RE: Questions on HTTP URI schemes and QUIC
Sridhar Bhaskaran <sridhar.bhaskaran@huawei.com> Wed, 25 July 2018 08:44 UTC
Return-Path: <sridhar.bhaskaran@huawei.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C818C130E51 for <quic@ietfa.amsl.com>; Wed, 25 Jul 2018 01:44:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CPTuuNzFkE_I for <quic@ietfa.amsl.com>; Wed, 25 Jul 2018 01:44:18 -0700 (PDT)
Received: from huawei.com (lhrrgout.huawei.com [185.176.76.210]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E8589130DC6 for <quic@ietf.org>; Wed, 25 Jul 2018 01:44:17 -0700 (PDT)
Received: from LHREML713-CAH.china.huawei.com (unknown [172.18.7.108]) by Forcepoint Email with ESMTP id E811DBA222ED1 for <quic@ietf.org>; Wed, 25 Jul 2018 09:44:13 +0100 (IST)
Received: from BLREML407-HUB.china.huawei.com (10.20.4.45) by LHREML713-CAH.china.huawei.com (10.201.108.36) with Microsoft SMTP Server (TLS) id 14.3.399.0; Wed, 25 Jul 2018 09:44:15 +0100
Received: from BLREML503-MBX.china.huawei.com ([169.254.9.4]) by BLREML407-HUB.china.huawei.com ([10.20.4.45]) with mapi id 14.03.0382.000; Wed, 25 Jul 2018 14:14:05 +0530
From: Sridhar Bhaskaran <sridhar.bhaskaran@huawei.com>
To: QUIC WG <quic@ietf.org>
Subject: RE: Questions on HTTP URI schemes and QUIC
Thread-Topic: Questions on HTTP URI schemes and QUIC
Thread-Index: AdQehQaTzEsbGZZvQ4ml64uCil/3zQAGQAMgAByo3kAAIXnVMADZ7w3QAA8EpoAAIxU/UP//4IKA//+hFRCAAHZzAP//npFg
Date: Wed, 25 Jul 2018 08:44:04 +0000
Message-ID: <0E42DD26875E1748992B1E3F732A36AE0129F313@BLREML503-MBX.china.huawei.com>
References: <0E42DD26875E1748992B1E3F732A36AE0129BCBA@BLREML503-MBX.china.huawei.com> <7CF7F94CB496BF4FAB1676F375F9666A3BB77BFA@bgb01xud1012> <0E42DD26875E1748992B1E3F732A36AE0129C45B@BLREML503-MBX.china.huawei.com> <7CF7F94CB496BF4FAB1676F375F9666A3BB786A5@bgb01xud1012> <0E42DD26875E1748992B1E3F732A36AE0129E9E9@BLREML503-MBX.china.huawei.com> <CA+9kkMAZqQviCshp8opYD4OBtG+SrXJ7TeXvwMzne_xDa4-_QA@mail.gmail.com> <0E42DD26875E1748992B1E3F732A36AE0129F121@BLREML503-MBX.china.huawei.com> <CABkgnnWvroAJtgOp=1=TMfJeV1Sr0rPJV_g4B6sdWO0fNyWDYg@mail.gmail.com>, <0E42DD26875E1748992B1E3F732A36AE0129F263@BLREML503-MBX.china.huawei.com> <7CF7F94CB496BF4FAB1676F375F9666A3BB799EE@bgb01xud1012>
In-Reply-To: <7CF7F94CB496BF4FAB1676F375F9666A3BB799EE@bgb01xud1012>
Accept-Language: zh-CN, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.20.148.60]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/BUEEAPbI0otLNJkcAwET-zdkuvM>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Jul 2018 08:44:20 -0000
Hi Luca / all, I will take this offlist as this getting more into URI design, 3GPP API design discussion which is not of interest to quic transport group. Thanks all for the valuable feedback so far. With this I am concluding the thread on this mailer list. Sridhar -----Original Message----- From: Lucas Pardue [mailto:Lucas.Pardue@bbc.co.uk] Sent: Wednesday, July 25, 2018 1:54 PM To: Sridhar Bhaskaran <sridhar.bhaskaran@huawei.com>; Martin Thomson <martin.thomson@gmail.com>; QUIC WG <quic@ietf.org> Cc: Ted Hardie <ted.ietf@gmail.com> Subject: RE: Questions on HTTP URI schemes and QUIC Hi Sridhar, What is the relationship between PLMN A and PLMN B? Is this "the public Internet" or more a collection of operator networks? If there is a coordinated handoff then, although operating in different trust domains, it seems feasible for the SEPPS to trust each other. Is that not the case? Trust of course requires some provisioning/orchestration of services at a system level but from the client perspective, HTTP clients at any point in the chain could believe they are in communication with the final target server. Lucas ________________________________________ From: QUIC [quic-bounces@ietf.org] on behalf of Sridhar Bhaskaran [sridhar.bhaskaran@huawei.com] Sent: 25 July 2018 08:20 To: Martin Thomson; QUIC WG Cc: Ted Hardie Subject: RE: Questions on HTTP URI schemes and QUIC Hi Martin, Thanks for the clarification. >> The latter is what we call a reverse proxy or gateway. For that to work, the "proxy" needs to hold a certificate and keys that are valid for the identified authority. The proxy can usually only operate for a single authority for each connection (RFC 7540 covers the exceptions to this). It can use the TLS server_name extension and HTTP Host header field to demultiplex requests for multiple names if it is authoritative for more than one. Each name typically needs a separate connection. [Sridhar] Reverse proxies to terminate TLS can be deployed when the proxy is in the same trust domain as the origin server since the reverse proxy can be configured to expose the API endpoint towards the clients and masks the presence of backend servers. . But in 3GPP the HTTP API call is like below HTTP Client in Network A (PLMN A) --> SEPP of PLMN A [ Trust Boundary crossed here] --> SEPP of PLMN B --> HTTP server in Network B (PLMN B) So here the client's transport connection (TLS or QUIC) terminates at SEPP of PLMN A which acts as forward proxy. So for a https:// scheme URI, the client has to trust the SEPP A as a certificate authority if it acts as a bump in TLS and provides a certificate on behalf of the HTTP origin server. I think the back to back user agent type proxy may not exactly fit here due to involvement of multiple proxies (SEPP A, SEPP B). Thanks Sridhar
- Questions on HTTP URI schemes and QUIC Sridhar Bhaskaran
- Re: Questions on HTTP URI schemes and QUIC Patrick McManus
- RE: Questions on HTTP URI schemes and QUIC Lucas Pardue
- RE: Questions on HTTP URI schemes and QUIC Sridhar Bhaskaran
- RE: Questions on HTTP URI schemes and QUIC Lucas Pardue
- RE: Questions on HTTP URI schemes and QUIC Sridhar Bhaskaran
- Re: Questions on HTTP URI schemes and QUIC Ted Hardie
- RE: Questions on HTTP URI schemes and QUIC Sridhar Bhaskaran
- Re: Questions on HTTP URI schemes and QUIC Mikkel Fahnøe Jørgensen
- Re: Questions on HTTP URI schemes and QUIC Martin Thomson
- RE: Questions on HTTP URI schemes and QUIC Sridhar Bhaskaran
- RE: Questions on HTTP URI schemes and QUIC Lucas Pardue
- RE: Questions on HTTP URI schemes and QUIC Sridhar Bhaskaran