Re: [Masque] Comments on draft-pauly-masque-quic-proxy-01.txt
Tommy Pauly <tpauly@apple.com> Thu, 15 April 2021 18:52 UTC
Return-Path: <tpauly@apple.com>
X-Original-To: masque@ietfa.amsl.com
Delivered-To: masque@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 033243A2AC9 for <masque@ietfa.amsl.com>; Thu, 15 Apr 2021 11:52:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.12
X-Spam-Level:
X-Spam-Status: No, score=-2.12 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=apple.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mrBMw8U30Ho6 for <masque@ietfa.amsl.com>; Thu, 15 Apr 2021 11:52:19 -0700 (PDT)
Received: from ma1-aaemail-dr-lapp01.apple.com (ma1-aaemail-dr-lapp01.apple.com [17.171.2.60]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1BC9C3A2AAA for <masque@ietf.org>; Thu, 15 Apr 2021 11:52:18 -0700 (PDT)
Received: from pps.filterd (ma1-aaemail-dr-lapp01.apple.com [127.0.0.1]) by ma1-aaemail-dr-lapp01.apple.com (8.16.0.42/8.16.0.42) with SMTP id 13FIch35062589; Thu, 15 Apr 2021 11:52:17 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=apple.com; h=from : message-id : content-type : mime-version : subject : date : in-reply-to : cc : to : references; s=20180706; bh=wpXnsWjlePwy2yrd6PhUaC556MzMQvdwwMqFgkLIV1s=; b=D3Nl4H1ejYSL7sfy4nfd9b6x1s4zyyRUM4gpB8LdjGqOyuNdlrbLW1sF+AbTaLQaCxnW rhDISOY++wh9HUGfFcow5/8WoSjHcyAEVwDnvo3TToINyuLwiNHfCwxcqtYusPeTrhY4 PPRAUns72M8C3Vp7Q3UpauHwHbosD/02zDLzouAo4SVjPniiY4J18ul1zrg79snJyiWd 6I/jwFMljsvwc6ra0Djkh7k587SN9HTWdRKz/2rHy3BqIlLcN3MceF7DizOWAbOlxsgK MX6B12OvWmZoqJOkpczJEw5ZullMZoBYBiI1oz25sgt9eJbHN1Hp0k2eJgc2hS5z8URt qw==
Received: from rn-mailsvcp-mta-lapp02.rno.apple.com (rn-mailsvcp-mta-lapp02.rno.apple.com [10.225.203.150]) by ma1-aaemail-dr-lapp01.apple.com with ESMTP id 37uap4bm5y-6 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Thu, 15 Apr 2021 11:52:17 -0700
Received: from rn-mailsvcp-mmp-lapp01.rno.apple.com (rn-mailsvcp-mmp-lapp01.rno.apple.com [17.179.253.14]) by rn-mailsvcp-mta-lapp02.rno.apple.com (Oracle Communications Messaging Server 8.1.0.7.20201203 64bit (built Dec 3 2020)) with ESMTPS id <0QRM00VI0CF4N810@rn-mailsvcp-mta-lapp02.rno.apple.com>; Thu, 15 Apr 2021 11:52:16 -0700 (PDT)
Received: from process_milters-daemon.rn-mailsvcp-mmp-lapp01.rno.apple.com by rn-mailsvcp-mmp-lapp01.rno.apple.com (Oracle Communications Messaging Server 8.1.0.7.20201203 64bit (built Dec 3 2020)) id <0QRM00200CF3U100@rn-mailsvcp-mmp-lapp01.rno.apple.com>; Thu, 15 Apr 2021 11:52:16 -0700 (PDT)
X-Va-A:
X-Va-T-CD: 7a77f9138d60728e010dfb6f2118f5e7
X-Va-E-CD: e7578fb52aeb378e1c639af9cd70bb8d
X-Va-R-CD: b65a455d83a54fa60ccae3137873622b
X-Va-CD: 0
X-Va-ID: 6cfb218c-4ffe-47b7-a585-e925eb1d4e4c
X-V-A:
X-V-T-CD: 7a77f9138d60728e010dfb6f2118f5e7
X-V-E-CD: e7578fb52aeb378e1c639af9cd70bb8d
X-V-R-CD: b65a455d83a54fa60ccae3137873622b
X-V-CD: 0
X-V-ID: 79583968-8cf7-48a6-a389-8b09a4274a96
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391, 18.0.761 definitions=2021-04-15_09:2021-04-15, 2021-04-15 signatures=0
Received: from smtpclient.apple (unknown [17.234.28.230]) by rn-mailsvcp-mmp-lapp01.rno.apple.com (Oracle Communications Messaging Server 8.1.0.7.20201203 64bit (built Dec 3 2020)) with ESMTPSA id <0QRM00GHBCF47M00@rn-mailsvcp-mmp-lapp01.rno.apple.com>; Thu, 15 Apr 2021 11:52:16 -0700 (PDT)
From: Tommy Pauly <tpauly@apple.com>
Message-id: <24B3B557-5D90-4311-9F2F-9FD51393FC7F@apple.com>
Content-type: multipart/alternative; boundary="Apple-Mail=_B17575D6-9562-4744-926A-A3F75C496A8F"
MIME-version: 1.0 (Mac OS X Mail 14.0 \(3654.80.0.2.6\))
Date: Thu, 15 Apr 2021 11:52:15 -0700
In-reply-to: <CABcZeBOdjGJeKi+oMLWee6WcZ47=KfjrqvfL_7QxA0qkRV61uw@mail.gmail.com>
Cc: MASQUE <masque@ietf.org>
To: Eric Rescorla <ekr@rtfm.com>
References: <CABcZeBOdjGJeKi+oMLWee6WcZ47=KfjrqvfL_7QxA0qkRV61uw@mail.gmail.com>
X-Mailer: Apple Mail (2.3654.80.0.2.6)
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391, 18.0.761 definitions=2021-04-15_09:2021-04-15, 2021-04-15 signatures=0
Archived-At: <https://mailarchive.ietf.org/arch/msg/masque/cYrtrnU9ntunALpI74H2wrI2Cko>
Subject: Re: [Masque] Comments on draft-pauly-masque-quic-proxy-01.txt
X-BeenThere: masque@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Multiplexed Application Substrate over QUIC Encryption <masque.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/masque>, <mailto:masque-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/masque/>
List-Post: <mailto:masque@ietf.org>
List-Help: <mailto:masque-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/masque>, <mailto:masque-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Apr 2021 18:52:24 -0000
Hi ekr, > On Apr 15, 2021, at 10:27 AM, Eric Rescorla <ekr@rtfm.com> wrote: > > Hi folks, > > I've reviewed this document. At a high level, I'm unconvinced of the > requirements that lead to this design. I agree that QUIC in QUIC > is going to be common, but ISTM that > > First, the Forwarded mode. I have two concerns here: > > 1. The general thrust of QUIC is to encrypt everything and having the > non-handshake data in the clear goes against that. It is also much > more difficult to analyze. In this case, the feature is to allow not double-encrypting data. However, there would never be any packets exposed on a path that wouldn’t be fully encrypted. It’s essentially made for multi-hop proxy cases where re-encryption is not a requirement for security or privacy. For example, if you use two proxies, you can forward from the first to the second, and then tunnel to the target. > > 2. This document offers performance as the reason for forwarding mode, > but I think we should be quite suspicious of such claims without > strong evidence. The cost of symmetric encryption and decryption in > modern systems is extraordinarily low [0] especially with hardware > support, so removing the encryption seems unlikely to materially > change the performance profile of most proxies. The scalability of letting a proxy in a multi-hop proxy setup essentially just be a packet forwarder is very measurable. Our slides that we drew up for IETF 110 go into the details here: https://datatracker.ietf.org/meeting/110/materials/slides-110-masque-quic-aware-proxying-00 <https://datatracker.ietf.org/meeting/110/materials/slides-110-masque-quic-aware-proxying-00> Forwarding also does have a notable impact on effective MTU once you start going through multiple hops, so allowing forwarding in these environments allows for more hops scaling well. > > > Second, I'm not really convinced of the need to reuse local host/port > values. We have plenty of experience with TCP proxies that use a > separate port for each connection (this is, after all, what a CDN is > on the back end), and AFAIK that works out mostly OK. You don't > really explain why this is necessary, but I can imagine two > reasons: > > 1. Port scarcity -- this seems like mostly an IPv4 issue, as you can > use IPv6 to have an arbitrary number of addresses. Right, this is more of an issue for IPv4 than IPv6. However for particularly large numbers of connections being proxied between the same two nodes, it does make things simpler. > > 2. Implementation issues around having multiple sockets open -- this > seems like something that is fixable at the OS level (and again, > we'll want to for QUIC CDNs), so we don't need to add protocol > machinery. Agreed that this can be managed in various ways on a system. > > Given that much of the complexity of this proposal comes from these > two requirements, ISTM that they require fairly close examination. > > If we were to relax both requirements, it seems to me that we could > have a much simpler protocol which was basically QUIC-specific header > compression. I can imagine a number of different ways to implement > this, including pre-registration (the sender tells the receiver about > CIDs in advance) or notification (the receiver tells the sender "I now > know CID X and you can compress it with label Y"). Note that we could > probably just fold such a compression scheme into whatever (if > anything) we did for IP header compression. > > If we only relax the forwarding requirement, then we would still > need some mechanism to mux multiple clients on the same host/port > quartet. I can imagine a number of angles here: > > 1. The design you have in which the client has to pre-register > each receiving CID. > 2. A design in which the proxy provides part of the CID or > tells the client how to construct them. This would have > the advantage that the proxy never told the client "no", > which simplifies the client logic [1]. > 3. Require the clients to use high entropy CIDs (made easier > with header compression) and just assume that conflicts > are errors. Agreed that collisions should be rare, and I’m fine with designs that just make such collisions errors. I think it comes down to being able to support forwarding, which (for the reasons I list above) I believe is an important capability. Not to always be used, but to be possible. Thanks, Tommy > > -Ekr > > [0] It's quite old, but see: > https://www.imperialviolet.org/2010/06/25/overclocking-ssl.html <https://www.imperialviolet.org/2010/06/25/overclocking-ssl.html> > > [1] And testing, as CID collisions will be very rare. > -- > Masque mailing list > Masque@ietf.org > https://www.ietf.org/mailman/listinfo/masque
- [Masque] Comments on draft-pauly-masque-quic-prox… Eric Rescorla
- Re: [Masque] Comments on draft-pauly-masque-quic-… Tommy Pauly
- Re: [Masque] Comments on draft-pauly-masque-quic-… Eric Rescorla