Re: [Masque] Call for MASQUE use cases
Dragana Damjanovic <dragana.damjano@gmail.com> Thu, 05 March 2020 14:05 UTC
Return-Path: <dragana.damjano@gmail.com>
X-Original-To: masque@ietfa.amsl.com
Delivered-To: masque@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BC1C13A152D for <masque@ietfa.amsl.com>; Thu, 5 Mar 2020 06:05:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 37xxAi_giKH4 for <masque@ietfa.amsl.com>; Thu, 5 Mar 2020 06:05:13 -0800 (PST)
Received: from mail-io1-xd31.google.com (mail-io1-xd31.google.com [IPv6:2607:f8b0:4864:20::d31]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BB1E73A1526 for <masque@ietf.org>; Thu, 5 Mar 2020 06:05:13 -0800 (PST)
Received: by mail-io1-xd31.google.com with SMTP id h8so6591238iob.2 for <masque@ietf.org>; Thu, 05 Mar 2020 06:05:13 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=lbzVEZNpmZbQKy8sXrIUM6jMry/j1tmw8Ud9Cd12h+0=; b=c6U2i1eZ3MI0Fd7tJnVyaB29Jesa4CLkWGHoIBxG+VBXdxbwtPr7t7LMRdRDhtISWp rZpt+tMFZs6HFLlFMNkhEvo0ChewPI9fcaJqpqlV6ePBWqEpo8Lwl+AxpsfZzAYTYhoQ A5INo3yxwbu7FLSpR9XPen25U6iqaAetzXPydtNVmqh1HfK+v6otIEv5WPYz13N5Kv56 QCGbRXeWMsIRfj8RJG3Nbzgfs9QDVRkbxU1qrbippjZBNsLVTKXJ+sQzdubPc/Noanln nwot+NXvM0XmWG8H6nRxBgtgGA8wnmIPoAqVkEZp1cGX3hGty+OGx8tQ/wUaC/aFe5qx LQRA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=lbzVEZNpmZbQKy8sXrIUM6jMry/j1tmw8Ud9Cd12h+0=; b=f+CKYl9KiQCxhtBv0ul2cDVgcgKAMuDLPSiuRt1aQ+fyIOVtyEBOXUUIsBZW6BdOlT vVzaYQAzo3h1IBOUcui9xhHvKCkDa3w593ixYoV9z32HDOTJAxw2r0IR3OByhPEmRfBE LD5SCFtNY1Vvt7+7naxk/e1kyDkONCPzdh7htbjfmMokYHkX6o7X87UPwd2nJ4ixfzR3 Bm5Qd3CmhL1Crh07NfqXysIx5T28wrCNzNb92A45EB8qnztVyxlW31bbNo+W5ZdAsg4k b91kslQlc2gpm+x12OuOoi7EtEjZjRbYELMNteIcvOgOzMPByUPZ0483+kUg9DWHhrir sltw==
X-Gm-Message-State: ANhLgQ2mg8JtMuCWLwkfTcOVEZUMRWEaMGmqIeHnMhqPUkW5WWdqkmJE 2ncGfvrqu4x6duec0AAcCJGGD4cIHmy3DYLkQ+LXEg==
X-Google-Smtp-Source: ADFU+vtL381vK38NkpNq8m13IfR4rjjGU85/ghI92xTuOj46aZw1XVJzLU2xiFY3qKaplW9IqJ/EYeTqCOzA7Wa+gmk=
X-Received: by 2002:a5d:9255:: with SMTP id e21mr6925368iol.260.1583417112937; Thu, 05 Mar 2020 06:05:12 -0800 (PST)
MIME-Version: 1.0
References: <D46D764C-F682-472A-AFDA-32DDF5CA5F6B@heapingbits.net> <CABcZeBPMUNgOVWMS_sXPTsCU2R+EaK9JDuZsJQ5KSQROXE+4Sg@mail.gmail.com> <CAHbrMsAVXmyvqJKNzcmHOvM3NvPqhpfC9MuDEq9kNUBKe7=7=g@mail.gmail.com> <CAKKJt-etTk6CAqbL1MdSV6gdCgqC2Wz8cdUqbdzbM2h3LKAMhw@mail.gmail.com> <CAHbrMsDqgx7h+TRKLOgW+a3B3+TLWoRE9_DVBVhcKGRC3G=rog@mail.gmail.com>
In-Reply-To: <CAHbrMsDqgx7h+TRKLOgW+a3B3+TLWoRE9_DVBVhcKGRC3G=rog@mail.gmail.com>
From: Dragana Damjanovic <dragana.damjano@gmail.com>
Date: Thu, 05 Mar 2020 15:05:00 +0100
Message-ID: <CAG0m4gQh7=Gvx2_k53st+szAoj+96ef=OK5hqp8_zKSbKr091Q@mail.gmail.com>
To: Ben Schwartz <bemasc=40google.com@dmarc.ietf.org>
Cc: Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com>, Eric Rescorla <ekr@rtfm.com>, Christopher Wood <caw@heapingbits.net>, MASQUE <masque@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000008c49a205a01c0644"
Archived-At: <https://mailarchive.ietf.org/arch/msg/masque/rx0IF2PYZ2RTSwglldGyixY9EXY>
Subject: Re: [Masque] Call for MASQUE use cases
X-BeenThere: masque@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Multiplexed Application Substrate over QUIC Encryption <masque.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/masque>, <mailto:masque-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/masque/>
List-Post: <mailto:masque@ietf.org>
List-Help: <mailto:masque-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/masque>, <mailto:masque-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Mar 2020 14:05:17 -0000
On Mon, Feb 24, 2020 at 6:53 PM Ben Schwartz <bemasc= 40google.com@dmarc.ietf.org> wrote: > > > On Mon, Feb 24, 2020 at 11:57 AM Spencer Dawkins at IETF < > spencerdawkins.ietf@gmail.com> wrote: > >> Hi, Ben, >> >> I have a couple of questions about some use cases you described (inline), >> but thank you for sending out your list. >> >> On Sun, Feb 23, 2020 at 10:06 PM Ben Schwartz <bemasc= >> 40google.com@dmarc.ietf.org <40google..com@dmarc.ietf.org>> wrote: >> >>> I think virtually all the use cases for SOCKS and HTTP CONNECT are also >>> in-scope for MASQUE. Additionally, there are some cases that they don't >>> handle, or that MASQUE could handle better: >>> >>> - TCP proxying over congested/lossy client-proxy links. SOCKS and >>> HTTP/1.1 don't multiplex, so the congestion controllers for each TCP >>> connection fight over this link. HTTP/2 multiplexes but has head-of-line >>> blocking on loss. CONNECT over HTTP/3 would get us unified >>> congestion control without blocking. >>> >> >> IIRC, CONNECT currently doesn't know how to do HTTP/3 over QUIC, right? >> So is what you're thinking about >> >> - Connect can do HTTP/3 - proxy - HTTP/3 or HTTP/2 - proxy - HTTP/2, >> OR >> - Connect can do HTTP - proxy - HTTP, where the HTTP versions don't >> have to match? >> >> I am trying to describe this: client <--[H3]---> proxy <--[SSH]--> > destination > > Where "SSH" is an arbitrary example of a TCP-based protocol. Any TCP > connection can run over CONNECT. > > In other words, I am talking about unmodified CONNECT over HTTP/3. > > - Proxied WebRTC (or RTC generally). Currently, using a proxy generally >> forces WebRTC to use TCP, which generally also forces it to route through a >> TURN server (another proxy!). This adds up to significantly impaired >> latency and quality. By supporting UDP, MASQUE could do better. >> >>> >>> - Virtual machine running in a webpage. MASQUE could enable >>> standardized networking for virtual machines in WebAssembly. >>> >>> - Network debugging when using a proxy. HTTP CONNECT doesn't provide >>> any indication of why a connection failed, e.g. to distinguish RST, FIN, >>> timeout, or an ICMP error. >>> >> >> We've come some distance since I was introducing myself at IESG meetings >> as "AD for the spin bit", but we haven't come a really long way - the spin >> bit is in and optional, which is fine, and we are noticing >> https://datatracker.ietf.org/doc/draft-ferrieuxhamchaoui-quic-lossbits/ >> as a related draft, but we haven't had it on a QUIC working group agenda in >> the past year (IIRC), even though it gets talked about in places like MOPS. >> And that's just one more (almost certainly optional) bit of information, if >> it does move forward. >> >> I'm intrigued by your proposed use case on network debugging, especially >> if proxying HTTP/3 using CONNECT becomes a common mode of operation - have >> you started to hash out details for this use case, what might be visible >> without revealing too much, etc.? If not, would you like to work on >> something with me (and, one hopes, smarter and more realistic QUIC people)? >> > > I wasn't really thinking about QUIC; I was thinking primarily about TCP. > If we're in the business of modernizing CONNECT, one thing that I would > like would be an HTTP Trailer indicating _why_ the connection was closed, > e.g. who closed it, FIN vs. RST vs. timeout. Similarly, if CONNECT fails, > it would be nice to have a header indicating why it failed, and perhaps > some clarity about which status codes to use. My main use case here is > "showing users the right error message" when something goes wrong. > > I was looking into implementing sending an IP address in CONNECT request to a proxy instead of host name. It is not easy to figure out if connect should be retried with another IP address. Having better error codes would be helpful. dragana > I would have to think some more about QUIC. In my view, it depends on > whether we end up defining (1) a QUIC-specialized proxy, (2) a general UDP > transport proxy, and/or (3) an IP tunnel. If (1) or (2), it could be > interesting to consider how to convey some lower-layer information to > enable ICMP error reporting, PMTUD, etc. (An IP tunnel gets us all that > stuff automatically..) > > One thing I have proposed is using continuous measurement of client-proxy > RTT to unify the two layers of congestion control, but this is a purely > hypothetical performance optimization, not for network debugging. > > >> Best, >> >> Spencer >> >> >>> On Sat, Feb 22, 2020 at 6:14 PM Eric Rescorla <ekr@rtfm.com> wrote: >>> >>>> I am interested in this as an alternative transport for securely >>>> proxying HTTP traffic (cf. https://fpn.firefox.com/) >>>> >>>> -Ekr >>>> >>>> >>>> On Thu, Feb 20, 2020 at 7:13 PM Christopher Wood <caw@heapingbits.net> >>>> wrote: >>>> >>>>> The core MASQUE protocol [1] describes a simple negotiation mechanism >>>>> for various >>>>> applications. However, it omits use cases for these applications. >>>>> MASQUE >>>>> obfuscation >>>>> in support of a "hidden VPN" service is one use case [2]. Tunneling >>>>> QUIC >>>>> is another [3]. >>>>> >>>>> Given that MASQUE and the upcoming BoF will be successful insofar as >>>>> it >>>>> addresses important >>>>> use cases, I think it'd be useful to discuss these application use >>>>> cases >>>>> in more detail >>>>> before Vancouver. To that end, let's use this time before the meeting >>>>> to >>>>> discuss them! >>>>> >>>>> I'd like to ask interested parties to please surface use cases they >>>>> know >>>>> of (and care about). >>>>> >>>>> Thanks! >>>>> Chris >>>>> >>>>> [1] https://tools.ietf.org/html/draft-schinazi-masque-02 >>>>> [2] https://tools.ietf.org/html/draft-schinazi-masque-obfuscation-00 >>>>> [3] https://tools.ietf.org/html/draft-kuehlewind-quic-substrate-02 >>>>> >>>>> -- >>>>> Masque mailing list >>>>> Masque@ietf.org >>>>> https://www.ietf.org/mailman/listinfo/masque >>>>> >>>> -- >>>> Masque mailing list >>>> Masque@ietf.org >>>> https://www.ietf.org/mailman/listinfo/masque >>>> >>> -- >>> Masque mailing list >>> Masque@ietf.org >>> https://www.ietf.org/mailman/listinfo/masque >>> >> -- >> Masque mailing list >> Masque@ietf.org >> https://www.ietf.org/mailman/listinfo/masque >> > -- > Masque mailing list > Masque@ietf.org > https://www.ietf.org/mailman/listinfo/masque >
- [Masque] Call for MASQUE use cases Christopher Wood
- Re: [Masque] Call for MASQUE use cases Eric Rescorla
- Re: [Masque] Call for MASQUE use cases Ben Schwartz
- Re: [Masque] Call for MASQUE use cases Spencer Dawkins at IETF
- Re: [Masque] Call for MASQUE use cases Ted Hardie
- Re: [Masque] Call for MASQUE use cases Spencer Dawkins at IETF
- Re: [Masque] Call for MASQUE use cases Ben Schwartz
- Re: [Masque] Call for MASQUE use cases Spencer Dawkins at IETF
- [Masque] TCP-CONNECT errors in H2 & H3 was Re: Ca… Lucas Pardue
- Re: [Masque] Call for MASQUE use cases Dallas McCall
- Re: [Masque] Call for MASQUE use cases Border, John
- Re: [Masque] Call for MASQUE use cases Ben Schwartz
- Re: [Masque] Call for MASQUE use cases Maxime Piraux
- Re: [Masque] Call for MASQUE use cases Dragana Damjanovic
- Re: [Masque] Call for MASQUE use cases Lucas Pardue
- Re: [Masque] Call for MASQUE use cases Dragana Damjanovic
- Re: [Masque] Call for MASQUE use cases David Schinazi
- Re: [Masque] Call for MASQUE use cases Dragana Damjanovic
- Re: [Masque] Call for MASQUE use cases Eric Kinnear
- Re: [Masque] Call for MASQUE use cases Mirja Kuehlewind