Re: [Masque] WGLC for "Requirements for a MASQUE Protocol to Proxy IP Traffic"
David Schinazi <dschinazi.ietf@gmail.com> Mon, 07 June 2021 22:41 UTC
Return-Path: <dschinazi.ietf@gmail.com>
X-Original-To: masque@ietfa.amsl.com
Delivered-To: masque@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 12D223A14F8 for <masque@ietfa.amsl.com>; Mon, 7 Jun 2021 15:41:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bnFUshO5gz3Q for <masque@ietfa.amsl.com>; Mon, 7 Jun 2021 15:41:19 -0700 (PDT)
Received: from mail-pf1-x429.google.com (mail-pf1-x429.google.com [IPv6:2607:f8b0:4864:20::429]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 904FC3A14F9 for <masque@ietf.org>; Mon, 7 Jun 2021 15:41:19 -0700 (PDT)
Received: by mail-pf1-x429.google.com with SMTP id k15so14206645pfp.6 for <masque@ietf.org>; Mon, 07 Jun 2021 15:41:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=QlsOOhNopmS6WJPj6wNdTfcagMNUjpNZ/tD4yfjs6Ts=; b=n2jRdhjmO6aLprdYcECFMYN0vdzBoaEsBUUx3ErvBTrPlKLafZInCi7nqI3qZ2FHaZ o6Tnx+EpzozqPchHy5F+gdLC55Gv/6ZcZxaTs6srEGq+2NCesFmg8KgxPRhq4PRF9b58 HlsQzC/A/ebsUbBrDfs/2u5V2YAcFtEOpEZVRnvABiY128ondiXMzA+Vxo49JL+ufY4K lf5U17Susltu4p56T3Q+EU2R4dZFMkjey8eJfE+r5zfPkdmpS3pFNEjEf+NYj6yr7aKq QLoEBeAJPU7WCugOMxSHZPm8xgMK90Ee+etSV3XlXgX/w7AEWPdQiZMHDIIR4dgmlMyq eO+g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=QlsOOhNopmS6WJPj6wNdTfcagMNUjpNZ/tD4yfjs6Ts=; b=NWTMMrYyBz64iCNx20A4EUHK11o/pVM3l1sc3At1wCoEwkrbKx7poyKtS9kkloCYH3 7m9OhsYZJ5Fnxehf5kJL66g1eq3KpKlW7fuUOMmqhiaVtXy6gGMYZb2S0vKrpNyvy0GK 3xBzbF1qb2kkyjqPqbf9rPNSD3QAjFNiReFvaOCucZeyC9Jkk0Lhsr49WVtoXbJOAIpD BRovd0HMc8DfV6nmkCI2dFG8ypEQ7xKXcOtrB6BH9y39U7z3minZoP1mN+YByA9ETUHT A3I4JPcjvbrCT9XEqavifzA5rX4tMGMOC1tHwQ5uDRp+Qe80ngXumL3mGE/dO4yNHQ+Y vW5w==
X-Gm-Message-State: AOAM532Ehn7VeIUN7kFyK58akxpqeBpPZeu5fAzx2XM1crzLZJTIucCM 73WsAeEDcXZp1PWAnjhqNX9fEVwHt4uJFTfnBoQ=
X-Google-Smtp-Source: ABdhPJwrm6Q9WXfy+KK2xQfwg5rBv7js4jfJ+O3tik/EknEBLhhWbhBs8cL9nw/HtnHdc5Vy/xfnmMTFA29sGwLd08I=
X-Received: by 2002:a05:6a00:1515:b029:2f2:2ab6:1399 with SMTP id q21-20020a056a001515b02902f22ab61399mr1468448pfu.22.1623105677641; Mon, 07 Jun 2021 15:41:17 -0700 (PDT)
MIME-Version: 1.0
References: <d314198b-6c01-4b15-84d8-9896b5fdee80@www.fastmail.com> <HE1PR0702MB3772355483E2771650C6D679953F9@HE1PR0702MB3772.eurprd07.prod.outlook.com> <746F7E16-37BD-49EF-896A-649D394CCB05@ericsson.com> <CAPDSy+6PjZk0Kea6154V3=GF-8bs+0Mr+FtFfi-girGh3uAVrQ@mail.gmail.com> <3deea8212d66731de5c81abae353f3e9322f2d57.camel@ericsson.com> <CAPDSy+68DoVrRiC7uEn1-Ze_5LDn9mt7-f+ZeovTTYAUh=w2Og@mail.gmail.com> <21d8fc788051b570768e53d6d9355ed51b423c0a.camel@ericsson.com> <CAKKJt-d-FzXVdJpUTacb4m7ESyB6nzkk1BQSf8rHtReOvD=5Jw@mail.gmail.com> <CAM4esxSE=misCJX=73h-kF+RQdQLC2WBhwv3nv5QgR8HK17diw@mail.gmail.com> <CAM4esxQatk4-ENdz+2jCbpRtr8hT0nLWbVLbb64RMJwvBf2qDA@mail.gmail.com> <CAHbWFkQ6YAhqgbbsAPC-i2Rv-_LRZ4R3NKTk4of200GUt38A_g@mail.gmail.com> <91475be5-dee4-435e-a65b-1cde43ffff0e@www.fastmail.com>
In-Reply-To: <91475be5-dee4-435e-a65b-1cde43ffff0e@www.fastmail.com>
From: David Schinazi <dschinazi.ietf@gmail.com>
Date: Mon, 07 Jun 2021 15:41:05 -0700
Message-ID: <CAPDSy+4w_SCR5G5LFrpefsNPpu=od1JH0JGcP86nAsEmAvJTig@mail.gmail.com>
To: Christopher Wood <caw@heapingbits.net>
Cc: Alex Chernyakhovsky <achernya@google.com>, Martin Duke <martin.h.duke@gmail.com>, Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com>, Magnus Westerlund <magnus.westerlund=40ericsson.com@dmarc.ietf.org>, Mirja Kuehlewind <mirja.kuehlewind@ericsson.com>, MASQUE <masque@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000005949d105c434bd90"
Archived-At: <https://mailarchive.ietf.org/arch/msg/masque/SUSTnDLFVP_Oe0u5XExm4Wh3Lk8>
Subject: Re: [Masque] WGLC for "Requirements for a MASQUE Protocol to Proxy IP Traffic"
X-BeenThere: masque@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Multiplexed Application Substrate over QUIC Encryption <masque.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/masque>, <mailto:masque-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/masque/>
List-Post: <mailto:masque@ietf.org>
List-Help: <mailto:masque-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/masque>, <mailto:masque-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Jun 2021 22:41:25 -0000
That makes sense to me. The requirements document states that the network-to-network use-case will be optional to implement, so it won't be a burden. As we make progress on building the actual protocol, we'll find out whether the network-to-network use-case adds delays or not. If it does, then we'll split it off to its own document. Alternatively, I think Magnus has offered a great suggestion in his latest message: a separate architecture document. This way we can keep the protocol document shorter and tackle the policy/address-validation/trust/addressing questions in the architecture document. Either way, it does sound like we have a good path forward to wrap up the requirements document. David On Mon, Jun 7, 2021 at 1:07 PM Christopher Wood <caw@heapingbits.net> wrote: > As Martin points out, the solution for the network-to-network use case in > Section 2.4 can be split out into a separate document should we run into > timeline issues down the road. > > To that end, we'd like to reiterate that the purpose of this WGLC is to > determine if we can we move forward with this understanding and consensus > on this document in its current state, plus or minus maybe some editorial > cleanup. If not, what specific requirements in the document are > problematic, and why? > > Thanks, > Chris and Eric > > On Mon, Jun 7, 2021, at 12:54 PM, Alex Chernyakhovsky wrote: > > Hi Martin, > > > > Thanks for weighing in, and I agree with your interpretation that there > > is no tension between these two points. > > > > I agree that should we run into timeline issues with the implementation > > drafts, it is possible to split out the section 2.4 implementation into > > its own document. We should cross that bridge if/when we get there. > > > > Sincerely, > > -Alex > > > > On Mon, Jun 7, 2021 at 3:39 PM Martin Duke <martin.h.duke@gmail.com> > wrote: > > > To clarify what I meant, I'm suggesting the the future IP proxy > document can split out the network-network use case specification if that > proves to be problematic. > > > > > > I am not saying we should have two requirements documents. > > > > > > On Mon, Jun 7, 2021 at 12:25 PM Martin Duke <martin.h.duke@gmail.com> > wrote: > > >> I'd like to step in here as AD and make sure we are not talking past > each other here. IIUC: > > >> > > >> (1) Magnus and Mirja do not want to implement 2.4. > > >> (2) The authors want to make sure the design is extensible to support > 2.4, but are OK with some endpoints not supporting it. > > >> > > >> It does not appear that there is tension between these points. > However, I understand that Magnus is concerned that 2.4 will hold up the > core proxy-ip draft unnecessarily. > > >> > > >> As AD, if we come to that point, I see no requirement in the charter > that this be one or two documents; if the option is holding everything up, > it can go to the IESG while 2.4 has further refinement in the WG. I don't > see that we have to make this decision now. > > >> > > >> Regarding the document at hand, the existing Sec 2 offers the > possibility that all of the use cases are optional. It does not preclude > the path that appears to have consensus. > > >> > > >> Is that consistent with others' understanding? > > >> > > >> Martin > > >> > > >> On Mon, Jun 7, 2021 at 5:06 AM Spencer Dawkins at IETF < > spencerdawkins.ietf@gmail.com> wrote: > > >>> > > >>> > > >>> On Mon, Jun 7, 2021, 03:15 Magnus Westerlund <magnus.westerlund= > 40ericsson.com@dmarc.ietf.org> wrote: > > >>>> Hi David and WG, > > >>>> > > >>>> Let me attempt to clarify a bit why I have made the comments I have > made. I think they do stem from interepreting the network to network use > cases as a very general technology and from the perspective of deploying > this with clients which the server has limited trust in. I realize that you > are likely comming from another perspective that you only intended to use > this in cases where you have fairly high mutual trust in the client and the > server. I think that is actually the major difference here and why you > below think I am making a circular arguments. I think it all stem from lack > of discussion of this use cases and what operational limitations we > intended to have on the protocol. > > >>> > > >>> I don't know if this would have helped, but I do wish we could tell > (explicitly, in the requirements draft) which requirements arose from > various use cases. > > >>> > > >>> I'm pretty sure that most participants think they know that > (likely), but also think that other participants have the same > understanding (perhaps less likely). I think that's what Magnus is saying > here, if I'm reading the thread correctly. > > >>> > > >>> Do The Right Thing, of course. > > >>> > > >>> Best, > > >>> > > >>> Spencer > > >>> > > >>>> So if the goal here is to have high mutual trust between client and > server then I think a protocol solution may be able to be defined with such > an applicability statement and less mandate on necessary protocol > mechanisms to protect against malicous peers. I think that is in stark > contrast against some of the other use cases where the trust in the client > could be rather minimal. Like the client and server relationship is only > this is a paying customer that gets a VPN access and the server has no idea > what type of client or implementation that are the peer. This basic use > cases will deploy with an addressing architecture that makes it much less > vulnerable to malicous intent on the routing level. > > >>>> > > >>>> So, can we please discuss what assumption we have on the client and > server trust? > > >>>> > > >>>> I also think your attempt to sweep the addressing schemes to be > used by the servers under the rug and not disucss them have hurt the > understanding. I at least have been guessing on possible deployment > scenarios rather than that we have openly discussed them in the WG. Yes, > they maybe not need to be detailed in the protocol solution or an > arhcitecture document, however they would have made sense to have some > addressing deployment scenarios in this requirement documents use case > section to make clear what would have been intended. Because they do > influence what is needed for the solution. > > >>>> > > >>>> Cheers > > >>>> > > >>>> Magnus > > >>>> -- > > >>>> Masque mailing list > > >>>> Masque@ietf.org > > >>>> https://www.ietf.org/mailman/listinfo/masque > > >>> -- > > >>> Masque mailing list > > >>> Masque@ietf.org > > >>> https://www.ietf.org/mailman/listinfo/masque > > > -- > > > Masque mailing list > > > Masque@ietf.org > > > https://www.ietf.org/mailman/listinfo/masque >
- [Masque] WGLC for "Requirements for a MASQUE Prot… Christopher Wood
- Re: [Masque] WGLC for "Requirements for a MASQUE … Magnus Westerlund
- Re: [Masque] WGLC for "Requirements for a MASQUE … Mirja Kuehlewind
- Re: [Masque] WGLC for "Requirements for a MASQUE … David Schinazi
- Re: [Masque] WGLC for "Requirements for a MASQUE … Eric Rescorla
- Re: [Masque] WGLC for "Requirements for a MASQUE … Töma Gavrichenkov
- Re: [Masque] WGLC for "Requirements for a MASQUE … Jana Iyengar
- Re: [Masque] WGLC for "Requirements for a MASQUE … Martin Thomson
- Re: [Masque] WGLC for "Requirements for a MASQUE … Mirja Kuehlewind
- Re: [Masque] WGLC for "Requirements for a MASQUE … Mirja Kuehlewind
- Re: [Masque] WGLC for "Requirements for a MASQUE … Töma Gavrichenkov
- Re: [Masque] WGLC for "Requirements for a MASQUE … Alex Chernyakhovsky
- Re: [Masque] WGLC for "Requirements for a MASQUE … Magnus Westerlund
- Re: [Masque] WGLC for "Requirements for a MASQUE … Magnus Westerlund
- Re: [Masque] WGLC for "Requirements for a MASQUE … David Schinazi
- Re: [Masque] WGLC for "Requirements for a MASQUE … Magnus Westerlund
- Re: [Masque] WGLC for "Requirements for a MASQUE … Magnus Westerlund
- Re: [Masque] WGLC for "Requirements for a MASQUE … Christopher Wood
- Re: [Masque] WGLC for "Requirements for a MASQUE … David Schinazi
- Re: [Masque] WGLC for "Requirements for a MASQUE … Eric Rescorla
- Re: [Masque] WGLC for "Requirements for a MASQUE … Alex Chernyakhovsky
- Re: [Masque] WGLC for "Requirements for a MASQUE … Magnus Westerlund
- Re: [Masque] WGLC for "Requirements for a MASQUE … Spencer Dawkins at IETF
- Re: [Masque] WGLC for "Requirements for a MASQUE … Martin Duke
- Re: [Masque] WGLC for "Requirements for a MASQUE … Martin Duke
- Re: [Masque] WGLC for "Requirements for a MASQUE … Alex Chernyakhovsky
- Re: [Masque] WGLC for "Requirements for a MASQUE … Christopher Wood
- Re: [Masque] WGLC for "Requirements for a MASQUE … David Schinazi
- Re: [Masque] WGLC for "Requirements for a MASQUE … Spencer Dawkins at IETF
- Re: [Masque] WGLC for "Requirements for a MASQUE … Mark Nottingham
- Re: [Masque] WGLC for "Requirements for a MASQUE … Magnus Westerlund
- Re: [Masque] WGLC for "Requirements for a MASQUE … David Schinazi
- Re: [Masque] WGLC for "Requirements for a MASQUE … Spencer Dawkins at IETF
- Re: [Masque] WGLC for "Requirements for a MASQUE … Chris Box
- Re: [Masque] WGLC for "Requirements for a MASQUE … David Schinazi
- Re: [Masque] WGLC for "Requirements for a MASQUE … Chris Box
- Re: [Masque] WGLC for "Requirements for a MASQUE … Spencer Dawkins at IETF
- Re: [Masque] WGLC for "Requirements for a MASQUE … David Schinazi
- Re: [Masque] WGLC for "Requirements for a MASQUE … Spencer Dawkins at IETF
- Re: [Masque] WGLC for "Requirements for a MASQUE … Magnus Westerlund
- Re: [Masque] WGLC for "Requirements for a MASQUE … David Schinazi
- Re: [Masque] WGLC for "Requirements for a MASQUE … Magnus Westerlund
- Re: [Masque] WGLC for "Requirements for a MASQUE … Alex Chernyakhovsky
- Re: [Masque] WGLC for "Requirements for a MASQUE … Magnus Westerlund
- Re: [Masque] WGLC for "Requirements for a MASQUE … Eric Kinnear