IETF Logo Mail Archive

Re: [Masque] Proposed draft charter

Lucas Pardue <lucaspardue.24.7@gmail.com> Mon, 27 January 2020 12:23 UTC

Return-Path: <lucaspardue.24.7@gmail.com>
X-Original-To: masque@ietfa.amsl.com
Delivered-To: masque@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C110212022E for <masque@ietfa.amsl.com>; Mon, 27 Jan 2020 04:23:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.747
X-Spam-Level:
X-Spam-Status: No, score=-1.747 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R8xLbtmF5C3D for <masque@ietfa.amsl.com>; Mon, 27 Jan 2020 04:23:38 -0800 (PST)
Received: from mail-ua1-x935.google.com (mail-ua1-x935.google.com [IPv6:2607:f8b0:4864:20::935]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 728AF12008D for <masque@ietf.org>; Mon, 27 Jan 2020 04:23:38 -0800 (PST)
Received: by mail-ua1-x935.google.com with SMTP id h32so3352127uah.4 for <masque@ietf.org>; Mon, 27 Jan 2020 04:23:38 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=mhdhsi3n5rJpmvIDqolcSC+/G8cMFXmql+P2k+uYbTM=; b=ph8jZqp04AuuoxgLwGbs9dHQGPP+PFy4oEhYw5ZLaV3p8OCyo4XrQep7GwchIH2ind LVC60bKMOZjfpOy9hp820+J4etxRrpCFR8Ms2BP59kQUH+21PAW4IGEn851Ns26RPvTx TZH1ibf6msvVHVPUE1QU/i33d5VP7VT69A2aOlhbRD4/j5lyrh7Y5zHg+2fHmo5b+ZK2 wN1+eRv6gM9nB5UvjhOpmO6plASC6bxCLYvGFE5hoWSYIQTn/CLkLtk2G7voNGHyeTSC g6Jy5lmev5K6nOnLOSOQU2C5flNOvYM81lKxCJNPgdhRtjxD0bDgdb2Ur4r6g7VgneFN VK+w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=mhdhsi3n5rJpmvIDqolcSC+/G8cMFXmql+P2k+uYbTM=; b=W4Mr0SLErvxXD+4yGTNs0NrSJ4bluVdK9cv6unYEz0jZdQPw8enm2981ql5cXDDY/j CrixNWxXLGySX39oDSWoObb8ymCYzJnBsG7kPZiiwCrU+T8fQ1VhjcAPXED1suaps0C7 CPHvhrQe2c/mRF9RpmAf4mUwRK6Di7XMsfC89zdyMFMxMEFsWaYr+CIAPKJGmqKkUnSe aLKXRNQDSffG3MsVThzpCqnix0Ia3OjwQbB9GEz9ijkI8GUbX7sc5WMQAh6x9hEOtm99 rqgm0I30MKm+5/07sA1qAmVrHupTcGovJ9A4U9k/V6/de/572JCqaEenBRAyrs513dAv Rc5g==
X-Gm-Message-State: APjAAAXZxq9Sk2dHveG6o3bVurJ/FOg3dTiOGl7F/BoAET/nQsFWWeFW Ysrf37Mr4la+uxtG8aywXiD4AqFDQSbOKDQzdfM=
X-Google-Smtp-Source: APXvYqyKN58jtvKuU0Ly91vEQZo7UqeiVGsSrsEhvsiuMNFBVZ+HYS2cA8XO5Vl6/fNas33TmD+dzt02i5BHsbA1J2w=
X-Received: by 2002:ab0:69c9:: with SMTP id u9mr9132757uaq.80.1580127817412; Mon, 27 Jan 2020 04:23:37 -0800 (PST)
MIME-Version: 1.0
References: <845946C2-EB98-4F3A-966E-968AE349302C@ericsson.com> <B5A0CBC5-6127-4F47-B1CC-2BFF4934EA62@eggert.org> <1917123.yJOJJviVma@linux-9daj> <9daceeb9b5775846be0a0551bbdfa643e962fbcf.camel@ericsson.com>
In-Reply-To: <9daceeb9b5775846be0a0551bbdfa643e962fbcf.camel@ericsson.com>
From: Lucas Pardue <lucaspardue.24.7@gmail.com>
Date: Mon, 27 Jan 2020 12:23:26 +0000
Message-ID: <CALGR9oYGrp7HeG7e149Ha-EXypxPmerEjM-FvybVpprRH6miyA@mail.gmail.com>
To: Magnus Westerlund <magnus.westerlund=40ericsson.com@dmarc.ietf.org>
Cc: "paul@redbarn.org" <paul@redbarn.org>, "masque@ietf.org" <masque@ietf.org>, "lars@eggert.org" <lars@eggert.org>
Content-Type: multipart/alternative; boundary="00000000000041b969059d1e2d35"
Archived-At: <https://mailarchive.ietf.org/arch/msg/masque/vw1mpd_4o204vmo2EE33qs7Qb1E>
Subject: Re: [Masque] Proposed draft charter
X-BeenThere: masque@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Multiplexed Application Substrate over QUIC Encryption <masque.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/masque>, <mailto:masque-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/masque/>
List-Post: <mailto:masque@ietf.org>
List-Help: <mailto:masque-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/masque>, <mailto:masque-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Jan 2020 12:23:41 -0000

Hi Mirja, all,

Speaking as an individual:

>From reading the charter, it isn't clear to me whether avoidance of double
encryption is intended to be part of the MASQUE framework deliverable, or
seen as some other document(s) that would be proposed into a MASQUE WG or
some other WG?

The discussion on the list highlights some of complexity in this area. I
personally see a lot of value in developing a framework that does not
attempt to avoid the multiple levels of encryption problem initially; there
are several use cases that could benefit from a baseline capability to
tunnel congestion-controlled transports inside QUIC without the pitfalls of
nested congestion control.

Targeting a baseline, while letting double encryption avoidance continue in
parallel at its own rate (and own group of people) seems like one way to
structure such work. The charter isn't clear if that is the intent or if
there is a strong desire to solve both in unison.

Cheers
Lucas

On Mon, Jan 27, 2020 at 12:05 PM Magnus Westerlund <magnus.westerlund=
40ericsson.com@dmarc.ietf.org> wrote:

> Hi Paul and Lars,
> (As individual, my AD role clearly have an conflict of interest situation
> here)
>
>
> Paul's question is something that needs to be discussed. This goes beyond
> the
> security model I have envisioned for this work.
>
> So the most basic security model for this work would be to have a secured
> connection (outer) between an endpoint (mostly the client) and the proxy.
> Then
> run a end-to-end secure QUIC connection between client and server (inner).
> That
> end-to-end connection can run either inside the client-proxy connection for
> certain properties or in parallel for other set of properties. Then use the
> client proxy connection for meta data exchange to accomplis things. This
> model
> can be extended to use outer connections between proxies and proxy to
> server,
> and in cases where desired to even have an onion model where client uses a
> set
> of proxies but each proxy only see the next and previous hop.
>
> An evolved model would be to move the inner connection from a full blown
> QUIC
> connection to something which is an object security model end-to-end
> between
> client and server. This will require an chain of outer transport
> connections all
> the way between client and server. However, it would enable certain use
> cases
> that isn't possible in the first, like object caching. It also enables the
> proxies to do a much better job transport wise and avoid head of line
> blocking
> completely for inner object fragments and enable proxy level
> prioritizations,
> which is not really possible in the first model. I do note this model will
> require basically a new QUIC version as it will redefine the internals
> significantly.
>
> Paul I am uncertain of exactly what you attempting to accomplish. I think
> in the
> basic security model the client proxy connection can be used by the client
> to
> disclose information like SNI (assuming ESNI otherwise) to the proxy as
> that
> would allow policy recommendations that it appear you ask for. But, my
> assumption for this work is that the proxy will by default have no access
> to
> clear text content being transfered between endpoints. Any such access
> would
> require an explicit disclosure of the security context by the client to the
> proxy.
>
> But, lets also try to answer Lars's question. Why not in QUIC WG. I will
> not
> dismiss that this could be part of the QUIC WG charter. However, I think
> writing
> the charter like it is its own WG clarifieis what the intentions here are.
> I
> also note that basic framwork is much more like SOCKS work, or the TURN
> work in
> TRAM WG, but different than both to require its own work. Its primary part
> is
> not actually changing QUIC, at least for the basic security model above.
> Then,
> certain of the transport performance enhancement work will be how to
> interface
> information between the proxy and the end-to-end QUIC connection. That
> work will
> need interaction with the QUIC WG. Some things may even need QUIC
> extensions,
> and such would then likely need to be developed in the QUIC WG. I think we
> should discuss this more, and at a minimum clarify the interaction part.
>
> Cheers
>
> Magnus Westerlund
> (as individual)
>
>
> On Mon, 2020-01-27 at 08:26 +0000, Paul Vixie wrote:
> > i mostly think the same, but i'm concerned about one aspect of H3 that
> may be
> > sufficiently far from the core protocol to warrant special focus on the
> > proxy,
> > and that is the enterprise situation where the endpoint trusts the proxy
> to
> > either carry the transaction for it, or to refer the endpoint to a
> native
> > flow. use case, employee doing their banking from their corporate
> desktop
> > during their lunch break. this isn't a well-loved scenario because it's
> so
> > close to the nation-state authoritarian situation. but i'd like to
> explore it
> > with a group of open minded others, and i think doing it inside the QUIC
> or
> > HTTP WG would make for big distraction.
> >
> > there is, separately and precedingly, the the process by which an
> endpoint
> > would discover, and know whether or not to trust, an enterprise outbound
> > proxy.
> >
> > am i in the wrong basket?
> >
> > vixie
> >
> > re:
> >
> > On Monday, 27 January 2020 07:22:14 UTC Lars Eggert wrote:
> > > Hi,
> > >
> > > what motivates a separate WG vs. doing this in the QUIC WG?
> > >
> > > There are aspects of the charter - e.g., one-sided (transparent to the
> > > peer?) cooperation with middleboxes, double-encryption avoidance (does
> this
> > > translated to an "unencrypted" mode for QUIC?) - that could have a
> large
> > > impact on the base protocol. That suggests to me tight coordination
> with
> > > the base protocol is essential.
> > >
> > > Thanks,
> > > Lars
> >
> > --
> > Paul
> >
> >
> --
> Cheers
>
> Magnus Westerlund
>
>
> ----------------------------------------------------------------------
> Networks, Ericsson Research
> ----------------------------------------------------------------------
> Ericsson AB                 | Phone  +46 10 7148287
> Torshamnsgatan 23           | Mobile +46 73 0949079
> SE-164 80 Stockholm, Sweden | mailto: magnus.westerlund@ericsson.com
> ----------------------------------------------------------------------
>
>
> --
> Masque mailing list
> Masque@ietf.org
> https://www.ietf.org/mailman/listinfo/masque
>

v2.23.0 | Report a Bug | By Email