Re: Request for Authenticated but not Encrypted Traffic
Martin Duke <martin.h.duke@gmail.com> Mon, 03 October 2022 21:59 UTC
Return-Path: <martin.h.duke@gmail.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 27C32C15259D for <quic@ietfa.amsl.com>; Mon, 3 Oct 2022 14:59:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.103
X-Spam-Level:
X-Spam-Status: No, score=-2.103 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IHwn6gGyD_Oe for <quic@ietfa.amsl.com>; Mon, 3 Oct 2022 14:59:28 -0700 (PDT)
Received: from mail-qt1-x835.google.com (mail-qt1-x835.google.com [IPv6:2607:f8b0:4864:20::835]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 55EF5C15259C for <quic@ietf.org>; Mon, 3 Oct 2022 14:59:28 -0700 (PDT)
Received: by mail-qt1-x835.google.com with SMTP id c11so7195777qtw.8 for <quic@ietf.org>; Mon, 03 Oct 2022 14:59:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date; bh=6mPoLhaR4f5yaEiNBkMF6blsEnVEMIQWcZkjr9cdDeQ=; b=mLKJkfP82nJmMH6gpDm38Yuwaa/Xq9XqKGqCWWS8HeafLz6rVXVPSkgUrrB+ogXYfi tCrPzivfNy+0AdP7tXSJhn7DELMeBCRhZpeVoAp/YKPJCfms9qQZKTbHSSwZzJkOMMDD +O4mm8riEVd4Xnn7XpoWRV3YGKWBr8UBSHpg0VBn7pNd5ikZaWzAr/bJlhtNGNnIjHT4 vBMtemjMm2inpcjF9WfEEx8g6HNs/iBZFm9/f4vbNSR6BekHROxm97cskz4w+fKGzPio OaIgk6YiOQkmbdQrhNFEMb5rOTxRBgqwKUzA+nA2BAHlMktDJRYKj01x/sTHdDfiKuED 6egQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date; bh=6mPoLhaR4f5yaEiNBkMF6blsEnVEMIQWcZkjr9cdDeQ=; b=KkfUfzqrOKfuacJrusr4syctAQTZYmFP4CqxHpkX4JFLoAk6XwKoRN4zgk+n6wzxy+ wh4sVyDARbvgrWFWzAvmRvQm8kxiS/d8teCVok78Uc/xKC1541xGDIm8rVttwlf8qI9b LIdpl7UHLDwjNHcYRhLFJr8h5W74lRLuRNaAvBPb1lTiCPzeO9zaU+gDkbTKlAV2tz2L xUIpnbT5YesQANFMTqMKF4/NVp1JHv4vdKs2ctfeyrfmvw/EmSdYcJvpTbEtYvoqCe3G WVJffvzenMyRuBthMtTy+K+Y24SzSvX+1HYPXotQLvEH9X1hFXswzjYc3Mamg/LEt+ll X22Q==
X-Gm-Message-State: ACrzQf2C8pVet5kNRPPmAY0eRw0C+n1FbORC4qd5WenlcVijJI2YDa5N tRNVbKjCDPUxzWVVWXZSqZq1hlsdZaP/45snc0arYk+S
X-Google-Smtp-Source: AMsMyM6SW0W/WDqoR5dSvgJy8OuXN33+7VSQOkygZ3p9LFLw5Y8JV+Aq3xlMlrRYKpXiR0Z13tAJzcmbYGXH87kfrIQ=
X-Received: by 2002:a05:622a:113:b0:35d:4465:627f with SMTP id u19-20020a05622a011300b0035d4465627fmr17628113qtw.387.1664834367069; Mon, 03 Oct 2022 14:59:27 -0700 (PDT)
MIME-Version: 1.0
References: <CAMm+Lwgo5i=FD9sMcp+o_N-e5MprDDCDobzjh-FpwGKhiH99iQ@mail.gmail.com> <3C9CC208-E4E1-4F9F-B10A-6ACF485A0CEF@huitema.net> <CAMm+LwhVM+7Db6ZPLuE5A5VLYqocvZWr=hfKcN=HgYhrdLrgTQ@mail.gmail.com> <dbf9c81b-38f5-2767-1a1b-3309077764aa@huitema.net> <CAC8QAcdfiHvir=jbzegVAi1vqYHiucX4w4J=+vOaiDm14sjDOA@mail.gmail.com> <CALGR9oa_gGx=kdgFcoG+7MXW4km8vs60_sUW=6on82AfPsnAqw@mail.gmail.com> <CAMm+LwhbLZ44+9ZwDRuOFfkR=i5e1QG01FQe-TZdo_KQKdwkdA@mail.gmail.com> <CALGR9oZxmfZJSi16ima7a=bufV_HC2kEsf=YDBOuBFTRA+YPWA@mail.gmail.com>
In-Reply-To: <CALGR9oZxmfZJSi16ima7a=bufV_HC2kEsf=YDBOuBFTRA+YPWA@mail.gmail.com>
From: Martin Duke <martin.h.duke@gmail.com>
Date: Mon, 03 Oct 2022 14:59:15 -0700
Message-ID: <CAM4esxTDwW_1ggzeHV0WG_g+34_WcP4SvqRMzOn3T-Y6va1wyw@mail.gmail.com>
Subject: Re: Request for Authenticated but not Encrypted Traffic
To: Lucas Pardue <lucaspardue.24.7@gmail.com>
Cc: Phillip Hallam-Baker <phill@hallambaker.com>, QUIC WG <quic@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000000f228205ea2875a5"
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/P5gqgOMalg5jOv9CambnZldygzU>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Oct 2022 21:59:32 -0000
I'm late to this discussion, but if the need is a protocol that delivers streams without encryption, SCTP (or SCTP over UDP) is a reasonably well-vetted choice that would appear to meet the requirements. It certainly sounds superior to asking people to invent a new protocol. (Which is not to say that the suggestions to making QUIC work in this use case are unworkable) On Mon, Oct 3, 2022 at 11:38 AM Lucas Pardue <lucaspardue.24.7@gmail.com> wrote: > Hi Phillip, > > On Mon, 3 Oct 2022, 19:13 Phillip Hallam-Baker, <phill@hallambaker.com> > wrote: > >> I think we have to actually build a prototype of a transactional-first >> transport, then build some applications over it and only then look to see >> whether/how we might re-use QUIC. >> >> That is how I originally worked on HTTP, I build applications using HTTP >> as a transport, one of which was the first Webmail service, those allowed >> me to discover the need for content length and start working on connection >> keepalive and framing. >> >> And we need to build any such system around the capabilities of modern >> programming languages which support threads and asynchronous methods. >> Otherwise we just end up trapped in subordination type interactions and >> don't progress beyond RPC. >> >> What I am saying is, let me build something, then take a look at it and >> tell me if/how to build it using QUIC. >> > > In case I was unclear, I think building something and revisitng later > sounds like a good approach. Look forward to seeing your progress > > In the meantime, and tangentially, I think its important to we provide a > consistent reminder that QUIC is very unopinionted about the applications > on top. This has been the case for years. I suspect many application > protocols that already exist would straightforwardly map to QUIC. We have > RFCs that do this, many I-Ds either individual or adopted by WGs, and I'm > aware of many protocol mappings that are defined outside the IETF - either > openly documented or private. > > Should future evolution of QUIC provide opportunity for alternative > (re)mappings that people think would be useful, that is entirely possible > and supported. Extension like that should probably also add a section that > extends the applicability document to aid designers and implementers. > > Cheers > Lucas > > > >> >> On Mon, Oct 3, 2022 at 1:19 PM Lucas Pardue <lucaspardue.24.7@gmail.com> >> wrote: >> >>> Hi Behcet, >>> >>> >>> On Mon, Oct 3, 2022 at 5:56 PM Behcet Sarikaya <sarikaya2012@gmail.com> >>> wrote: >>> >>>> Hi Christian, >>>> >>>> I quickly glanced through RFC 9250 which defines DoQ and references >>>> ALPN in RFC 7301. >>>> Agree with Philip that DoQ does not define something that is >>>> independent of HTTP. >>>> >>>> Will it come one day, we don't know? >>>> Behcet >>>> >>> >>> DoQ is an application mapping over QUIC. ALPN is an extension to TLS. >>> DoQ might use a transactional model that maps to bidirectional streams but >>> that is the full extent of similarities to HTTP; there is no normative >>> dependency. >>> >>> RFC 9000 was written carefully to describe the interface that >>> application-data-bearing streams can provide to applications. This is not >>> related to HTTP, QUIC is independent of HTTP. Indeed, QUIC on its own means >>> pretty much nothing. It needs an application mapping protocol. The >>> recently-published applicability draft, RFC 9308 [1], is specifically >>> written to aid designers or implementers of such mappings. Randy might find >>> RFC 9308 informative if wishing to pursue QUIC as a transport substrate for >>> the OT application layer traffic. >>> >>> Cheers >>> Lucas >>> >>> [1] - https://www.rfc-editor.org/rfc/rfc9308.html >>> >>> >>> >>
- Request for Authenticated but not Encrypted Traff… Randy Armstrong (OPC)
- Re: Request for Authenticated but not Encrypted T… Paul Vixie
- RE: Request for Authenticated but not Encrypted T… Randy Armstrong (OPC)
- Re: Request for Authenticated but not Encrypted T… Roberto Peon
- RE: Request for Authenticated but not Encrypted T… Randy Armstrong (OPC)
- Re: Request for Authenticated but not Encrypted T… Salz, Rich
- Re: Request for Authenticated but not Encrypted T… Paul Vixie
- Re: Request for Authenticated but not Encrypted T… Phillip Hallam-Baker
- Re: Request for Authenticated but not Encrypted T… Martin Thomson
- RE: Request for Authenticated but not Encrypted T… Randy Armstrong (OPC)
- Re: Request for Authenticated but not Encrypted T… Eliot Lear
- Re: Request for Authenticated but not Encrypted T… Paul Vixie
- Re: Request for Authenticated but not Encrypted T… Carsten Bormann
- Re: Request for Authenticated but not Encrypted T… Paul Vixie
- Re: Request for Authenticated but not Encrypted T… Carsten Bormann
- RE: Request for Authenticated but not Encrypted T… Randy Armstrong (OPC)
- Re: Request for Authenticated but not Encrypted T… Eliot Lear
- Re: Request for Authenticated but not Encrypted T… Lucas Pardue
- RE: Request for Authenticated but not Encrypted T… Randy Armstrong (OPC)
- Re: Request for Authenticated but not Encrypted T… Eliot Lear
- RE: Request for Authenticated but not Encrypted T… Randy Armstrong (OPC)
- Re: Request for Authenticated but not Encrypted T… Lars Eggert
- RE: Request for Authenticated but not Encrypted T… Randy Armstrong (OPC)
- Re: Request for Authenticated but not Encrypted T… Behcet Sarikaya
- Re: Request for Authenticated but not Encrypted T… Phillip Hallam-Baker
- Re: Request for Authenticated but not Encrypted T… Phillip Hallam-Baker
- RE: Request for Authenticated but not Encrypted T… Randy Armstrong (OPC)
- Re: Request for Authenticated but not Encrypted T… Matt Joras
- Re: Request for Authenticated but not Encrypted T… Paul Vixie
- Re: Request for Authenticated but not Encrypted T… Dave Taht
- Re: Request for Authenticated but not Encrypted T… Lucas Pardue
- Re: Request for Authenticated but not Encrypted T… Phillip Hallam-Baker
- Re: Request for Authenticated but not Encrypted T… Christian Huitema
- Re: Request for Authenticated but not Encrypted T… Phillip Hallam-Baker
- RE: Request for Authenticated but not Encrypted T… Randy Armstrong (OPC)
- Re: Request for Authenticated but not Encrypted T… Christian Huitema
- Re: Request for Authenticated but not Encrypted T… Christian Huitema
- Re: Request for Authenticated but not Encrypted T… Phillip Hallam-Baker
- RE: Request for Authenticated but not Encrypted T… Randy Armstrong (OPC)
- Re: Request for Authenticated but not Encrypted T… Willy Tarreau
- Re: Request for Authenticated but not Encrypted T… Paul Vixie
- Re: Request for Authenticated but not Encrypted T… Lucas Pardue
- Re: Request for Authenticated but not Encrypted T… Phillip Hallam-Baker
- RE: Request for Authenticated but not Encrypted T… Antoine FRESSANCOURT
- Re: Request for Authenticated but not Encrypted T… Dirkjan Ochtman
- Re: Request for Authenticated but not Encrypted T… Behcet Sarikaya
- Re: Request for Authenticated but not Encrypted T… Lucas Pardue
- Re: Request for Authenticated but not Encrypted T… Phillip Hallam-Baker
- Re: Request for Authenticated but not Encrypted T… Lucas Pardue
- Re: Request for Authenticated but not Encrypted T… Martin Duke
- Re: Request for Authenticated but not Encrypted T… Michael Tuexen
- Re: Request for Authenticated but not Encrypted T… Roberto Peon
- Re: Request for Authenticated but not Encrypted T… Behcet Sarikaya
- Re: Request for Authenticated but not Encrypted T… Lucas Pardue
- Re: Request for Authenticated but not Encrypted T… Eliot Lear
- Re: Request for Authenticated but not Encrypted T… Phillip Hallam-Baker