Re: [Masque] Updated proposed charter text
Eric Rescorla <ekr@rtfm.com> Thu, 02 April 2020 17:33 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: masque@ietfa.amsl.com
Delivered-To: masque@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9993B3A0BF4 for <masque@ietfa.amsl.com>; Thu, 2 Apr 2020 10:33:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 49-_dLHV2a8d for <masque@ietfa.amsl.com>; Thu, 2 Apr 2020 10:33:03 -0700 (PDT)
Received: from mail-lf1-x131.google.com (mail-lf1-x131.google.com [IPv6:2a00:1450:4864:20::131]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 969013A0BF3 for <masque@ietf.org>; Thu, 2 Apr 2020 10:33:02 -0700 (PDT)
Received: by mail-lf1-x131.google.com with SMTP id t11so3447088lfe.4 for <masque@ietf.org>; Thu, 02 Apr 2020 10:33:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=d4N3ph33N/sbHpy+emu7I24gahmMQRM4JZZLHSFH7H4=; b=u6Gxq2mHFs+TU/cKEMRNnBeBcPBLLLpzk3+k4atl4HweuUF0+TWwu6dL36u0aq/apj oDYr2lgFN+sW8nRDz5RkWuBRKkF7phDv63+z5eba7rIYvxbszqKnCGmLudXBVjLjcA6P 8SFO2k0PUzUc1t9wPiKnGFQ/qYH+8QS7fXN0XD6ZPxK2i/ii7Jq4yWDcj0WPw2CcjCjY B+DuZV93ljX4JzIGn9u1bMAljlnWI2mBIr1F9JrQq9YteIz15IUQELZcs6EqLfJbIIiu jbjOcAhDvtO/T470oaWAud+JGGNsQqJ6uk7UVby0X+HTpGdGIJKIRc8IKe7iU9zIYQa8 i6aQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=d4N3ph33N/sbHpy+emu7I24gahmMQRM4JZZLHSFH7H4=; b=Sj3u+25r88acZgR8bALLOOiSw/AT1X4DO/u4b+8gVy5xzJ/VH2+GhZIvPywgn8E1qz sXPhhKqhFmuB2MxYXy6K1medPxErymJ/J7lWGL6+bf2W7SzInKt3xIy12b1eSpUO+0Y2 JEzmha1G8E1J9m/AKqbYpB3sW3sNibAU/9meTgv5Ys1UbYBR5vuTgQN5OlCtdOXhTzSr FiBpEpUk96vdIiR5uiS9/xy+1NYUTYa6z3Ard6nesPTBgUxEKwhEz9G+v4LzOh7+JgVM jitts4aQ1SKOn2lGOWBCOpV8X7p9vI7kWyiwJTEzNIOxC3Viiutf91wa/i3vUt4vpVq4 JRzg==
X-Gm-Message-State: AGi0PuZTtJax6OHinhhCj305DldbXXif4/7cO3W0uWsP1JtcVH5J2Rs4 5iTc+XJBvVhcsGWuHYSB4vxYsnTw9IId/3yHnDWNPA==
X-Google-Smtp-Source: APiQypJzbx9EHmJEYwXcYsM6suVmg4cjiWxJ0Wyvlvyb0cxRaSYF0nMt3AERSwgNqOa3QkiBsDR9aGmsfNKA6SAscR0=
X-Received: by 2002:a05:6512:21b:: with SMTP id a27mr2851905lfo.55.1585848780848; Thu, 02 Apr 2020 10:33:00 -0700 (PDT)
MIME-Version: 1.0
References: <89136f8b-70bd-40a0-b6d1-0e8a62a50ece@www.fastmail.com> <CAKKJt-dJqTYJPj0u7mZvaJKoiRX7oXeQCSyQV9xN_zkzHY-LXQ@mail.gmail.com> <48dcc4c3-0039-4de4-9028-c2059b34140c@www.fastmail.com> <CABcZeBPiT+gWCV0QZyoUNzyAgQ_5MHgi+uk7aaAQ-t0te3f5tw@mail.gmail.com> <CAKKJt-fWC_6Cy-tB=chKUaECC1wXsbzArxK27E1AuvnaUUS9Qw@mail.gmail.com>
In-Reply-To: <CAKKJt-fWC_6Cy-tB=chKUaECC1wXsbzArxK27E1AuvnaUUS9Qw@mail.gmail.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Thu, 02 Apr 2020 10:32:24 -0700
Message-ID: <CABcZeBPinqwJeAuirgvo8Xav6+L757SrjwnkemK-OyPCCDiJ7g@mail.gmail.com>
To: Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com>
Cc: Christopher Wood <caw@heapingbits.net>, MASQUE <masque@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000040104905a2523143"
Archived-At: <https://mailarchive.ietf.org/arch/msg/masque/UVNHT4rI6WIvKfJHvgPPYcr_4N8>
Subject: Re: [Masque] Updated proposed charter text
X-BeenThere: masque@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Multiplexed Application Substrate over QUIC Encryption <masque.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/masque>, <mailto:masque-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/masque/>
List-Post: <mailto:masque@ietf.org>
List-Help: <mailto:masque-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/masque>, <mailto:masque-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Apr 2020 17:33:06 -0000
On Thu, Apr 2, 2020 at 8:34 AM Spencer Dawkins at IETF < spencerdawkins.ietf@gmail.com> wrote: > Replying to Chris via Ekr's reply to me :-) > > On Thu, Apr 2, 2020 at 9:09 AM Eric Rescorla <ekr@rtfm.com> wrote: > >> I don't think the diversity of naming here is that useful as a guide to >> the diversity of the use cases. For instance, 2817, which defines CONNECT >> uses the term both "proxy" and "tunnel" in the same sentence. >> >> "A CONNECT method requests that a proxy establish a tunnel connection on >> its behalf." >> >> And yet TURN, which provides a similar service, calls itself "Traversal >> Using Relays around NAT". >> >> As a practical matter, the TCP and UDP use cases focus on establishing an >> association with the server in which packets are forwarded to and from a >> given destination and the IP use case seems to focus on forwarding IP >> datagrams from the client to and from arbitrary destinations (this last >> might use some fleshing out, I suppose). >> > > This is the kind of thing I was also thinking about - not that we weren't > using the right terms, but that we were vague enough that people during the > BOF were guessing at what MASQUE would be most like ( > https://en.wikipedia.org/wiki/Blind_men_and_an_elephant). So, yes, > fleshing out what we expect to happen, and not to happen, makes sense to > me. > > Just to start where Ekr started, do people think we're forwarding to > arbitrary destinations, or only to destinations that were explicitly set up? > I think it depends on the protocol. - For TCP you can only really forward to destinations that were explicitly set up - For UDP you could in principle forward to arbitrary destinations but the return path is problematic (you need the server to be a stateful NAT) so explicitly set up seems better - For IP I understand that what people want is arbitrary destinations in both directions, which is the source of the additional complexity -Ekr > Best, > > Spencer > > >> -Ekr >> >> >> >> >> >> On Thu, Apr 2, 2020 at 7:03 AM Christopher Wood <caw@heapingbits.net> >> wrote: >> >>> On Tue, Mar 31, 2020, at 4:34 PM, Spencer Dawkins at IETF wrote: >>> > Hi, Christopher, >>> > >>> > Thanks for getting this update out so quickly. >>> > >>> > I have thoughts, but wanted to start with the first couple of >>> paragraphs. >>> > >>> > On Tue, Mar 31, 2020 at 11:43 AM Christopher Wood <caw@heapingbits.net> >>> wrote: >>> > > Based on last week's meeting, it seems folks are generally >>> enthusiastic about some form of MASQUE moving forward. To help scope that >>> particular form, here's an update to the proposed charter. >>> > > >>> > > ~~~ >>> > > Many network topologies lead to situations where transport protocol >>> proxying is beneficial. For example, proxying enables endpoints to >>> communicate when end-to-end connectivity is not possible and can apply >>> additional encryption where desirable (such as a VPN). Proxying can also >>> improve client privacy, e.g., by hiding a client's IP address from a target >>> server. >>> > > >>> > > Proxying technologies such as SOCKS and HTTP(S) CONNECT exist, >>> albeit with their own shortcomings. For example, SOCKS signalling is not >>> encrypted and HTTP CONNECT is currently limited to TCP. In contrast, HTTP/3 >>> is a viable candidate protocol for proxying arbitrary traffic, as it >>> provides secure connectivity, multiplexed streams, and migration for a >>> single connection while taking advantage of a unified congestion >>> controller. HTTP/3 datagrams provide for unreliable data transmission, >>> which enables transporting UDP and other unreliable flows via a proxy >>> without introducing potentially redundant or unnecessary recovery >>> mechanisms. Further, HTTP/3 supports an established request/response >>> semantic that can set up and configure flows for different services. >>> > >>> > If I remember correctly, somewhere between the audio conference and >>> the >>> > active jabber conversation, there were people who mentioned >>> > * proxies >>> > * relays >>> > * tunnels >>> > * VPNs >>> > * NATs, and >>> > * now that I look at the second paragraph, maybe even firewalls >>> > Is it possible to agree on the functionalities that this community of >>> > interest is thinking of, as part of the charter discussion? >>> > >>> > ISTM that if we're talking about "connect for IP", we're closer to a >>> > tunnel than a proxy, and I don't think that's what most of the MASQUE >>> > folk were thinking of. >>> > >>> > Perhaps this will fall out of the use cases people have been >>> collecting? >>> >>> Yep, I expect that to be the case! While the use cases in the charter >>> are not meant to be exhaustive, more specificity would probably help frame >>> the rest of the content. >>> >>> Meta question: are you looking for a specific change in the text, and if >>> so, what might that be? >>> >>> Best, >>> Chris >>> >>> -- >>> Masque mailing list >>> Masque@ietf.org >>> https://www.ietf.org/mailman/listinfo/masque >>> >>
- [Masque] Updated proposed charter text Christopher Wood
- Re: [Masque] Updated proposed charter text Spencer Dawkins at IETF
- Re: [Masque] Updated proposed charter text Mark Nottingham
- Re: [Masque] Updated proposed charter text Christopher Wood
- Re: [Masque] Updated proposed charter text Christopher Wood
- Re: [Masque] Updated proposed charter text Eric Rescorla
- Re: [Masque] Updated proposed charter text Spencer Dawkins at IETF
- Re: [Masque] Updated proposed charter text Eric Rescorla
- Re: [Masque] Updated proposed charter text Alex Chernyakhovsky
- Re: [Masque] Updated proposed charter text Eric Rescorla
- Re: [Masque] Updated proposed charter text Marcus Ihlar
- Re: [Masque] Updated proposed charter text Alex Chernyakhovsky
- Re: [Masque] Updated proposed charter text Martin Thomson
- Re: [Masque] Updated proposed charter text Christopher Wood
- Re: [Masque] Updated proposed charter text Mirja Kuehlewind
- Re: [Masque] Updated proposed charter text Eric Rescorla
- Re: [Masque] Updated proposed charter text Lucas Pardue
- Re: [Masque] Updated proposed charter text Ted Hardie
- Re: [Masque] Updated proposed charter text Mirja Kuehlewind
- Re: [Masque] Updated proposed charter text Eric Rescorla
- Re: [Masque] Updated proposed charter text Lucas Pardue
- Re: [Masque] Updated proposed charter text Mirja Kuehlewind
- Re: [Masque] Updated proposed charter text Martin Duke