IETF Logo Mail Archive

Re: [Masque] MASQUE extensibility

Christopher Wood <caw@heapingbits.net> Tue, 05 January 2021 20:05 UTC

Return-Path: <caw@heapingbits.net>
X-Original-To: masque@ietfa.amsl.com
Delivered-To: masque@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0655A3A119B for <masque@ietfa.amsl.com>; Tue, 5 Jan 2021 12:05:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.12
X-Spam-Level:
X-Spam-Status: No, score=-2.12 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=heapingbits.net header.b=ARBj/+4H; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=EFq5Gwoc
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HblJqIXFZgub for <masque@ietfa.amsl.com>; Tue, 5 Jan 2021 12:05:42 -0800 (PST)
Received: from wout1-smtp.messagingengine.com (wout1-smtp.messagingengine.com [64.147.123.24]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B89F93A11BA for <masque@ietf.org>; Tue, 5 Jan 2021 12:05:40 -0800 (PST)
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.west.internal (Postfix) with ESMTP id C9DC610EC; Tue, 5 Jan 2021 15:05:39 -0500 (EST)
Received: from imap4 ([10.202.2.54]) by compute4.internal (MEProxy); Tue, 05 Jan 2021 15:05:40 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=heapingbits.net; h=mime-version:message-id:in-reply-to:references:date:from:to :cc:subject:content-type:content-transfer-encoding; s=fm3; bh=lu b1TKClGJ3VsKLLd7fU4+65tVSfvkJzPxJdqhk/Bzs=; b=ARBj/+4HvYmLtgkwI5 lNO55LM2jPE9sWiR8q5HKx4jRJmJv3Z/yCd2uTTSH3uMxVFnDaAHWueGWo49NYax CeKLn0avYyysdKoM21wW0pcvfN4HMMaNpeEKn6i+TSTBYatHHEOPZ2MQ8sZzC4e8 BLuOTAHG4WSIXP6h7N6xYbOxZ9DhCFwPa6v9aNB5lS9oOVHW3hcdjwV4GyvV/scD E1SH/lhINcx16tJUy7Wo4Vly7HA/5kWDFrVvTOGTxeoFSY2uDdLTGdQEB8EumgV7 XTesSQ3XRE2eL0mY6Hz/K/bjrTqZ/7OIU4orLs/8QCl5mhrtT1kSPvnBGMGqRu0s 7clw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm1; bh=lub1TKClGJ3VsKLLd7fU4+65tVSfvkJzPxJdqhk/B zs=; b=EFq5GwocHdHU/e0p1I8WHGAJI0wbD1s851EP1Yffj0bDEHeZuZikGG9kW lAyFo/lk2Jvb5H0xf/judNSj7rwKXYCY8VSQ5670QojYLDZGpSd6hJzl68XZWY+s wB6f14CEodR7mQVLZWjavajJv4nqSIh23u7cpG3Ua4zaJXVPObY+IFEtfqBgmNAA Zsx9ChMMPkedAVYJhk5+N3vU5lpW6FNG1bgQOGuCyBRH7aPIY17CXU7MWka9joGX 0L9VYXQTMeP93ABFX+/oihxZyHjXSI9HYVJAVpWAh+f3LfYP+ktD8C8f/EN+npXS GfN0YqkTQvU2BQfnmM10F9IWqMiyg==
X-ME-Sender: <xms:ksb0X8rmpbI9RpFXN-jejJqQOFaRWwGqenlUMvADRucTAeSZDR-Fjw> <xme:ksb0XyrcKlR5pdDDVKwGfVWjOEiprZOvsWPc_A_H1hQlLuWc6Tv8V7OagALoFRmGh GyIoWNwWh5ATNDsIek>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedujedrvdefjedgleeiucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepofgfggfkjghffffhvffutgfgsehtqhertderreejnecuhfhrohhmpedfvehh rhhishhtohhphhgvrhcuhghoohgufdcuoegtrgifsehhvggrphhinhhgsghithhsrdhnvg htqeenucggtffrrghtthgvrhhnpeetiedvlefffedtvdelhfdthfdvgfetffehtdejlefg heekleelvdduffeltdelkeenucffohhmrghinhepihgvthhfrdhorhhgnecuvehluhhsth gvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomheptggrfieshhgvrghpihhn ghgsihhtshdrnhgvth
X-ME-Proxy: <xmx:k8b0XxPSJbKqHBRZ8FdEgRSAY1VX7w3IWy2uq3gx95FVQHDl2dEf_g> <xmx:k8b0Xz7wPj2sTZBmtf5-0qXFCmDqMLCakziuuLbeR4W_o6g9tY_KRQ> <xmx:k8b0X77CDxlvgFSubZxuTKBwiyYY19Wm3sDAh9ICEVH_jYYBki7dGA> <xmx:k8b0X4j-ZcbFccG_zsqA6TYwtLRKRahc4wHyp-MAfoaf430TGEjbjw>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id E5A263C00A1; Tue, 5 Jan 2021 15:05:38 -0500 (EST)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.3.1-61-gb52c239-fm-20201210.001-gb52c2396
Mime-Version: 1.0
Message-Id: <de4f5b94-3bdb-4a18-bfc3-9c864e47041a@www.fastmail.com>
In-Reply-To: <CAM4esxQOVpkwb4SFiZhg_SRhEwV9QThaBiAT_LOUVsNRkBDkWA@mail.gmail.com>
References: <c0c5a81a-4b96-4d8e-87b6-958323cda14d@www.fastmail.com> <DB1145E2-F51E-46BB-9E06-0E87416E8715@ericsson.com> <CAM4esxQOVpkwb4SFiZhg_SRhEwV9QThaBiAT_LOUVsNRkBDkWA@mail.gmail.com>
Date: Tue, 05 Jan 2021 12:05:02 -0800
From: Christopher Wood <caw@heapingbits.net>
To: Martin Duke <martin.h.duke@gmail.com>, Mirja Kuehlewind <mirja.kuehlewind=40ericsson.com@dmarc.ietf.org>
Cc: "masque@ietf.org" <masque@ietf.org>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/masque/evtmVQBB75Dzbac2NjAktbkZcBA>
Subject: Re: [Masque] MASQUE extensibility
X-BeenThere: masque@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Multiplexed Application Substrate over QUIC Encryption <masque.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/masque>, <mailto:masque-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/masque/>
List-Post: <mailto:masque@ietf.org>
List-Help: <mailto:masque-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/masque>, <mailto:masque-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Jan 2021 20:05:45 -0000

Happy New Year, all!

Thanks to everyone who chimed in on this thread! To summarize responses we received so far, it seems clear that we want extensibility for CONNECT-UDP and the future IP proxying mechanism, and that these should exist in separate documents. David’s draft specifying an ECN extension [1] is one such example. It also seems clear that HTTP headers make for a perfectly fine extension point for CONNECT-X requests.

What remains unclear is how to support extensions within a proxy context, i.e., a CONNECT-UDP stream. Martin nicely outlined some of the variants, such as encoding things in per-datagram framing bits, negotiating and encoding information in flow IDs, or using different frame types entirely. We should try to converge on which of these options we need for generic tunneling or proxying use cases. 

To that end, here’s a couple questions that might help us get there:

- Should flow ID interpretation be negotiated as part of an extension, or should it be fixed for CONNECT-UDP? (The latter is the approach taken in [1].)
- What are the tradeoffs between per-datagram signalling state versus, say, a different datagram frame type for different use cases? And which of these is maximally useful for CONNECT-UDP use cases?
- What are the tradeoffs between per-datagram and flow ID signalling?

We hope these (or related questions) can be discussed before and during the interim.

Thanks,
Chris and Eric

[1] https://tools.ietf.org/html/draft-schinazi-masque-connect-udp-ecn-00

On Wed, Dec 9, 2020, at 12:03 PM, Martin Duke wrote:
> Thanks for starting this discussion, Chris.
> 
> With my AD hat on, I would personally interpret the charter to allow 
> CONNECT-UDP to provide all the functionality one might have in a UDP 
> socket, except those (like multicast) explicitly forbidden. This 
> includes ECN, DSCP, etc, although the WG is welcome to decide that some 
> or all of these functions aren't important. As AD, I don't have a 
> strong opinion today as to whether these end up as one draft or 
> multiple drafts. Certainly, it makes sense to spell out the design in a 
> separate draft first and later decide whether or not to integrate it 
> into the base design, as quicwg did with the spin bit and ECN support.
> 
> If the CONNECT-UDP method is designed so as to be literally not 
> extensible to support these use cases, I would consider that a 
> significant flaw. I don't think that's the case.
> 
> Speaking as an individual, the hardest extensibility problem would seem 
> to be per-datagram information. There are four different resources we 
> could use for this:
> - an additional QUIC frame type codepoint, with the second type having 
> additional per-datagram information 
> - an additional H3 frame type codepoint, with the second type having 
> additional per-datagram information
> - flow ID codepoints, as David suggests. If we want to support DSCP, 
> this means we need 8 bits per flow just for this (but then, we have 
> 2^62 of them!)
> - Make every H3 datagram frame encode this information -- if we were to 
> choose this option, we will probably end up using more H3 frame types 
> as Webtransport, etc. will probably not want the overhead.
> 
> To me, the first two are the least profligate, and the second option 
> (another H3 frame) is the right layer to do it. But none of these 
> resources are scarce and this is mainly an aesthetic preference.
> 
> Broadening from the per-datagram issue, we are likely filling up some 
> sort of HTTP or H3 registry with whatever extension points we specify, 
> so that community's opinion is valuable here.
> 
> Martin
> 
> On Wed, Dec 9, 2020 at 10:01 AM Mirja Kuehlewind 
> <mirja.kuehlewind=40ericsson.com@dmarc.ietf.org> wrote:
> > 1) Yes, every new protocol should be extensible. Lucas and others mentioned that H3 provides already some extensibility, however, as soon as you have send the CONNECT there is not much H3 "left" and therefore we should make sure that we consider options for additional extension mechanisms later in the life time of a CONNECT request.
> > 
> > 2) People did mention in-stream (or I would say in-forwarding-association - I  think we need to agree on terminology here to make sure we talk about the same thing) control data. So I think there is information that you want to signal that is associated to a forwarding stream or even a certain packet, where it probably make sense to send this data within the respective forwarding stream, however, there might be other cases where you want to signal something based on some event in the proxy, including negotiation when or before the CONNECT is sent, or general information about proxy state or capabilities which maybe be independent of any active forwarding association. We also need to consider appropriate ways to signal such information and I think all (new) signaling we define should be extensible.
> > 
> > 3) I think the extension points itself need to be described in the base spec. I also still think that ECN handling should be part of the base spec as this is an important functionality that is in my view not optional if we ever want to see it used. However we can of course start with separate documents and merge in when ready. Still, we first must agree about the kind of extension points we want to use.
> > 
> > Mirja
> > 
> > 
> > On 04.12.20, 21:19, "Masque on behalf of Christopher Wood" <masque-bounces@ietf.org on behalf of caw@heapingbits.net> wrote:
> > 
> >     One point raised during our IETF 109 meeting was extensibility. A number of different extensions have already been discussed, including: IP header compression, ECN signals, and QUIC-aware proxy support. It seems clear that the MASQUE use-cases require some amount of extensibility in the core mechanism. What we’d like to determine is how much extensibility is needed.
> > 
> >     Given that our charter is somewhat vague on what extensions are in scope [1], there seem to be (at least) three questions we should answer if we are to embark on this extension work:
> > 
> >     1) Do we want CONNECT-UDP and a future mechanism for IP proxying to be extensible?
> >     2) If yes, which parts of each protocol need extensibility, and to what extent?
> >     3) If yes, do we want to adopt these extensions as distinct documents? (An ECN signal, for example, might be included as an extension in the CONNECT-UDP document, or it might be part of a separate document. Conversely, extensions for QUIC-aware proxying seem likely to be a separate document.)
> > 
> >     We'd like to hear answers to these three questions from the WG. Converging here will help us better determine what is in scope going forward. To that end, please share your thoughts on these questions before December 18. We'll assess and see where we are at that time.
> > 
> >     Thanks,
> >     Chris and Eric
> > 
> >     [1] Relevant text in the charter (https://datatracker.ietf.org/doc/charter-ietf-masque/) reads as follows:
> > 
> >     The primary goal of this working group is to develop mechanism(s) that allow configuring and concurrently running multiple proxied stream- and datagram-based flows inside an HTTPS connection. These mechanism(s) are collectively called MASQUE. ***The group will specify HTTP and/or HTTP/3 extensions to enable this functionality.***
> > 
> >     (emphasis ours)
> > 
> >     -- 
> >     Masque mailing list
> >     Masque@ietf.org
> >     https://www.ietf.org/mailman/listinfo/masque
> > 
> > -- 
> > Masque mailing list
> > Masque@ietf.org
> > https://www.ietf.org/mailman/listinfo/masque

v2.23.0 | Report a Bug | By Email