RE: Request for Authenticated but not Encrypted Traffic
"Randy Armstrong (OPC)" <randy.armstrong@opcfoundation.org> Sat, 01 October 2022 01:21 UTC
Return-Path: <randy.armstrong@opcfoundation.org>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1895EC14CF1D for <quic@ietfa.amsl.com>; Fri, 30 Sep 2022 18:21:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.109
X-Spam-Level:
X-Spam-Status: No, score=-7.109 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=opcfoundation.org
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6C4TYQMvpqcx for <quic@ietfa.amsl.com>; Fri, 30 Sep 2022 18:21:17 -0700 (PDT)
Received: from NAM11-CO1-obe.outbound.protection.outlook.com (mail-co1nam11on2071.outbound.protection.outlook.com [40.107.220.71]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E7353C14F732 for <quic@ietf.org>; Fri, 30 Sep 2022 18:21:16 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ZqZSnph3WsI2rpGZkul6wjBlha9yxIdQuRqA+yzRMFxPk0TM2Z3mlFPTHydsHydZgCIydDAV0j3fWVyLUJjFEwexOk814PA40Dt4AtXiu8o8VAgihhvEidnHpunEsqpcy9owr+HoMW6GfBL8u5Autuk1H9LNlIhHom1mIpjSGcXfez4FxeF4/4cBbW4f3rv0RTHUbZwoDO1NBdVw2Il21Qq28jvUzDQEu4ovUA9xWkBkkJdTyAYtpaibBy7sLdqc36C+Av0T1d9c12AAx2RANhzCXq09IE+KKyKoa+IPeBLus2D1/3HedCzLKax+RLAWNQVw7n5952GlkSwjpUw+KA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=9AhlPV3DsTl+Ra38UT8M7od29C6zmbYwQ5K7ylcLHpA=; b=eV0Wnvwp9rd4PcTLUtXS75c8PqememxWpk3Pwzf30ZImm8nxB62lyZmCCKUF3xUjREat3j2GZ97vRNgY/h6Kv4+fqxSEZOKyRsQ3YQqygpI7RDtnUGcqKsWWfh4jDWG8zSMmtBSVLo7+I8p0g76cz+FKLw+abVA48+VB98zzdKy35HQ2yjCzmeUQkAtQq7NuV9Frc7lxlLXUFgDSs0npyUD9cY9Y5WMMwU605QEOLmOlV7477ilgW1JvJ1uIqcHMwhKiFK2vLA+0OVCUJpe5ruVvF/2imV0RNfwg6taQdRwRZvZJCK2sfTQRE9mDgEDXcA/jLoRvzD/Xhp44rNENHA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=opcfoundation.org; dmarc=pass action=none header.from=opcfoundation.org; dkim=pass header.d=opcfoundation.org; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=opcfoundation.org; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=9AhlPV3DsTl+Ra38UT8M7od29C6zmbYwQ5K7ylcLHpA=; b=EKQNFR6xkBPeu2pqR6Np7Skb2mi+3T/smPySEd7ukNTNdIu1R1IN5C6exbNGbBlb8hZT831fBt6pA4EUmzuYmQ39tUaTxZftWGileoD93mJELZ3MqwSpkE/wnGAGDTLV6bp+VQaxhA6WVCBIuZzfAhcK3aUgP7xFR1JPQXsgpI8=
Received: from SJ0PR08MB8288.namprd08.prod.outlook.com (2603:10b6:a03:41a::13) by CY4PR08MB3429.namprd08.prod.outlook.com (2603:10b6:910:7c::34) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5654.25; Sat, 1 Oct 2022 01:21:13 +0000
Received: from SJ0PR08MB8288.namprd08.prod.outlook.com ([fe80::708f:4a6d:ca77:cef0]) by SJ0PR08MB8288.namprd08.prod.outlook.com ([fe80::708f:4a6d:ca77:cef0%9]) with mapi id 15.20.5676.017; Sat, 1 Oct 2022 01:21:12 +0000
From: "Randy Armstrong (OPC)" <randy.armstrong@opcfoundation.org>
To: Phillip Hallam-Baker <phill@hallambaker.com>, Christian Huitema <huitema@huitema.net>
CC: "quic@ietf.org" <quic@ietf.org>
Subject: RE: Request for Authenticated but not Encrypted Traffic
Thread-Topic: Request for Authenticated but not Encrypted Traffic
Thread-Index: AdjT/etteyPc96T0SA+BuKbhQ9/5AQAPBNYAAABhQAAAAw3BEwAAbsaAACToMAAAAbL3gAAAOT7AAAEeYYAABH6rgAABDPcAAAEv1oAABdAicAACxq6AAANFcoAAAAfFMA==
Date: Sat, 01 Oct 2022 01:21:12 +0000
Message-ID: <SJ0PR08MB828871DF21A3D22656B394AEFA599@SJ0PR08MB8288.namprd08.prod.outlook.com>
References: <CAMm+Lwgo5i=FD9sMcp+o_N-e5MprDDCDobzjh-FpwGKhiH99iQ@mail.gmail.com> <3C9CC208-E4E1-4F9F-B10A-6ACF485A0CEF@huitema.net> <CAMm+LwhVM+7Db6ZPLuE5A5VLYqocvZWr=hfKcN=HgYhrdLrgTQ@mail.gmail.com> <SJ0PR08MB82888AF87EE732F97717AFF4FA569@SJ0PR08MB8288.namprd08.prod.outlook.com> <7a099cee-59db-5c6d-2026-3216c60b37ea@huitema.net> <CAMm+Lwg7f226X+jR5_LmuMP2B172pA-W638hskJUpvRzNL++Qw@mail.gmail.com>
In-Reply-To: <CAMm+Lwg7f226X+jR5_LmuMP2B172pA-W638hskJUpvRzNL++Qw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=opcfoundation.org;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: SJ0PR08MB8288:EE_|CY4PR08MB3429:EE_
x-ms-office365-filtering-correlation-id: 3b482078-d994-4554-fd06-08daa34b3abc
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: iSN10oMTfwMdNWpBMgecJFQYA1eM71d/F8saytHTRzA1qIsR3U8LCjPbhG/Wx7XtDI4xMTRpKEdhkFkBtjnjGAgvhFl3tfZYccLHDoHSo0uLvgrs2UycKuMe/Hsx3nSqppue+q3ctofbLDGqBHHgIYP+GbY/HtawsqxYqJhajtCMoZjHKXEEeMPdKvFHSOkfT2aqO5Jqv1c4Ssyktcf67G7G0h0XJOv9Fq/GRiXq9R8aigEtQ4FFA0AXKyfGh48HIRiEJSi6vRKJaGYj81O8591w01FxgR4m90QB9GMmuKFar2jinKt/ztCxa3KzFIOL28Xq4MfcX4i6OEklfXfkhvcwMN1+pDs9GtuTjpYTGgE6MwOUS5bHzXKkUYxUGJj8Bys2j6uQ4S4ZcKaKzhPem6XBn/aKaBchkzwk2VAMsBCrJgpgwX6GOeDbCjulWD5gn0/U73lGH1Squ0/WpUO6nDZ6Eb2qWTj1dEqrOokR2aYu5/cLc0Oj+3HXWhpfWwwzQNJIqwt/Qk5ag/COgq70Ikd17qZG1OIuitOwNPepFsTnHq1MVT8T9xym5A3QTufjVLL/RLI14lQxVMEg31unsVI0M+V4u0Rcd1NKo4i/3aPZHvdA4g6PK7bSjd3+lym4f/tmft3Cr7Ijx2ueHReZDZx/XhPfo22Tl2TcrLV32TZ+HA0dtbc3sBU4w1+o/Jd6lGAz9Aqr1Yn9TOE7GIopbBlwMOKF4aBNvuN4rPPErmxxpDcnbkwJSn/UqZ1DAKiwbElQj7mpCM9B9HWNbp+L+A==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SJ0PR08MB8288.namprd08.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230022)(366004)(396003)(136003)(346002)(376002)(39830400003)(451199015)(52536014)(8936002)(66899015)(5660300002)(41300700001)(110136005)(71200400001)(316002)(122000001)(38100700002)(53546011)(478600001)(7696005)(6506007)(4326008)(8676002)(64756008)(66446008)(66476007)(76116006)(66946007)(66556008)(33656002)(86362001)(2906002)(83380400001)(55016003)(38070700005)(26005)(9686003)(186003); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: W1ni4bKnFqMm5MZbzrklMOqGo2qOrGf9sPWQaAlihVCb8hxEc7xhUIk3fqOz0JqQFCmbml7yvCbEHwz8QKNA9XKEKPNoxUjwCDN5NvcfPLBFjkeAgQSvK4SPFf2Lnqkw6Jv2k4+S0Evv5Fi+ycUF2hgDGGOpO1hgeR6YhJvS7eJ1S5Pdbx6bFfSIblPX5NZwJXxOPqWJov1PUsO5or15lxba/PlaoSFOEI3ElqANHn7Wg4EBb5/7foA/dH8g8GAKv55nhKLUdFd7AYj9rln+R+szl2RRfam9/W4aCBZjbRrJqMRyySJ+gKZd6FdUQ2a4eQ6rC5oSDbsLm/duRWLL5F7cyY/QIkPEAK/SMNfBAZH3HTb6zMBFzcdfZsqzV8dXGUwWgvMHo3YVCJYFEcRqkPtq+//N0s5XCOt+kx+Bg9hQgfNdlDy+sDXq4hVC3/TN5scRjLR2ptLPB48rUv5TxWug9naVQB4IgGr1lpCzBrxLXN5ff802V2AQWjE8X1WP3hbrlrHmTYvkzxFy/M8adUKPKGgEQu0vftSq8O11biq5FBoSXZNzOcrlXOUOJ1pHKiYYQ4pkY3jhOIP9P43z3Hro0EL+vJQzHnwPgJwC85XHLbbi5CrMybXzr99xS6AUc8rRACGutv5ISCTFf2/GF82N6YmtXVXeAa7tA5qXpslmL6w6FX30mvD0FVu4e0N81Wa4qeOoIZnpSf6IA+mtnPKauSsMOVVn2AElwqIqNdXPDHyonp1IOLJb5/d/58PAKrXbShKLLAtOrxvr5sYQYlkWq2K5Q+Te1vQFSrZBGjciR5zEgiUVUkHTzaT4V9XfR+nls95fB3yc4BJObA2+2tl0gcE58VgbPSTNknzQWFc9q+CUnT8C1aE0AjrdoN83OLJPsqgCGMMmskO04kdva0t8OsQl4I3epAz+U8LOcYn3zkWu0vf0c0JakYNoYDyRQVZSzciqQOw84v/63w/pbYNGGHtPrm5Q+Fikmx8CDsU/d7NI+FQJN1+fyoW6ECopnyWuOtZV9CX+Yp8I2aPhyuzdYRbVL10W3r6GWvTurEQEgyWEknsJaOPetEKiYzClvrHxPlTcnNc7sfcVyzPTp+CLE6nU/auGzbFbZSnLznqFDM5Yj5aXLUQCE/KrkROjDHZCQqOVsZ7UTfdgnG5iofnF5fuld3YI1dgYTCU+SOZee2QAdtD6bmvdNFsaxhwqRJ3vgw4p4KrW0ZVWAVWU0XmuoFWWZGmnp0GpsWE4QWlswIsgzycGJKFllEshqm2g9T317o3TH4wtP6KJMGDJz1y+MTipMcCVDlwwUwqj0htL0RiMPjo5wwN9FM7bkm9Rfom//qKjBChfIr9SzW1QGVqbaOY2zaYe2GZGli6DLh7J2wL3/NMj7wm0hxBRFLi+Tbq2ner6hlsEb9vLxtQdRNL7yc/ZJHkAkhzR5mVIfzq/55sMj2MxgCG2G0sW1OCQe/6RUC4Ksc7UA4jTPAVdahFinEjqIiWE1SehN4RrF/nj1WdeB1BO90sm4F0qKeYxCRHxMFHUcLavhORZpc8O7uQzB6NPuIcQLrHVR5DQxZwPGAL5Ozh3LeGGXz6bcp9KnQOvb1XGijNZHdysUDUyQusAeQXFj3fj56+7dPg/5xQ=
Content-Type: multipart/alternative; boundary="_000_SJ0PR08MB828871DF21A3D22656B394AEFA599SJ0PR08MB8288namp_"
MIME-Version: 1.0
X-OriginatorOrg: opcfoundation.org
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SJ0PR08MB8288.namprd08.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 3b482078-d994-4554-fd06-08daa34b3abc
X-MS-Exchange-CrossTenant-originalarrivaltime: 01 Oct 2022 01:21:12.9373 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2d8ef4e4-d41c-489c-8004-bb99304b60fe
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: QBQnVccZoaiiNU2BmG9URntL7FaO4IUDcGaHU3eLsB6pz7SNM4b8jZjF/ymJG3loTNPTBYL/QzPrCfEl1dFtGq1heu7go7ANa7UDAk8ENoyza3NrgUr+kJBE51vazegn
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR08MB3429
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/8kq63FitJwpYuSSDvaPFf-XEW5U>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 01 Oct 2022 01:21:21 -0000
* That is pretty much the only model we have been using but it isn't the only model and it is a straightjacket. We have other protocols for publish-subscribe patterns (including multicast). We would not want to use QUIC for those use cases. QUIC only makes sense for request-response. From: Phillip Hallam-Baker <phill@hallambaker.com> Sent: Saturday, October 1, 2022 10:18 AM To: Christian Huitema <huitema@huitema.net> Cc: Randy Armstrong (OPC) <randy.armstrong@opcfoundation.org>; quic@ietf.org Subject: Re: Request for Authenticated but not Encrypted Traffic Both of you are assuming a request/response paradigm. That is pretty much the only model we have been using but it isn't the only model and it is a straightjacket. On Fri, Sep 30, 2022 at 7:44 PM Christian Huitema <huitema@huitema.net<mailto:huitema@huitema.net>> wrote: On 9/30/2022 4:30 PM, Randy Armstrong (OPC) wrote: > * Sure, we could design a presentation layer on top of QUIC. I think it is better to design a transport/presentation layer for the problem space and then see how we might make use of QUIC. > > Not quite sure why you make a big deal about this. OPC UA supports the kinds of operations you described but the complex operations are broken into multiple request-response pairs for transport. All OPC UA needs is a full duplex channel that allows responses to be returned in any order. I would imagine that any other protocol built on QUIC would do the same. That's exactly the way DNS over QUIC is designed. Full duplex channel (QUIC connection) allowing for series of transactions. Each transaction request (from the client) is mapped to a new duplex stream stream; response come back on the reverse part of that stream; responses to transactions arrive in any order. > The important question is: does QUIC have any inherent limitations that would make it difficult to implement complex operations over top of QUIC? No. You have to pay attention to the management of connections, how to resume connections after they break, etc. But that's pretty standard when designing a distributed application. -- Christian Huitema
- Request for Authenticated but not Encrypted Traff… Randy Armstrong (OPC)
- Re: Request for Authenticated but not Encrypted T… Paul Vixie
- RE: Request for Authenticated but not Encrypted T… Randy Armstrong (OPC)
- Re: Request for Authenticated but not Encrypted T… Roberto Peon
- RE: Request for Authenticated but not Encrypted T… Randy Armstrong (OPC)
- Re: Request for Authenticated but not Encrypted T… Salz, Rich
- Re: Request for Authenticated but not Encrypted T… Paul Vixie
- Re: Request for Authenticated but not Encrypted T… Phillip Hallam-Baker
- Re: Request for Authenticated but not Encrypted T… Martin Thomson
- RE: Request for Authenticated but not Encrypted T… Randy Armstrong (OPC)
- Re: Request for Authenticated but not Encrypted T… Eliot Lear
- Re: Request for Authenticated but not Encrypted T… Paul Vixie
- Re: Request for Authenticated but not Encrypted T… Carsten Bormann
- Re: Request for Authenticated but not Encrypted T… Paul Vixie
- Re: Request for Authenticated but not Encrypted T… Carsten Bormann
- RE: Request for Authenticated but not Encrypted T… Randy Armstrong (OPC)
- Re: Request for Authenticated but not Encrypted T… Eliot Lear
- Re: Request for Authenticated but not Encrypted T… Lucas Pardue
- RE: Request for Authenticated but not Encrypted T… Randy Armstrong (OPC)
- Re: Request for Authenticated but not Encrypted T… Eliot Lear
- RE: Request for Authenticated but not Encrypted T… Randy Armstrong (OPC)
- Re: Request for Authenticated but not Encrypted T… Lars Eggert
- RE: Request for Authenticated but not Encrypted T… Randy Armstrong (OPC)
- Re: Request for Authenticated but not Encrypted T… Behcet Sarikaya
- Re: Request for Authenticated but not Encrypted T… Phillip Hallam-Baker
- Re: Request for Authenticated but not Encrypted T… Phillip Hallam-Baker
- RE: Request for Authenticated but not Encrypted T… Randy Armstrong (OPC)
- Re: Request for Authenticated but not Encrypted T… Matt Joras
- Re: Request for Authenticated but not Encrypted T… Paul Vixie
- Re: Request for Authenticated but not Encrypted T… Dave Taht
- Re: Request for Authenticated but not Encrypted T… Lucas Pardue
- Re: Request for Authenticated but not Encrypted T… Phillip Hallam-Baker
- Re: Request for Authenticated but not Encrypted T… Christian Huitema
- Re: Request for Authenticated but not Encrypted T… Phillip Hallam-Baker
- RE: Request for Authenticated but not Encrypted T… Randy Armstrong (OPC)
- Re: Request for Authenticated but not Encrypted T… Christian Huitema
- Re: Request for Authenticated but not Encrypted T… Christian Huitema
- Re: Request for Authenticated but not Encrypted T… Phillip Hallam-Baker
- RE: Request for Authenticated but not Encrypted T… Randy Armstrong (OPC)
- Re: Request for Authenticated but not Encrypted T… Willy Tarreau
- Re: Request for Authenticated but not Encrypted T… Paul Vixie
- Re: Request for Authenticated but not Encrypted T… Lucas Pardue
- Re: Request for Authenticated but not Encrypted T… Phillip Hallam-Baker
- RE: Request for Authenticated but not Encrypted T… Antoine FRESSANCOURT
- Re: Request for Authenticated but not Encrypted T… Dirkjan Ochtman
- Re: Request for Authenticated but not Encrypted T… Behcet Sarikaya
- Re: Request for Authenticated but not Encrypted T… Lucas Pardue
- Re: Request for Authenticated but not Encrypted T… Phillip Hallam-Baker
- Re: Request for Authenticated but not Encrypted T… Lucas Pardue
- Re: Request for Authenticated but not Encrypted T… Martin Duke
- Re: Request for Authenticated but not Encrypted T… Michael Tuexen
- Re: Request for Authenticated but not Encrypted T… Roberto Peon
- Re: Request for Authenticated but not Encrypted T… Behcet Sarikaya
- Re: Request for Authenticated but not Encrypted T… Lucas Pardue
- Re: Request for Authenticated but not Encrypted T… Eliot Lear
- Re: Request for Authenticated but not Encrypted T… Phillip Hallam-Baker