IETF Logo Mail Archive

Re: [Masque] Updated proposed charter text

Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com> Tue, 31 March 2020 23:34 UTC

Return-Path: <spencerdawkins.ietf@gmail.com>
X-Original-To: masque@ietfa.amsl.com
Delivered-To: masque@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 712BB3A0D21 for <masque@ietfa.amsl.com>; Tue, 31 Mar 2020 16:34:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.197
X-Spam-Level:
X-Spam-Status: No, score=-0.197 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ddPOlKnyugoL for <masque@ietfa.amsl.com>; Tue, 31 Mar 2020 16:34:42 -0700 (PDT)
Received: from mail-lf1-x130.google.com (mail-lf1-x130.google.com [IPv6:2a00:1450:4864:20::130]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 41C443A0D1D for <masque@ietf.org>; Tue, 31 Mar 2020 16:34:42 -0700 (PDT)
Received: by mail-lf1-x130.google.com with SMTP id t11so6421663lfe.4 for <masque@ietf.org>; Tue, 31 Mar 2020 16:34:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=oHAE9gJG5u80jT8+iSBniv7M+huxqvb7b6feGxZnurA=; b=UZPWZk1MOcB2ApqfaqQmvaC+hiLkCCPYsP1LyUc9fQ2EnhISru3+kLH3yWpk/zs99e D1YBlHhPrBaJd8AhOVxiYJejCHxj8uw0hkkqZSA3vNWJaTdSb7748jIMcSC02PRqjmXD 2Y+mY8VqZdlElneZDwavTJdovsgwaFu9mW7Wz1pQ5pa+2dUUCE+BCtwP/Fuo/Ino8Z44 EdXtZxK4fXk0q6AhyuHZHt/uyxm84H2rADahxyPTAFnk4IfyTZmUCM28ti2MlZXxwqKp hzRv5CRyeIqgl5JrnfXuiCC6cTw6QZXAE24ioKIz1qmhkc62jhOYQuwzlJ4kFiab3yqJ YkfA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=oHAE9gJG5u80jT8+iSBniv7M+huxqvb7b6feGxZnurA=; b=gfdc6NEbfVWjy65fwLhF4RZJ4+schGuZYm35jaWnC1yCqSD6kPM6vdsGYftnocOdcV 2lIQo/WCiJPFAO0nrabk0wcAtfzFpAwYI/gGr9KJuA99EfX5w49eU+hl2/fCGO7DXcwQ D7HmOShTWp1U0jQD9ntmmd163Szzi5eJzQQmKhSEfH06oE9NAQpqgrzhbBikaV6yCgoW yBnOzB7Z12+tuRcBOX1Zd1R/BLU+jnXb2sc0qBIAhOe9OroJH7hpwn9S5z6PcnEP3OK2 NkP5jwP06IhldFgG6bijpuwv3AyOuWBnfcYgtfs7T+fl3K8fDL5l1CVjmQGKvCm6Nua/ e0Yg==
X-Gm-Message-State: AGi0PubiV0wavdQp/bm7LRwc6ylavJrVNyMDeI/ht44sJ1g8taoaozWY fSTHWBUMdptGFWAGccQjqYR6oboAdWUuCy4gOjTQCg==
X-Google-Smtp-Source: APiQypJjtsPUgNZnQ8Gxt7vRBelQROF5ut9asFDBYIexQbqWh1sESRmC2HyOwdGg8EpyoyRytD/O8JjiC5yRSXSYcLs=
X-Received: by 2002:a05:6512:1082:: with SMTP id j2mr8440179lfg.53.1585697680212; Tue, 31 Mar 2020 16:34:40 -0700 (PDT)
MIME-Version: 1.0
References: <89136f8b-70bd-40a0-b6d1-0e8a62a50ece@www.fastmail.com>
In-Reply-To: <89136f8b-70bd-40a0-b6d1-0e8a62a50ece@www.fastmail.com>
From: Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com>
Date: Tue, 31 Mar 2020 18:34:13 -0500
Message-ID: <CAKKJt-dJqTYJPj0u7mZvaJKoiRX7oXeQCSyQV9xN_zkzHY-LXQ@mail.gmail.com>
To: Christopher Wood <caw@heapingbits.net>
Cc: MASQUE <masque@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000f346f305a22f0235"
Archived-At: <https://mailarchive.ietf.org/arch/msg/masque/gZexWt_w36ZFP4YQGBq9DW6_aFk>
Subject: Re: [Masque] Updated proposed charter text
X-BeenThere: masque@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Multiplexed Application Substrate over QUIC Encryption <masque.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/masque>, <mailto:masque-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/masque/>
List-Post: <mailto:masque@ietf.org>
List-Help: <mailto:masque-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/masque>, <mailto:masque-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 31 Mar 2020 23:34:46 -0000

Hi, Christopher,

Thanks for getting this update out so quickly.

I have thoughts, but wanted to start with the first couple of paragraphs.

On Tue, Mar 31, 2020 at 11:43 AM Christopher Wood <caw@heapingbits.net>
wrote:

> Based on last week's meeting, it seems folks are generally enthusiastic
> about some form of MASQUE moving forward. To help scope that particular
> form, here's an update to the proposed charter.
>
> ~~~
> Many network topologies lead to situations where transport protocol
> proxying is beneficial. For example, proxying enables endpoints to
> communicate when end-to-end connectivity is not possible and can apply
> additional encryption where desirable (such as a VPN). Proxying can also
> improve client privacy, e.g., by hiding a client's IP address from a target
> server.
>
> Proxying technologies such as SOCKS and HTTP(S) CONNECT exist, albeit with
> their own shortcomings. For example, SOCKS signalling is not encrypted and
> HTTP CONNECT is currently limited to TCP. In contrast, HTTP/3 is a viable
> candidate protocol for proxying arbitrary traffic, as it provides secure
> connectivity, multiplexed streams, and migration for a single connection
> while taking advantage of a unified congestion controller. HTTP/3 datagrams
> provide for unreliable data transmission, which enables transporting UDP
> and other unreliable flows via a proxy without introducing potentially
> redundant or unnecessary recovery mechanisms. Further, HTTP/3 supports an
> established request/response semantic that can set up and configure flows
> for different services.
>

If I remember correctly, somewhere between the audio conference and the
active jabber conversation, there were people who mentioned

   - proxies
   - relays
   - tunnels
   - VPNs
   - NATs, and
   - now that I look at the second paragraph, maybe even firewalls

Is it possible to agree on the functionalities that this community of
interest is thinking of, as part of the charter discussion?

ISTM that if we're talking about "connect for IP", we're closer to a tunnel
than a proxy, and I don't think that's what most of the MASQUE folk were
thinking of.

Perhaps this will fall out of the use cases people have been collecting?

Best,

Spencer


> The primary goal of this working group is to develop mechanisms that allow
> configuring and concurrently running multiple proxied stream- and
> datagram-based flows inside a HTTP/3 connection. The group will specify an
> HTTP-based signaling protocol for creating and configuring each service
> flow. The group will first focus on a limited set of client-initiated
> services such as IP, UDP, and TCP proxying. Specifying proxy server
> discovery mechanisms is out of scope for the group. However, the group may
> specify techniques for identifying proxy servers to aid future discovery
> mechanisms.
>
> The group will coordinate closely with other working groups responsible
> for maintaining relevant protocol extensions, such as HTTPBIS, QUIC, or TLS.
> ~~~
>
> This should address most of the issues raised during the meeting [1]. We'd
> like to hear what people think about this as a viable path forward.
>
> Thanks,
> Chris, on behalf of the chairs
>
> [1] These issues include, though are not limited to:
>
> 1. Whether or not this is a new protocol or an extension of an existing
> protocol must be clear before moving forward.
> 2. Motivation for proxy technologies requires improvement. In particular,
> there’s no mention of privacy objectives.
> 3. The proxy threat model is unclear or underspecified. Does it model
> Tor’s threat model, or is it something simpler? (Meta question: should this
> be part of an existing document?)
> 4. Why are services beyond simple “CONNECT for UDP or IP” in scope? Should
> we focus on the simple datagram proxy case first and carve out room for
> extensibility?
> 5. To what extent is discovery out of scope?
> 6. Framework is perhaps not the best word to describe MASQUE.
>
> Any errors or omissions from this list are entirely my fault!
>
> --
> Masque mailing list
> Masque@ietf.org
> https://www.ietf.org/mailman/listinfo/masque
>

v2.23.0 | Report a Bug | By Email