Re: [Masque] New Version Notification for draft-schwartz-masque-access-descriptions-03.txt

[Ben Schwartz <bemasc@google.com>]

On Tue, Oct 18, 2022 at 5:35 PM Tommy Pauly <tpauly=
40apple.com@dmarc.ietf.org> wrote:
...

> How are you imagining clients would fetch this JSON in the case they are
> not using a well-known? Would it be something where clients would be
> configured with a specific URL that only gets them access to the access
> description?
>

Yes, that's the intent.  In case it's not clear, my baseline use case is
the ubiquitous "system proxy" or VPN configuration UIs.  Currently, those
UIs look like this:

macOS
 - Proxy:
https://discussions.apple.com/content/attachment/2e740797-8be2-4d05-b564-9e6d1fa1d9a6
 - VPN:
https://discussions.apple.com/content/attachment/cb45034a-0805-4f9b-9fbf-372d122ea636
iOS
 - Proxy (Wifi only):
https://www.howtogeek.com/wp-content/uploads/2017/02/img_589e4b3c48b7e.png
 - VPN:
https://blog.avast.com/hs-fs/hubfs/avast-blog/Essential%20guide%20to%20mobile%20VPN/Configuring-VPN-1.png
Windows
 - Proxy:
https://filestore.community.support.microsoft.com/api/images/6af0e6b1-ffeb-4341-b0ac-83671225e888
 - VPN:
https://filestore.community.support.microsoft.com/api/images/29156df3-3f9c-462b-8dd0-6d90e6c6f494
Android
 - Proxy (Wifi only):
https://upload.wikimedia.org/wikipedia/commons/d/d2/Android_proxy_settings.png
 - VPN:
https://www.perfect-privacy.com/images/manuals/android_ipsec_alwayson/android_ipsec_alwayson_en_img4.webp
Firefox
 - Proxy:
https://user-media-prod-cdn.itsre-sumo.mozilla.net/uploads/gallery/images/2020-05-20-23-15-05-911af7.png
Gnome
 - Proxy: https://i.stack.imgur.com/ARENA.png
 - VPN:
https://uit.stanford.edu/sites/default/files/images/2017/07/27/edit_connection.png

We need to decide what we want those flows to look like for MASQUE.  My
ideal (perhaps not quite achievable) is that they look like a single
text-input field labeled "Access Service Description URL".  There should be
no reliance on domain-scoped services, and no need for the user to
distinguish between configuring TCP, UDP, IP, DNS, etc.

Although it's not in the draft (yet...), we might even want to define
something like a "masque://" URI scheme for the Access Description.  That
would enable shortcut handling that goes directly to this configuration
page, removing the need to copy-paste and dig through menus to use MASQUE.
(Not that this should be _too_ easy, given the potential for abuse.)

Or could clients request this content type from some proxy URL they know
> (let’s say they just know a connect-udp URL and want to check for
> connect-ip…)?
>

No, that was not my intent.


>
> Thanks,
> Tommy
>
>
>
> On Oct 18, 2022, at 1:35 PM, Ben Schwartz <bemasc=
> 40google.com@dmarc.ietf.org> wrote:
>
> Hi MASQUE,
>
> At the last meeting, I presented a simple JSON blob format for
> representing multiple related proxyish services.  I recall the following
> feedback:
>
> * This format is trying to do too many different things.
> * Configuration of all these things is not in-charter for MASQUE.
> * We need a better explanation of how this can be used for
> access-controlled services.
>
> In this version, I've made the following changes:
>
> * Removed any mention of Oblivious HTTP.
> * Added support for HTTP request proxies and TCP proxies (via "Modern HTTP
> Proxies" [1]).
> * Added instructions on how to use this format with access-controlled
> proxies (via "Popup Authentication" [2]).
>
> Hopefully this makes the purpose and utility of the draft clearer.
>
> I would like to present this draft at IETF 115.  Perhaps the chairs can
> advise whether MASQUE, HTTPBIS, or DISPATCH would be the best venue.
>
> Please review,
> Ben Schwartz
>
> [1] https://datatracker.ietf.org/doc/draft-schwartz-modern-http-proxies/
> [2]
> https://datatracker.ietf.org/doc/draft-schwartz-httpapi-popup-authentication/
>
> ---------- Forwarded message ---------
> From: <internet-drafts@ietf.org>
> Date: Tue, Oct 18, 2022 at 4:25 PM
> Subject: New Version Notification for
> draft-schwartz-masque-access-descriptions-03.txt
> To: Benjamin M. Schwartz <bemasc@google.com>
>
>
>
> A new version of I-D, draft-schwartz-masque-access-descriptions-03.txt
> has been successfully submitted by Benjamin Schwartz and posted to the
> IETF repository.
>
> Name:           draft-schwartz-masque-access-descriptions
> Revision:       03
> Title:          HTTP Access Service Description Objects
> Document date:  2022-10-18
> Group:          Individual Submission
> Pages:          6
> URL:
> https://www.ietf.org/archive/id/draft-schwartz-masque-access-descriptions-03.txt
> Status:
> https://datatracker.ietf.org/doc/draft-schwartz-masque-access-descriptions/
> Html:
> https://www.ietf.org/archive/id/draft-schwartz-masque-access-descriptions-03.html
> Htmlized:
> https://datatracker.ietf.org/doc/html/draft-schwartz-masque-access-descriptions
> Diff:
> https://www.ietf.org/rfcdiff?url2=draft-schwartz-masque-access-descriptions-03
>
> Abstract:
>    HTTP proxies can operate several different kinds of access services.
>    This specification provides a format for identifying a collection of
>    such services.
>
> About This Document
>
>    This note is to be removed before publishing as an RFC.
>
>    Status information for this document may be found at
>    https://datatracker.ietf.org/doc/draft-schwartz-masque-access-
>    descriptions/.
>
>    Source for this draft and an issue tracker can be found at
>    https://github.com/bemasc/access-services.
>
>
>
>
> The IETF Secretariat
>
>
> --
> Masque mailing list
> Masque@ietf.org
> https://www.ietf.org/mailman/listinfo/masque
>
>
>