Re: [Masque] FW: New Version Notification for draft-kuehlewind-quic-proxy-discovery-00.txt

Mirja Kuehlewind <mirja.kuehlewind@ericsson.com> Thu, 23 January 2020 10:07 UTC

Return-Path: <mirja.kuehlewind@ericsson.com>
X-Original-To: masque@ietfa.amsl.com
Delivered-To: masque@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 30F3A12022A; Thu, 23 Jan 2020 02:07:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LTuMICGIl_t9; Thu, 23 Jan 2020 02:07:49 -0800 (PST)
Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-eopbgr60054.outbound.protection.outlook.com [40.107.6.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8345A12001E; Thu, 23 Jan 2020 02:07:47 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=JnKy3jp3Pfnnf06pR08p8Wi6q/8LB9Ia+DtS1gKIJkPAdrEGCQktNYx9eUjtmW6+4yJ88jn2y/K+rlFkf1SZwCFxfb9p7FlwKXlM+F7Wg6cZTugy34hMUz7tCxkAtJIhPmHcpNP5l1qnkIqw3tKmxR4InnPfseo/5PiMjs/9zE0owz4STk0dna5M8v+DOT6BA1oLogheTnmxy9o3BTRaNr44XPBF2Et3Ngivcoj0kENz4N5xzB14WOvsu0DnfaNsCg9lwzbBKGeNqjJ2MMEvnsDPw06uMhMwB1qe3bacgmAuVIkrfkvUQ5XBZ0aDBsVaWL8BrAVHLcwWD/9WBRkCbA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=K69tp7sDz66kYON0qqHVyckMiuGt6kFY3lNb2bicSo4=; b=Ca4lu8bKZxWiO1vU+HpChqmlfGPa07AIAh0OvbDPBEjhkM2iYA3loc3GvQ2LaWPvSt9FFD7hUDNVtz0S46rIq/K/VucQjON990hIqh/kY33XLEtHec4vVPJeVKSAdQcDdChcmDVIEVHAMan1Stzl66Yc72d2iUwLVjx56O6qCYW/GNYuFT4mwf311TO8g2efZ28WENn/xsIWloVdgJuplz7x/VbJZXiqiUFI+YgVDaySJz1qFE4Ux5XR7jdXF6BpNEEpCSWNmb0mBs2nipw4reL9VsMDcCte/M0H4eUoGjCwjbdWoCgM3vUI4+fSCcE40lPgOd4YHjQxnSdXrOaNTQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=K69tp7sDz66kYON0qqHVyckMiuGt6kFY3lNb2bicSo4=; b=gm8Jk1FsbGiRQDt/MM93mFK3L6pIeoKjhBI9JzAvwuqHdDKrIAFTnZDp60yBlG90Sq3X0fhdAlebadFZiYdbT9AR60WCxryA/BZyWpcqv3xqOybpiVIf5PS7fTp8RQAzHS+0ZYR36mIRxKaGc34NsiT6ujicR4G2VWLSh3IDTV4=
Received: from AM0PR07MB4691.eurprd07.prod.outlook.com (52.135.149.158) by AM0PR07MB4418.eurprd07.prod.outlook.com (52.133.55.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2665.15; Thu, 23 Jan 2020 10:07:44 +0000
Received: from AM0PR07MB4691.eurprd07.prod.outlook.com ([fe80::4879:46ae:16e:f5b7]) by AM0PR07MB4691.eurprd07.prod.outlook.com ([fe80::4879:46ae:16e:f5b7%7]) with mapi id 15.20.2686.008; Thu, 23 Jan 2020 10:07:44 +0000
From: Mirja Kuehlewind <mirja.kuehlewind@ericsson.com>
To: Lucas Pardue <lucaspardue.24.7@gmail.com>
CC: Patrick McManus <mcmanus@ducksong.com>, "masque@ietf.org" <masque@ietf.org>, "quic@ietf.org" <quic@ietf.org>, Zaheduzzaman Sarker <zaheduzzaman.sarker@ericsson.com>, "Su, Chi-Jiun" <Chi-Jiun.Su@hughes.com>
Thread-Topic: [Masque] FW: New Version Notification for draft-kuehlewind-quic-proxy-discovery-00.txt
Thread-Index: AQHVkzBtXqSCGBS1QEWLK0BXXTrwWKd7THMA///xkwCAABGsgP//8OCAgAA2fICAAaTLAIB6JW6AgAAiFICAATDwAA==
Date: Thu, 23 Jan 2020 10:07:44 +0000
Message-ID: <9C17E8DD-1912-4745-B71E-CBBD3DF09AD5@ericsson.com>
References: <157288641719.16495.4218503379126128243.idtracker@ietfa.amsl.com> <CA5EB3C0-F510-4883-B50B-51A3E46B47CA@ericsson.com> <CALGR9obp-YARLEXDVWvTqZ_h=Ocbn6m2On+uovK-SL-6TaOSXg@mail.gmail.com> <3F20108D-DEED-4AEF-89D3-55F11058110B@ericsson.com> <CALGR9oYHce0mnkj5Kz13EoR-zN3-xSr0igkJF2Z_dJ2vgfVNSQ@mail.gmail.com> <SN6PR11MB3087D25371090E7E40FA32B2CE7F0@SN6PR11MB3087.namprd11.prod.outlook.com> <CAOdDvNruDZuBYp2ABfWCKMF4o6rY5Qk6x6ofH1qCJgLfKpsCUg@mail.gmail.com> <65CD80F2-11BF-4D48-A011-17F6E431D209@ericsson.com> <CALGR9obxq-XxzNwTi_UAXZSq61=R_g4D+jrD-2V-PVix_t7Pig@mail.gmail.com>
In-Reply-To: <CALGR9obxq-XxzNwTi_UAXZSq61=R_g4D+jrD-2V-PVix_t7Pig@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=mirja.kuehlewind@ericsson.com;
x-originating-ip: [2001:16b8:2455:3200:50ac:79f8:a73e:45b0]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: f96a92b1-3e20-4b6b-1ee5-08d79fec1760
x-ms-traffictypediagnostic: AM0PR07MB4418:|AM0PR07MB4418:
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <AM0PR07MB4418C2F7A901252722F0F502F40F0@AM0PR07MB4418.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 029174C036
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(346002)(39860400002)(376002)(366004)(396003)(136003)(199004)(189003)(66446008)(66556008)(15650500001)(64756008)(86362001)(6916009)(66946007)(2906002)(2616005)(71200400001)(478600001)(54906003)(76116006)(966005)(6512007)(316002)(4326008)(66574012)(66476007)(44832011)(6486002)(5660300002)(36756003)(30864003)(8676002)(81156014)(81166006)(33656002)(186003)(6506007)(53546011)(8936002); DIR:OUT; SFP:1101; SCL:1; SRVR:AM0PR07MB4418; H:AM0PR07MB4691.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: GMfs0t7RQTK6piF/FLWDARx/pnIt/1y3My4MmKYRvoZlB//Dn7fthZMHj7kNdDRaHZHxCi5ou5IruYw4kmjXJ2/qOZGbLO8sNBxb3U0z2WF62QI1RsvS1qxiBqNbqjbtFBFXfgUHDsoa1KblZC97Cf54DhsgoFW3vQsJi3POYUbWSnKkTUaEC4kh/va4kOoSkyLqBsqNbX0B3QOlyIIvfOBlxnarro6LFGkr9NbBhdly9pUncrDTxiz2eKcp5/qDkcQ0SK/lN4c3oxil5yquf4rpBc4ITC814m9nsVY5bg4EZOmgB+LNfwOYkLLt0JKVDOAl1AMwjztcIBNfU5Vaf/b8AKsuF9YCuw/HSKXpnNjrcd4eIGqhmyJIv8OMu0bwGvObx0eNXhnaSfiYzjBR0g1Y6yddqZu2/B1F9r5CPdQjcMnmUvj1nMQjURPfh+f4iC86yHIa68m0SP0fJBcqkbN2mRZzLcOHkJcxz1jjaZw=
x-ms-exchange-antispam-messagedata: s7YJORWmKhlFaPpXuQiG3l01TKVmwnCSR9sTDM8cfkfzwvUFyN79AM9O8VbshDXyvqnXZyrtNcyrfSuJD39pLLy23APU9EZu4AfQlqwX8HSelJJJCM7m0ixTCeu1QeJVGaPdml3AFSzWen0ozoLQCDSk+1F7DlpX5kW6XVAKU0see2Ork9MtBNuDT2Be7zkXWMkZzzsgffLHOvdjxj+idA==
Content-Type: multipart/alternative; boundary="_000_9C17E8DD19124745B71ECBBD3DF09AD5ericssoncom_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-Network-Message-Id: f96a92b1-3e20-4b6b-1ee5-08d79fec1760
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Jan 2020 10:07:44.8388 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: AsHOJxoTkN8+PvYlT9xCaz0lZAz1osBActCTrvS/w6iLr89VtjC9tXczxBUALx7/q7XVfVhOBESVDSHYcLFReEOojjAa+alZou2RvtpNZb4=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR07MB4418
Archived-At: <https://mailarchive.ietf.org/arch/msg/masque/iHIaCnvr62eTYIX4-rsuCE22i_E>
Subject: Re: [Masque] FW: New Version Notification for draft-kuehlewind-quic-proxy-discovery-00.txt
X-BeenThere: masque@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Multiplexed Application Substrate over QUIC Encryption <masque.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/masque>, <mailto:masque-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/masque/>
List-Post: <mailto:masque@ietf.org>
List-Help: <mailto:masque-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/masque>, <mailto:masque-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Jan 2020 10:07:52 -0000

Hi Lucas,

see inline.

From: Lucas Pardue <lucaspardue.24.7@gmail.com>
Date: Wednesday, 22. January 2020 at 17:56
To: Mirja Kuehlewind <mirja.kuehlewind@ericsson.com>
Cc: Patrick McManus <mcmanus@ducksong.com>om>, "masque@ietf.org" <masque@ietf.org>rg>, "quic@ietf.org" <quic@ietf.org>rg>, Zaheduzzaman Sarker <zaheduzzaman.sarker@ericsson.com>om>, "Su, Chi-Jiun" <Chi-Jiun.Su@hughes.com>
Subject: Re: [Masque] FW: New Version Notification for draft-kuehlewind-quic-proxy-discovery-00.txt

Hey Mirja,

So it turns out that me skim reading the draft results in misunderstanding its intent. I think I got it into my head that this document was a survey of general proxy discovery protocols, not a set of specific proposals for QUIC proxies. With my renewed understanding, I agree that the document shouldn't recommend the use of WPAD. Maybe there is an opportunity to discuss the more broad considerations, such as authentication, to make when deploying, advertising and selecting a QUIC proxy. But maybe that is covered in text elsewhere.

Yes, that definitely need more discussion/consideration and you might have notices that the security section is empty at the moment. So I think that’s the place to an initial discussion. PRs are welcome 😊

Taking a deeper look at the proposals, I wonder how some of the presented option play with the ALPN and SNI in the QUIC handshake. For instance, in the DHCP example, a client might discover that there is a QUIC proxy but not know its name or application layer protocol and hence could have a hard time setting up the QUIC connection.

My currently assumption right now was that a client could just open a QUIC connection on port 443 and there is only one proxy protocol, so it know it has to speak that. The proxy protocol could be H3 based (and then we would need a way to also discovery a name which DCHP could also provide) or something else. So I think this will depend on how the protocol will actually look like and we don’t know that yet. However in each of the discovery protocols there is also a block for reserved bits, so we could even make use of some of those bits.

And on this note I wonder if we need to delineate between what might be a general purpose "QUIC transport proxy" and an "Application-on-QUIC proxy". For example, with HTTPS proxies today it is possible for them to use Alt-Service to advertise the availability of HTTP/3.

Yes, that could be one option and I think is open for discussion. My thinking was that you have a control protocol that you speak with the proxy and also use to communication the application that you want to proxy. So if that would be H3, you can tell the proxy directly without making a detour by using Alt-Service. However, that an independent question to what the proxy control protocol itself is based on.

Mirja



Cheers
Lucas

On Wed, Jan 22, 2020 at 1:54 PM Mirja Kuehlewind <mirja.kuehlewind@ericsson.com<mailto:mirja.kuehlewind@ericsson.com>> wrote:
Hi Partick, hi Lucus, hi all,

I’m currently updating the discovery draft and therefore looking at this email thread.

So looking at WPAD, it also uses DHCP and/or DNS to get a config file. In the draft we mentioned also the use of Provisioning Domains (PvDs) to get information about local configuration. This seems to be the more appropriate and soon to be standardized alternative, so I don’t think mentioning WPAD will add much. Lucas?

Mentioning WPAD could maybe lead to a discussion about who this information can be access by an application/browser (if needed because it could also be the OS that handles the proxying transparently for the app), however, this seems a bit out of scope for this document and probably is mostly covered by taps for PvDs.

Patrick, you said below that “series of CONNECT tunnels to the proxy are giving up the end to end security of transport features that QUIC“. In the setup we have in mind for use with MASQUE, we never touch the encrypted QUIC end-to-end connection and just forward those packets. Other than for HTTP/TCP proxies, the idea is to always have an outer QUIC connection between the client and the proxy and an inner QUIC connection between the client and the server. So I think if you only look for a forwarding service (+ address translation/anonymization), it’s actually okay to rely on potentially unauthenticated local discovery as you basically only have to trust the proxy as much as you trust any router on the path. However, given there is a QUIC connection between the client and the server which includes authentication, you may even be able to authenticate a known proxy even if the discovery was not authenticated.

Mirja



From: Masque <masque-bounces@ietf.org<mailto:masque-bounces@ietf.org>> on behalf of Patrick McManus <mcmanus@ducksong.com<mailto:mcmanus@ducksong.com>>
Date: Tuesday, 5. November 2019 at 22:37
To: "Su, Chi-Jiun" <Chi-Jiun.Su@hughes.com<mailto:Chi-Jiun.Su@hughes.com>>
Cc: "masque@ietf.org<mailto:masque@ietf.org>" <masque@ietf.org<mailto:masque@ietf.org>>, "quic@ietf.org<mailto:quic@ietf.org>" <quic@ietf.org<mailto:quic@ietf.org>>, Mirja Kuehlewind <mirja.kuehlewind@ericsson.com<mailto:mirja.kuehlewind@ericsson.com>>, Zaheduzzaman Sarker <zaheduzzaman.sarker@ericsson.com<mailto:zaheduzzaman.sarker@ericsson.com>>, Lucas Pardue <lucaspardue.24.7@gmail.com<mailto:lucaspardue.24.7@gmail.com>>
Subject: Re: [Masque] FW: New Version Notification for draft-kuehlewind-quic-proxy-discovery-00.txt

wpad is mostly an anti-pattern these days for important reasons - there is no authentication. When there was less https it was chronically responsible for people getting owned.

If the client is explicitly using a proxy it must have a reason to use and trust a particular one (or class of one). quic of course provides authentication to the peer and in the normal http way of things this auth is linked to the origin which is rooted in some kind of out of band information (i.e. the url obtained from a secure source such as an input box, a bookmark, the command line, or transitively by finding the url embedded in a resource found in those ways). unsecured broadcast mechanisms like dhcp on (mostly) unauthenticated local networks don't satisfy that which is why proxy config is generally viewed as an end host configuration requirement that can't be autodiscovered. (often done right via enterprise config).

even scenarios that only envision a series of CONNECT tunnels to the proxy are giving up the end to end security of transport features that QUIC has added and so I would think use of a untrusted proxy (i.e. one not rooted in a trust anchor in some meaningful way) should be discouraged.

On Mon, Nov 4, 2019 at 3:35 PM Su, Chi-Jiun <Chi-Jiun.Su@hughes.com<mailto:Chi-Jiun.Su@hughes.com>> wrote:
Here are some more related to wpd for http:

https://tools.ietf.org/html/draft-chow-httpbis-proxy-discovery-00

https://tools.ietf.org/html/draft-nottingham-web-proxy-desc-01



From: Masque <masque-bounces@ietf.org<mailto:masque-bounces@ietf.org>> On Behalf Of Lucas Pardue
Sent: Monday, November 4, 2019 12:16 PM
To: Mirja Kuehlewind <mirja.kuehlewind@ericsson.com<mailto:mirja.kuehlewind@ericsson..com>>
Cc: quic@ietf.org<mailto:quic@ietf.org>; Zaheduzzaman Sarker <zaheduzzaman.sarker@ericsson.com<mailto:zaheduzzaman.sarker@ericsson.com>>; masque@ietf.org<mailto:masque@ietf.org>
Subject: Re: [Masque] FW: New Version Notification for draft-kuehlewind-quic-proxy-discovery-00.txt

CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.
I'm not an expert in either WPAD [1] or PAC [2], but I am an expert in feeling their pain as a user on Windows. Part of their pain comes from lack of formal standardization, resulting in some word-of-mouth approaches to problem solving, especially how they work (or don't) with the standardised approaches such as DHCP.

In looking this up, I did discover draft-ietf-wrec-wpad-01, a > 20 I-D for WPAD [3], wow!

[1] - https://en.wikipedia.org/wiki/Web_Proxy_Auto-Discovery_Protocol<https://protect2.fireeye.com/v1/url?k=8143fc09-ddca5362-8143bc92-0cc47ad93ea2-9c4c1e59f3a4763a&q=1&e=2f71b81e-3b7f-407d-94ee-477723065acb&u=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2Fen.wikipedia.org%2Fwiki%2FWeb_Proxy_Auto-Discovery_Protocol__%3B%210rLxnc5oh4s%21jPosQt26EajScgUupoiCIMKOtu1eu9R0tg2CEkMXNq8Cx56sCmkL7PmI9PN7gcAGxA%24>
[2] - https://en.wikipedia.org/wiki/Proxy_auto-config<https://protect2.fireeye.com/v1/url?k=ec283b44-b0a1942f-ec287bdf-0cc47ad93ea2-c0fa6c32446bda1a&q=1&e=2f71b81e-3b7f-407d-94ee-477723065acb&u=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2Fen.wikipedia.org%2Fwiki%2FProxy_auto-config__%3B%210rLxnc5oh4s%21jPosQt26EajScgUupoiCIMKOtu1eu9R0tg2CEkMXNq8Cx56sCmkL7PmI9POhddlmBA%24>
[3] - https://tools.ietf.org/html/draft-ietf-wrec-wpad-01<https://protect2.fireeye.com/v1/url?k=4c72b7f1-10fb189a-4c72f76a-0cc47ad93ea2-304f9fbace2f867e&q=1&e=2f71b81e-3b7f-407d-94ee-477723065acb&u=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2Ftools.ietf.org%2Fhtml%2Fdraft-ietf-wrec-wpad-01__%3B%210rLxnc5oh4s%21jPosQt26EajScgUupoiCIMKOtu1eu9R0tg2CEkMXNq8Cx56sCmkL7PmI9POJiXk9oA%24>

On Mon, Nov 4, 2019 at 5:09 PM Mirja Kuehlewind <mirja.kuehlewind@ericsson.com<mailto:mirja.kuehlewind@ericsson.com>> wrote:
Hi Lucas,

no, we didn’t consider this yet but only because we were not really aware of that. Do you have a pointer? Or send a PR 😊

https://github.com/mirjak/draft-kuehlewind-quic-proxy-discovery<https://protect2.fireeye.com/v1/url?k=17915901-4b18f66a-1791199a-0cc47ad93ea2-7a6093b538b2b046&q=1&e=2f71b81e-3b7f-407d-94ee-477723065acb&u=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2Fgithub..com%2Fmirjak%2Fdraft-kuehlewind-quic-proxy-discovery__%3B%210rLxnc5oh4s%21jPosQt26EajScgUupoiCIMKOtu1eu9R0tg2CEkMXNq8Cx56sCmkL7PmI9PMVg31Abw%24>

Mirja


From: Lucas Pardue <lucaspardue.24..7@gmail.com<mailto:lucaspardue.24.7@gmail.com>>
Date: Monday, 4. November 2019 at 18:06
To: Mirja Kuehlewind <mirja.kuehlewind@ericsson.com<mailto:mirja.kuehlewind@ericsson...com>>
Cc: "quic@ietf.org<mailto:quic@ietf.org>" <quic@ietf.org<mailto:quic@ietf.org>>, "masque@ietf.org<mailto:masque@ietf.org>" <masque@ietf.org<mailto:masque@ietf.org>>, Zaheduzzaman Sarker <zaheduzzaman.sarker@ericsson.com<mailto:zaheduzzaman.sarker@ericsson.com>>
Subject: Re: [Masque] FW: New Version Notification for draft-kuehlewind-quic-proxy-discovery-00.txt

Thanks for sharing this.

I wonder if you considered WPAD (Web Proxy Autodiscovery) or PAC (Proxy auto-config)? Although targetted at the application layer, it might help to comment on how those forms of discovery would relate to the methods outlined in your draft.

Cheers,
Lucas

On Mon, Nov 4, 2019 at 4:58 PM Mirja Kuehlewind <mirja..kuehlewind=40ericsson.com@dmarc.ietf.org<mailto:40ericsson.com@dmarc.ietf.org>> wrote:
Hi all,

we submitted a new draft that lists discovery mechanisms for QUIC-based proxies (see below). This is one piece of work that is needed for most of the use cases in draft-kuehlewind-quic-substrate.

Let me know if you have any questions or comments!

Mirja


On 04.11.19, 17:53, "internet-drafts@ietf.org<mailto:internet-drafts@ietf.org>" <internet-drafts@ietf.org<mailto:internet-drafts@ietf.org>> wrote:


    A new version of I-D, draft-kuehlewind-quic-proxy-discovery-00.txt
    has been successfully submitted by Mirja Kuehlewind and posted to the
    IETF repository.

    Name:               draft-kuehlewind-quic-proxy-discovery
    Revision:   00
    Title:              Discovery Mechanism for QUIC-based, Non-transparent Proxy Services
    Document date:      2019-11-04
    Group:              Individual Submission
    Pages:              11
    URL:            https://www.ietf.org/internet-drafts/draft-kuehlewind-quic-proxy-discovery-00.txt<https://protect2.fireeye.com/v1/url?k=85e7114c-d96ebe27-85e751d7-0cc47ad93ea2-9cf6dc87f9d610e4&q=1&e=2f71b81e-3b7f-407d-94ee-477723065acb&u=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2Fwww.ietf.org%2Finternet-drafts%2Fdraft-kuehlewind-quic-proxy-discovery-00.txt__%3B%210rLxnc5oh4s%21jPosQt26EajScgUupoiCIMKOtu1eu9R0tg2CEkMXNq8Cx56sCmkL7PmI9PP6fOtFfw%24>
    Status:         https://datatracker.ietf.org/doc/draft-kuehlewind-quic-proxy-discovery/<https://protect2.fireeye.com/v1/url?k=930ea7e1-cf87088a-930ee77a-0cc47ad93ea2-e9456f4f4f38641c&q=1&e=2f71b81e-3b7f-407d-94ee-477723065acb&u=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-kuehlewind-quic-proxy-discovery%2F__%3B%210rLxnc5oh4s%21jPosQt26EajScgUupoiCIMKOtu1eu9R0tg2CEkMXNq8Cx56sCmkL7PmI9PNirJBnKQ%24>
    Htmlized:       https://tools.ietf.org/html/draft-kuehlewind-quic-proxy-discovery-00<https://protect2.fireeye.com/v1/url?k=b7749253-ebfd3d38-b774d2c8-0cc47ad93ea2-e8760832de2d32a0&q=1&e=2f71b81e-3b7f-407d-94ee-477723065acb&u=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2Ftools.ietf.org%2Fhtml%2Fdraft-kuehlewind-quic-proxy-discovery-00__%3B%210rLxnc5oh4s%21jPosQt26EajScgUupoiCIMKOtu1eu9R0tg2CEkMXNq8Cx56sCmkL7PmI9PNt2ljWVQ%24>
    Htmlized:       https://datatracker.ietf.org/doc/html/draft-kuehlewind-quic-proxy-discovery<https://protect2.fireeye.com/v1/url?k=f5936d55-a91ac23e-f5932dce-0cc47ad93ea2-194b954195f07874&q=1&e=2f71b81e-3b7f-407d-94ee-477723065acb&u=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Fdraft-kuehlewind-quic-proxy-discovery__%3B%210rLxnc5oh4s%21jPosQt26EajScgUupoiCIMKOtu1eu9R0tg2CEkMXNq8Cx56sCmkL7PmI9PNLkowwPw%24>


    Abstract:
       Often an intermediate instance (such as a proxy server) is used to
       connect to a web server or a communicating peer if a direct end-to-
       end IP connectivity is not possible or the proxy can provide a
       support service like, e.g., address anonymisation.  To use a non-
       transparent proxy a client explicitly connects to it and requests
       forwarding to the final target server.  The client either knows the
       proxy address as preconfigured in the application or can dynamically
       learn about available proxy services.  This document describes
       different discovery mechanisms for non-transparent proxies that are
       either located in the local network, e.g. home or enterprise network,
       in the access network, or somewhere else on the Internet usually
       close to the target server or even in the same network as the target
       server.

       This document assumes that the non-transparent proxy server is
       connected via QUIC and discusses potential discovery mechanisms for
       such a QUIC-based, non-transparent proxy.




    Please note that it may take a couple of minutes from the time of submission
    until the htmlized version and diff are available at tools.ietf.org<https://protect2.fireeye.com/v1/url?k=d9509e83-85d931e8-d950de18-0cc47ad93ea2-b80e92b2a6c2cfef&q=1&e=2f71b81e-3b7f-407d-94ee-477723065acb&u=https%3A%2F%2Furldefense.com%2Fv3%2F__http%3A%2Ftools.ietf.org__%3B%210rLxnc5oh4s%21jPosQt26EajScgUupoiCIMKOtu1eu9R0tg2CEkMXNq8Cx56sCmkL7PmI9PNQh7NkuA%24>I9PNQh7NkuA%24>.

    The IETF Secretariat



--
Masque mailing list
Masque@ietf.org<mailto:Masque@ietf.org>
https://www.ietf.org/mailman/listinfo/masque<https://protect2.fireeye.com/v1/url?k=d61a88ef-8a932784-d61ac874-0cc47ad93ea2-822ab952eb4de87c&q=1&e=2f71b81e-3b7f-407d-94ee-477723065acb&u=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fmasque__%3B%210rLxnc5oh4s%21jPosQt26EajScgUupoiCIMKOtu1eu9R0tg2CEkMXNq8Cx56sCmkL7PmI9PO4I6Apdw%24>
--
Masque mailing list
Masque@ietf.org<mailto:Masque@ietf.org>
https://www.ietf.org/mailman/listinfo/masque