IETF Logo Mail Archive

Re: [Masque] WGLC for "Requirements for a MASQUE Protocol to Proxy IP Traffic"

Magnus Westerlund <magnus.westerlund@ericsson.com> Fri, 04 June 2021 14:58 UTC

Return-Path: <magnus.westerlund@ericsson.com>
X-Original-To: masque@ietfa.amsl.com
Delivered-To: masque@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C79F83A14F9 for <masque@ietfa.amsl.com>; Fri, 4 Jun 2021 07:58:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.797
X-Spam-Level:
X-Spam-Status: No, score=-2.797 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.698, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 26HwKIun-MgK for <masque@ietfa.amsl.com>; Fri, 4 Jun 2021 07:57:58 -0700 (PDT)
Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05on2052.outbound.protection.outlook.com [40.107.22.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3E5CB3A14F7 for <masque@ietf.org>; Fri, 4 Jun 2021 07:57:58 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=kvd0CXre3YQSNg1jactxYK7K8MSJOctRjQSp8ydANa8GfFj+8FnB0RjIOeOZlQCbGL1jSgeESi5nGKATay+Fx0KWUwPo/i4AP4Rz6Jrr7dy/dzW+ZjT+5PMsJ/blmZZl+bdfF7Zb9FUy/5miw20uQ0yIHqZ9xvX/wtCQ+r346aHEpK+RNawKCg8V5Q7/EjXQkyfWwJasEO8/tuExOFroctjvzBHYwfAaAhSDf12opT2qjijKe1ng1TXmbgTQtFPqxERQlB+6xhqRvmaCiHglxBVbaO6IUFWAK++BCFr/5J+UG5M8BgEecoNet4M5az+HUqY3UC5H9XSCmi0/8oNntA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=XOJcZ5muQLU20mb2J5RPOpK2a0nO3sk2uJn/SpGnONo=; b=SPo+Zga1hpieCR2/VKNoiLPymvnt5tCPJgM4wp7x9oq1SUdrV7vi+xg0uough3iHTobc67z8gNiPKCaBzNHg+ROKiEdc00VJxd1x6wPyls3V59IoQiwGPaicovvo5T06Q5foGrskpPctVq+CIS8zVooM5wSBfcO4edMGYfwZZYAfSVWKcWlU1qmrB7ZCj6Qg5+L8P+FiH91RviQx38cb3sl5dRxm4Jzrc0xBsjCgY0hk9b/iRPCdHRDLjb/XoCXYX9PU7IDzas/XwRIeEByWzh+Z6IIFvBcLOeF3TiAGQc5ljKhbtL6XMaD39GEt0Y6AlGMxZE+1Ie+1bL0nOF79bw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=XOJcZ5muQLU20mb2J5RPOpK2a0nO3sk2uJn/SpGnONo=; b=KV2xv4Wia0jLKQJ8oyMkWSGzB4XhL6xmZ0tlQAJVY/2T4NkbIF1pGmInPS4usDbhUy23Dh1+sdKIkWfNTmALyp5vgR/d3ddttyk2vJACrqQXYZvH/nSsRs7SxDUJcZWWndUJoGigDzZOxN2FdxxKngzkXxI9y0UWDciJGUS+QOM=
Received: from HE1PR0702MB3772.eurprd07.prod.outlook.com (2603:10a6:7:8e::14) by HE1PR0702MB3705.eurprd07.prod.outlook.com (2603:10a6:7:8e::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4195.14; Fri, 4 Jun 2021 14:57:55 +0000
Received: from HE1PR0702MB3772.eurprd07.prod.outlook.com ([fe80::2c37:7e2b:9176:c0d1]) by HE1PR0702MB3772.eurprd07.prod.outlook.com ([fe80::2c37:7e2b:9176:c0d1%5]) with mapi id 15.20.4195.021; Fri, 4 Jun 2021 14:57:55 +0000
From: Magnus Westerlund <magnus.westerlund@ericsson.com>
To: "ekr@rtfm.com" <ekr@rtfm.com>
CC: "masque@ietf.org" <masque@ietf.org>, "caw@heapingbits.net" <caw@heapingbits.net>
Thread-Topic: [Masque] WGLC for "Requirements for a MASQUE Protocol to Proxy IP Traffic"
Thread-Index: AQHXUjxBf3ikf/VJnEKptAWJfzyNZKr9pm+QgAOzWoCAAqW8AA==
Date: Fri, 04 Jun 2021 14:57:55 +0000
Message-ID: <eda844f5db2a5f19e60a67e79e0509498285ba29.camel@ericsson.com>
References: <d314198b-6c01-4b15-84d8-9896b5fdee80@www.fastmail.com> <HE1PR0702MB3772355483E2771650C6D679953F9@HE1PR0702MB3772.eurprd07.prod.outlook.com> <CABcZeBOXLy7VA=t7F5UC-DuKE4NPymOvXThaevKkKD3n_G5RaA@mail.gmail.com>
In-Reply-To: <CABcZeBOXLy7VA=t7F5UC-DuKE4NPymOvXThaevKkKD3n_G5RaA@mail.gmail.com>
Accept-Language: sv-SE, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Evolution 3.28.5-0ubuntu0.18.04.2
authentication-results: rtfm.com; dkim=none (message not signed) header.d=none;rtfm.com; dmarc=none action=none header.from=ericsson.com;
x-originating-ip: [158.174.104.155]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 3db12333-3e52-4074-c742-08d9276922b6
x-ms-traffictypediagnostic: HE1PR0702MB3705:
x-microsoft-antispam-prvs: <HE1PR0702MB3705B0990A3F02E0977A2693953B9@HE1PR0702MB3705.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: T38DGTS23yDnFafK97+eGYXhnC9b9NjmVQy3oriq4VlncCRKwER2tm4P/zIqFkjdXOc6zhtUVIc+henAmxfPsT0qAY/OdJfQyYRme3t2IecuiRmTK3fDkX7rrNVM04VfnxQCM4/lMuFt4lJszWizYC8BM/S/RJ8WXMV8/VtfsMVjTxKPphu1AdJEQN01Wy/QZ4OgD5KF7oKp3nFH2xKLMVaajwMLl4kwHwNiGcJH97xPUat4M2FWKK70q7oa+KXj4IsK3wiNnOm66Wg9rP1UqprblMTvYs1jQF2zzVIpSoB/E8i44Y7Mq3gJdIgwsr2xbSfAmZDSJC5klWN359DbLfYLQe19yhP8Z8L68lif58LRys5s582dhwwG40tgSgbEAhcPG4Om/lS0tkwH49xPauUk3M0J5570hGeok7LU5gD7HLJRT77KoBtetLLAG6LwgQ6i5xHgrdPCs/8eNCelmROLKNi8lwm/TVsMLpBDAQqxOL3ITcu+JR0z2ykx4lPvfjvNbr0raoAB3P7Z0PkBpHfBd7qJ+vejUR51sibnUbSsecfQ6Zm/EA7Lf6DmHCKfi0DczsCYJRmeFnvDXRdMLQ8cC90116kTo7bc53lHvCZNUvILjaOBLgA2iFtl9Bb3bLz4k4JlykOtMtMzb6/NEA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:HE1PR0702MB3772.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(376002)(39860400002)(136003)(346002)(396003)(122000001)(38100700002)(8936002)(8676002)(478600001)(5660300002)(6512007)(76116006)(66476007)(6486002)(66556008)(66446008)(64756008)(66946007)(316002)(4326008)(83380400001)(44832011)(2906002)(6916009)(36756003)(26005)(2616005)(186003)(53546011)(54906003)(86362001)(6506007)(71200400001)(99106002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: I7OWSbsmhyGV/bYGvo1fO94LmtKPbPyIKQK77TXaXyHWq+R1iEcDAYtlD9i2C9RNE2PuV6c04kXLRC5s9yEt4I2GmCthtxRE2KiPU+9uf8mDYack8TFMH2u1YwUO716w6JIw3BtIPtQPF9q25EPlb27HRNIRaaL/OuaWHGy6+xl37mI40Xxir7V+SaDB2nX/sZucgRFQJLqwFgPcfdUVnOzuOtv+kdv/UjynvsSdetfbBVS1PdR3kyy8n+v93gMYHHLs6bB7AbOX5S95YLzgqHsUTHUPMEOPYw9AfzucHCKqx2WKhVCBIBJIFnAEoegG3pal5npOOHSRbJDo9CKC1jdZc/uzVmhX4KfWYPAsnJNVvZVkg9qFHRXtf6M6Ay8wwJmL7cER8ZAe0GkBHb9Rku8ZxOG8J4xgIGEkklYtoNL62+o4J2Wi8bPIUP0EzLpS8+jn2xe2yS3m7cfT6Ku8/jp6M4UwTzkWvqe/b3lnx2FMdLrNv9J163qfBDpejK56Zlm96sVU3fKa8uoiXQqge9DgT6wuisVCnLSGNgLlKLR1x3nLVzkrHMC7tWIX6YwvVe4AY8WtsMPhTCEszgibmrgIFbph95eraZ3iHi70YjWhzw6BCG0DWGWMqCjQoISI6h0A3GyDKn7zmVg059sXGp8Sr9Jq0EQuXB9F9ysPrxH8tCRt4sSjYVDA3jndPfQ+UemgSkHSpWhZcdvplCDur2x5fEWHmGvOnQjaKhhZy44i0BRMcOQb4eHtUew/hdzaTokYGB9ibTQD8qdzLseIoZkcIlHBujGLcIynwO5ok4JkXgUx3X39AOM2CR3Zzfd4vX5B4TbmkEQkwHMbOVhaybjG/7NZKieQF18gM7iBWtD9ejiHMIcTvbPuJanVUepyYMgRhYMO3/0xIecdPCOI5UMwQCa9aWQy1OTfzHaLcDyeT3lTEGDEEnvMHeZrvZpo//SYhWmYZQqs05TkqEpJ4RylpXaxQpBjUNYofKSEXKoc4ippMK6IaNF5XCEPfmhy1NSiiJlDulWFNOLi10I1R7BJiPltjrWV90KSt+qe7RKHaPcdE+Eqvt3WUEF5SMnsiziVYcN62+iWyoqCKK9OT9jlzwQ3TCxOUqc58nL+EY7QH0g2Z7aS1Ux4LcoCNvfQfope3JHN+/kJXZMHvkLviggfLnWhPJ1J8ZdBQsvI/6mbYLB+KQ3D/tQbQih5eWuE9AQvvIVD3OQBKtM81EZ7KS00MAe+gOb7iIIh0bGwJoe+DcBsqn2/TJ5kwwfTxHTaRjLpU2vm+AQT5AGQkMChI8x7rU24RvCxMzi1qEK7OtMPGiXIPus3hcyHTxyCmcmoKiL4tsFIwITYKZUTzY9UHQ==
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_eda844f5db2a5f19e60a67e79e0509498285ba29camelericssonco_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: HE1PR0702MB3772.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 3db12333-3e52-4074-c742-08d9276922b6
X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Jun 2021 14:57:55.5729 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: QUVmGPxng7CztGM4hYAtbZ9f++m1O0XiR4j1yk3Wz3SA8H1dNu67rBI8YtDWWZdhRzd7ewZhrXhHOCASouIDE3JbacsfYsvF/24eDxZdtxQ=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0702MB3705
Archived-At: <https://mailarchive.ietf.org/arch/msg/masque/oGOZAqnXgJUnT1FcgmCh_-ma3m8>
Subject: Re: [Masque] WGLC for "Requirements for a MASQUE Protocol to Proxy IP Traffic"
X-BeenThere: masque@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Multiplexed Application Substrate over QUIC Encryption <masque.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/masque>, <mailto:masque-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/masque/>
List-Post: <mailto:masque@ietf.org>
List-Help: <mailto:masque-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/masque>, <mailto:masque-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Jun 2021 14:58:04 -0000

Hi,

On Wed, 2021-06-02 at 15:32 -0700, Eric Rescorla wrote:


On Mon, May 31, 2021 at 8:35 AM Magnus Westerlund <magnus.westerlund=40ericsson.com@dmarc.ietf.org<mailto:40ericsson.com@dmarc.ietf.org>> wrote:
Hi,

I have reviewed the document -02). I have some detailed comments below but
first I have a very high level comment about this document.

I think it is a mistake to attempt to declare a WG consensus on this
requirement document. I do believe this document contains valuable things to
consider. However, I do not agree on how it is formulated or what requirements
level it puts on things or what it means. An example where I see a significant
issue with how we interpret things would be this from Section 2.

Can you elaborate a bit on what you are asking for here?

The charter says:
   The group will focus on a limited set of client-initiated services: (1) UDP CONNECT and (2) IP proxying. Server-initiated services are out of scope.
  The working group will first deliver a protocol solution for UDP CONNECT  and a requirements document for IP proxying. Once both are complete, the working group will focus on a protocol solution for IP proxying.


IOW, this requirements document is prior to working on IP proxying technically. So, what would you have us to do be able to work on that?

I think one way to deal with this is to recharter. But, maybe we can adjust the document or have additional discussion to create a consensus here. I think clarifying what is actual common core and what is needed for specific use cases could be vastly useful.

And with more voices involved in this we likely can have a rough consensus that actually is a consensus.




"This
   section discusses some examples of use cases that MUST be supported
   by the protocol.  Note that while the protocol needs to support these
   use cases, the protocol elements that allow them may be optional."

I think this MUST is quite meaningless in the context of the next sentence.
For example I am of the opinion that the protocol should not be required to
support use case 2.4, however I have no issue with the proponents for that use
case develop an extension. The reason I think it should be an extension in an
individual document is that in this use case one can assume much less about
routing, source address validation, and the trust issues for that information
looks different. So what does it mean that the protocol MUST support 2.4 if
that is in an extension? Then it is not necessary for it to support and thus
not a MUST.

I don't think this is meaningless. For instance, suppose that I was writing a requirements document for TLS, I might say "TLS must support certificate-based client authentication", but any given client or server might not support that. The first is a requirement on the protocol design, the second on the implementations.

The issue I have I think is that this do require the protocol to have all these features in place before we can progress the core of the protocol for approval. Which means that we need to solve all the issues with all the use cases before the WG can progress.




This is just one example and I point out more things where I am not agreeing
on how the requirement is formulated below. I think it is better for the WG
that we avoid declaring consensus on the requirement document (which we anyway
not intended to published) and instead use it as a reminder of use cases and
functionality and then dive into solution that covers these. We can discuss in
the context of the solution if it is necessary or not to have a particular
feature that enables a particular use cases in the core spec or in a
extension.

With the caveat that I am not a huge fan of requirements documents, this seems like it's just punting all requirements discussions to the protocol document. If we really don't have consensus on 2.4 (and without taking a position either way on that), then I would rather bracket that requirement and declare consensus on what we have.

If with "bracketing" means clarify that these are potentially optional parts then I think that is a reasonable direction.


I don't personally strongly desire 2.4 but it's clear to me that 2.4 is an essential part of operating a large class of corporate VPNs, so if we want to have a generic VPN protocol, we need it, no? To the extent to which it is complicated, I would suggest we try to solve it (borrowing from IPsec as appropriate) and if we discover we cannot within a reasonable period of time, then we can consider punting it.

So I am not objecting to the WG working on 2.4, and as you say it will be necessary. However, I would strongly prefer to have that functionality being an extension of a basic core.

Cheers

Magnus

v2.23.0 | Report a Bug | By Email