Re: [Masque] Design team PR for QUIC-aware forwarding
Christian Huitema <huitema@huitema.net> Fri, 26 January 2024 07:44 UTC
Return-Path: <huitema@huitema.net>
X-Original-To: masque@ietfa.amsl.com
Delivered-To: masque@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C49BDC14CEE4 for <masque@ietfa.amsl.com>; Thu, 25 Jan 2024 23:44:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.909
X-Spam-Level:
X-Spam-Status: No, score=-6.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hrkcnSmiFUWv for <masque@ietfa.amsl.com>; Thu, 25 Jan 2024 23:44:22 -0800 (PST)
Received: from out16-27.antispamcloud.com (out16-27.antispamcloud.com [185.201.18.27]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 49ABBC14F5F2 for <masque@ietf.org>; Thu, 25 Jan 2024 23:44:22 -0800 (PST)
Received: from xse359.mail2web.com ([66.113.197.105] helo=xse.mail2web.com) by mx196.antispamcloud.com with esmtp (Exim 4.92) (envelope-from <huitema@huitema.net>) id 1rTGss-00Beee-8x for masque@ietf.org; Fri, 26 Jan 2024 08:44:20 +0100
Received: from xsmtp22.mail2web.com (unknown [10.100.68.61]) by xse.mail2web.com (Postfix) with ESMTPS id 4TLqTC5Nbzz5bM for <masque@ietf.org>; Thu, 25 Jan 2024 23:44:15 -0800 (PST)
Received: from [10.5.2.49] (helo=xmail11.myhosting.com) by xsmtp22.mail2web.com with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.92) (envelope-from <huitema@huitema.net>) id 1rTGsp-0007g3-F9 for masque@ietf.org; Thu, 25 Jan 2024 23:44:15 -0800
Received: (qmail 13282 invoked from network); 26 Jan 2024 07:44:15 -0000
Received: from unknown (HELO [192.168.1.107]) (Authenticated-user:_huitema@huitema.net@[172.56.169.75]) (envelope-sender <huitema@huitema.net>) by xmail11.myhosting.com (qmail-ldap-1.03) with ESMTPA for <mt@lowentropy.net>; 26 Jan 2024 07:44:14 -0000
Message-ID: <ad2a885b-b1ec-4b31-840c-4be5c767ae9f@huitema.net>
Date: Thu, 25 Jan 2024 23:44:12 -0800
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Content-Language: en-US
To: Martin Thomson <mt@lowentropy.net>, David Schinazi <dschinazi.ietf@gmail.com>, Tommy Pauly <tpauly=40apple.com@dmarc.ietf.org>
Cc: MASQUE <masque@ietf.org>
References: <62F6E4BF-7BF5-4829-B17B-F496C5ED934C@apple.com> <CAPDSy+6tV70pHAiKAjS=TXaFyoBT5EUABbvLkiwA4NJ4fEXRVQ@mail.gmail.com> <e92645ae-6015-4945-acbc-7d48927c3903@betaapp.fastmail.com> <efdba7a5-ef09-4ab4-8414-03b0a1758c96@huitema.net> <19d2cb4e-656b-4fff-a1f0-aa2a7f062637@betaapp.fastmail.com>
From: Christian Huitema <huitema@huitema.net>
Autocrypt: addr=huitema@huitema.net; keydata= xjMEXtavGxYJKwYBBAHaRw8BAQdA1ou9A5MHTP9N3jfsWzlDZ+jPnQkusmc7sfLmWVz1RmvN J0NocmlzdGlhbiBIdWl0ZW1hIDxodWl0ZW1hQGh1aXRlbWEubmV0PsKWBBMWCAA+FiEEw3G4 Nwi4QEpAAXUUELAmqKBYtJQFAl7WrxsCGwMFCQlmAYAFCwkIBwIGFQoJCAsCBBYCAwECHgEC F4AACgkQELAmqKBYtJQbMwD/ebj/qnSbthC/5kD5DxZ/Ip0CGJw5QBz/+fJp3R8iAlsBAMjK r2tmyWyJz0CUkVG24WaR5EAJDvgwDv8h22U6QVkAzjgEXtavGxIKKwYBBAGXVQEFAQEHQJoM 6MUAIqpoqdCIiACiEynZf7nlJg2Eu0pXIhbUGONdAwEIB8J+BBgWCAAmFiEEw3G4Nwi4QEpA AXUUELAmqKBYtJQFAl7WrxsCGwwFCQlmAYAACgkQELAmqKBYtJRm2wD7BzeK5gEXSmBcBf0j BYdSaJcXNzx4yPLbP4GnUMAyl2cBAJzcsR4RkwO4dCRqM9CHpVJCwHtbUDJaa55//E0kp+gH
In-Reply-To: <19d2cb4e-656b-4fff-a1f0-aa2a7f062637@betaapp.fastmail.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Originating-IP: 66.113.197.105
X-Spampanel-Domain: xsmtpout.mail2web.com
X-Spampanel-Username: 66.113.197.0/24
Authentication-Results: antispamcloud.com; auth=pass smtp.auth=66.113.197.0/24@xsmtpout.mail2web.com
X-Spampanel-Outgoing-Class: unsure
X-Spampanel-Outgoing-Evidence: Combined (0.15)
X-Recommended-Action: accept
X-Filter-ID: Pt3MvcO5N4iKaDQ5O6lkdGlMVN6RH8bjRMzItlySaT9WLQux0N3HQm8ltz8rnu+BPUtbdvnXkggZ 3YnVId/Y5jcf0yeVQAvfjHznO7+bT5xvsiHqN07noozNmB3GE+7v42UuDhyzVYcwl2RB+0AaelSF DCDBfH/xc7LeSgcKBiQh55uqY3MhMgFAHq5BxPxPXn36fLqvhISQ5ykyqUZqUd1jhnM/Mbva2XLV /LIEzaL2KoAZhJekBPedneT7f699k5KhWj5qBZJOBnOopYDtr4PAgTtUp75uqlx0KezvZHWGbhAV ALb/P8z3UlcpGCbAWQaaSSaRcFTFxaRvADgOuFdAU5fRzM/QzQW9/IoH33AG8ECuCwECazCwODtO F78PiyQEs+dlGXUJLWZ+Gc08Nmllke3azHdKmySKNUVQl4ntlVxnbS8qIO7oudHyb2T1VQ58xe/l rqiRGalI3YPsxOTrFXToVyBmRCgQVX6zVyFUu8qzeMQP6uTHL0d9UjfYgBBNGjSbbSRA1Z+Pmb5M C1YFvf25LVONYbYifH5OzZDcG6hsRQZiAIgw+z837AqgX7ewI8e1h7RITgN14BHmGVt/ReJ9Mfhz zmbKTH7wI9GEU1utNskUAORCV2WFZX0j188AKPEzWNlSNwJuvzJAPA3rY61PPRpGoTAcBgf0Kv/h dCG6oxsGqifegK6+rgh/DRojSVizNl0ce/s7u0P9b7Oijoc3SCZfWp1RjkjWCw/vIUzTXkDAiiJi mGhLUFuS2lhaIetXfCg1JdAVrOwKfJ5Ygtc/FUisjX//sOt2oUlUoFIvD3sIcP1fhJPM6B/83gd7 rJ37NcmjYc4q+N3YSU/KUxoQLIKyBnc4YIIybjyJ+dym1L8cD17Js0v4cp1MxH8rDScKQFSVbzJQ 1XFPJzcKVNeVJ9BXyu9+ceCqThTYg2px1fSoqxQCCHnLMo/m9VKh99btUAanjnMCAH2co+fBoeG+ Hs0afhsY/5zhNYWRVYKU9W9tbmVXJBqdHHDmZEKhyNAv1N35kYWaEdgLurFV5oTvAcwA4rM3FkfW 8/1kE/e7sUnsVpINvARNxpFO
X-Report-Abuse-To: spam@quarantine14.antispamcloud.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/masque/dDR_9ZsOtSA1ltuBdbbIbd9zrxw>
Subject: Re: [Masque] Design team PR for QUIC-aware forwarding
X-BeenThere: masque@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Multiplexed Application Substrate over QUIC Encryption <masque.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/masque>, <mailto:masque-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/masque/>
List-Post: <mailto:masque@ietf.org>
List-Help: <mailto:masque-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/masque>, <mailto:masque-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 26 Jan 2024 07:44:22 -0000
On 1/25/2024 10:06 PM, Martin Thomson wrote: > On Fri, Jan 26, 2024, at 14:53, Christian Huitema wrote: >> Dumb question, because I suspect I am reading it wrong. Reading the PR, >> you propose using ECB to reencrypt packets between client and server. >> How can you use ECB and no padding if the payloadlength is not a >> multiple of 16? > > All except the 16 bytes after the connection are encrypted with CTR mode, using an IV taken from those 16 bytes. > > The 16 bytes are then encrypted using ECB. > > Does that help? Yes, thank you. That's the part I missed when reading the draft. I was right to suspect that I was wrong. I hear the argument that some proxies will not have the processing power for the double encryption required by tunnel mode, but doesn't forwarded mode with scrambled transform also requires double encryption? Do we have some measurements comparing the CPU cost of tunneled mode and scrambled transform? Would these measurement change if hardware acceleration was available for QUIC? I am concerned that given a choice the low power proxies will just implement forwarded mode with null transform. Do we know proxies that will actually use the scrambled transform? -- Christian Huitema
- [Masque] Design team PR for QUIC-aware forwarding Tommy Pauly
- Re: [Masque] Design team PR for QUIC-aware forwar… Martin Thomson
- Re: [Masque] Design team PR for QUIC-aware forwar… David Schinazi
- Re: [Masque] Design team PR for QUIC-aware forwar… Christian Huitema
- Re: [Masque] Design team PR for QUIC-aware forwar… Martin Thomson
- Re: [Masque] Design team PR for QUIC-aware forwar… Christian Huitema
- Re: [Masque] Design team PR for QUIC-aware forwar… Antoine FRESSANCOURT
- Re: [Masque] Design team PR for QUIC-aware forwar… Ben Schwartz