IETF Logo Mail Archive

Re: [Masque] Call for MASQUE use cases

Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com> Mon, 24 February 2020 18:11 UTC

Return-Path: <spencerdawkins.ietf@gmail.com>
X-Original-To: masque@ietfa.amsl.com
Delivered-To: masque@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 39BF63A106D for <masque@ietfa.amsl.com>; Mon, 24 Feb 2020 10:11:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cC42yFHO3f5T for <masque@ietfa.amsl.com>; Mon, 24 Feb 2020 10:11:48 -0800 (PST)
Received: from mail-lj1-x231.google.com (mail-lj1-x231.google.com [IPv6:2a00:1450:4864:20::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 052903A1065 for <masque@ietf.org>; Mon, 24 Feb 2020 10:11:47 -0800 (PST)
Received: by mail-lj1-x231.google.com with SMTP id o15so11194067ljg.6 for <masque@ietf.org>; Mon, 24 Feb 2020 10:11:47 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=SKpY0nffMCZKQ0v6eoqCE676oPKQkCj7dueVE/PdhzI=; b=o97iKPKutZSEWMxqndeJKUCPk6qz4FA1n7xIOWhIyyplkHtTV6s3pe4025MYI1OVst l0lW8AEyRGyXFwJx1HM5fEMiO5QnBeMkUNEw0b58h621UpOQ7bKU8rDH7Hl+/WtqvGBM ZN6Lfmwnng1Bvn3OzrENHWXXTi3fYZ6QL/+RPdcH1jvbdaTp0C2qjOgXUdWwDRNsPofL GGxE5C1XZeoug17/+cP7jsPwd3mBHIrzTVsXIefK/uYAUoD9YZE/psq6zW4Qtra3zRGi ufk7prcV5kUugfQQYHGeoh7QHw/JDXMLA9e9JNzk2p3n/WB4Gw0gqJQKwmDP98lXrkHr 7rcg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=SKpY0nffMCZKQ0v6eoqCE676oPKQkCj7dueVE/PdhzI=; b=suBrQ2NO9eCAQMMKZ7u28Y0EliM3y3iru46ouNfo7tWr/fG/tqjOYUe7jbxpflS7/B bnpJabIdTQVhZjhzQgqwowmdNc5UCB8cjhULpso8J26gs75dftQBfLjL2COpvgsu+CKC syXimYLkzIXywTD5NQnWWP++lQr8eO8uS9X8hXlXYYur89WI3DGYHoGlKdIquLi/AO45 17k9WFyDYwlVF2Dz/7m8P+Ru8fPjHwkNgweOZRNIC4YiwEqEs4/5Mc1fdzT9nvorwHbp CicH3v+RipICz4NSl9LA2E7CYzhvP/oQTfz5LHqGf7g1nMbQOtkVyRPAj0BRe2AxxXCe OUbA==
X-Gm-Message-State: APjAAAWEgCuU02IowhG25YlQ6AXreECirUPZ+SfV8sIBSC2Rj4WjUO6K xMHIrV/x/UO/CRdHZeGJGQKNkL6iCc1pk1TsViY=
X-Google-Smtp-Source: APXvYqzhbKOb9w9zLjwXid7WLKoVg02kJob7WDUgXXR0Gq9qnc2ThezTmNZ0WXt+Y9d0ic+BAe8hybfFabg39mNRLgE=
X-Received: by 2002:a2e:94c8:: with SMTP id r8mr31626704ljh.28.1582567906150; Mon, 24 Feb 2020 10:11:46 -0800 (PST)
MIME-Version: 1.0
References: <D46D764C-F682-472A-AFDA-32DDF5CA5F6B@heapingbits.net> <CABcZeBPMUNgOVWMS_sXPTsCU2R+EaK9JDuZsJQ5KSQROXE+4Sg@mail.gmail.com> <CAHbrMsAVXmyvqJKNzcmHOvM3NvPqhpfC9MuDEq9kNUBKe7=7=g@mail.gmail.com> <CAKKJt-etTk6CAqbL1MdSV6gdCgqC2Wz8cdUqbdzbM2h3LKAMhw@mail.gmail.com> <CAHbrMsDqgx7h+TRKLOgW+a3B3+TLWoRE9_DVBVhcKGRC3G=rog@mail.gmail.com>
In-Reply-To: <CAHbrMsDqgx7h+TRKLOgW+a3B3+TLWoRE9_DVBVhcKGRC3G=rog@mail.gmail.com>
From: Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com>
Date: Mon, 24 Feb 2020 12:11:19 -0600
Message-ID: <CAKKJt-cidtABzVDzF=zdOoq143=2A7aziG0Ue7akFbAVUxEZsg@mail.gmail.com>
To: Ben Schwartz <bemasc@google.com>
Cc: Ben Schwartz <bemasc=40google.com@dmarc.ietf.org>, Eric Rescorla <ekr@rtfm.com>, Christopher Wood <caw@heapingbits.net>, MASQUE <masque@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000e10b95059f564dec"
Archived-At: <https://mailarchive.ietf.org/arch/msg/masque/yYIwUmrKKe1S5EeQhhiJElcR_94>
Subject: Re: [Masque] Call for MASQUE use cases
X-BeenThere: masque@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Multiplexed Application Substrate over QUIC Encryption <masque.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/masque>, <mailto:masque-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/masque/>
List-Post: <mailto:masque@ietf.org>
List-Help: <mailto:masque-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/masque>, <mailto:masque-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Feb 2020 18:11:52 -0000

Hi, Ben,

Thank you for the clues below.

Perhaps we should talk in Vancouver :-)

Best,

Spencer

On Mon, Feb 24, 2020 at 11:52 AM Ben Schwartz <bemasc@google.com> wrote:

>
>
> On Mon, Feb 24, 2020 at 11:57 AM Spencer Dawkins at IETF <
> spencerdawkins.ietf@gmail.com> wrote:
>
>> Hi, Ben,
>>
>> I have a couple of questions about some use cases you described (inline),
>> but thank you for sending out your list.
>>
>> On Sun, Feb 23, 2020 at 10:06 PM Ben Schwartz <bemasc=
>> 40google.com@dmarc.ietf.org> wrote:
>>
>>> I think virtually all the use cases for SOCKS and HTTP CONNECT are also
>>> in-scope for MASQUE.  Additionally, there are some cases that they don't
>>> handle, or that MASQUE could handle better:
>>>
>>>  - TCP proxying over congested/lossy client-proxy links.  SOCKS and
>>> HTTP/1.1 don't multiplex, so the congestion controllers for each TCP
>>> connection fight over this link.  HTTP/2 multiplexes but has head-of-line
>>> blocking on loss.  CONNECT over HTTP/3 would get us unified
>>> congestion control without blocking.
>>>
>>
>> IIRC, CONNECT currently doesn't know how to do HTTP/3 over QUIC, right?
>> So is what you're thinking about
>>
>>    - Connect can do HTTP/3 - proxy - HTTP/3 or HTTP/2 - proxy - HTTP/2,
>>    OR
>>    - Connect can do HTTP - proxy - HTTP, where the HTTP versions don't
>>    have to match?
>>
>> I am trying to describe this: client <--[H3]---> proxy <--[SSH]-->
> destination
>
> Where "SSH" is an arbitrary example of a TCP-based protocol.  Any TCP
> connection can run over CONNECT.
>
> In other words, I am talking about unmodified CONNECT over HTTP/3.
>
>  - Proxied WebRTC (or RTC generally).  Currently, using a proxy generally
>> forces WebRTC to use TCP, which generally also forces it to route through a
>> TURN server (another proxy!).  This adds up to significantly impaired
>> latency and quality.  By supporting UDP, MASQUE could do better.
>>
>>>
>>> - Virtual machine running in a webpage.  MASQUE could enable
>>> standardized networking for virtual machines in WebAssembly.
>>>
>>> - Network debugging when using a proxy.  HTTP CONNECT doesn't provide
>>> any indication of why a connection failed, e.g. to distinguish RST, FIN,
>>> timeout, or an ICMP error.
>>>
>>
>> We've come some distance since I was introducing myself at IESG meetings
>> as "AD for the spin bit", but we haven't come a really long way - the spin
>> bit is in and optional, which is fine, and we are noticing
>> https://datatracker.ietf.org/doc/draft-ferrieuxhamchaoui-quic-lossbits/
>> as a related draft, but we haven't had it on a QUIC working group agenda in
>> the past year (IIRC), even though it gets talked about in places like MOPS.
>> And that's just one more (almost certainly optional) bit of information, if
>> it does move forward.
>>
>> I'm intrigued by your proposed use case on network debugging, especially
>> if proxying HTTP/3 using CONNECT becomes a common mode of operation - have
>> you started to hash out details for this use case, what might be visible
>> without revealing too much, etc.? If not, would you like to work on
>> something with me (and, one hopes, smarter and more realistic QUIC people)?
>>
>
> I wasn't really thinking about QUIC; I was thinking primarily about TCP.
> If we're in the business of modernizing CONNECT, one thing that I would
> like would be an HTTP Trailer indicating _why_ the connection was closed,
> e.g. who closed it, FIN vs. RST vs. timeout.  Similarly, if CONNECT fails,
> it would be nice to have a header indicating why it failed, and perhaps
> some clarity about which status codes to use.  My main use case here is
> "showing users the right error message" when something goes wrong.
>
> I would have to think some more about QUIC.  In my view, it depends on
> whether we end up defining (1) a QUIC-specialized proxy, (2) a general UDP
> transport proxy, and/or (3) an IP tunnel.  If (1) or (2), it could be
> interesting to consider how to convey some lower-layer information to
> enable ICMP error reporting, PMTUD, etc.  (An IP tunnel gets us all that
> stuff automatically.)
>
> One thing I have proposed is using continuous measurement of client-proxy
> RTT to unify the two layers of congestion control, but this is a purely
> hypothetical performance optimization, not for network debugging.
>
>
>> Best,
>>
>> Spencer
>>
>>
>>> On Sat, Feb 22, 2020 at 6:14 PM Eric Rescorla <ekr@rtfm.com> wrote:
>>>
>>>> I am interested in this as an alternative transport for securely
>>>> proxying HTTP traffic (cf. https://fpn.firefox.com/)
>>>>
>>>> -Ekr
>>>>
>>>>
>>>> On Thu, Feb 20, 2020 at 7:13 PM Christopher Wood <caw@heapingbits.net>
>>>> wrote:
>>>>
>>>>> The core MASQUE protocol [1] describes a simple negotiation mechanism
>>>>> for various
>>>>> applications. However, it omits use cases for these applications.
>>>>> MASQUE
>>>>> obfuscation
>>>>> in support of a "hidden VPN" service is one use case [2]. Tunneling
>>>>> QUIC
>>>>> is another [3].
>>>>>
>>>>> Given that MASQUE and the upcoming BoF will be successful insofar as
>>>>> it
>>>>> addresses important
>>>>> use cases, I think it'd be useful to discuss these application use
>>>>> cases
>>>>> in more detail
>>>>> before Vancouver. To that end, let's use this time before the meeting
>>>>> to
>>>>> discuss them!
>>>>>
>>>>> I'd like to ask interested parties to please surface use cases they
>>>>> know
>>>>> of (and care about).
>>>>>
>>>>> Thanks!
>>>>> Chris
>>>>>
>>>>> [1] https://tools.ietf.org/html/draft-schinazi-masque-02
>>>>> [2] https://tools.ietf.org/html/draft-schinazi-masque-obfuscation-00
>>>>> [3] https://tools.ietf.org/html/draft-kuehlewind-quic-substrate-02
>>>>>
>>>>> --
>>>>> Masque mailing list
>>>>> Masque@ietf.org
>>>>> https://www.ietf.org/mailman/listinfo/masque
>>>>>
>>>> --
>>>> Masque mailing list
>>>> Masque@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/masque
>>>>
>>> --
>>> Masque mailing list
>>> Masque@ietf.org
>>> https://www.ietf.org/mailman/listinfo/masque
>>>
>> --
>> Masque mailing list
>> Masque@ietf.org
>> https://www.ietf.org/mailman/listinfo/masque
>>
>

v2.23.0 | Report a Bug | By Email