftware.com (melchior.bamsoftware.com [IPv6:2600:3c00:e000:128:de39:20ee:9704:752d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D421F3A07CA for <masque@ietf.org>; Mon, 27 Jul 2020 17:15:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=bamsoftware.com; s=mail; h=In-Reply-To:Content-Transfer-Encoding: Content-Type:MIME-Version:References:Message-ID:Subject:To:From:Date:Sender: Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help: List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=O/1J8Ar3ec1a7RM+fTePmTtfru2TXZNvD5rD5cv5pYI=; b=H8Ebwdvh9WK9c0kXThdCrCgfyG ALcBRaYdgaTDV43heH3Sy9HujUDKGKyyvj4Lvy8iEmoUMqhs58QGOsxSJMaa7U5kTbVuuwoWPoEV4 mA5TiShQJ/78c0Geu++g4xi57l7LKRsidDKI5DTi4aX8imUEg6KP7Zbkykm8/tdfs3ls=;
Date: Mon, 27 Jul 2020 18:15:02 -0600
From: David Fifield <david@bamsoftware.com>
To: masque@ietf.org
Message-ID: <20200728001502.otnd5ycgyj5vmaqq@bamsoftware.com>
References: <20200722053656.4a4qj7j6sedsxu6l@bamsoftware.com> <CAPDSy+6zYs0aGTJy8u5SBH4nqwy5NhAfXFgf=YFRoDNpL5OZ1w@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <CAPDSy+6zYs0aGTJy8u5SBH4nqwy5NhAfXFgf=YFRoDNpL5OZ1w@mail.gmail.com>
User-Agent: NeoMutt/20180716
Archived-At: <https://mailarchive.ietf.org/arch/msg/masque/SNy3044tEVXX0Cn3dZdyu2dbtaI>
Subject: Re: [Masque] Feedback requested on paper draft that mentions MASQUE
X-BeenThere: masque@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Multiplexed Application Substrate over QUIC Encryption <masque.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/masque>, <mailto:masque-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/masque/>
List-Post: <mailto:masque@ietf.org>
List-Help: <mailto:masque-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/masque>, <mailto:masque-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Jul 2020 00:15:09 -0000
On Wed, Jul 22, 2020 at 10:11:32AM -0700, David Schinazi wrote: > Regarding your description of MASQUE, it reflects my original > vision for MASQUE, but that has changed a little bit in the > last year of IETF discussions, so I would add some tweaks: > > - Obfuscation is no longer the main goal of MASQUE, though > it is a requirement, so I'd rephrase the first sentence to > something along the lines of: > << MASQUE is a proposal to colocate proxy servers with > existing web servers, over HTTP/2 (TLS/TCP) or HTTP/3 > (QUIC/UDP); it allows proxying capability to be > indistinguishable from regular Web Traffic.>> Thanks for this explanation. It helped me understand how MASQUE has developed. That, and the IETF 107 slides helped. https://www.ietf.org/proceedings/107/slides/slides-107-masque-masque-master-slide-deck-02 > - I would link to the charter of the MASQUE working group at > https://datatracker.ietf.org/wg/masque/about/ instead of > draft-schinazi-masque-obfuscation. Okay. > - When you say "MASQUE is not really an example of the > Turbo Tunnel idea", I think you're right, though I'll point out > that you could use multiple layers of MASQUE to accomplish > that. In other words, you could run MASQUE as both your > pluggable transport and as your Turbo Tunnel session layer. Yes -- I'm glad you picked up on this. QUIC works both as a covert obfuscation protocol and as a session protocol, and there's nothing incoherent about QUIC-in-QUIC, with the outer QUIC being a disposable pure transport mechanism and the inner layer holding the actual session state. It's really no different than KCP-in-TCP, say: replace KCP (session protocol) with QUIC, and replace TCP (transport protocol) with QUIC. I was reluctant to mention the QUIC-in-QUIC idea only because, in my experience trying to explain the Turbo Tunnel idea, the biggest point of confusion is that as soon as you mention QUIC, people's minds turn to UDP and they think you are proposing a UDP-based pluggable transport. It's a bit of work to communicate the idea that if QUIC is used for its session properties, the QUIC packets are not sent as UDP datagrams but are encoded into some other obfuscation protocol, which may not be UDP-based at all. The fact that QUIC actually works in both places doesn't help the explanation :) > So I would perhaps rephrase the rest of the paragraph to > mention that: > - as a pluggable transport, MASQUE only has the option > of looking like Web traffic > - MASQUE could also be used as a Turbo Tunnel session > layer inside another pluggable transport Here is how I have revised the paragraph: MASQUE~\cite{masque-wg} is a proposal to colocate proxy servers with web servers, over HTTP/2 (TLS/TCP) or HTTP/3 (QUIC/UDP), such that proxy traffic looks like ordinary web traffic. Despite the use of QUIC, MASQUE is not really an example of the Turbo Tunnel idea---the key difference is that it puts QUIC on the outside of the protocol stack, not the inside. To put it in terms of this paper, in MASQUE, QUIC is the obfuscation layer (chosen to look like web traffic), not the session/reliability layer. However, thanks to the fact that QUIC works well both as a session protocol and as an obfuscation protocol, MASQUE could be adapted into a Turbo Tunnel design in two ways. First, one could run some other session protocol through the MASQUE tunnel, treating MASQUE as just another obfsucated proxy protocol. Alternatively, one could encapsulate MASQUE's QUIC packets into some other obfuscation layer (obfs4, say, or even another instance of MASQUE) and use MASQUE as an inner session layer.
- [Masque] Feedback requested on paper draft that m… David Fifield
- Re: [Masque] Feedback requested on paper draft th… David Schinazi
- Re: [Masque] Feedback requested on paper draft th… David Fifield
- Re: [Masque] Feedback requested on paper draft th… David Schinazi