IETF Logo Mail Archive

Re: [Masque] Call for MASQUE use cases

Dragana Damjanovic <dragana.damjano@gmail.com> Thu, 05 March 2020 14:05 UTC

Return-Path: <dragana.damjano@gmail.com>
X-Original-To: masque@ietfa.amsl.com
Delivered-To: masque@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BC1C13A152D for <masque@ietfa.amsl.com>; Thu, 5 Mar 2020 06:05:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 37xxAi_giKH4 for <masque@ietfa.amsl.com>; Thu, 5 Mar 2020 06:05:13 -0800 (PST)
Received: from mail-io1-xd31.google.com (mail-io1-xd31.google.com [IPv6:2607:f8b0:4864:20::d31]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BB1E73A1526 for <masque@ietf.org>; Thu, 5 Mar 2020 06:05:13 -0800 (PST)
Received: by mail-io1-xd31.google.com with SMTP id h8so6591238iob.2 for <masque@ietf.org>; Thu, 05 Mar 2020 06:05:13 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=lbzVEZNpmZbQKy8sXrIUM6jMry/j1tmw8Ud9Cd12h+0=; b=c6U2i1eZ3MI0Fd7tJnVyaB29Jesa4CLkWGHoIBxG+VBXdxbwtPr7t7LMRdRDhtISWp rZpt+tMFZs6HFLlFMNkhEvo0ChewPI9fcaJqpqlV6ePBWqEpo8Lwl+AxpsfZzAYTYhoQ A5INo3yxwbu7FLSpR9XPen25U6iqaAetzXPydtNVmqh1HfK+v6otIEv5WPYz13N5Kv56 QCGbRXeWMsIRfj8RJG3Nbzgfs9QDVRkbxU1qrbippjZBNsLVTKXJ+sQzdubPc/Noanln nwot+NXvM0XmWG8H6nRxBgtgGA8wnmIPoAqVkEZp1cGX3hGty+OGx8tQ/wUaC/aFe5qx LQRA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=lbzVEZNpmZbQKy8sXrIUM6jMry/j1tmw8Ud9Cd12h+0=; b=f+CKYl9KiQCxhtBv0ul2cDVgcgKAMuDLPSiuRt1aQ+fyIOVtyEBOXUUIsBZW6BdOlT vVzaYQAzo3h1IBOUcui9xhHvKCkDa3w593ixYoV9z32HDOTJAxw2r0IR3OByhPEmRfBE LD5SCFtNY1Vvt7+7naxk/e1kyDkONCPzdh7htbjfmMokYHkX6o7X87UPwd2nJ4ixfzR3 Bm5Qd3CmhL1Crh07NfqXysIx5T28wrCNzNb92A45EB8qnztVyxlW31bbNo+W5ZdAsg4k b91kslQlc2gpm+x12OuOoi7EtEjZjRbYELMNteIcvOgOzMPByUPZ0483+kUg9DWHhrir sltw==
X-Gm-Message-State: ANhLgQ2mg8JtMuCWLwkfTcOVEZUMRWEaMGmqIeHnMhqPUkW5WWdqkmJE 2ncGfvrqu4x6duec0AAcCJGGD4cIHmy3DYLkQ+LXEg==
X-Google-Smtp-Source: ADFU+vtL381vK38NkpNq8m13IfR4rjjGU85/ghI92xTuOj46aZw1XVJzLU2xiFY3qKaplW9IqJ/EYeTqCOzA7Wa+gmk=
X-Received: by 2002:a5d:9255:: with SMTP id e21mr6925368iol.260.1583417112937; Thu, 05 Mar 2020 06:05:12 -0800 (PST)
MIME-Version: 1.0
References: <D46D764C-F682-472A-AFDA-32DDF5CA5F6B@heapingbits.net> <CABcZeBPMUNgOVWMS_sXPTsCU2R+EaK9JDuZsJQ5KSQROXE+4Sg@mail.gmail.com> <CAHbrMsAVXmyvqJKNzcmHOvM3NvPqhpfC9MuDEq9kNUBKe7=7=g@mail.gmail.com> <CAKKJt-etTk6CAqbL1MdSV6gdCgqC2Wz8cdUqbdzbM2h3LKAMhw@mail.gmail.com> <CAHbrMsDqgx7h+TRKLOgW+a3B3+TLWoRE9_DVBVhcKGRC3G=rog@mail.gmail.com>
In-Reply-To: <CAHbrMsDqgx7h+TRKLOgW+a3B3+TLWoRE9_DVBVhcKGRC3G=rog@mail.gmail.com>
From: Dragana Damjanovic <dragana.damjano@gmail.com>
Date: Thu, 05 Mar 2020 15:05:00 +0100
Message-ID: <CAG0m4gQh7=Gvx2_k53st+szAoj+96ef=OK5hqp8_zKSbKr091Q@mail.gmail.com>
To: Ben Schwartz <bemasc=40google.com@dmarc.ietf.org>
Cc: Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com>, Eric Rescorla <ekr@rtfm.com>, Christopher Wood <caw@heapingbits.net>, MASQUE <masque@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000008c49a205a01c0644"
Archived-At: <https://mailarchive.ietf.org/arch/msg/masque/rx0IF2PYZ2RTSwglldGyixY9EXY>
Subject: Re: [Masque] Call for MASQUE use cases
X-BeenThere: masque@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Multiplexed Application Substrate over QUIC Encryption <masque.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/masque>, <mailto:masque-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/masque/>
List-Post: <mailto:masque@ietf.org>
List-Help: <mailto:masque-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/masque>, <mailto:masque-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Mar 2020 14:05:17 -0000

On Mon, Feb 24, 2020 at 6:53 PM Ben Schwartz <bemasc=
40google.com@dmarc.ietf.org> wrote:

>
>
> On Mon, Feb 24, 2020 at 11:57 AM Spencer Dawkins at IETF <
> spencerdawkins.ietf@gmail.com> wrote:
>
>> Hi, Ben,
>>
>> I have a couple of questions about some use cases you described (inline),
>> but thank you for sending out your list.
>>
>> On Sun, Feb 23, 2020 at 10:06 PM Ben Schwartz <bemasc=
>> 40google.com@dmarc.ietf.org <40google..com@dmarc.ietf.org>> wrote:
>>
>>> I think virtually all the use cases for SOCKS and HTTP CONNECT are also
>>> in-scope for MASQUE.  Additionally, there are some cases that they don't
>>> handle, or that MASQUE could handle better:
>>>
>>>  - TCP proxying over congested/lossy client-proxy links.  SOCKS and
>>> HTTP/1.1 don't multiplex, so the congestion controllers for each TCP
>>> connection fight over this link.  HTTP/2 multiplexes but has head-of-line
>>> blocking on loss.  CONNECT over HTTP/3 would get us unified
>>> congestion control without blocking.
>>>
>>
>> IIRC, CONNECT currently doesn't know how to do HTTP/3 over QUIC, right?
>> So is what you're thinking about
>>
>>    - Connect can do HTTP/3 - proxy - HTTP/3 or HTTP/2 - proxy - HTTP/2,
>>    OR
>>    - Connect can do HTTP - proxy - HTTP, where the HTTP versions don't
>>    have to match?
>>
>> I am trying to describe this: client <--[H3]---> proxy <--[SSH]-->
> destination
>
> Where "SSH" is an arbitrary example of a TCP-based protocol.  Any TCP
> connection can run over CONNECT.
>
> In other words, I am talking about unmodified CONNECT over HTTP/3.
>
>  - Proxied WebRTC (or RTC generally).  Currently, using a proxy generally
>> forces WebRTC to use TCP, which generally also forces it to route through a
>> TURN server (another proxy!).  This adds up to significantly impaired
>> latency and quality.  By supporting UDP, MASQUE could do better.
>>
>>>
>>> - Virtual machine running in a webpage.  MASQUE could enable
>>> standardized networking for virtual machines in WebAssembly.
>>>
>>> - Network debugging when using a proxy.  HTTP CONNECT doesn't provide
>>> any indication of why a connection failed, e.g. to distinguish RST, FIN,
>>> timeout, or an ICMP error.
>>>
>>
>> We've come some distance since I was introducing myself at IESG meetings
>> as "AD for the spin bit", but we haven't come a really long way - the spin
>> bit is in and optional, which is fine, and we are noticing
>> https://datatracker.ietf.org/doc/draft-ferrieuxhamchaoui-quic-lossbits/
>> as a related draft, but we haven't had it on a QUIC working group agenda in
>> the past year (IIRC), even though it gets talked about in places like MOPS.
>> And that's just one more (almost certainly optional) bit of information, if
>> it does move forward.
>>
>> I'm intrigued by your proposed use case on network debugging, especially
>> if proxying HTTP/3 using CONNECT becomes a common mode of operation - have
>> you started to hash out details for this use case, what might be visible
>> without revealing too much, etc.? If not, would you like to work on
>> something with me (and, one hopes, smarter and more realistic QUIC people)?
>>
>
> I wasn't really thinking about QUIC; I was thinking primarily about TCP.
> If we're in the business of modernizing CONNECT, one thing that I would
> like would be an HTTP Trailer indicating _why_ the connection was closed,
> e.g. who closed it, FIN vs. RST vs. timeout.  Similarly, if CONNECT fails,
> it would be nice to have a header indicating why it failed, and perhaps
> some clarity about which status codes to use.  My main use case here is
> "showing users the right error message" when something goes wrong.
>
>
I was looking into implementing sending an IP address in CONNECT request to
a proxy instead of host name. It is not easy to figure out if connect
should be retried with another IP address. Having better error codes would
be helpful.

dragana


> I would have to think some more about QUIC.  In my view, it depends on
> whether we end up defining (1) a QUIC-specialized proxy, (2) a general UDP
> transport proxy, and/or (3) an IP tunnel.  If (1) or (2), it could be
> interesting to consider how to convey some lower-layer information to
> enable ICMP error reporting, PMTUD, etc.  (An IP tunnel gets us all that
> stuff automatically..)
>
> One thing I have proposed is using continuous measurement of client-proxy
> RTT to unify the two layers of congestion control, but this is a purely
> hypothetical performance optimization, not for network debugging.
>
>
>> Best,
>>
>> Spencer
>>
>>
>>> On Sat, Feb 22, 2020 at 6:14 PM Eric Rescorla <ekr@rtfm.com> wrote:
>>>
>>>> I am interested in this as an alternative transport for securely
>>>> proxying HTTP traffic (cf. https://fpn.firefox.com/)
>>>>
>>>> -Ekr
>>>>
>>>>
>>>> On Thu, Feb 20, 2020 at 7:13 PM Christopher Wood <caw@heapingbits.net>
>>>> wrote:
>>>>
>>>>> The core MASQUE protocol [1] describes a simple negotiation mechanism
>>>>> for various
>>>>> applications. However, it omits use cases for these applications.
>>>>> MASQUE
>>>>> obfuscation
>>>>> in support of a "hidden VPN" service is one use case [2]. Tunneling
>>>>> QUIC
>>>>> is another [3].
>>>>>
>>>>> Given that MASQUE and the upcoming BoF will be successful insofar as
>>>>> it
>>>>> addresses important
>>>>> use cases, I think it'd be useful to discuss these application use
>>>>> cases
>>>>> in more detail
>>>>> before Vancouver. To that end, let's use this time before the meeting
>>>>> to
>>>>> discuss them!
>>>>>
>>>>> I'd like to ask interested parties to please surface use cases they
>>>>> know
>>>>> of (and care about).
>>>>>
>>>>> Thanks!
>>>>> Chris
>>>>>
>>>>> [1] https://tools.ietf.org/html/draft-schinazi-masque-02
>>>>> [2] https://tools.ietf.org/html/draft-schinazi-masque-obfuscation-00
>>>>> [3] https://tools.ietf.org/html/draft-kuehlewind-quic-substrate-02
>>>>>
>>>>> --
>>>>> Masque mailing list
>>>>> Masque@ietf.org
>>>>> https://www.ietf.org/mailman/listinfo/masque
>>>>>
>>>> --
>>>> Masque mailing list
>>>> Masque@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/masque
>>>>
>>> --
>>> Masque mailing list
>>> Masque@ietf.org
>>> https://www.ietf.org/mailman/listinfo/masque
>>>
>> --
>> Masque mailing list
>> Masque@ietf.org
>> https://www.ietf.org/mailman/listinfo/masque
>>
> --
> Masque mailing list
> Masque@ietf.org
> https://www.ietf.org/mailman/listinfo/masque
>

v2.23.0 | Report a Bug | By Email