IETF Logo Mail Archive

Re: Request for Authenticated but not Encrypted Traffic

Phillip Hallam-Baker <phill@hallambaker.com> Fri, 30 September 2022 15:47 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5B3CFC1522C1 for <quic@ietfa.amsl.com>; Fri, 30 Sep 2022 08:47:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.409
X-Spam-Level:
X-Spam-Status: No, score=-6.409 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.248, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jfWHiOfr0S3R for <quic@ietfa.amsl.com>; Fri, 30 Sep 2022 08:47:15 -0700 (PDT)
Received: from mail-oa1-f53.google.com (mail-oa1-f53.google.com [209.85.160.53]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A9828C1522AA for <quic@ietf.org>; Fri, 30 Sep 2022 08:47:15 -0700 (PDT)
Received: by mail-oa1-f53.google.com with SMTP id 586e51a60fabf-12c8312131fso5916807fac.4 for <quic@ietf.org>; Fri, 30 Sep 2022 08:47:15 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date; bh=boLwlVLQGsBqicMJkPpOVQrmUvcwW1T3/5t2qFUP0j4=; b=qh+1UQFESLn3DI6MWuvlUxhbwEjojddDmhFEM5v7PHHsf9w5RN1kl1qPeGBbgE732l vOU6hm4ZomQF8M5gt5Cgr8TL8ZANCbO/w3Pb7qjnyR3EZlxPsCk45mwO9pzWAIXTyXQ8 PPdR8AB4yX7iKl+bQoPgOH5NeHsVSRKIbqtOW92r/s87rTY1y0bogPpb9UEPmre5WiDe WwZQ42xLe8LqCbLbosaNRi1RtadKk9AOisEdL3UIQqwGj5dQ8Z0Wb0PT+bMkGsiyWIO5 6klybWBy5T985j56pPzmYB320+zrRdX4YU/J3XgUB7T5aW+xkY2TymNnwPui7d8zD6a9 dUfg==
X-Gm-Message-State: ACrzQf1MaPPVZInU2gi6aNvmHjtWg3X8/GO21a+eb81foiyENji5LZES 45JiCl8ditl/Hb1O+YfLxb8icyxfXj1cGNmQbmPgNR+Y
X-Google-Smtp-Source: AMsMyM5qvO06TZ8H02Z9umT5xQF7EiUsgrgSNZVs+0+k6Eqy3HfAlqus0ASvLSxLFt2hFxfV7me9vmjGr6p6HqWy5cI=
X-Received: by 2002:a05:6870:c210:b0:131:e1ab:2cfb with SMTP id z16-20020a056870c21000b00131e1ab2cfbmr3668229oae.244.1664552834878; Fri, 30 Sep 2022 08:47:14 -0700 (PDT)
MIME-Version: 1.0
References: <SJ0PR08MB82889F488CCA7D8FC4997ACEFA579@SJ0PR08MB8288.namprd08.prod.outlook.com> <e0c93db9-785b-fbfc-604a-5aa047d3c25b@redbarn.org> <SJ0PR08MB8288E1364214A9BCA4DBC6A5FA579@SJ0PR08MB8288.namprd08.prod.outlook.com> <MW5PR15MB51459BB0DCAD6E47A5A89C49D4579@MW5PR15MB5145.namprd15.prod.outlook.com> <SJ0PR08MB8288533C964762C760477D46FA579@SJ0PR08MB8288.namprd08.prod.outlook.com> <CAC8QAcfuVnr0UMii8kR-RZ_n3i8hOSDZTD=fHbkXVy5-3JJKNw@mail.gmail.com>
In-Reply-To: <CAC8QAcfuVnr0UMii8kR-RZ_n3i8hOSDZTD=fHbkXVy5-3JJKNw@mail.gmail.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
Date: Fri, 30 Sep 2022 11:47:03 -0400
Message-ID: <CAMm+LwhgCQcEMFCi7gc=UhDAGXug1=0Db90K=GnHTw9DOu8fog@mail.gmail.com>
Subject: Re: Request for Authenticated but not Encrypted Traffic
To: sarikaya@ieee.org
Cc: "Randy Armstrong (OPC)" <randy.armstrong@opcfoundation.org>, "quic@ietf.org" <quic@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000006ed18405e9e6e8f2"
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/U86WNKJVC3w80RcovPhS3r932Yo>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Sep 2022 15:47:16 -0000

On Fri, Sep 30, 2022 at 10:58 AM Behcet Sarikaya <sarikaya2012@gmail.com>
wrote:

>
>
> On Thu, Sep 29, 2022 at 4:42 PM Randy Armstrong (OPC) <
> randy.armstrong@opcfoundation.org> wrote:
>
>> At this point we have not determined that QUIC will actually be better
>> than TCP for OT applications. That said, we see the potential because there
>> is a need for UDP based protocols on some embedded devices because the OS
>> does not support TCP and QUIC offers the potential for prioritizing traffic
>> with multiple streams.
>>
>>
>>
>> There is also some effort to deploy 5G networks within factories which
>> would mean the lower latency recovering after IP address changes could be a
>> benefit.
>>
>>
>>
>> One risk for QUIC in this setting comes from the memory consumption
>> needed to handle out of order/repeated messages. TCP has had decades to
>> optimize this problem which means it could be more efficient.
>>
>>
>>
>> If the WG already knows that QUIC will not work so well on low end
>> embedded devices then we would like to learn more about the issues.
>>
>>
>>
>
>
> Hi Randy,
>
> I read the above. I think that TCP for IoT has been researched a lot and
> now we have some stripped down versions of TCP that are being used.
> Not sure or not familiar with anything similar for Quic.
> Quic is not like TCP, i.e. as far as I know, for Quic there is only one
> sender, that is HTTP.
> So you may be opening a can of worms with this proposal.
>
> Good luck,
> Behcet
>

This is a very good point. I dropped out of QUIC as it became clear that 1)
the WG is developing an optimized transport for Web Browsing and not a
general purpose transport and 2) This is absolutely the right approach the
WG should take.

Further, the QUIC group should resist attempts to 'build on QUIC' and turn
it into a kitchen sink protocol solving every problem. That is how
specifications wear out.


Web browsing is an application that is more than significant enough to
justify its own transport. It is also a very complicated ecosystem with a
lot of legacy commitments that have to be respected and so any solution is
inevitably going to be complex.

However, one of the consequences of QUIC is that there is now precedent for
developing new transport protocols built on UDP and so the floodgates are
open. When the Internet was originally designed in the 70s, the only way to
get transport sufficiently fast to be acceptable was to run it in the
kernel. That is no longer true. Modern CPUs are fast enough and modern OS
agile enough to offload transport out of the kernel.

Process control is absolutely not a good match for QUIC, nor are Web
services in general. HTTP is a lousy transport for Web Services and I write
as one of the people who designed HTTP/1.0,

What we need at this point is a transport that is designed for the needs of
Web Services. A transport that is designed to be transaction oriented with
suitable controls for rate limitation, authentication being established
between the relevant end-points, etc. etc. A transport that allows us to
keep a connection open for hours or days or years without constant
heartbeat messages between every pair of endpoints.

In short, what we need is what the OSI stack called a presentation layer.

While much of the work on QUIC would be relevant to such an effort, it
should do the same as QUIC did and start from a clean sheet of paper.

v2.23.0 | Report a Bug | By Email