Re: [Masque] Design team PR for QUIC-aware forwarding
Martin Thomson <mt@lowentropy.net> Fri, 26 January 2024 06:07 UTC
Return-Path: <mt@lowentropy.net>
X-Original-To: masque@ietfa.amsl.com
Delivered-To: masque@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1E457C14F714 for <masque@ietfa.amsl.com>; Thu, 25 Jan 2024 22:07:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.105
X-Spam-Level:
X-Spam-Status: No, score=-7.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b="qO1CsC1F"; dkim=pass (2048-bit key) header.d=messagingengine.com header.b="UELZw7NZ"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oRDRHD24P0Xl for <masque@ietfa.amsl.com>; Thu, 25 Jan 2024 22:07:21 -0800 (PST)
Received: from wout3-smtp.messagingengine.com (wout3-smtp.messagingengine.com [64.147.123.19]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9F846C14F71E for <masque@ietf.org>; Thu, 25 Jan 2024 22:07:21 -0800 (PST)
Received: from compute6.internal (compute6.nyi.internal [10.202.2.47]) by mailout.west.internal (Postfix) with ESMTP id ECC623200B6E; Fri, 26 Jan 2024 01:07:17 -0500 (EST)
Received: from imap41 ([10.202.2.91]) by compute6.internal (MEProxy); Fri, 26 Jan 2024 01:07:18 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=cc:cc:content-type:content-type:date:date:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:subject:subject:to:to; s=fm1; t=1706249237; x= 1706335637; bh=fnzb6YYoyCJxq8bDg14rMMlBD4Fk5cM15cG/SUH51vI=; b=q O1CsC1Fs+O4HvNiemZDBAdWpkOHwWlIE9MVm4+u9xclQ5xyHQj0l6/7BF560dsaE TVE8q9OhJfZjn5hGuoUspmjQ/mYiYf5IUljuHos10bHLZibmh/wVWyj7hFMeugWY cTej42fxEDrmOSNhppTRk4Nt00vQnqchOei79AfRiCs3248Vkt0L2bwlf8JZXkqi 7jqEGi+/t1wlaiuuoBMwvRhBLaP8969j5ZM3sEQ9ZHTaakn2VGrbZATnfoYmz8EB DB0uNjDENUHcKxyTcuxb4CjIikUwBLol4fnsdT2IN/Ia2fhiDsVbdAus0cdh4IHl jO4NmuGmkD2V6t+PLt09Q==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:subject:subject:to :to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm3; t=1706249237; x=1706335637; bh=fnzb6YYoyCJxq8bDg14rMMlBD4Fk 5cM15cG/SUH51vI=; b=UELZw7NZqDQmswpG+DUknjmJ56/Vvy/eUOvP8JyqYkpI stYcVwgN5x1K2I/jMSYC5qw1ipHzpqfAMtkv9AwwCS76yXzNBEQaSmJTeA3VWvGG XRjZvqhWNUYXQGzLk37bwI8E+3pkLiGcL9/YaTUsSwVWKXsJ36H8JvNf3cfzQ+y9 ihgweDDBMtxk9R+fQzFfQJ8sfqVhn3vZuDCzX+pK3GMy/jPnsQ54RsABu2cJbouB 47UsRIDs6L+/e7Mab+SWkvn0H+b/fM3lF16HgJnp8NG5cgYB5TPxPXF0e8mZNT8o sot7Mq0lHwmwxGDRe/B7mptvfNdy90F8yx4gLd6wFw==
X-ME-Sender: <xms:FUyzZWmLL_VtWPOTqKcxWfBxRcfea1LdJ6mhB8ya9AhMkx1rIOGUXQ> <xme:FUyzZd3NQPesAOgp5QA3BUk6rz_wXCeuHyicUziJEw8jx_H0TqIQ6MSjuVj2crsmx CLjU2aArHMyGEykWU4>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvkedrvdeliedgkeelucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepofgfggfkjghffffhvfevufgtsehttdertderredtnecuhfhrohhmpedfofgr rhhtihhnucfvhhhomhhsohhnfdcuoehmtheslhhofigvnhhtrhhophihrdhnvghtqeenuc ggtffrrghtthgvrhhnpeduleeufedthfegieeiieekkeejvdejgfevudffgeefvdffleev feekudeiieekleenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfh hrohhmpehmtheslhhofigvnhhtrhhophihrdhnvght
X-ME-Proxy: <xmx:FUyzZUqNqORvGgMomz8S_xsCtpiOe6ASEIhzZo2UzVBgdGXGuUDs1Q> <xmx:FUyzZakQ0Hs7gLc29CphGRMPtbi-l6uOqYUPnaqbLmizcexK4QBpEQ> <xmx:FUyzZU2ynswZg0T2Jqnw4AFqelsxHtPdkG31ModRsmxhXXkZrHSQgw> <xmx:FUyzZR8o76p0lFLQfUeV9z-T8rvsUB9Lzlmk62o7x7lMSQvHzLF7Cg>
Feedback-ID: ic129442d:Fastmail
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 117602340080; Fri, 26 Jan 2024 01:07:17 -0500 (EST)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.11.0-alpha0-119-ga8b98d1bd8-fm-20240108.001-ga8b98d1b
MIME-Version: 1.0
Message-Id: <19d2cb4e-656b-4fff-a1f0-aa2a7f062637@betaapp.fastmail.com>
In-Reply-To: <efdba7a5-ef09-4ab4-8414-03b0a1758c96@huitema.net>
References: <62F6E4BF-7BF5-4829-B17B-F496C5ED934C@apple.com> <CAPDSy+6tV70pHAiKAjS=TXaFyoBT5EUABbvLkiwA4NJ4fEXRVQ@mail.gmail.com> <e92645ae-6015-4945-acbc-7d48927c3903@betaapp.fastmail.com> <efdba7a5-ef09-4ab4-8414-03b0a1758c96@huitema.net>
Date: Fri, 26 Jan 2024 17:06:56 +1100
From: Martin Thomson <mt@lowentropy.net>
To: Christian Huitema <huitema@huitema.net>, David Schinazi <dschinazi.ietf@gmail.com>, Tommy Pauly <tpauly=40apple.com@dmarc.ietf.org>
Cc: MASQUE <masque@ietf.org>
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/masque/VyukT-6TJmJk-CBb_qCJruVqFGY>
Subject: Re: [Masque] Design team PR for QUIC-aware forwarding
X-BeenThere: masque@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Multiplexed Application Substrate over QUIC Encryption <masque.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/masque>, <mailto:masque-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/masque/>
List-Post: <mailto:masque@ietf.org>
List-Help: <mailto:masque-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/masque>, <mailto:masque-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 26 Jan 2024 06:07:27 -0000
On Fri, Jan 26, 2024, at 14:53, Christian Huitema wrote: > Dumb question, because I suspect I am reading it wrong. Reading the PR, > you propose using ECB to reencrypt packets between client and server. > How can you use ECB and no padding if the payloadlength is not a > multiple of 16? All except the 16 bytes after the connection are encrypted with CTR mode, using an IV taken from those 16 bytes. The 16 bytes are then encrypted using ECB. Does that help?
- [Masque] Design team PR for QUIC-aware forwarding Tommy Pauly
- Re: [Masque] Design team PR for QUIC-aware forwar… Martin Thomson
- Re: [Masque] Design team PR for QUIC-aware forwar… David Schinazi
- Re: [Masque] Design team PR for QUIC-aware forwar… Christian Huitema
- Re: [Masque] Design team PR for QUIC-aware forwar… Martin Thomson
- Re: [Masque] Design team PR for QUIC-aware forwar… Christian Huitema
- Re: [Masque] Design team PR for QUIC-aware forwar… Antoine FRESSANCOURT
- Re: [Masque] Design team PR for QUIC-aware forwar… Ben Schwartz