IETF Logo Mail Archive

Re: [Masque] Proposed draft charter

Magnus Westerlund <magnus.westerlund@ericsson.com> Mon, 27 January 2020 12:05 UTC

Return-Path: <magnus.westerlund@ericsson.com>
X-Original-To: masque@ietfa.amsl.com
Delivered-To: masque@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F30DB12001E for <masque@ietfa.amsl.com>; Mon, 27 Jan 2020 04:05:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Kl9RgG1f9Mhv for <masque@ietfa.amsl.com>; Mon, 27 Jan 2020 04:05:05 -0800 (PST)
Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-eopbgr80071.outbound.protection.outlook.com [40.107.8.71]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D8BF61200DF for <masque@ietf.org>; Mon, 27 Jan 2020 04:05:04 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=KDalo5LzkGIwLHT6Pn1L+QwF2xT3i0rGovwU8Tgkn2PAtIl/zPqjaT6lp3Wg9pN8JOQ39EwcLOZqmPbVGzy+2D4DbZNTNVJ1RdcyYCyQ2ugGfRjgHCDDMM1WLG/tPlibghrQL3GLbvVxXq0gieCiwGjxppwoBY/JWfrxheV+4NPpCwfuXzeCQHNVAHMrA3GBYW1uEpStAfBi4wJEDEJTWqQSWupshYUwnWCU2psoFDxHOujmjMhPonGFM6fclgrxchGc++VRVUujsrtRgOPx4oeNldGBzkAIoG8wORpQSybBYhWoVY+9Q9wobaZtz938eee+FV4/FjM5+vujyh+tSA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=xsJogmHEg6RvGdLXCe9VaJ6C1QxBYQVNFsC+JkNIomM=; b=AEbYZJFYB79FeHtZ5GgggD/veYHKLBYVenfd9obUZByv1uMhpj0JLHzE8mGWP78Q6zQmAh2wrIyI7kXOJryFh6Frjx6ypAda6RHwszju7iws+fFxFsZvZ8BwZNVpH7OfvahEv5jD1Lds5dnSnRsc4hEghs/EFcpv+A8Hqko4Un/VUxY1pZgzEPHSxbP8/+7AkiwiTZRPpxo+KoDr3UVcH9cbYJ91LqV+jcgarUQ2zVL21YcjnCWuKlOXdPICAmrhLB8dJqWz1y5eJwnkctAP4VKvg0UKxvtmr0Yd+AHPjubFcUDdfjvmE4s2/avvmOc736bZOuZIB+v6xsyVcH1BPQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=xsJogmHEg6RvGdLXCe9VaJ6C1QxBYQVNFsC+JkNIomM=; b=r3/AdE86TFT43LEFwn8fUWUWD+P9dIkn8OYc2NjgPxTq0AvS++U7G35/AIOp9s+e4b28rT+pUyBBtjYWzH04rUcr/liPgrQwYoioKb00B37zKH2go4JCG00o5pzBndirTlVkIXrA/eooS9VBIL5BiGdnG6cM68DNeETI3k5Rz+Y=
Received: from DB7PR07MB4572.eurprd07.prod.outlook.com (52.135.133.12) by DB7PR07MB4556.eurprd07.prod.outlook.com (52.135.136.157) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2686.15; Mon, 27 Jan 2020 12:04:59 +0000
Received: from DB7PR07MB4572.eurprd07.prod.outlook.com ([fe80::cd9a:187a:90ab:3544]) by DB7PR07MB4572.eurprd07.prod.outlook.com ([fe80::cd9a:187a:90ab:3544%5]) with mapi id 15.20.2686.019; Mon, 27 Jan 2020 12:04:59 +0000
From: Magnus Westerlund <magnus.westerlund@ericsson.com>
To: "paul@redbarn.org" <paul@redbarn.org>, "masque@ietf.org" <masque@ietf.org>, "lars@eggert.org" <lars@eggert.org>
Thread-Topic: [Masque] Proposed draft charter
Thread-Index: AQHV0w4aBWkpAZDWB0m+dMAczIB7OKf+HuIAgAAR14D//BPhAA==
Date: Mon, 27 Jan 2020 12:04:59 +0000
Message-ID: <9daceeb9b5775846be0a0551bbdfa643e962fbcf.camel@ericsson.com>
References: <845946C2-EB98-4F3A-966E-968AE349302C@ericsson.com> <B5A0CBC5-6127-4F47-B1CC-2BFF4934EA62@eggert.org> <1917123.yJOJJviVma@linux-9daj>
In-Reply-To: <1917123.yJOJJviVma@linux-9daj>
Accept-Language: sv-SE, en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=magnus.westerlund@ericsson.com;
x-originating-ip: [158.174.130.211]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: a000504f-c338-4658-9e7a-08d7a3212226
x-ms-traffictypediagnostic: DB7PR07MB4556:
x-microsoft-antispam-prvs: <DB7PR07MB45565ABE52A2FAB5A4B26017950B0@DB7PR07MB4556.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:7219;
x-forefront-prvs: 02951C14DC
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(39860400002)(136003)(366004)(346002)(376002)(396003)(189003)(199004)(110136005)(66446008)(8936002)(66556008)(66616009)(66946007)(6506007)(64756008)(66476007)(2616005)(44832011)(5660300002)(71200400001)(86362001)(36756003)(2906002)(26005)(76116006)(91956017)(186003)(8676002)(316002)(478600001)(81156014)(6512007)(81166006)(6486002); DIR:OUT; SFP:1101; SCL:1; SRVR:DB7PR07MB4556; H:DB7PR07MB4572.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: E87WEwgFdpWWldxPJTbogXYgVnKu71H5dJaeWVc4PMeTV/GsbXQPyLgow2aGzbXxpng+u0EtfafvTAzeStx6kN158Rk3Ma0SkuP4MtZEmDqPi3N7MVRNS5yGc2JAjA0itcWSDuVyTceHEEu192qXcdz5UjMbV5oImq8oXj/MvbkJC6tADfQl4grecyLpF/ku+bgReXX6jiWahezf67Er3s0ElzVrz9uqhue+dAbYZKfAo71xuusf1YU/cnjx1cLwgjGC/kE55cmZdi/Pzd8B7gfRkM1PVG3LK8toZmDidHDofnTMF+aoFcxlN7pc3qhCtg4JeCq8YMKHdDR88TSMayy8+WL2HYZkKzMWr2NZbgY9mh+KNXSUJHHjppJXFrHptnzoYdhohI3hXwnEBKY/QWZXz9G7Xxz7IeTrnd9qV8Z9YWM5bbtMfCfsYART9Et7
x-ms-exchange-antispam-messagedata: bMfGqHIFgkZ5oQooQ8DAvdGJ/hlAY50nUijtrCNewU+z1B2I3V9K8gNHxO6bbU84dDEHdFjpyGNWMA8voXcK7BvAeiXUWLmWmWf9sRj4wOAc10fUfCF1SooR2OUApG4L5FuxMS9eFPHR6jVod5hQcw==
x-ms-exchange-transport-forked: True
Content-Type: multipart/signed; micalg="sha-256"; protocol="application/x-pkcs7-signature"; boundary="=-beJQsli+Kxf0Ol5rmQTd"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-Network-Message-Id: a000504f-c338-4658-9e7a-08d7a3212226
X-MS-Exchange-CrossTenant-originalarrivaltime: 27 Jan 2020 12:04:59.7069 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: pxKk/47w0PD78v2z12Ulpvp1nu6OGHDc4lzUfrjosgk3/7gpm3BOxlrPIxbgxf+hFU9uYG8LjtCH99ANgtq4sXBR0hoBh9EW7pIrxE+woiI=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB7PR07MB4556
Archived-At: <https://mailarchive.ietf.org/arch/msg/masque/dYissillV8UYZjupi-TEiPZ9fYs>
Subject: Re: [Masque] Proposed draft charter
X-BeenThere: masque@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Multiplexed Application Substrate over QUIC Encryption <masque.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/masque>, <mailto:masque-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/masque/>
List-Post: <mailto:masque@ietf.org>
List-Help: <mailto:masque-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/masque>, <mailto:masque-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Jan 2020 12:05:08 -0000

Hi Paul and Lars,
(As individual, my AD role clearly have an conflict of interest situation here)


Paul's question is something that needs to be discussed. This goes beyond the
security model I have envisioned for this work. 

So the most basic security model for this work would be to have a secured
connection (outer) between an endpoint (mostly the client) and the proxy. Then
run a end-to-end secure QUIC connection between client and server (inner). That
end-to-end connection can run either inside the client-proxy connection for
certain properties or in parallel for other set of properties. Then use the
client proxy connection for meta data exchange to accomplis things. This model
can be extended to use outer connections between proxies and proxy to server,
and in cases where desired to even have an onion model where client uses a set
of proxies but each proxy only see the next and previous hop. 

An evolved model would be to move the inner connection from a full blown QUIC
connection to something which is an object security model end-to-end between
client and server. This will require an chain of outer transport connections all
the way between client and server. However, it would enable certain use cases
that isn't possible in the first, like object caching. It also enables the
proxies to do a much better job transport wise and avoid head of line blocking
completely for inner object fragments and enable proxy level prioritizations,
which is not really possible in the first model. I do note this model will
require basically a new QUIC version as it will redefine the internals
significantly. 

Paul I am uncertain of exactly what you attempting to accomplish. I think in the
basic security model the client proxy connection can be used by the client to
disclose information like SNI (assuming ESNI otherwise) to the proxy as that
would allow policy recommendations that it appear you ask for. But, my
assumption for this work is that the proxy will by default have no access to
clear text content being transfered between endpoints. Any such access would
require an explicit disclosure of the security context by the client to the
proxy. 

But, lets also try to answer Lars's question. Why not in QUIC WG. I will not
dismiss that this could be part of the QUIC WG charter. However, I think writing
the charter like it is its own WG clarifieis what the intentions here are. I
also note that basic framwork is much more like SOCKS work, or the TURN work in
TRAM WG, but different than both to require its own work. Its primary part is
not actually changing QUIC, at least for the basic security model above. Then,
certain of the transport performance enhancement work will be how to interface
information between the proxy and the end-to-end QUIC connection. That work will
need interaction with the QUIC WG. Some things may even need QUIC extensions,
and such would then likely need to be developed in the QUIC WG. I think we
should discuss this more, and at a minimum clarify the interaction part. 

Cheers

Magnus Westerlund
(as individual)


On Mon, 2020-01-27 at 08:26 +0000, Paul Vixie wrote:
> i mostly think the same, but i'm concerned about one aspect of H3 that may be 
> sufficiently far from the core protocol to warrant special focus on the
> proxy, 
> and that is the enterprise situation where the endpoint trusts the proxy to 
> either carry the transaction for it, or to refer the endpoint to a native 
> flow. use case, employee doing their banking from their corporate desktop 
> during their lunch break. this isn't a well-loved scenario because it's so 
> close to the nation-state authoritarian situation. but i'd like to explore it 
> with a group of open minded others, and i think doing it inside the QUIC or 
> HTTP WG would make for big distraction.
> 
> there is, separately and precedingly, the the process by which an endpoint 
> would discover, and know whether or not to trust, an enterprise outbound 
> proxy.
> 
> am i in the wrong basket?
> 
> vixie
> 
> re:
> 
> On Monday, 27 January 2020 07:22:14 UTC Lars Eggert wrote:
> > Hi,
> > 
> > what motivates a separate WG vs. doing this in the QUIC WG?
> > 
> > There are aspects of the charter - e.g., one-sided (transparent to the
> > peer?) cooperation with middleboxes, double-encryption avoidance (does this
> > translated to an "unencrypted" mode for QUIC?) - that could have a large
> > impact on the base protocol. That suggests to me tight coordination with
> > the base protocol is essential.
> > 
> > Thanks,
> > Lars
> 
> -- 
> Paul
> 
> 
-- 
Cheers

Magnus Westerlund 


----------------------------------------------------------------------
Networks, Ericsson Research
----------------------------------------------------------------------
Ericsson AB                 | Phone  +46 10 7148287
Torshamnsgatan 23           | Mobile +46 73 0949079
SE-164 80 Stockholm, Sweden | mailto: magnus.westerlund@ericsson.com
----------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email