IETF Logo Mail Archive

Re: [Masque] HTTP DATA frames for HTTP CONNECT?

Lucas Pardue <lucaspardue.24.7@gmail.com> Fri, 16 October 2020 00:28 UTC

Return-Path: <lucaspardue.24.7@gmail.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 39BE63A0D39; Thu, 15 Oct 2020 17:28:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.847
X-Spam-Level:
X-Spam-Status: No, score=-1.847 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RUJ9H46RQ40f; Thu, 15 Oct 2020 17:28:40 -0700 (PDT)
Received: from mail-ej1-x632.google.com (mail-ej1-x632.google.com [IPv6:2a00:1450:4864:20::632]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 53EA93A0D31; Thu, 15 Oct 2020 17:28:40 -0700 (PDT)
Received: by mail-ej1-x632.google.com with SMTP id x7so660859eje.8; Thu, 15 Oct 2020 17:28:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Xd3Yy1tFrAiDSPhSWXUQYRoxhwubCQmDQ2FLdh2IPi8=; b=Qqlal15khGSa5yTf8RYyrXbmtglObvRlBrGCdFdX8pUQDQfoyUcXu3nC9XH2Bwi5Vj VbgGsB6f2aGzuPiy973ujaU3LwpDMD2ifZ5gWucdUxqA96sDT/6YH0TNe1LrTVi8q0gN 7Z675klvo6sVqHf20+icVv2Wy59HV7gWeFYdqkK1kYu/AfvkVFmA1hJwMiYtB01fPXoD rQgA7frQK1b52PjoU7cpMyFIRBvun59aX/8le2KTsmHBjLaZbaGnpqRY8XRo7dFqlvqv TiO8BjVUbTmD6MfKYEDsUWwQEOFx4U4XJwuSV96eFbFDHu3dgQUmmpNeCltKhTL0BRhM Q2/A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Xd3Yy1tFrAiDSPhSWXUQYRoxhwubCQmDQ2FLdh2IPi8=; b=dYYHttQXJbbeRpti8V1zxIrrB6Ev3AlB7tyKFh7lZamfuYaBBr+oHqgqH5N9lu9MMC syGj65aMHAI7vE4bwmg9qtsqo25JWWKlXDNwfgtooospLm4f2mwsAUe67m1g0P9mjJGl 9WCuXRWA81jusXPO5KU/Szq4Ydf7k0jY8wtxqIbELaDlOTxL1xeWHehDyTHb4vD+aETK g5QiFC8Lhx/OYgWkIWVruroxinQnH2dA6FgNclBGiv9B5ZBw+VC97YrlEwIyjnl1jdYX NkflcmXQWhnCKeU28LvL7Bqy84kURqn2zsSMAaBjFw3tX8RV7PyASb3H1+PAzApGX2bi G8hg==
X-Gm-Message-State: AOAM531V6/HWNlIMJa9ysSJf+3+Mpk9x/pyFthfF0WvyuANmiPIXQi/L Pfce0CEydRozQchX1AU+DEhVJNebBXB5eXce70s=
X-Google-Smtp-Source: ABdhPJyDXfsmYaQ7CQv3Ov77lF4fnyHSDl8sO4gWXf1p9pu8MPfubveg1JX8zDVuZJcxFc2aDky2dVdRm5SZp6HHaDY=
X-Received: by 2002:a17:906:5249:: with SMTP id y9mr1075165ejm.440.1602808118900; Thu, 15 Oct 2020 17:28:38 -0700 (PDT)
MIME-Version: 1.0
References: <A92255DF-F477-4DE6-9AA2-33373959E792@ericsson.com> <CAHbWFkRvGKpHRfBrstVpHdfDZLkQyks77O2sc-j0uV8tCWyS2Q@mail.gmail.com> <CALGR9oYC6o8BYgO5Sxb0yMFibzFn241OpWTh3njnMh3KQK8ejQ@mail.gmail.com> <72706E88-C329-4E8B-A09F-CAE27D223DC8@ericsson.com> <6918A78D-E2F1-42D9-BFE6-BA1285D67333@ericsson.com>
In-Reply-To: <6918A78D-E2F1-42D9-BFE6-BA1285D67333@ericsson.com>
From: Lucas Pardue <lucaspardue.24.7@gmail.com>
Date: Fri, 16 Oct 2020 01:28:29 +0100
Message-ID: <CALGR9oYTA0RgBtQV66XmgQ6utz_sn6Bzkws2M-80Aah2B4B8pw@mail.gmail.com>
Subject: Re: [Masque] HTTP DATA frames for HTTP CONNECT?
To: Mirja Kuehlewind <mirja.kuehlewind@ericsson.com>
Cc: Mirja Kuehlewind <mirja.kuehlewind=40ericsson.com@dmarc.ietf.org>, Alex Chernyakhovsky <achernya@google.com>, "quic@ietf.org" <quic@ietf.org>, "masque@ietf.org" <masque@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000091fadf05b1bed84e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/W5f6JbDLxAwSGwOgZ7CY2ibSzQc>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Oct 2020 00:28:42 -0000

Is the overhead really that bad though?

A common case for CONNECT will be to tunnel TLS, so if you assume 16Kbyte
records the frame overhead of 3 bytes comes out at ~0.02%.

If you have TCP quarks that are smaller than DATA frames it's a different
story. But the solution there is to have a large DATA frame and write into
it several times. I'd hope that HTTP/3 implementations can offer streaming
frame consumption. Buffering is going to cause all sorts of issues.

Extension frames seem like a solid alternative. I know of at least one
other proposal for a tighter coupling of DATA-like frame to STREAM.

Cheers
Lucas

Cheers


On Fri, 16 Oct 2020, 00:51 Mirja Kuehlewind, <mirja.kuehlewind@ericsson.com>
wrote:

> Damn, missing „not“ below… meant to say that you need the HTTP framing for
> multiplexing in h2 but you don’t need it for that purpose in h3..
>
>
>
> *From: *Masque <masque-bounces@ietf.org> on behalf of Mirja Kuehlewind
> <mirja.kuehlewind=40ericsson.com@dmarc.ietf.org>
> *Date: *Friday, 16. October 2020 at 01:44
> *To: *Lucas Pardue <lucaspardue.24.7@gmail.com>, Alex Chernyakhovsky <
> achernya@google.com>
> *Cc: *"quic@ietf.org" <quic@ietf.org>, "masque@ietf.org" <masque@ietf.org>
> *Subject: *Re: [Masque] HTTP DATA frames for HTTP CONNECT?
>
>
>
> HI Lucas,
>
>
>
> RFC7231 defines CONNECT originally like this:
>
>
>
> “The CONNECT method requests that the recipient establish a tunnel to
>
>    the destination origin server identified by the request-target and,
>
>    if successful, thereafter restrict its behavior to blind forwarding
>
>    of packets, in both directions, until the tunnel is closed.”
>
>
>
> So I would interpret that the connection is not really a HTTP connection
> anymore after it has concluded the CONNECT. Again in HTTP/2 this did work
> because of multiplexing but in HTTP/3 is would work again and effectively
> maybe be the more flexible solution.
>
>
>
> Mirja
>
>
>
>
>
> *From: *Lucas Pardue <lucaspardue.24.7@gmail.com>
> *Date: *Thursday, 15. October 2020 at 19:35
> *To: *Alex Chernyakhovsky <achernya@google.com>
> *Cc: *Mirja Kuehlewind <mirja.kuehlewind@ericsson.com>, "masque@ietf.org"
> <masque@ietf.org>
> *Subject: *Re: [Masque] HTTP DATA frames for HTTP CONNECT?
>
>
>
> Hey Mirja,
>
>
>
> I'm against allowing unframed bytes on request streams. It limits
> extensibility (as pointed out by Alex) and introduces complexity to
> conventional HTTP/3 server implementations. HTTP desync attacks are
> something that framing protects against, let's not introduce risk for the
> sake of optimization.
>
>
>
> The good news is that DATA frames can span QUIC packets. So if you're ok
> to take the hit once, you can send a very-long DATA frame and just keep
> appending data to it.
>
>
>
> Cheers
>
> Lucas
>

v2.23.0 | Report a Bug | By Email