Re: [Masque] Forwarded Mode infinite loops
Martin Duke <martin.h.duke@gmail.com> Tue, 24 October 2023 16:57 UTC
Return-Path: <martin.h.duke@gmail.com>
X-Original-To: masque@ietfa.amsl.com
Delivered-To: masque@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 70E95C14CE31 for <masque@ietfa.amsl.com>; Tue, 24 Oct 2023 09:57:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.103
X-Spam-Level:
X-Spam-Status: No, score=-2.103 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sstoNGF8745l for <masque@ietfa.amsl.com>; Tue, 24 Oct 2023 09:57:48 -0700 (PDT)
Received: from mail-vs1-xe2e.google.com (mail-vs1-xe2e.google.com [IPv6:2607:f8b0:4864:20::e2e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2742EC14CEFD for <masque@ietf.org>; Tue, 24 Oct 2023 09:57:43 -0700 (PDT)
Received: by mail-vs1-xe2e.google.com with SMTP id ada2fe7eead31-457cb7f53afso1809608137.3 for <masque@ietf.org>; Tue, 24 Oct 2023 09:57:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1698166662; x=1698771462; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=CGyM3NYQ8MyteUII8dL8uH2kJrn1G663secrQzLHX8o=; b=J4At4JbX4lE34vNbWl//w9N25FVosxAEOvBSxCrfhA9gT02NnhzGJO80USEhNcMFG7 WJ/b1dsddGNoomstNYAknJzeVDGPJUEFuaUHbYV2g9TcSPtf/o8dBlsgxdJB906ks1qU hsIXchHDgzJa87jDUjES5X5D05e2Wxc9d8R1ZSuAUTU1rHVAliAuxoMwi7voNyYcqC3l NcfEvDQy0ikOF09EWka2JlHjBIohRqKGWnSXvt/gRj/E5RZk077hdbLggjxtLXuwCYJa LGdoG+j0Qi8NNKMN7ypcVIlCFnQHrCGbCtiU3nZpqt6zpBTXQY6UCxHrhEpqRu8sD2Ty P5vQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1698166662; x=1698771462; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=CGyM3NYQ8MyteUII8dL8uH2kJrn1G663secrQzLHX8o=; b=wBhObBTy4IfqnIEnkmmAKSzZXvEjKXE3aD2E5Z2jUDj1/VEEdu+BaExSIFIZgj1M3a STAm4bOc9NlFqyuvLnjmT7WehV8wo3m52kDOQQsnF/UT19UtEAhi9H/vEFjScw1VyIFj aaCxPqXxeMLXyuGQeoJtJS0dz09X8RREEGRgPXyiFTBDm+lppwXNRRIKFMGZzwAM83RG ICPwZajT9hfqiUYbiey1j+3UiaG1DJ34OFW5nFp+wItXaRJF1jHOb6TPFURcJjPFLm2v mGl/fPN6pQzqS2jiangr4V+D//1sppWReI4SZF6Ls3EMH9plv1Y3QwJd4kH644O0GAQF D4OA==
X-Gm-Message-State: AOJu0YyJwhDhX0bYQ9xXNXT+QZG5kRW6S6s0KrPnj0/tvi1vLbabwBgV iOq5fgi/vFKMDDtb/FtkqwGBl2UJo4B+pMg7az0=
X-Google-Smtp-Source: AGHT+IGfMCb0arZZFzB/5u74nvN4p1SE1R2cjRaLG727h2U/TE7mnOX0zkTiHs3UrMBhhp/2wQ3Nb8ADOOQgKME0JY4=
X-Received: by 2002:a67:c09e:0:b0:457:d97a:4553 with SMTP id x30-20020a67c09e000000b00457d97a4553mr12195061vsi.25.1698166661476; Tue, 24 Oct 2023 09:57:41 -0700 (PDT)
MIME-Version: 1.0
References: <CAM4esxRzTu=njLp7Uk=4AvObxD5j0FG1fQHKtoyDGFWF7q1jdg@mail.gmail.com> <BN8PR15MB3281FF073C549E3A39DD087BB3DBA@BN8PR15MB3281.namprd15.prod.outlook.com> <CAM4esxRKTNdGBpiO5_s33UikPnSG54K1dNKYua6_ca3f4jE2=A@mail.gmail.com> <BN8PR15MB32817A645AB33154DE9ACFFEB3DBA@BN8PR15MB3281.namprd15.prod.outlook.com> <CAM4esxSMEtExuW0WewKCjz3Xc+_pe7czdx_gRcqe7uqZJ8B8Rw@mail.gmail.com> <CAM4esxQf6T7G8TWLcKsF0=cEyvndN2HHK+D4s8EvOF+Z=gXbMQ@mail.gmail.com> <CAM4esxTwkE1wHwFuLDLx8h5qzRtWTFhfQgWgteWPSoTeEuQQuA@mail.gmail.com> <CAPDSy+7cPETw-CEd910AodgV3ADJuFsfDRi3FAxyY=pYVRoc-Q@mail.gmail.com> <CAM4esxShEYAgZ-LhVSPtdaajiAhRx99tj0ef-t+AmJGBiHMOOA@mail.gmail.com> <34F58C3B-7677-4974-8AB9-CDF011EABA1B@apple.com> <CAKcm_gNUriekTx7WdmD4yjrRABecvXLvyqr+wPdfOLYaS1RRww@mail.gmail.com>
In-Reply-To: <CAKcm_gNUriekTx7WdmD4yjrRABecvXLvyqr+wPdfOLYaS1RRww@mail.gmail.com>
From: Martin Duke <martin.h.duke@gmail.com>
Date: Tue, 24 Oct 2023 09:57:29 -0700
Message-ID: <CAM4esxQamgoBTKVnJ6XCxgKqmYCkyKa0=MuzjMhvMvVDYa0f-Q@mail.gmail.com>
To: Ian Swett <ianswett@google.com>
Cc: Tommy Pauly <tpauly=40apple.com@dmarc.ietf.org>, David Schinazi <dschinazi.ietf@gmail.com>, MASQUE <masque@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000a07b110608793c04"
Archived-At: <https://mailarchive.ietf.org/arch/msg/masque/W9IvU8jC4D4oOoRnQarQOzII6e0>
Subject: Re: [Masque] Forwarded Mode infinite loops
X-BeenThere: masque@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Multiplexed Application Substrate over QUIC Encryption <masque.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/masque>, <mailto:masque-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/masque/>
List-Post: <mailto:masque@ietf.org>
List-Help: <mailto:masque-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/masque>, <mailto:masque-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Oct 2023 16:57:49 -0000
That's a good question! IIUC, CONNECT-IP does decrement the TTL, but CONNECT-UDP does not because it is not preserving the IP header (The CONNECT-IP draft mentions TTL and CONNECT-UDP does not). The quic-proxy draft doesn't say anything about this, so I imagine that rule still applies. On Tue, Oct 24, 2023 at 6:43 AM Ian Swett <ianswett@google.com> wrote: > I assume each hop would decrement the TTL? If so, wouldn't this be a > loop, but not infinite? > > Ian > > On Mon, Oct 23, 2023, 11:01 PM Tommy Pauly <tpauly= > 40apple.com@dmarc.ietf.org> wrote: > >> It was useful for me to draw this out in (unnecessary) detail to show how >> this only needs the ingress IP to be shared, not the egress IP. >> >> To help go through this, let me fill in the example you gave with more >> details about IPs and ports — since the forwarding mappings depend on these >> “sockets”. >> >> Let’s start with a case where the addresses aren’t being shared. >> >> *C *has address 1111::1 >> *P1* has ingress address 2222::2, and egress address 3333::3 >> *P2* has ingress address 4444::4, and egress address 5555::5 >> *P3* has ingress address 6666::6, and egress address 7777::7 >> *T* has ingress address 8888::8 >> >> *C *is set up to receive CID4 on 1111::1 port 10000 from 2222::2 port 443 >> *P1 *is set up to receive CID3 on 3333::3 port 20000 from 4444::4 port >> 443, and forward it as CID4 to 1111::1 port 10000 from 2222::2 port 443 >> *P2 *is set up to receive CID2 on 5555::5 port 30000 from 2222::2 port >> 443, and forward it as CID3 to 3333::3 port 20000 from 4444::4 port 443 >> *P1 *is set up to receive CID1 on 3333::3 port 40000 from 6666::6 port >> 443, and forward it as CID2 to 5555::5 port 30000 from 2222::2 port 443 >> *P3 *is set up to receive CID0 on 7777::7 port 50000 from 8888::8 port >> 443, and forward it as CID1 to 3333::3 port 40000 from 6666::6 port 443 >> *T *sends using CID0 to 7777::7 port 50000 from 8888::8 port 443 >> >> In this case, since there is no address sharing, if the client tells *P2* to >> instead map from (CID2 on 5555::5 port 30000 from 2222::2 port 443) to (CID1 >> to 3333::3 port 20000 from 4444::4 port 443), the connection will break, >> but there will be no loop, since *P1* won’t allow receiving CID1 on that >> socket. >> >> >> Then, let’s explore the case of shared addresses. If we only have P2 and >> P3 share an ingress VIP, and P1 reuses sockets on egress, we have the >> following: >> >> *C *has address 1111::1 >> *P1* has ingress address 2222::2, and egress address 3333::3 >> *P2* has ingress address 4444::4, and egress address 5555::5 >> *P3* has ingress address 4444::4, and egress address 7777::7 >> *T* has ingress address 8888::8 >> >> *C *is set up to receive CID4 on 1111::1 port 10000 from 2222::2 port 443 >> *P1 *is set up to receive CID3 on 3333::3 port 20000 from 4444::4 port >> 443, and forward it as CID4 to 1111::1 port 10000 from 2222::2 port 443 >> *P2 *is set up to receive CID2 on 5555::5 port 30000 from 2222::2 port >> 443, and forward it as CID3 to 3333::3 port 20000 from 4444::4 port 443 >> *P1 *is set up to receive CID1 on 3333::3 port 20000 from 4444::4 port >> 443, and forward it as CID2 to 5555::5 port 30000 from 2222::2 port 443 >> *P3 *is set up to receive CID0 on 7777::7 port 50000 from 8888::8 port >> 443, and forward it as CID1 to 3333::3 port 20000 from 4444::4 port 443 >> *T *sends using CID0 to 7777::7 port 50000 from 8888::8 port 443 >> >> Then, if the client tells *P2* to instead map from (CID2 on 5555::5 port >> 30000 from 2222::2 port 443) to (CID1 to 3333::3 port 20000 from 4444::4 >> port 443), the loop occurs because there are two mappings for receiving on >> *P1 *that differ only in CID. >> >> Tommy >> >> On Oct 23, 2023, at 7:08 PM, Martin Duke <martin.h.duke@gmail.com> wrote: >> >> The reason I put in the point about VIPs is that P1 cannot distinguish >> between a packet from P2 and P3 if they share an ingress VIP >> >> If they're from different IP addresses it's sufficient for P1 to check >> the source IP of packets arriving from the target >> >> Does that answer your question? >> >> >> On Mon, Oct 23, 2023, 18:34 David Schinazi <dschinazi.ietf@gmail.com> >> wrote: >> >>> Hi Martin, >>> >>> I don't understand how the fact that P2 and P3 share a VIP impacts the >>> attack. Thinking about this some more, maybe the issue is that we mean >>> different things when we say VIP? In my mind: >>> >>> * a "VIP" is an (IP address, UDP port) tuple. The V stands for virtual >>> in the >>> sense that two separate servers can both have the same IP due to >>> anycast. >>> >>> * an "ingress VIP" is the VIP that the client sends packets to. In the >>> document >>> this is called a "client-facing socket". >>> >>> * an "egress VIP" is the VIP that the target sends packets to. In the >>> document >>> this is called a "target-facing socket". >>> >>> Ingress VIPs are very common in practice. Many CDNs will use anycast and >>> have an ingress VIP that represents a fleet of frontends. Egress VIPs >>> however, >>> don't make any sense to me, because you'd never want anycast on egress >>> IPs. >>> >>> Could you help reframe the P2/P3 shared VIP point in terms of ingress and >>> egress VIPs please? >>> >>> Thanks, >>> David >>> >>> >>> On Fri, Oct 20, 2023 at 3:00 PM Martin Duke <martin.h.duke@gmail.com> >>> wrote: >>> >>>> As I continue to think about this, I'm not sure that >>>> authentication even solves the problem. The client could authenticate with >>>> each client, sure, but to P1, P2 and P3 are essentially targets. Targets, >>>> obviously will not do anything special just because this is a connection >>>> over MASQUE, so there cannot be a special mechanism for P1 to verify >>>> authenticity of packets from the target, unless it has the target-client >>>> session keys. >>>> >>>> On Fri, Oct 20, 2023 at 12:14 PM Martin Duke <martin.h.duke@gmail.com> >>>> wrote: >>>> >>>>> I should add that another way to thwart this attack is to require the >>>>> proxy to open a new target-facing socket for every client request. Then the >>>>> packet incoming to P1 would be disambiguated by the destination IP/port. >>>>> Not opening a new socket is currently allowed in the spec, which IIUC is a >>>>> change from CONNECT-UDP. >>>>> >>>>> So the proxy vulnerability occurs if >>>>> (1) P2/P3 share a VIP, >>>>> (2) P1 is not load balanced, so that the attacker can directly target >>>>> it, and >>>>> (3) P1 is not opening unique target-facing sockets for each request, >>>>> even though the target IP/port are the same. >>>>> >>>>> On Fri, Oct 20, 2023 at 11:56 AM Martin Duke <martin.h.duke@gmail.com> >>>>> wrote: >>>>> >>>>>> Forwarded packets from the client SHOULD count. The draft is silent >>>>>> about forwarded packets from the target. >>>>>> >>>>>> But fair enough, the client needs to do just enough to keep it alive. >>>>>> >>>>>> On Fri, Oct 20, 2023 at 11:15 AM Ben Schwartz <bemasc@meta.com> >>>>>> wrote: >>>>>> >>>>>>> I'm not sure the client can actually "go away". If the HTTP >>>>>>> connection ends, the forwarding sessions will also end, so this can be >>>>>>> addressed by setting a QUIC max_idle_timeout. >>>>>>> >>>>>>> This assumes that forwarded packets don't count toward the idle >>>>>>> timeout, which they shouldn't. We might need to say that in the draft. >>>>>>> >>>>>>> --Ben >>>>>>> ------------------------------ >>>>>>> *From:* Masque <masque-bounces@ietf.org> on behalf of Martin Duke < >>>>>>> martin.h.duke@gmail.com> >>>>>>> *Sent:* Friday, October 20, 2023 1:47 PM >>>>>>> *To:* Ben Schwartz <bemasc@meta.com> >>>>>>> *Cc:* MASQUE <masque@ietf.org> >>>>>>> *Subject:* Re: [Masque] Forwarded Mode infinite loops >>>>>>> >>>>>>> Ben, Replies inline. On Fri, Oct 20, 2023 at 9: 53 AM Ben Schwartz >>>>>>> <bemasc@ meta. com> wrote: Loops! This is a fun attack. It seems >>>>>>> like there are probably lots of loopy configurations if you have access to >>>>>>> two or more proxies. Most of the >>>>>>> Ben, >>>>>>> >>>>>>> Replies inline. >>>>>>> >>>>>>> On Fri, Oct 20, 2023 at 9:53 AM Ben Schwartz <bemasc@meta.com> >>>>>>> wrote: >>>>>>> >>>>>>> Loops! This is a fun attack. It seems like there are probably lots >>>>>>> of loopy configurations if you have access to two or more proxies. >>>>>>> >>>>>>> Most of the encryption discussion for forwarded mode has focused on >>>>>>> unauthenticated encryption, which wouldn't help here. >>>>>>> >>>>>>> >>>>>>> I have not seen a written proposal in this space, but if the >>>>>>> encryption scheme has no authentication properties it doesn't mitigate >>>>>>> pretty basic DoS attacks. Perhaps this attack creates a new design >>>>>>> requirement for encryption? >>>>>>> >>>>>>> >>>>>>> Changing who chooses the Connection IDs could help, but proxy-chosen >>>>>>> CIDs are not necessarily high entropy, so there's no clear guarantee. >>>>>>> >>>>>>> >>>>>>> IIUC your contention is that this arises when P3 and P2 both happen >>>>>>> to select CID1 as the virtual connection ID. A well-intentioned client >>>>>>> would therefore register CID1 to P1 twice, and P1 would reject it as a >>>>>>> duplicate in one of those instances, avoiding a loop. >>>>>>> >>>>>>> However, a malicious client could note the conflict and just >>>>>>> register CID3 to P1 instead, creating the same attack. >>>>>>> >>>>>>> I do think that if we try to fix this with proxy-chooses, there need >>>>>>> to be some minimum size limits to avoid this kind of thing. If CIDs are 64 >>>>>>> bits (or even 32!) I feel pretty good about this not being an exploitable >>>>>>> attack. >>>>>>> >>>>>>> >>>>>>> Ultimately, I'm not sure this matters. A hostile client can impose >>>>>>> pretty much arbitrarily amplified load on the forwarder anyway, e.g. by >>>>>>> downloading a large file and forging ACKs to dropped packets so that >>>>>>> congestion control ramps up to infinity. Forwarders will need defenses to >>>>>>> rate-limit or cap abusive clients. That said, it's probably worth fixing >>>>>>> if there's an easy solution. >>>>>>> >>>>>>> >>>>>>> I agree there are other attacks -- in fact, I have other >>>>>>> amplification attacks in mind, which will write about another day. >>>>>>> >>>>>>> What is particularly pernicious about this attack is that a single >>>>>>> attacker packet results in infinity packets in the proxy path. This flow >>>>>>> can be "rate limited" but the client can go away and this persists forever. >>>>>>> >>>>>>> Buit >>>>>>> >>>>>>> >>>>>>> >>>>>>> --Ben >>>>>>> ------------------------------ >>>>>>> *From:* Masque <masque-bounces@ietf.org> on behalf of Martin Duke < >>>>>>> martin.h.duke@gmail.com> >>>>>>> *Sent:* Wednesday, October 18, 2023 5:25 PM >>>>>>> *To:* MASQUE <masque@ietf.org> >>>>>>> *Subject:* [Masque] Forwarded Mode infinite loops >>>>>>> >>>>>>> Hello MASQUE, (with no hats on) I was playing with some annoying but >>>>>>> manageable amplification attacks on CONNECT-UDP forwarding mode. Those will >>>>>>> have to wait for another day, because the current draft has a fatal >>>>>>> vulnerability, though one that >>>>>>> Hello MASQUE, >>>>>>> >>>>>>> (with no hats on) >>>>>>> >>>>>>> I was playing with some annoying but manageable amplification >>>>>>> attacks on CONNECT-UDP forwarding mode. Those will have to wait for another >>>>>>> day, because the current draft has a fatal vulnerability, though one that >>>>>>> we can fix pretty easily. >>>>>>> >>>>>>> If I've gotten something incorrect, please say so! It wouldn't be >>>>>>> the first time. >>>>>>> >>>>>>> Recall that for forwarded mode, clients notify the proxy of the >>>>>>> connection ID they are advertising to the target, and in the same >>>>>>> capsule propose a "virtual connection ID" for use on the proxy-client path. >>>>>>> (IIUC, this virtual CID is to prevent association of the packets on either >>>>>>> end of the proxy). >>>>>>> >>>>>>> I reiterate that we are talking about the CLIENT connection ID and >>>>>>> its virtual counterparts, not the target. >>>>>>> >>>>>>> Consider the following very stupid topology that a client C could >>>>>>> construct to target T via various proxies. Crucially, P2 and P3 are from >>>>>>> the same provider and share a VIP.* This wrinkle eliminates some really >>>>>>> simple mitigations for what I'm about to describe. >>>>>>> >>>>>>> C -> P1 -> P2 -> P1 -> P3 -> T >>>>>>> >>>>>>> An otherwise well-intentioned client would advertise client >>>>>>> Connection ID CID0 to T, and via REGISTER_CLIENT_CID capsules might set up >>>>>>> the rest like so: >>>>>>> >>>>>>> Nodes C P1 P2 P1 P3 T >>>>>>> CID on wire CID4 CID3 CID2 CID1 CID0 >>>>>>> >>>>>>> So far, so good. A packet that leaves T will be destined for CID0. >>>>>>> The destination CID will be rewritten in turn, arriving at C with CID4. >>>>>>> >>>>>>> However, a malicious client can register CIDs with the proxies as >>>>>>> follows: >>>>>>> Nodes C P1 P2 P1 P3 T >>>>>>> CID on wire CID4 CID3 / CID1 CID2 CID1 CID0 >>>>>>> >>>>>>> The only change is that P2 is "incorrectly" configured by the client >>>>>>> to rewrite incoming CID2 as CID1. As far as P2 is concerned, everything is >>>>>>> seems legit unless it is sharing enormous amounts of CID state with its >>>>>>> partner P3. Everything else is unchanged. >>>>>>> >>>>>>> Thus, a packet leaving T with CID0 will be rewritten to CID1 and >>>>>>> routed to P1; P1 will then route it to P2 with CID2. Then that gets routed >>>>>>> back to P1 with CID1, and the P1-P2-P1 loop continues to infinity. The >>>>>>> attacker can put as many proxy hops as it likes in that chain. >>>>>>> >>>>>>> There are a few pretty simple things that can break this doom loop. >>>>>>> - Do encryption at each MASQUE hop, as previously proposed. This >>>>>>> verifies the previous hop of the packet and drops those where the CID does >>>>>>> not have the correct origin. >>>>>>> - Have the proxy provide the virtual CID instead of the client. >>>>>>> Client control is the root of these problems. >>>>>>> - Eliminate virtual client CIDs and just take the L on linkability >>>>>>> in that case >>>>>>> >>>>>>> Martin >>>>>>> >>>>>>> * Interestingly, this attack requires at least one proxy in the path >>>>>>> (P1 in this case) to not be load balanced or have an easily manipulated >>>>>>> load balancer, so that two QUIC connection attempts can with high >>>>>>> probability go to the same device. >>>>>>> >>>>>>> -- >>>> Masque mailing list >>>> Masque@ietf.org >>>> https://www.ietf.org/mailman/listinfo/masque >>>> >>> -- >> Masque mailing list >> Masque@ietf.org >> https://www.ietf.org/mailman/listinfo/masque >> >> >> -- >> Masque mailing list >> Masque@ietf.org >> https://www.ietf.org/mailman/listinfo/masque >> >
- [Masque] Forwarded Mode infinite loops Martin Duke
- Re: [Masque] Forwarded Mode infinite loops Ben Schwartz
- Re: [Masque] Forwarded Mode infinite loops Eric Rosenberg
- Re: [Masque] Forwarded Mode infinite loops Ben Schwartz
- Re: [Masque] Forwarded Mode infinite loops Eric Rosenberg
- Re: [Masque] Forwarded Mode infinite loops Martin Duke
- Re: [Masque] Forwarded Mode infinite loops Martin Duke
- Re: [Masque] Forwarded Mode infinite loops Ben Schwartz
- Re: [Masque] Forwarded Mode infinite loops Martin Duke
- Re: [Masque] Forwarded Mode infinite loops Ben Schwartz
- Re: [Masque] Forwarded Mode infinite loops Martin Duke
- Re: [Masque] Forwarded Mode infinite loops Martin Duke
- Re: [Masque] Forwarded Mode infinite loops David Schinazi
- Re: [Masque] Forwarded Mode infinite loops Martin Duke
- Re: [Masque] Forwarded Mode infinite loops Tommy Pauly
- Re: [Masque] Forwarded Mode infinite loops Ian Swett
- Re: [Masque] Forwarded Mode infinite loops Martin Duke
- Re: [Masque] Forwarded Mode infinite loops Tommy Pauly
- Re: [Masque] Forwarded Mode infinite loops David Schinazi
- Re: [Masque] Forwarded Mode infinite loops Martin Duke
- Re: [Masque] Forwarded Mode infinite loops Alex Chernyakhovsky
- Re: [Masque] Forwarded Mode infinite loops Martin Duke