IETF Logo Mail Archive

Re: [Masque] Updated proposed charter text

Eric Rescorla <ekr@rtfm.com> Thu, 02 April 2020 17:33 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: masque@ietfa.amsl.com
Delivered-To: masque@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9993B3A0BF4 for <masque@ietfa.amsl.com>; Thu, 2 Apr 2020 10:33:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 49-_dLHV2a8d for <masque@ietfa.amsl.com>; Thu, 2 Apr 2020 10:33:03 -0700 (PDT)
Received: from mail-lf1-x131.google.com (mail-lf1-x131.google.com [IPv6:2a00:1450:4864:20::131]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 969013A0BF3 for <masque@ietf.org>; Thu, 2 Apr 2020 10:33:02 -0700 (PDT)
Received: by mail-lf1-x131.google.com with SMTP id t11so3447088lfe.4 for <masque@ietf.org>; Thu, 02 Apr 2020 10:33:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=d4N3ph33N/sbHpy+emu7I24gahmMQRM4JZZLHSFH7H4=; b=u6Gxq2mHFs+TU/cKEMRNnBeBcPBLLLpzk3+k4atl4HweuUF0+TWwu6dL36u0aq/apj oDYr2lgFN+sW8nRDz5RkWuBRKkF7phDv63+z5eba7rIYvxbszqKnCGmLudXBVjLjcA6P 8SFO2k0PUzUc1t9wPiKnGFQ/qYH+8QS7fXN0XD6ZPxK2i/ii7Jq4yWDcj0WPw2CcjCjY B+DuZV93ljX4JzIGn9u1bMAljlnWI2mBIr1F9JrQq9YteIz15IUQELZcs6EqLfJbIIiu jbjOcAhDvtO/T470oaWAud+JGGNsQqJ6uk7UVby0X+HTpGdGIJKIRc8IKe7iU9zIYQa8 i6aQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=d4N3ph33N/sbHpy+emu7I24gahmMQRM4JZZLHSFH7H4=; b=Sj3u+25r88acZgR8bALLOOiSw/AT1X4DO/u4b+8gVy5xzJ/VH2+GhZIvPywgn8E1qz sXPhhKqhFmuB2MxYXy6K1medPxErymJ/J7lWGL6+bf2W7SzInKt3xIy12b1eSpUO+0Y2 JEzmha1G8E1J9m/AKqbYpB3sW3sNibAU/9meTgv5Ys1UbYBR5vuTgQN5OlCtdOXhTzSr FiBpEpUk96vdIiR5uiS9/xy+1NYUTYa6z3Ard6nesPTBgUxEKwhEz9G+v4LzOh7+JgVM jitts4aQ1SKOn2lGOWBCOpV8X7p9vI7kWyiwJTEzNIOxC3Viiutf91wa/i3vUt4vpVq4 JRzg==
X-Gm-Message-State: AGi0PuZTtJax6OHinhhCj305DldbXXif4/7cO3W0uWsP1JtcVH5J2Rs4 5iTc+XJBvVhcsGWuHYSB4vxYsnTw9IId/3yHnDWNPA==
X-Google-Smtp-Source: APiQypJzbx9EHmJEYwXcYsM6suVmg4cjiWxJ0Wyvlvyb0cxRaSYF0nMt3AERSwgNqOa3QkiBsDR9aGmsfNKA6SAscR0=
X-Received: by 2002:a05:6512:21b:: with SMTP id a27mr2851905lfo.55.1585848780848; Thu, 02 Apr 2020 10:33:00 -0700 (PDT)
MIME-Version: 1.0
References: <89136f8b-70bd-40a0-b6d1-0e8a62a50ece@www.fastmail.com> <CAKKJt-dJqTYJPj0u7mZvaJKoiRX7oXeQCSyQV9xN_zkzHY-LXQ@mail.gmail.com> <48dcc4c3-0039-4de4-9028-c2059b34140c@www.fastmail.com> <CABcZeBPiT+gWCV0QZyoUNzyAgQ_5MHgi+uk7aaAQ-t0te3f5tw@mail.gmail.com> <CAKKJt-fWC_6Cy-tB=chKUaECC1wXsbzArxK27E1AuvnaUUS9Qw@mail.gmail.com>
In-Reply-To: <CAKKJt-fWC_6Cy-tB=chKUaECC1wXsbzArxK27E1AuvnaUUS9Qw@mail.gmail.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Thu, 02 Apr 2020 10:32:24 -0700
Message-ID: <CABcZeBPinqwJeAuirgvo8Xav6+L757SrjwnkemK-OyPCCDiJ7g@mail.gmail.com>
To: Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com>
Cc: Christopher Wood <caw@heapingbits.net>, MASQUE <masque@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000040104905a2523143"
Archived-At: <https://mailarchive.ietf.org/arch/msg/masque/UVNHT4rI6WIvKfJHvgPPYcr_4N8>
Subject: Re: [Masque] Updated proposed charter text
X-BeenThere: masque@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Multiplexed Application Substrate over QUIC Encryption <masque.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/masque>, <mailto:masque-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/masque/>
List-Post: <mailto:masque@ietf.org>
List-Help: <mailto:masque-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/masque>, <mailto:masque-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Apr 2020 17:33:06 -0000

On Thu, Apr 2, 2020 at 8:34 AM Spencer Dawkins at IETF <
spencerdawkins.ietf@gmail.com> wrote:

> Replying to Chris via Ekr's reply to me :-)
>
> On Thu, Apr 2, 2020 at 9:09 AM Eric Rescorla <ekr@rtfm.com> wrote:
>
>> I don't think the diversity of naming here is that useful as a guide to
>> the diversity of the use cases. For instance, 2817, which defines CONNECT
>> uses the term both "proxy" and "tunnel" in the same sentence.
>>
>> "A CONNECT method requests that a proxy establish a tunnel connection on
>> its behalf."
>>
>> And yet TURN, which provides a similar service, calls itself "Traversal
>> Using Relays around NAT".
>>
>> As a practical matter, the TCP and UDP use cases focus on establishing an
>> association with the server in which packets are forwarded to and from a
>> given destination and the IP use case seems to focus on forwarding IP
>> datagrams from the client to and from arbitrary destinations (this last
>> might use some fleshing out, I suppose).
>>
>
> This is the kind of thing I was also thinking about - not that we weren't
> using the right terms, but that we were vague enough that people during the
> BOF were guessing at what MASQUE would be most like (
> https://en.wikipedia.org/wiki/Blind_men_and_an_elephant). So, yes,
> fleshing out what we expect to happen, and not to happen, makes sense to
> me.
>
> Just to start where Ekr started, do people think we're forwarding to
> arbitrary destinations, or only to destinations that were explicitly set up?
>

I think it depends on the protocol.

- For TCP you can only really forward to destinations that were explicitly
set up
- For UDP you could in principle forward to arbitrary destinations but the
return path is problematic (you need the server to be a stateful NAT) so
explicitly set up seems better
- For IP I understand that what people want is arbitrary destinations in
both directions, which is the source of the additional complexity

-Ekr


> Best,
>
> Spencer
>
>
>> -Ekr
>>
>>
>>
>>
>>
>> On Thu, Apr 2, 2020 at 7:03 AM Christopher Wood <caw@heapingbits.net>
>> wrote:
>>
>>> On Tue, Mar 31, 2020, at 4:34 PM, Spencer Dawkins at IETF wrote:
>>> > Hi, Christopher,
>>> >
>>> > Thanks for getting this update out so quickly.
>>> >
>>> > I have thoughts, but wanted to start with the first couple of
>>> paragraphs.
>>> >
>>> > On Tue, Mar 31, 2020 at 11:43 AM Christopher Wood <caw@heapingbits.net>
>>> wrote:
>>> > > Based on last week's meeting, it seems folks are generally
>>> enthusiastic about some form of MASQUE moving forward. To help scope that
>>> particular form, here's an update to the proposed charter.
>>> > >
>>> > >  ~~~
>>> > >  Many network topologies lead to situations where transport protocol
>>> proxying is beneficial. For example, proxying enables endpoints to
>>> communicate when end-to-end connectivity is not possible and can apply
>>> additional encryption where desirable (such as a VPN). Proxying can also
>>> improve client privacy, e.g., by hiding a client's IP address from a target
>>> server.
>>> > >
>>> > >  Proxying technologies such as SOCKS and HTTP(S) CONNECT exist,
>>> albeit with their own shortcomings. For example, SOCKS signalling is not
>>> encrypted and HTTP CONNECT is currently limited to TCP. In contrast, HTTP/3
>>> is a viable candidate protocol for proxying arbitrary traffic, as it
>>> provides secure connectivity, multiplexed streams, and migration for a
>>> single connection while taking advantage of a unified congestion
>>> controller. HTTP/3 datagrams provide for unreliable data transmission,
>>> which enables transporting UDP and other unreliable flows via a proxy
>>> without introducing potentially redundant or unnecessary recovery
>>> mechanisms. Further, HTTP/3 supports an established request/response
>>> semantic that can set up and configure flows for different services.
>>> >
>>> > If I remember correctly, somewhere between the audio conference and
>>> the
>>> > active jabber conversation, there were people who mentioned
>>> >  * proxies
>>> >  * relays
>>> >  * tunnels
>>> >  * VPNs
>>> >  * NATs, and
>>> >  * now that I look at the second paragraph, maybe even firewalls
>>> > Is it possible to agree on the functionalities that this community of
>>> > interest is thinking of, as part of the charter discussion?
>>> >
>>> > ISTM that if we're talking about "connect for IP", we're closer to a
>>> > tunnel than a proxy, and I don't think that's what most of the MASQUE
>>> > folk were thinking of.
>>> >
>>> > Perhaps this will fall out of the use cases people have been
>>> collecting?
>>>
>>> Yep, I expect that to be the case! While the use cases in the charter
>>> are not meant to be exhaustive, more specificity would probably help frame
>>> the rest of the content.
>>>
>>> Meta question: are you looking for a specific change in the text, and if
>>> so, what might that be?
>>>
>>> Best,
>>> Chris
>>>
>>> --
>>> Masque mailing list
>>> Masque@ietf.org
>>> https://www.ietf.org/mailman/listinfo/masque
>>>
>>

v2.23.0 | Report a Bug | By Email