Re: [Masque] Unified CONNECT-IP document
Ben Schwartz <bemasc@google.com> Thu, 21 October 2021 20:45 UTC
Return-Path: <bemasc@google.com>
X-Original-To: masque@ietfa.amsl.com
Delivered-To: masque@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3D3293A0B66 for <masque@ietfa.amsl.com>; Thu, 21 Oct 2021 13:45:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -18.097
X-Spam-Level:
X-Spam-Status: No, score=-18.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.499, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xMyP3Rc6ud7F for <masque@ietfa.amsl.com>; Thu, 21 Oct 2021 13:45:00 -0700 (PDT)
Received: from mail-ua1-x92d.google.com (mail-ua1-x92d.google.com [IPv6:2607:f8b0:4864:20::92d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7519E3A0CAD for <masque@ietf.org>; Thu, 21 Oct 2021 13:44:59 -0700 (PDT)
Received: by mail-ua1-x92d.google.com with SMTP id q13so3751289uaq.2 for <masque@ietf.org>; Thu, 21 Oct 2021 13:44:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=C/Pg/HvJNAkYuQ88h9+4q25IwiMgkux68J7dvsWGKKY=; b=cB4t2AnGBQYWgbQJIc80DvjbrYqAo+QchNjfLXeEAc8yUyRoqzcetKvWnOcwy1LsGY x9oR2/hVk9BW5Sn5WNQY6JLVfD1RrDQGLd2Lb5oHvZXDUSzK9c62XK3h2wCeyJiNYD/L 5rfOlGXkfjKkpdh7u32h7jfZs6B26/RL1fHA7Y5kZdZzGVfOJBZF+Vrdd+I63vNxpjwV E3zKOtQZVTS/L9ygVPe62SxGGAMNaWGkLOd/kokAGhi8jSh6upFVtoaBwyM3WqDkLHqC iJvjqrhYPI8hIuIsI2A5g01tdBXW9Row8Vhr/4WKSA3uId7YdcdVzfDc1LEAO1rzqMN9 /PAw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=C/Pg/HvJNAkYuQ88h9+4q25IwiMgkux68J7dvsWGKKY=; b=bTK+7qXqTaXjEdDnBsH4L2E8sCOFRsEOT8w4K5Pr8S3zAoAO8shzVHkxJ7XJPoBaKB ev+lDkTotT9bJfHw5ovdjgdi2eYL7tjUMTKsIg/YlDWQKt3vlDtYxliwh1LeoV65+m/l QoUMrQjtF66USISH8n4CCWy2DARqfGxmKf7kh91NW7s9DGaF85G5Ru5qtRq5cTiMuCDQ xG6Qv3fDa3kWYM/Bt6iqfcSJQzuEAi4axKghkcQMVp2UbgXep0rKMF1plS67Ah/oxwtS GLVhDO5x8EjSPc51AcAlVFut6yp8Hk+t/ZVFtIpBPGL9pl0mB63jEIapD3iMbt9xwB5d RXWg==
X-Gm-Message-State: AOAM5309fbeHjoGoXemd/bG6umD2sMBJw3wZWw70S4ur5DI10AWiCGvj lKjB6Wk/I6jfSqBscnGgffQhxZH6f2U/pOhTya5H2A==
X-Google-Smtp-Source: ABdhPJwOUzpDpCqwWgKucUVpLXoAckebidWO4WGm++l6O2HApTQKFZOD1mABxZiFh5CO5+rphyUUMszPemdugrp6PXo=
X-Received: by 2002:a9f:3d85:: with SMTP id c5mr9446150uai.12.1634849096456; Thu, 21 Oct 2021 13:44:56 -0700 (PDT)
MIME-Version: 1.0
References: <163483333684.11698.8923115285341694672@ietfa.amsl.com> <A073E49D-DA79-4C19-AA90-AD4C9484EA08@apple.com> <CAPDSy+6Ny2F5kRiA=cExjWtKVE1KYLKd6K3=gYCpW9_N_uWp2w@mail.gmail.com>
In-Reply-To: <CAPDSy+6Ny2F5kRiA=cExjWtKVE1KYLKd6K3=gYCpW9_N_uWp2w@mail.gmail.com>
From: Ben Schwartz <bemasc@google.com>
Date: Thu, 21 Oct 2021 16:44:45 -0400
Message-ID: <CAHbrMsDkfs-EsQxOa=-1e=YwcPm5CuAbryEBtUz-DKRgL+VHoA@mail.gmail.com>
To: David Schinazi <dschinazi.ietf@gmail.com>
Cc: Tommy Pauly <tpauly@apple.com>, MASQUE <masque@ietf.org>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="000000000000af31fd05cee2f75d"
Archived-At: <https://mailarchive.ietf.org/arch/msg/masque/SSuzSjTlZD1Jm4k2VHPGFk4LGWs>
Subject: Re: [Masque] Unified CONNECT-IP document
X-BeenThere: masque@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Multiplexed Application Substrate over QUIC Encryption <masque.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/masque>, <mailto:masque-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/masque/>
List-Post: <mailto:masque@ietf.org>
List-Help: <mailto:masque-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/masque>, <mailto:masque-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Oct 2021 20:45:12 -0000
I like it!
Some minor notes:
After fighting with URI Templates for the past week or two, I'm less fond
of them than previously. For example, they are specified to be unicode (in
unspecified representation), so any system for processing them needs to
consider unicode issues, even though this is almost always irrelevant. In
DoH, I think they've mostly been more trouble than they're worth: despite
their enormous flexibility, all deployments that I'm aware of have just
tacked "{?dns}" onto the end of the URL.
I would consider specifying fixed query parameters and leaving it at that.
That would also allow a single URL to be used for CONNECT, CONNECT-UDP, and
CONNECT-IP, which seems valuable.
If URI templates are a must, I think we need some tweaks to harmonize
CONNECT-IP and CONNECT-UDP (e.g. "target" vs. "target_host"). A single
template could work for both! You'll also probably want to copy RFC 8484's
prohibition on templating the origin.
> If the target is a hostname, the server is expected to perform DNS
resolution to determine which route(s) to advertise to the client.
This is fascinating, but perhaps underspecified. I think the proxy SHOULD
return route advertisements for _all_ addresses for the target name (in all
families). Then the client can implement racing and failover as
appropriate. (Also, some clients have policies that depend on whether two
hostnames resolve to _overlapping_ RRSets, which requires them to learn all
the addresses.)
> The Start IP Address MUST be strictly lesser than the End IP Address.
I think this is an error. It should be <=.
On Thu, Oct 21, 2021 at 1:52 PM David Schinazi <dschinazi.ietf@gmail.com>
wrote:
> Thank you for all your work editing this document, Tommy.
> I'm personally very happy that we landed on a joint proposal that all of
> the known CONNECT-IP enthusiasts are happy with.
> I'd love to hear the WG's thoughts on this draft.
>
> David
>
> On Thu, Oct 21, 2021 at 9:31 AM Tommy Pauly <tpauly=
> 40apple.com@dmarc.ietf.org> wrote:
>
>> Hello MASQUE WG,
>>
>> I’ve been working with the authors of the various CONNECT-IP protocol
>> proposals (draft-cms-masque-connect-ip, draft-kuehlewind-masque-connect-ip)
>> to write a shared document. We’ve just published the -00 version!
>>
>> https://www.ietf.org/archive/id/draft-age-masque-connect-ip-00.html
>>
>> We believe this represents the core functionality that various use cases
>> need for IP proxying. It allows proxying of full IP packets, and focuses on
>> defining options about assigning, routing, and filtering out the common
>> fields in the IP protocol headers (source and destination addresses, IP
>> version, IP protocol). Work on compressing, handling ICMP, etc, is left to
>> future documents.
>>
>> Please take a look at the document. It would be great to discuss this at
>> IETF 112, and see if the WG thinks this can be adopted as our starting
>> point.
>>
>> Best,
>> Tommy
>>
>> Begin forwarded message:
>>
>> *From: *internet-drafts@ietf.org
>> *Subject: **New Version Notification for
>> draft-age-masque-connect-ip-00.txt*
>> *Date: *October 21, 2021 at 9:22:16 AM PDT
>> *To: *Alex Chernyakhovsky <achernya@google.com>, David Schinazi <
>> dschinazi.ietf@gmail.com>, Magnus Westerlund <
>> magnus.westerlund@ericsson.com>, Mirja Kuehlewind <
>> mirja.kuehlewind@ericsson.com>, Tommy Pauly <tpauly@apple.com>
>>
>>
>> A new version of I-D, draft-age-masque-connect-ip-00.txt
>> has been successfully submitted by Tommy Pauly and posted to the
>> IETF repository.
>>
>> Name: draft-age-masque-connect-ip
>> Revision: 00
>> Title: IP Proxying Support for HTTP
>> Document date: 2021-10-21
>> Group: Individual Submission
>> Pages: 20
>> URL:
>> https://www.ietf.org/archive/id/draft-age-masque-connect-ip-00.txt
>> Status:
>> https://datatracker.ietf.org/doc/draft-age-masque-connect-ip/
>> Html:
>> https://www.ietf.org/archive/id/draft-age-masque-connect-ip-00.html
>> Htmlized:
>> https://datatracker.ietf.org/doc/html/draft-age-masque-connect-ip
>>
>>
>> Abstract:
>> This document describes a method of proxying IP packets over HTTP.
>> This protocol is similar to CONNECT-UDP, but allows transmitting
>> arbitrary IP packets, without being limited to just TCP like CONNECT
>> or UDP like CONNECT-UDP.
>>
>>
>>
>>
>> The IETF Secretariat
>>
>>
>>
>> --
>> Masque mailing list
>> Masque@ietf.org
>> https://www.ietf.org/mailman/listinfo/masque
>>
> --
> Masque mailing list
> Masque@ietf.org
> https://www.ietf.org/mailman/listinfo/masque
>
- [Masque] Unified CONNECT-IP document Tommy Pauly
- Re: [Masque] Unified CONNECT-IP document David Schinazi
- Re: [Masque] Unified CONNECT-IP document Ben Schwartz
- Re: [Masque] Unified CONNECT-IP document David Schinazi
- Re: [Masque] Unified CONNECT-IP document Ben Schwartz
- Re: [Masque] Unified CONNECT-IP document David Schinazi
- Re: [Masque] Unified CONNECT-IP document Tommy Pauly
- Re: [Masque] Unified CONNECT-IP document Tommy Pauly