IETF Logo Mail Archive

RE: Request for Authenticated but not Encrypted Traffic

"Randy Armstrong (OPC)" <randy.armstrong@opcfoundation.org> Fri, 30 September 2022 16:01 UTC

Return-Path: <randy.armstrong@opcfoundation.org>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 02417C14F734 for <quic@ietfa.amsl.com>; Fri, 30 Sep 2022 09:01:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=opcfoundation.org
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6j75FtGKbf3I for <quic@ietfa.amsl.com>; Fri, 30 Sep 2022 09:01:31 -0700 (PDT)
Received: from NAM10-DM6-obe.outbound.protection.outlook.com (mail-dm6nam10on2049.outbound.protection.outlook.com [40.107.93.49]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CDC76C14F727 for <quic@ietf.org>; Fri, 30 Sep 2022 09:01:31 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=bftMJpLXiEtwIG0R7NwvIUja35jAJBaUwu2M0GmfFMc+IPDR6WRcjKsIME0WnmuijP7DlNgsaGdkFC/peqB0mVExMfHaWFWIbwYxPufma+TLb+HmyzGY+2P/0uWnxy5hNlt6d+t8qjim1PvLexLD0Ao3Emh22OW70MHTxeaezFViOIybdNHdhN+6mORb6rdOQ77lJl5T2Yl77cUD0f3krowjYewULiw73aGBVrERK1aI7MhgTfQZp5fewe1qlJFU3/f9X8CihogLtswbjSEpUdcqRFkItzZ6mXK2mqrdZkPdcxViTK1QVXRuTql0SiYzTDRGAfpE2Ew/TfE1Q5PP7w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=K15MHK3HqlZdEgJBXnp5KpJhapue+e3eFeHBkg1GTs4=; b=VzwmKyANGKh4P0dF0a3wRfhk02O23ZpjlRMffgIhlxlxSFFSZ7wPfae027McaEE+igcWwccJMkBJ/+Ja4rxVtst+fvD0MV3Z18SlSdJV0tidC2rDH4uWJI+tKkY0nNRuZWgx+CihUBxCD+mB6WR4n3qSmiSZ3Ni5yk8c0lyUIE1GkpLCbMfViqt7Cj2y6bYHKgahfc4Lp+CHI0SxG6eAWICm9bok5TWnzLLs862jd0aviq3bScS7Lr2H8hjYRfSjxAW+XFVqjjTZ7v/qwtfFDuI66CPOt4fHaP6j73bFQVQEFX4tt5ercUsy8VAkTL5e1PWAqSjNNW9wau4wFB3f4A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=opcfoundation.org; dmarc=pass action=none header.from=opcfoundation.org; dkim=pass header.d=opcfoundation.org; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=opcfoundation.org; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=K15MHK3HqlZdEgJBXnp5KpJhapue+e3eFeHBkg1GTs4=; b=fxHNpmmQaGtPMPcBJGEaatEl/13xODvrui7US8zJsCUa0HZosH83q2G3PiuYeFafodYc4Gk48an5ZkQYaNc1Q8oGY4wixm/59VlaVKL3WI7rxaVYVan6otEWxhJm1s5xHcS0tHpBIYw4Upz6DOc9hcwN0py9OLi1+xD+DR2OFzU=
Received: from SJ0PR08MB8288.namprd08.prod.outlook.com (2603:10b6:a03:41a::13) by BN0PR08MB7310.namprd08.prod.outlook.com (2603:10b6:408:161::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5676.23; Fri, 30 Sep 2022 16:01:27 +0000
Received: from SJ0PR08MB8288.namprd08.prod.outlook.com ([fe80::708f:4a6d:ca77:cef0]) by SJ0PR08MB8288.namprd08.prod.outlook.com ([fe80::708f:4a6d:ca77:cef0%9]) with mapi id 15.20.5676.017; Fri, 30 Sep 2022 16:01:27 +0000
From: "Randy Armstrong (OPC)" <randy.armstrong@opcfoundation.org>
To: Phillip Hallam-Baker <phill@hallambaker.com>
CC: "quic@ietf.org" <quic@ietf.org>
Subject: RE: Request for Authenticated but not Encrypted Traffic
Thread-Topic: Request for Authenticated but not Encrypted Traffic
Thread-Index: AdjT/etteyPc96T0SA+BuKbhQ9/5AQAPBNYAAABhQAAAAw3BEwAAbsaAACToMAAAAbL3gAAAOT7A
Date: Fri, 30 Sep 2022 16:01:27 +0000
Message-ID: <SJ0PR08MB8288BAFDD51D99A8D9D42772FA569@SJ0PR08MB8288.namprd08.prod.outlook.com>
References: <SJ0PR08MB82889F488CCA7D8FC4997ACEFA579@SJ0PR08MB8288.namprd08.prod.outlook.com> <e0c93db9-785b-fbfc-604a-5aa047d3c25b@redbarn.org> <SJ0PR08MB8288E1364214A9BCA4DBC6A5FA579@SJ0PR08MB8288.namprd08.prod.outlook.com> <MW5PR15MB51459BB0DCAD6E47A5A89C49D4579@MW5PR15MB5145.namprd15.prod.outlook.com> <SJ0PR08MB8288533C964762C760477D46FA579@SJ0PR08MB8288.namprd08.prod.outlook.com> <CAC8QAcfuVnr0UMii8kR-RZ_n3i8hOSDZTD=fHbkXVy5-3JJKNw@mail.gmail.com> <CAMm+LwhgCQcEMFCi7gc=UhDAGXug1=0Db90K=GnHTw9DOu8fog@mail.gmail.com>
In-Reply-To: <CAMm+LwhgCQcEMFCi7gc=UhDAGXug1=0Db90K=GnHTw9DOu8fog@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=opcfoundation.org;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: SJ0PR08MB8288:EE_|BN0PR08MB7310:EE_
x-ms-office365-filtering-correlation-id: 2b27b827-42b7-416b-51fc-08daa2fd083d
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: AoHnFox4sWt7PJxWoIwHGFEIzAf7UTCgIPIHTtQPXFkne1kqsYU1q2mWyeudtSkLnFBvXuZPxU003QUh/5NEhZXpoZn0vofIG8XbeMLIUhlX/Ef0F4VKfz/Y5BxtZEsVn4Lzt50L3OsvZCStFZY4zxvyuxgatPRMlpNZwO8Z9VUjNkWKfgzwoZ43+2sZjD/T7tBYg9/IYpnPPHI9Bm1ws6x3c8CpGfjhqUg/pCH++EE96e+NzXu95/Dq7LPRgXB/eEAqhNliGj+ISHvyUUUVf+m2A89mQgqlJDbf923CEeK/NlSUDgv/Ksihzm0FH1eof+fLnwHXYdequGEEkrAA8QnRItQ7r/fkQKlY3LMVsaDv6dWY9E0+DMAX9ElojZVJe95nI5crRVovWPGCKW9cRIhenqppRLCIpfY1KCOVs8iGOhc2SQdw3u5QRSy37WWn+VpOxXwS3aLy0LBSHDIHJJ+f++4jCoov9ehshTJ5vM2HKfl9nQr7uGAGPDfJB39vH0O62r4cqvvQja2XAo4/f77wMtGUtSNcvJZzE32sSPKSw90a+bp07z90Bjy4LpvJDq72EqEHh3if9hv7IUupiLuTm2PBxS6bRNfQtS2H7NoNgLC92PlamsTlI44V/ofEfHuEQA3wkcOegYBURowr9yMnyUxybKOwe4E8HlwtwUcNLlPs2ILT4Nc8myAqHU3WDdOQ4bLm1Xm1hJ6WKP5+4vqtTjY4vF35T9oaqgEUdOMChZtogBQwIyaxqjCb+gy3tjrSyZBaMEM4rBNUdiSuMw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SJ0PR08MB8288.namprd08.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230022)(136003)(366004)(396003)(39830400003)(346002)(376002)(451199015)(66556008)(5660300002)(2906002)(52536014)(66899015)(64756008)(66476007)(8936002)(66446008)(76116006)(4326008)(41300700001)(66946007)(8676002)(55016003)(33656002)(38100700002)(71200400001)(122000001)(186003)(26005)(9686003)(316002)(7696005)(6916009)(6506007)(53546011)(478600001)(38070700005)(86362001)(66574015)(83380400001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: SuVkz+TWCFRw5qa38UMAGpeFHbEvalUQDegHSF2nMy7vLiUKArCnhewEyC/xKBuYzNyYZ59w5hoC+3ieaQQPDkPBmj6uJToAekw3vWe2lsPAaNncvhrgT9MfOq7NuE2TuIW2EysqqJnTG98UfY89Q4pCpd9MPA1a1/PM3U5IotR8SrdeZ7wncVGYtAL9iHiRmlgc3tQaEV3l4GTBqVp7oqso+QpxOKI+pm5Llg1Xn2id2c916UtYfnWZmqxv4UL36nB1OaUqg/7LfjEy6DT7t4DB8Z+qJzIboxz3NzowcGLifTopaLM1YKs/2N/1bCCPn+VOrhi68/Ztq2nI67awnCSi8AFhx66Bq6BHvYCkYsWDu5ACmIZbb6RehBAULSrj18/fkxqlMHHk/P7ekBzfun6InFRpLVRH59/8rdBuRxDnLRb4YfLW4oInvz3Spw80xI/tTcj6IXIbcbWZuI9wd45PjsbJdvJrfGotPcrKxL4tuQHAvSecipodI1kc95C9GWsENOvluNtO5YcUHoQ5+tZauinzXdNUs3X10NSR9WHcQ16/MkdHnuJkPnn8fYmKFX5WJn1PyR0a7+7R/kBayYnKnP5vdJrxZALNu1W+VrM4K8Qz11BmcYxylcKBSDfAf8Xy65PR+XUsZOK879qwDguYadmBhipsXzxtp7VoI9BpdMBH5ftqQtr8fJzxc87iCrA4EG/jjMszYaQsmIwICxWabpZLq7nu9WMQbP2a803YyO/u4chTwDhq1ZWfAnyd5PuLogvE7yP4MYQtdIAsr1W+Ljn9f8tHMBskJAY4cRBXKzm95vRefvyVqzUWm/W8GoTJvSpL3AdakaJrVSHKxa6QLatj6R6YrQo4NE73G8WwEQrrsfzctKK1kT/gT4Qh+LxvcHtRtwD6P4/naSGsxuVtn1+oLq01Q9gz3v2yZJGcJlTl8qd/XLs2ytOMna988HENLe2cmumDGvGMqSlWM2tU6JqPEdURl7ffVAzJmFDK8yEmQaoIcvoTlyG9nldxr5AVs6byVTfWoWux51rQLI/qK4G3Mrbmc0lDYxIEmhJyFUrWNfWpfGxpusW6wKuTcBPJazqVDggOI1elm0kT8pMdKVX+LgOfgVb+VK05Rffuzb1sa+4xlaRa3QeD/riV4fjBvEN5/OXBFezbOv+1TfRipxrv/H1YRVwyjrn5GOgA9ubODRDSMvqNTKdn47AE1xzABnep/YHP9r8FLqApq6MgBKrrtCh23sK17h+n+I2l8Nkcaja6elHP+ufLvfA6r/III0CqpR3HyGvxxtBLzZOeejbn3nLgf7dvjevJ3m1/oXjEHyWXVyp6KgbqDu37nv+NhsNHojPA1JRJmDzguONKvulV9wB7bydSXIwJHt2rfHZfkrlJUVBEjbzGQ75AErZ06rHHij53w8tE+gYvo8ccYCKabCVYXgHRyySfRCs46HsOc4huSd70Hs38btDzlZc97M9GfPb4ujrKNiKuNjLifSy25OJq/XDsCh5Bj73b6Y20Qsz+/2/ymKrO3+WghfXD8EX2tNpbbYO9g+g2bKidaCWgKoM3gMEyuxSI4l/Qi8wltQzaJsFdoFf4VEx/mMij8r6+dPvadUk1O3vfBz6pHdV9bN1l0tC3++W8CCI=
Content-Type: multipart/alternative; boundary="_000_SJ0PR08MB8288BAFDD51D99A8D9D42772FA569SJ0PR08MB8288namp_"
MIME-Version: 1.0
X-OriginatorOrg: opcfoundation.org
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SJ0PR08MB8288.namprd08.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 2b27b827-42b7-416b-51fc-08daa2fd083d
X-MS-Exchange-CrossTenant-originalarrivaltime: 30 Sep 2022 16:01:27.4852 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2d8ef4e4-d41c-489c-8004-bb99304b60fe
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: K1dZjG+P8EkdLd1CwkMOrXmno74iNWEVtEBmBKv/+nIAXCS+STEUqDU8B+U58Z2eGCHIyq9/tGoZ8eeNnMKU6YnzWc3Fzjd2JDCZAeFRbA65e9o/CWHGWCWJzOZdtSWi
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN0PR08MB7310
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/7jXwgELcfCmZ-lxpoWNZ9P-R4Iw>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Sep 2022 16:01:36 -0000

  *   Process control is absolutely not a good match for QUIC, nor are Web services in general. HTTP is a lousy transport for Web Services and I write as one of the people who designed HTTP/1.0,

Can you explain what aspects of QUIC make it not suitable?
I thought a QUIC stream was a full duplex TCP-like pipe between two processes.
But your description makes it sound like it is as limited as a HTTP connection.

From: Phillip Hallam-Baker <phill@hallambaker.com>
Sent: Saturday, October 1, 2022 12:47 AM
To: sarikaya@ieee.org
Cc: Randy Armstrong (OPC) <randy.armstrong@opcfoundation.org>; quic@ietf.org
Subject: Re: Request for Authenticated but not Encrypted Traffic



On Fri, Sep 30, 2022 at 10:58 AM Behcet Sarikaya <sarikaya2012@gmail.com<mailto:sarikaya2012@gmail.com>> wrote:


On Thu, Sep 29, 2022 at 4:42 PM Randy Armstrong (OPC) <randy.armstrong@opcfoundation.org<mailto:randy.armstrong@opcfoundation.org>> wrote:
At this point we have not determined that QUIC will actually be better than TCP for OT applications. That said, we see the potential because there is a need for UDP based protocols on some embedded devices because the OS does not support TCP and QUIC offers the potential for prioritizing traffic with multiple streams.

There is also some effort to deploy 5G networks within factories which would mean the lower latency recovering after IP address changes could be a benefit.

One risk for QUIC in this setting comes from the memory consumption needed to handle out of order/repeated messages. TCP has had decades to optimize this problem which means it could be more efficient.

If the WG already knows that QUIC will not work so well on low end embedded devices then we would like to learn more about the issues.



Hi Randy,

I read the above. I think that TCP for IoT has been researched a lot and now we have some stripped down versions of TCP that are being used.
Not sure or not familiar with anything similar for Quic.
Quic is not like TCP, i.e. as far as I know, for Quic there is only one sender, that is HTTP.
So you may be opening a can of worms with this proposal.

Good luck,
Behcet

This is a very good point. I dropped out of QUIC as it became clear that 1) the WG is developing an optimized transport for Web Browsing and not a general purpose transport and 2) This is absolutely the right approach the WG should take.

Further, the QUIC group should resist attempts to 'build on QUIC' and turn it into a kitchen sink protocol solving every problem. That is how specifications wear out.


Web browsing is an application that is more than significant enough to justify its own transport. It is also a very complicated ecosystem with a lot of legacy commitments that have to be respected and so any solution is inevitably going to be complex.

However, one of the consequences of QUIC is that there is now precedent for developing new transport protocols built on UDP and so the floodgates are open. When the Internet was originally designed in the 70s, the only way to get transport sufficiently fast to be acceptable was to run it in the kernel. That is no longer true. Modern CPUs are fast enough and modern OS agile enough to offload transport out of the kernel.

Process control is absolutely not a good match for QUIC, nor are Web services in general. HTTP is a lousy transport for Web Services and I write as one of the people who designed HTTP/1.0,

What we need at this point is a transport that is designed for the needs of Web Services. A transport that is designed to be transaction oriented with suitable controls for rate limitation, authentication being established between the relevant end-points, etc. etc. A transport that allows us to keep a connection open for hours or days or years without constant heartbeat messages between every pair of endpoints.

In short, what we need is what the OSI stack called a presentation layer.

While much of the work on QUIC would be relevant to such an effort, it should do the same as QUIC did and start from a clean sheet of paper.

v2.23.0 | Report a Bug | By Email