IETF Logo Mail Archive

Re: [Masque] Updated proposed charter text

Eric Rescorla <ekr@rtfm.com> Mon, 06 April 2020 15:48 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: masque@ietfa.amsl.com
Delivered-To: masque@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C10FC3A0B22 for <masque@ietfa.amsl.com>; Mon, 6 Apr 2020 08:48:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nkewBECLU2WE for <masque@ietfa.amsl.com>; Mon, 6 Apr 2020 08:48:05 -0700 (PDT)
Received: from mail-lj1-x229.google.com (mail-lj1-x229.google.com [IPv6:2a00:1450:4864:20::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0D0713A0AFA for <masque@ietf.org>; Mon, 6 Apr 2020 08:48:05 -0700 (PDT)
Received: by mail-lj1-x229.google.com with SMTP id n17so162656lji.8 for <masque@ietf.org>; Mon, 06 Apr 2020 08:48:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=6aAwxMBXMs3kYxhN2gumwdlkUrWqyijnEOCql1z1fIw=; b=dnazuOe7WjorIplUb03hjNvIZlC3c4PCA2OP0nKdpLh67Zsotr3xa3UhTVbG7ePct4 2WYBPd59g+eJfD3u1kTIbLJJIdZ1i3kTECUoJ9UkzMzGM+0G/+FsBuLr1l1bajbo2izQ Npxr3WSHJTPu5NBfJRnmULloCEMg8TQ4pt1qiRJUws9K85ekIZy2Wr9PqAwojShYkxxN U5Q3uj6sDq+FRRcpD4F8oJVusnfwegKkCPuwXWKZNBDPCt2hIGDRANSAQN8lSXgv7liD HHiCO4ucWVO+jvVYtK/pFEqroeF/b1elvNmMXD9dy8x+A0yawQkKtb8drY/giaXqkoZA pk6A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=6aAwxMBXMs3kYxhN2gumwdlkUrWqyijnEOCql1z1fIw=; b=pSUIZRhcuIwZevwOBgFrcHhawLOMN74WN/QWkPrM2GmYT0pweu3jTV3laPijQ7fkW+ Vm8VkuDO8DR6X2tOUTIXBWe7fSW7oOdiWgeQoErhlsF+6b94w/Atm7UB+nWSww9RBcgi vsBupfu1OJtf2Xv191FoKzXkBgjbfaDlvPC+OlENlzOSCfggq+m5Iw4FWDPf+OaXYp7y dCKNxobpbzld5twMFuQX1y/Z3saED5ILEsXuLG7BzYeLqmCidG8IEaam4b4xPYidDzL+ bzqB7O5n75dJ51gn4cQKJXuaubdkkrdPnu5KtKsAgQJN/o6IXPd4kDxxAqOFDWdNCS8D kx9Q==
X-Gm-Message-State: AGi0PuZ7bT6S4iC+87033FDtKePoGx2QvSaCwO6bqKSBw+E/hAWGis3B 7eWL6+zqbBD8C5FqddNGsM+BAo0b+xso14UDo7zjPaP3Vrp4zg==
X-Google-Smtp-Source: APiQypLO2u1w+IZOeDQ4M6spTU6bsDz5Pv+p0y79wa24nAc/bx1+hblJN1A7I5SaIaz5NUoNgbdx3oxbjUeZr5TT7ik=
X-Received: by 2002:a2e:889a:: with SMTP id k26mr3901756lji.162.1586188083110; Mon, 06 Apr 2020 08:48:03 -0700 (PDT)
MIME-Version: 1.0
References: <89136f8b-70bd-40a0-b6d1-0e8a62a50ece@www.fastmail.com> <HE1PR07MB442601004BE58A00FD2D6B04E2C70@HE1PR07MB4426.eurprd07.prod.outlook.com> <30d32d26-7a6d-48d9-92b7-326ad08e5f08@www.fastmail.com> <2B89357E-FA42-48D7-9645-781CBE912DFC@ericsson.com>
In-Reply-To: <2B89357E-FA42-48D7-9645-781CBE912DFC@ericsson.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Mon, 06 Apr 2020 08:47:26 -0700
Message-ID: <CABcZeBNC8qDLtovoymAt771edBJnM2d-Otq0rjOFdgxR4YsohQ@mail.gmail.com>
To: Mirja Kuehlewind <mirja.kuehlewind=40ericsson.com@dmarc.ietf.org>
Cc: Christopher Wood <caw@heapingbits.net>, "masque@ietf.org" <masque@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000003dbc7b05a2a131cb"
Archived-At: <https://mailarchive.ietf.org/arch/msg/masque/Zp65N8vVe7x-EBPauqSqGGs3adQ>
Subject: Re: [Masque] Updated proposed charter text
X-BeenThere: masque@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Multiplexed Application Substrate over QUIC Encryption <masque.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/masque>, <mailto:masque-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/masque/>
List-Post: <mailto:masque@ietf.org>
List-Help: <mailto:masque-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/masque>, <mailto:masque-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Apr 2020 15:48:08 -0000

On Mon, Apr 6, 2020 at 8:43 AM Mirja Kuehlewind <mirja.kuehlewind=
40ericsson.com@dmarc.ietf.org> wrote:

> Hi Chris,
>
> In draft-schinazi-masque-protocol I would say that the QUIC, UDP, and IP
> proxying services run directly on top of QUIC without any HTTP in between
> (HTTP is only used only for the negotiation part but not for the
> forwarding/multiplexing).


Philosophy aside, do we agree that these messages would be carried in QUIC
Datagram frames (https://tools.ietf.org/html/draft-ietf-quic-datagram-00)?


Therefore I think it would be more correct to actually change this one
> occurrence of HTTP3 back to  QUIC in the following sentence:
>
> "The primary goal of this working group is to develop mechanisms that
> allow configuring and concurrently running multiple proxied stream- and
> datagram-based flows inside a HTTP/3 connection"
>

I'm not sure that this is right. If you use the H3 ALPN token and then use
H3 to negotiate but also negotiate datagram, this seems like an H3
connection to me.

-Ekr


Mirja
>
>
>
>
>
> On 06.04.20, 15:43, "Masque on behalf of Christopher Wood" <
> masque-bounces@ietf.org on behalf of caw@heapingbits.net> wrote:
>
>     Hi Marcus,
>
>     For what it's worth, this change reflects the mechanism currently
> proposed in [1]. This seemed to have some measure of rough consensus based
> on comments we (chairs) heard before, during, and after the meeting. There
> are of course pros and cons with this change, e.g., it can re-use existing
> machinery (pro!), but that machinery might not always exist or can be too
> complex (con!).
>
>     Best,
>     Chris
>
>     [1] https://tools.ietf.org/html/draft-schinazi-masque-protocol-01
>
>     On Fri, Apr 3, 2020, at 6:06 AM, Marcus Ihlar wrote:
>     > Hi,
>     > The previous charter proposal, shown in the BoF slides, refers to
> using
>     > QUIC as a candidate protocol for proxying traffic.
>     > In the text you propose below, all mentions of QUIC are replaced
> with
>     > HTTP/3.
>     > I'm afraid that specifying that HTTP/3 should serve as the substrate
>     > for the proxied traffic at this point will limit the possible
> solutions
>     > the working group can consider. Using the word QUIC instead of
> HTTP/3
>     > in the charter text would allow the wg to consider a broader
> solution
>     > space, including something based on HTTP/3.
>     >
>     > Marcus
>     >
>     > -----Original Message-----
>     > From: Masque <masque-bounces@ietf.org> On Behalf Of Christopher Wood
>     > Sent: den 31 mars 2020 18:43
>     > To: masque@ietf.org
>     > Subject: [Masque] Updated proposed charter text
>     >
>     > Based on last week's meeting, it seems folks are generally
> enthusiastic
>     > about some form of MASQUE moving forward. To help scope that
> particular
>     > form, here's an update to the proposed charter.
>     >
>     > ~~~
>     > Many network topologies lead to situations where transport protocol
>     > proxying is beneficial. For example, proxying enables endpoints to
>     > communicate when end-to-end connectivity is not possible and can
> apply
>     > additional encryption where desirable (such as a VPN). Proxying can
>     > also improve client privacy, e.g., by hiding a client's IP address
> from
>     > a target server.
>     >
>     > Proxying technologies such as SOCKS and HTTP(S) CONNECT exist,
> albeit
>     > with their own shortcomings. For example, SOCKS signalling is not
>     > encrypted and HTTP CONNECT is currently limited to TCP. In contrast,
>     > HTTP/3 is a viable candidate protocol for proxying arbitrary
> traffic,
>     > as it provides secure connectivity, multiplexed streams, and
> migration
>     > for a single connection while taking advantage of a unified
> congestion
>     > controller. HTTP/3 datagrams provide for unreliable data
> transmission,
>     > which enables transporting UDP and other unreliable flows via a
> proxy
>     > without introducing potentially redundant or unnecessary recovery
>     > mechanisms. Further, HTTP/3 supports an established request/response
>     > semantic that can set up and configure flows for different services.
>     >
>     > The primary goal of this working group is to develop mechanisms that
>     > allow configuring and concurrently running multiple proxied stream-
> and
>     > datagram-based flows inside a HTTP/3 connection. The group will
> specify
>     > an HTTP-based signaling protocol for creating and configuring each
>     > service flow. The group will first focus on a limited set of
>     > client-initiated services such as IP, UDP, and TCP proxying.
> Specifying
>     > proxy server discovery mechanisms is out of scope for the group.
>     > However, the group may specify techniques for identifying proxy
> servers
>     > to aid future discovery mechanisms.
>     >
>     > The group will coordinate closely with other working groups
> responsible
>     > for maintaining relevant protocol extensions, such as HTTPBIS, QUIC,
> or
>     > TLS.
>     > ~~~
>     >
>     > This should address most of the issues raised during the meeting
> [1].
>     > We'd like to hear what people think about this as a viable path
> forward.
>     >
>     > Thanks,
>     > Chris, on behalf of the chairs
>     >
>     > [1] These issues include, though are not limited to:
>     >
>     > 1. Whether or not this is a new protocol or an extension of an
> existing
>     > protocol must be clear before moving forward.
>     > 2. Motivation for proxy technologies requires improvement. In
>     > particular, there’s no mention of privacy objectives.
>     > 3. The proxy threat model is unclear or underspecified. Does it
> model
>     > Tor’s threat model, or is it something simpler? (Meta question:
> should
>     > this be part of an existing document?) 4. Why are services beyond
>     > simple “CONNECT for UDP or IP” in scope? Should we focus on the
> simple
>     > datagram proxy case first and carve out room for extensibility?
>     > 5. To what extent is discovery out of scope?
>     > 6. Framework is perhaps not the best word to describe MASQUE.
>     >
>     > Any errors or omissions from this list are entirely my fault!
>     >
>     > --
>     > Masque mailing list
>     > Masque@ietf.org
>     > https://www.ietf.org/mailman/listinfo/masque
>     > --
>     > Masque mailing list
>     > Masque@ietf.org
>     > https://www.ietf.org/mailman/listinfo/masque
>     >
>
>     --
>     Masque mailing list
>     Masque@ietf.org
>     https://www.ietf.org/mailman/listinfo/masque
>
>
> --
> Masque mailing list
> Masque@ietf.org
> https://www.ietf.org/mailman/listinfo/masque
>

v2.23.0 | Report a Bug | By Email