Re: [Masque] Erik Kline's No Objection on draft-ietf-masque-connect-udp-14: (with COMMENT)
Erik Kline <ek.ietf@gmail.com> Thu, 16 June 2022 23:24 UTC
Return-Path: <ek.ietf@gmail.com>
X-Original-To: masque@ietfa.amsl.com
Delivered-To: masque@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8C501C157B52; Thu, 16 Jun 2022 16:24:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Qvh31fXEvjK0; Thu, 16 Jun 2022 16:24:02 -0700 (PDT)
Received: from mail-oi1-x22d.google.com (mail-oi1-x22d.google.com [IPv6:2607:f8b0:4864:20::22d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 92EFFC15D866; Thu, 16 Jun 2022 16:23:43 -0700 (PDT)
Received: by mail-oi1-x22d.google.com with SMTP id w16so3595241oie.5; Thu, 16 Jun 2022 16:23:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=1Qd5B0DZ4z9hewXBtnb5M/ZSjBj/h0SsWjV7iEPNn2M=; b=XkFe+Bg0Lm/RTwJtv0KUcuY3gOwJgv4REKnw/VCL+LeNX32W+7OFDr5Oft1ZLWHe6q CTFVtxPQ3ywmYazpyVMcMkT6gvYllcYVDnhgDHsX23/H4nJMJqOHijzeFNWjTDRgs0pi Rb8XgAPaPLaQA21ObTg7AiSJkkM3E+22dwS/3HNMabxKkDhFzLIH+z/nalC7kw7+kQB2 vAZY0hjGIfs7Z/5AEvKjWQe6CAo4APGCjXJP6hIfBpINQUTyfK+YtZjGy2K498yyr3O7 UqugYjZZAR9vZx5YKjoGSljxejvzj/jjG0DAZE4Z7PLRLoE8YnnMZ4t/VQNbrUqFOHu6 3Eqw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=1Qd5B0DZ4z9hewXBtnb5M/ZSjBj/h0SsWjV7iEPNn2M=; b=b5Ru8RpSGHGz6QbVDAcJ3+XNmSTXL89P+HpMFKBghVSEG9f1ZJAYQmWhqjI9fENFZF LfBSht369xbLnHD7aYtHfTLQwW0E7nyP00sjFfWQ2gQYdeSfxq1Pr7tgCZlCJcR1ZW9G AVmxJsx+9uwtLm/i+zeI3pmYKoEhRrysYzExzv96zvvkemlreyYnwjBb5QyJpdaJYELL uaJYBwN65X3vaOOCq2RffmA7KLaLmS880L0cFdFfLP1kVWLr0QQyBtiVwIfRnXzhqu0D Vb9BY9OwkrDHQxJQbV8LAgCh9ErBp24FraQYxmnj49LdwfccFMnswcoBbcaDBMKRncft uTwA==
X-Gm-Message-State: AOAM530AN98UNQmLeUD/LZ312it8jwIlUb2IHiDO9G9W5Vw64ResRKWS HNVFdS7/1a/AYr0FAhz/R42Z5SYA/g874+0eK5c=
X-Google-Smtp-Source: ABdhPJxdNoHAIDdiSglqLKp0IoHGRTBydfDlFEesmOsXAwC1/WCPuPhICF16Dw23jUh0vTGtbLpYfViB6wTDXE3uQko=
X-Received: by 2002:a05:6808:f92:b0:32f:33af:7234 with SMTP id o18-20020a0568080f9200b0032f33af7234mr9174782oiw.99.1655421822437; Thu, 16 Jun 2022 16:23:42 -0700 (PDT)
MIME-Version: 1.0
References: <165516879058.39452.14276389104602931870@ietfa.amsl.com> <CAPDSy+7FhvQCKQ9hdpwfFz_XA_QShffHLs5ErUATe2Dpk9L2JQ@mail.gmail.com>
In-Reply-To: <CAPDSy+7FhvQCKQ9hdpwfFz_XA_QShffHLs5ErUATe2Dpk9L2JQ@mail.gmail.com>
From: Erik Kline <ek.ietf@gmail.com>
Date: Thu, 16 Jun 2022 16:23:31 -0700
Message-ID: <CAMGpriWtfYPcAd4nfEUsG3QiSc9rgc9eHjWaFBHOMti7zG_eNA@mail.gmail.com>
To: David Schinazi <dschinazi.ietf@gmail.com>
Cc: The IESG <iesg@ietf.org>, draft-ietf-masque-connect-udp@ietf.org, masque-chairs@ietf.org, MASQUE <masque@ietf.org>, Eric Kinnear <ekinnear@apple.com>
Content-Type: multipart/alternative; boundary="000000000000ae0e3b05e198edf6"
Archived-At: <https://mailarchive.ietf.org/arch/msg/masque/tc49uOsANEu-tDrx28X_yM0z7Vo>
Subject: Re: [Masque] Erik Kline's No Objection on draft-ietf-masque-connect-udp-14: (with COMMENT)
X-BeenThere: masque@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Multiplexed Application Substrate over QUIC Encryption <masque.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/masque>, <mailto:masque-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/masque/>
List-Post: <mailto:masque@ietf.org>
List-Help: <mailto:masque-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/masque>, <mailto:masque-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Jun 2022 23:24:03 -0000
Oh, very nice. Thanks! (github <https://github.com/ietf-wg-masque/draft-ietf-masque-connect-udp/pull/179#pullrequestreview-1009839524> ) On Thu, Jun 16, 2022 at 3:41 PM David Schinazi <dschinazi.ietf@gmail.com> wrote: > Hi Erik, thanks for your comments. > Responses inline. > David > > On Mon, Jun 13, 2022 at 6:06 PM Erik Kline via Datatracker < > noreply@ietf.org> wrote: > >> ### S3.5 >> >> * Should the 2xx discussion here include additional reference to the >> extended >> commentary in masque-h3-datagram#section-3.2? >> > > Agreed, I've replaced that text with a reference in this commit: > > https://github.com/ietf-wg-masque/draft-ietf-masque-connect-udp/commit/8020b2dc88fd51bc3c10b172bbb85e82a3eda403 > > ### S7 >> >> * I *really* wish there could be more said about tunnel security. I was >> tempted to try to formulate some DISCUSS on the matter, but I cannot >> seem to see where any more extensive text was ever written for the >> CONNECT >> method. >> >> Nevertheless, there are plenty of concerns that could be mentioned, like >> what should a proxy do if the target_host is one if its own IP >> addresses, >> or a link-local address, and so on. >> >> I'm not entirely convinced that it suffices to claim that because the >> tunnel is not an IP-in-IP tunnel certain considerations don't apply. >> Anything and everything can be tunneled over UDP, especially if RFC 8086 >> GRE-in-UDP is what the payloads carry (or ESP, of course). It seems >> like >> most of the points raised in RFC 6169 apply; perhaps worth a mention. >> >> But as I said, I think all these concerns apply equally to CONNECT (in >> principle, anyway), and the text here is commensurate with the text for >> its TCP cousin (that I could find, anyway). >> > > I absolutely agree. I added guidance in the following PR: > https://github.com/ietf-wg-masque/draft-ietf-masque-connect-udp/pull/179 > Could you please take a look and let me know what you think? > > >
- [Masque] Erik Kline's No Objection on draft-ietf-… Erik Kline via Datatracker
- Re: [Masque] Erik Kline's No Objection on draft-i… David Schinazi
- Re: [Masque] Erik Kline's No Objection on draft-i… Erik Kline