IETF Logo Mail Archive

Re: Request for Authenticated but not Encrypted Traffic

Phillip Hallam-Baker <phill@hallambaker.com> Fri, 30 September 2022 18:34 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 86491C14CE26 for <quic@ietfa.amsl.com>; Fri, 30 Sep 2022 11:34:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.412
X-Spam-Level:
X-Spam-Status: No, score=-1.412 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.248, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DisEfVv7CMJU for <quic@ietfa.amsl.com>; Fri, 30 Sep 2022 11:34:23 -0700 (PDT)
Received: from mail-oi1-f170.google.com (mail-oi1-f170.google.com [209.85.167.170]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 03747C14CF0D for <quic@ietf.org>; Fri, 30 Sep 2022 11:34:22 -0700 (PDT)
Received: by mail-oi1-f170.google.com with SMTP id m130so5557170oif.6 for <quic@ietf.org>; Fri, 30 Sep 2022 11:34:22 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date; bh=k/Y1Ahhff3OhqhdC5qFcBi3AvrM48+qNwj5GceDvi1I=; b=gKPYBdpfvQZ5PK68I9oGspWGXRgZHHxTJ9GpUbbHeRzUlwRxth8i4+OokT86NpLTJX 2IF+LAVYGOSk975v8MyW9UIAXXDhRosyyHZoibYCpbkd3v9BakIQgTSetjPVtcTpAfqa 3n0ICTCMF8IRr+sL/BPEsM+r2ukp1OTi0xnfC2IVfYpWLzj9C4klq0hVqCP85xblnW3Z bymXFPubeLAIyWrJcVc3aSzyUPYtIikGFoHi/qkb0esyrOhO2zLfSEkA2slpr4q7hFsv n2GRsTxmH3o0hy9IV9i16ILn8wEnScKtn9BlzZBeQd6P3L6pB++M/5+ly5Hc6xYS/i6Q 0CtA==
X-Gm-Message-State: ACrzQf03u6Ooai6JJz6q34V5rLI7yPjFi1ldIPfgwHMWSdA7pS6WB338 mRuoAuBBSqa+OdE99WIvB84BEbEAIlUg77Z44tI=
X-Google-Smtp-Source: AMsMyM4w597ua4PHrLJyjfyR4SzOawjnYvs/CFHfyZx3RLxdd1OvVfuELaQyTp5G5ABCym8xvsWKvTYd2vLgpje34OM=
X-Received: by 2002:a05:6808:d4f:b0:351:62ce:d99c with SMTP id w15-20020a0568080d4f00b0035162ced99cmr4373238oik.244.1664562862117; Fri, 30 Sep 2022 11:34:22 -0700 (PDT)
MIME-Version: 1.0
References: <SJ0PR08MB82889F488CCA7D8FC4997ACEFA579@SJ0PR08MB8288.namprd08.prod.outlook.com> <e0c93db9-785b-fbfc-604a-5aa047d3c25b@redbarn.org> <SJ0PR08MB8288E1364214A9BCA4DBC6A5FA579@SJ0PR08MB8288.namprd08.prod.outlook.com> <MW5PR15MB51459BB0DCAD6E47A5A89C49D4579@MW5PR15MB5145.namprd15.prod.outlook.com> <SJ0PR08MB8288533C964762C760477D46FA579@SJ0PR08MB8288.namprd08.prod.outlook.com> <CAC8QAcfuVnr0UMii8kR-RZ_n3i8hOSDZTD=fHbkXVy5-3JJKNw@mail.gmail.com> <CAMm+LwhgCQcEMFCi7gc=UhDAGXug1=0Db90K=GnHTw9DOu8fog@mail.gmail.com> <SJ0PR08MB8288BAFDD51D99A8D9D42772FA569@SJ0PR08MB8288.namprd08.prod.outlook.com> <CADdTf+hP_HmwN+QHX=t8Vi=GLVQ=nduAh3xL6rRL_HG2fQdP3g@mail.gmail.com>
In-Reply-To: <CADdTf+hP_HmwN+QHX=t8Vi=GLVQ=nduAh3xL6rRL_HG2fQdP3g@mail.gmail.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
Date: Fri, 30 Sep 2022 14:34:11 -0400
Message-ID: <CAMm+Lwgo5i=FD9sMcp+o_N-e5MprDDCDobzjh-FpwGKhiH99iQ@mail.gmail.com>
Subject: Re: Request for Authenticated but not Encrypted Traffic
To: Matt Joras <matt.joras@gmail.com>
Cc: "Randy Armstrong (OPC)" <randy.armstrong@opcfoundation.org>, "quic@ietf.org" <quic@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000001a578305e9e93e1b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/MqAbsww2krfzEeluVHI4hWdzQTI>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Sep 2022 18:34:27 -0000

On Fri, Sep 30, 2022 at 12:25 PM Matt Joras <matt.joras@gmail.com> wrote:

> Hi,
>
> On Fri, Sep 30, 2022 at 9:02 AM Randy Armstrong (OPC) <
> randy.armstrong@opcfoundation.org> wrote:
>
>>
>>    - Process control is absolutely not a good match for QUIC, nor are
>>    Web services in general. HTTP is a lousy transport for Web Services and I
>>    write as one of the people who designed HTTP/1.0,
>>
>>
>>
>> Can you explain what aspects of QUIC make it not suitable?
>>
>> I thought a QUIC stream was a full duplex TCP-like pipe between two
>> processes.
>>
>> But your description makes it sound like it is as limited as a HTTP
>> connection.
>>
>
> While Phil's individual participation may have left him with such an
> impression, this is not manifest in the protocol that was standardized nor
> the implementations that have materialized. QUIC is certainly not limited
> to the semantics of HTTP, and has many desirable properties that make it a
> very flexible "generic" transport protocol. While HTTP traffic on the
> Internet was a driving usecase for implementers and was the first usecase
> standardized, it is certainly not the only appropriate usecase. Indeed,
> there are already non-HTTP and non-Internet users of QUIC at scale.
>
> The QUIC WG is a venue to discuss how QUIC can be extended to meet
> emerging needs application usecases, though of course it is not the case
> that QUIC is the only (or best) potential solution to applications' needs
> for transporting bits of data over networks.
>

The crux of the matter is that the high level model of QUIC is that it
provides a collection of streams between two points. While that is what
people are used to using in WebServices, this model is really only suited
to Web Services that are inherently data retrieval.

What Web Services really need is a mechanism that is purpose designed to
support transactional interactions and expose certain information to the
service provider and service consumer that really doesn't fit the HTTP
model at all well.

[Yes, I know the holy writ of Thompson and Richie proved that everything is
a stream... No they didn't and I discussed this with Richie personally. As
with much of what is attributed to David Clarke, do not extrapolate
conclusions beyond the context in which they were developed without
thought.]

What we are doing today is using HTTP POST as a presentation layer on top
of TCP, TLS or QUIC. And that approach has limitations that really can't be
addressed within the HTTP framework which is RPC Request/Response. For a
robust transactional system, I want to be able to do more than simple
subordination. I want to allow a service to receive a series of transaction
requests and then report back results on each part as they are completed. I
want to be able to report back partial results. I want a service to be able
to decide whether it wants to accept a transaction request requiring a
large amount of data to be operated on before the data is sent.

Yes, for people who have only seen Web Services built on HTTP, this is
going to raise the question, 'why do we need to do this'.

The way forward in this case is to build something that is purpose designed
to support Web Services (and not Web Browsing) and then see if it makes
sense to backport the same capabilities into QUIC. Which it might or might
not. The problem from my end being that QUIC is already a very large and
very complex specification and we might only end up using a small part of
that.

v2.23.0 | Report a Bug | By Email