IETF Logo Mail Archive

Re: [Masque] Design team PR for QUIC-aware forwarding

Christian Huitema <huitema@huitema.net> Fri, 26 January 2024 03:53 UTC

Return-Path: <huitema@huitema.net>
X-Original-To: masque@ietfa.amsl.com
Delivered-To: masque@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C7966C14F5EC for <masque@ietfa.amsl.com>; Thu, 25 Jan 2024 19:53:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.906
X-Spam-Level:
X-Spam-Status: No, score=-1.906 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id T5ALdroDRKBc for <masque@ietfa.amsl.com>; Thu, 25 Jan 2024 19:53:34 -0800 (PST)
Received: from out15-27.antispamcloud.com (out15-27.antispamcloud.com [185.201.19.27]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9392AC14F5FB for <masque@ietf.org>; Thu, 25 Jan 2024 19:53:34 -0800 (PST)
Received: from xse364.mail2web.com ([66.113.197.110] helo=xse.mail2web.com) by mx200.antispamcloud.com with esmtp (Exim 4.92) (envelope-from <huitema@huitema.net>) id 1rTDHU-000vxf-4q for masque@ietf.org; Fri, 26 Jan 2024 04:53:33 +0100
Received: from xsmtp22.mail2web.com (unknown [10.100.68.61]) by xse.mail2web.com (Postfix) with ESMTPS id 4TLkLr6r7Bz5S1 for <masque@ietf.org>; Thu, 25 Jan 2024 19:53:24 -0800 (PST)
Received: from [10.5.2.16] (helo=xmail06.myhosting.com) by xsmtp22.mail2web.com with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.92) (envelope-from <huitema@huitema.net>) id 1rTDHQ-0001PX-QN for masque@ietf.org; Thu, 25 Jan 2024 19:53:24 -0800
Received: (qmail 16334 invoked from network); 26 Jan 2024 03:53:24 -0000
Received: from unknown (HELO [192.168.1.107]) (Authenticated-user:_huitema@huitema.net@[172.56.169.75]) (envelope-sender <huitema@huitema.net>) by xmail06.myhosting.com (qmail-ldap-1.03) with ESMTPA for <mt@lowentropy.net>; 26 Jan 2024 03:53:24 -0000
Message-ID: <efdba7a5-ef09-4ab4-8414-03b0a1758c96@huitema.net>
Date: Thu, 25 Jan 2024 19:53:22 -0800
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Content-Language: en-US
To: Martin Thomson <mt@lowentropy.net>, David Schinazi <dschinazi.ietf@gmail.com>, Tommy Pauly <tpauly=40apple.com@dmarc.ietf.org>
Cc: MASQUE <masque@ietf.org>
References: <62F6E4BF-7BF5-4829-B17B-F496C5ED934C@apple.com> <CAPDSy+6tV70pHAiKAjS=TXaFyoBT5EUABbvLkiwA4NJ4fEXRVQ@mail.gmail.com> <e92645ae-6015-4945-acbc-7d48927c3903@betaapp.fastmail.com>
From: Christian Huitema <huitema@huitema.net>
Autocrypt: addr=huitema@huitema.net; keydata= xjMEXtavGxYJKwYBBAHaRw8BAQdA1ou9A5MHTP9N3jfsWzlDZ+jPnQkusmc7sfLmWVz1RmvN J0NocmlzdGlhbiBIdWl0ZW1hIDxodWl0ZW1hQGh1aXRlbWEubmV0PsKWBBMWCAA+FiEEw3G4 Nwi4QEpAAXUUELAmqKBYtJQFAl7WrxsCGwMFCQlmAYAFCwkIBwIGFQoJCAsCBBYCAwECHgEC F4AACgkQELAmqKBYtJQbMwD/ebj/qnSbthC/5kD5DxZ/Ip0CGJw5QBz/+fJp3R8iAlsBAMjK r2tmyWyJz0CUkVG24WaR5EAJDvgwDv8h22U6QVkAzjgEXtavGxIKKwYBBAGXVQEFAQEHQJoM 6MUAIqpoqdCIiACiEynZf7nlJg2Eu0pXIhbUGONdAwEIB8J+BBgWCAAmFiEEw3G4Nwi4QEpA AXUUELAmqKBYtJQFAl7WrxsCGwwFCQlmAYAACgkQELAmqKBYtJRm2wD7BzeK5gEXSmBcBf0j BYdSaJcXNzx4yPLbP4GnUMAyl2cBAJzcsR4RkwO4dCRqM9CHpVJCwHtbUDJaa55//E0kp+gH
In-Reply-To: <e92645ae-6015-4945-acbc-7d48927c3903@betaapp.fastmail.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
X-Originating-IP: 66.113.197.110
X-Spampanel-Domain: xsmtpout.mail2web.com
X-Spampanel-Username: 66.113.197.0/24
Authentication-Results: antispamcloud.com; auth=pass smtp.auth=66.113.197.0/24@xsmtpout.mail2web.com
X-Spampanel-Outgoing-Class: unsure
X-Spampanel-Outgoing-Evidence: Combined (0.15)
X-Recommended-Action: accept
X-Filter-ID: Pt3MvcO5N4iKaDQ5O6lkdGlMVN6RH8bjRMzItlySaT9WLQux0N3HQm8ltz8rnu+BPUtbdvnXkggZ 3YnVId/Y5jcf0yeVQAvfjHznO7+bT5xvsiHqN07noozNmB3GE+7v42UuDhyzVYcwl2RB+0Aaes65 /DBDpD6he8gfqw4hmuEh55uqY3MhMgFAHq5BxPxPXn36fLqvhISQ5ykyqUZqUd1jhnM/Mbva2XLV /LIEzaL2KoAZhJekBPedneT7f699k5KhWj5qBZJOBnOopYDtr4PAgTtUp75uqlx0KezvZHXjA2zb USmWHkZzVWs/7/0ZWQaaSSaRcFTFxaRvADgOuFdAU5fRzM/QzQW9/IoH33AG8ECuCwECazCwODtO F78PiyQEs+dlGXUJLWZ+Gc08Nmllke3azHdKmySKNUVQl4ntlVxnbS8qIO7oudHyb2T1VQ58xe/l rqiRGalI3YPsxOTrFXToVyBmRCgQVX6zVyFUu8qzeMQP6uTHL0d9UjfYgBBNGjSbbSRA1Z+Pmb5M C1YFvf25LVONYbYifH5OzZDcG6hsRQZiAIgw+z837AqgX7ewI8e1h7RITgN14BHmGVt/ReJ9Mfhz zmbKTH7wI9GEU1utNskUAORCV2WFZX0jWu8gATaO9JQU4A6kRUnm5w3rY61PPRpGoTAcBgf0Kv9P iQeFmbbfdUBBTroCB3+MDRojSVizNl0ce/s7u0P9b7Oijoc3SCZfWp1RjkjWCw/vIUzTXkDAiiJi mGhLUFuS2lhaIetXfCg1JdAVrOwKfDPw0ilwobLfC7JqL+wETLRUoFIvD3sIcP1fhJPM6B/8FfcG ZfpVdNBGaLAYAfdxYN8eNBfo7IYMceaq5wRWPc+J+dym1L8cD17Js0v4cp1MY4UrX04vD9Tr4Tdx VvQ7AzcKVNeVJ9BXyu9+ceCqThTYg2px1fSoqxQCCHnLMo/m9VKh99btUAanjnMCAH2co+fBoeG+ Hs0afhsY/5zhNYWRVYKU9W9tbmVXJBqdHHDmZEKhyNAv1N35kYWaEdgLurFV5oTvAcwA4rM3FkfW 8/1kE/e7sUnsVpINvARNxpFO
X-Report-Abuse-To: spam@quarantine14.antispamcloud.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/masque/isENpc8JIViVA6rRnJgYEBJYVio>
Subject: Re: [Masque] Design team PR for QUIC-aware forwarding
X-BeenThere: masque@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Multiplexed Application Substrate over QUIC Encryption <masque.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/masque>, <mailto:masque-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/masque/>
List-Post: <mailto:masque@ietf.org>
List-Help: <mailto:masque-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/masque>, <mailto:masque-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 26 Jan 2024 03:53:38 -0000

Dumb question, because I suspect I am reading it wrong. Reading the PR, 
you propose using ECB to reencrypt packets between client and server. 
How can you use ECB and no padding if the payloadlength is not a 
multiple of 16?

-- Christian Huitema

On 1/25/2024 7:09 PM, Martin Thomson wrote:
> So you don't scramble the first byte and you don't pad.
> 
> You know... there is a way to achieve both with minimal additional complexity and no additional overhead aside from any added padding:
> 
> If you encrypt the first byte, you can also use 0x80 to signal whether padding is present.  Then you can use a zero pad sequence terminated by a non-zero byte at either end of the packet (suggestion: the end).
> 
> On Fri, Jan 26, 2024, at 12:13, David Schinazi wrote:
>> Thanks Tommy!
>>
>> In case it's helpful to others, here's a rendered diff between this
>> branch and main:
>> https://author-tools.ietf.org/diff?url_1=https://ietf-wg-masque.github.io/draft-ietf-masque-quic-proxy/draft-ietf-masque-quic-proxy.txt&url_2=https://ietf-wg-masque.github.io/draft-ietf-masque-quic-proxy/design-team/draft-ietf-masque-quic-proxy.txt
>>
>> David
>>
>> On Thu, Jan 25, 2024 at 2:23 PM Tommy Pauly
>> <tpauly=40apple.com@dmarc.ietf.org> wrote:
>>> Hi MASQUErs,
>>>
>>> On behalf of the design team for draft-ietf-masque-quic-proxy that was tasked on adding a proposal to add encryption on the forwarding path, I’d like to share the pull request to the document that represents the proposal of the team. This is largely what was presented at the last IETF meeting, adding support for negotiating protocol transforms, and defining the “scramble” transform.
>>>
>>> Here is the PR against the base document: https://github.com/ietf-wg-masque/draft-ietf-masque-quic-proxy/pull/99
>>> Here is the rendered version: https://ietf-wg-masque.github.io/draft-ietf-masque-quic-proxy/design-team/draft-ietf-masque-quic-proxy.html
>>>
>>> Please take a look and feel free to add comments to the PR or the mailing list!
>>>
>>> Thanks,
>>> Tommy (& David, Ben, Eric, Mirja, Antoine, & Tiru)
>>> -- 
>>> Masque mailing list
>>> Masque@ietf.org
>>> https://www.ietf.org/mailman/listinfo/masque
>> -- 
>> Masque mailing list
>> Masque@ietf.org
>> https://www.ietf.org/mailman/listinfo/masque
>

v2.23.0 | Report a Bug | By Email