Re: Request for Authenticated but not Encrypted Traffic
Behcet Sarikaya <sarikaya2012@gmail.com> Wed, 05 October 2022 15:00 UTC
Return-Path: <sarikaya2012@gmail.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B34F1C14CF0B for <quic@ietfa.amsl.com>; Wed, 5 Oct 2022 08:00:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.855
X-Spam-Level:
X-Spam-Status: No, score=-1.855 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EO8q0hiIeRNt for <quic@ietfa.amsl.com>; Wed, 5 Oct 2022 08:00:34 -0700 (PDT)
Received: from mail-vs1-xe35.google.com (mail-vs1-xe35.google.com [IPv6:2607:f8b0:4864:20::e35]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D1434C14CF09 for <quic@ietf.org>; Wed, 5 Oct 2022 08:00:34 -0700 (PDT)
Received: by mail-vs1-xe35.google.com with SMTP id 126so17994905vsi.10 for <quic@ietf.org>; Wed, 05 Oct 2022 08:00:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:from:reply-to:in-reply-to:references :mime-version:from:to:cc:subject:date; bh=/3jX08S+QVdx9Lgu/iKK0JzbVcsjZXGMtSN/7INhRZU=; b=cmKkUJIHsqO97LkWpg6o0fC0rQ3RDruxNanj4b86SRbOxTdneS4wRbqA59k49nrgL7 Y2jeZOUXM7z9XNCm3/JCbkjQN2ujR5XZmiRVUjv01kHY4ga60teJIz6WP+1n/SuiPGDy w7GwOm4raDgf4ICU3BKZsKSX7oXIzho+YV8/jF7c2lmuLdLc+/zz6MIn3g5GakmGb5LC vzh7ZD8T+D1HgHu/vKWdRs5l6h8eDFMWFXI1CY8QzvflLBUer6S1Kd83nqAnUkeGXUia 4FfkptDVRvHVGPG+Gd2ahAm6ZYZhV/+kccbQDTshyUSqsuwVs5KQ/wph8ATRYE2O9Bwb O3zA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:reply-to:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date; bh=/3jX08S+QVdx9Lgu/iKK0JzbVcsjZXGMtSN/7INhRZU=; b=2GA18vL+m9WAZhgExnlKFYHtp8Qs1eE6Tc86qsA4WFaHhyQOEYwIrlM3kcnj+DDFB1 hK6VfiQCoOjMHcESRDAmzahamZG0JF1E2zxSwSfh61337myIQDSjk3nVol3v9PyNBsAe 8UIjpT58QBtxO+oUoTKKP5z5R/xhJBMRP3+0nuW5VFL4vlDdTP55ZvYniH7xCLUasJWM 5/w5ZL5j6pBYwMwFm0JhGh//mU3KA7cdM3unPpTRtRd/adOPDY24teRtliRvUhX8ISIy LduEEvaORLS4jAuiac8QnQa7vATsBCH1Sdcy3IzQhumGsYOiJl3pjDUB4JQyuhb8H9X6 +NTQ==
X-Gm-Message-State: ACrzQf2/eIKsqLK6zMNr6ccMjGO9/mlLM6GaC09DHwld3CVCFgBg1KyQ izrtcbv3Hz/WJ5qSW0MMY9S+2ct16cgNU82SqFJttZ5/X6E=
X-Google-Smtp-Source: AMsMyM6/A46S8hbNGyvqwX0lS4QSoqF5Skf14pIlTYhJlCeI55w8+j92TpWDwRxXrQUjNTAkfNr1pkj8S9tE6273Y48=
X-Received: by 2002:a05:6102:3c8d:b0:39c:2f54:9f7c with SMTP id c13-20020a0561023c8d00b0039c2f549f7cmr13934286vsv.32.1664982033469; Wed, 05 Oct 2022 08:00:33 -0700 (PDT)
MIME-Version: 1.0
References: <CAMm+Lwgo5i=FD9sMcp+o_N-e5MprDDCDobzjh-FpwGKhiH99iQ@mail.gmail.com> <3C9CC208-E4E1-4F9F-B10A-6ACF485A0CEF@huitema.net> <CAMm+LwhVM+7Db6ZPLuE5A5VLYqocvZWr=hfKcN=HgYhrdLrgTQ@mail.gmail.com> <dbf9c81b-38f5-2767-1a1b-3309077764aa@huitema.net> <CAC8QAcdfiHvir=jbzegVAi1vqYHiucX4w4J=+vOaiDm14sjDOA@mail.gmail.com> <CALGR9oa_gGx=kdgFcoG+7MXW4km8vs60_sUW=6on82AfPsnAqw@mail.gmail.com> <CAMm+LwhbLZ44+9ZwDRuOFfkR=i5e1QG01FQe-TZdo_KQKdwkdA@mail.gmail.com> <CALGR9oZxmfZJSi16ima7a=bufV_HC2kEsf=YDBOuBFTRA+YPWA@mail.gmail.com> <CAM4esxTDwW_1ggzeHV0WG_g+34_WcP4SvqRMzOn3T-Y6va1wyw@mail.gmail.com>
In-Reply-To: <CAM4esxTDwW_1ggzeHV0WG_g+34_WcP4SvqRMzOn3T-Y6va1wyw@mail.gmail.com>
Reply-To: sarikaya@ieee.org
From: Behcet Sarikaya <sarikaya2012@gmail.com>
Date: Wed, 05 Oct 2022 10:00:21 -0500
Message-ID: <CAC8QAceouoQxHvVOojcAMm3eKJA9Zn-mtZ9vS5y7A=fMXpPemg@mail.gmail.com>
Subject: Re: Request for Authenticated but not Encrypted Traffic
To: Martin Duke <martin.h.duke@gmail.com>
Cc: Lucas Pardue <lucaspardue.24.7@gmail.com>, Phillip Hallam-Baker <phill@hallambaker.com>, QUIC WG <quic@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000a995a505ea4ad6fa"
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/pG6WmJs88Wi3d4PGgZ3nR3EQKBo>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Oct 2022 15:00:38 -0000
Hi Martin, On Mon, Oct 3, 2022 at 4:59 PM Martin Duke <martin.h.duke@gmail.com> wrote: > I'm late to this discussion, but if the need is a protocol that delivers > streams without encryption, SCTP (or SCTP over UDP) is a reasonably > well-vetted choice that would appear to meet the requirements. It > certainly sounds superior to asking people to invent a new protocol. > > Exactly. The requirement to have the payload encrypted seems to be the reason why Quic was connected to HTTP over TLS. I am not sure for IoT such a requirement could be defended in every use case. (Which is not to say that the suggestions to making QUIC work in this use > case are unworkable) > > +1 Behcet > On Mon, Oct 3, 2022 at 11:38 AM Lucas Pardue <lucaspardue.24.7@gmail.com> > wrote: > >> Hi Phillip, >> >> On Mon, 3 Oct 2022, 19:13 Phillip Hallam-Baker, <phill@hallambaker.com> >> wrote: >> >>> I think we have to actually build a prototype of a transactional-first >>> transport, then build some applications over it and only then look to see >>> whether/how we might re-use QUIC. >>> >>> That is how I originally worked on HTTP, I build applications using HTTP >>> as a transport, one of which was the first Webmail service, those allowed >>> me to discover the need for content length and start working on connection >>> keepalive and framing. >>> >>> And we need to build any such system around the capabilities of modern >>> programming languages which support threads and asynchronous methods. >>> Otherwise we just end up trapped in subordination type interactions and >>> don't progress beyond RPC. >>> >>> What I am saying is, let me build something, then take a look at it and >>> tell me if/how to build it using QUIC. >>> >> >> In case I was unclear, I think building something and revisitng later >> sounds like a good approach. Look forward to seeing your progress >> >> In the meantime, and tangentially, I think its important to we provide a >> consistent reminder that QUIC is very unopinionted about the applications >> on top. This has been the case for years. I suspect many application >> protocols that already exist would straightforwardly map to QUIC. We have >> RFCs that do this, many I-Ds either individual or adopted by WGs, and I'm >> aware of many protocol mappings that are defined outside the IETF - either >> openly documented or private. >> >> Should future evolution of QUIC provide opportunity for alternative >> (re)mappings that people think would be useful, that is entirely possible >> and supported. Extension like that should probably also add a section that >> extends the applicability document to aid designers and implementers. >> >> Cheers >> Lucas >> >> >> >>> >>> On Mon, Oct 3, 2022 at 1:19 PM Lucas Pardue <lucaspardue.24.7@gmail.com> >>> wrote: >>> >>>> Hi Behcet, >>>> >>>> >>>> On Mon, Oct 3, 2022 at 5:56 PM Behcet Sarikaya <sarikaya2012@gmail.com> >>>> wrote: >>>> >>>>> Hi Christian, >>>>> >>>>> I quickly glanced through RFC 9250 which defines DoQ and references >>>>> ALPN in RFC 7301. >>>>> Agree with Philip that DoQ does not define something that is >>>>> independent of HTTP. >>>>> >>>>> Will it come one day, we don't know? >>>>> Behcet >>>>> >>>> >>>> DoQ is an application mapping over QUIC. ALPN is an extension to TLS. >>>> DoQ might use a transactional model that maps to bidirectional streams but >>>> that is the full extent of similarities to HTTP; there is no normative >>>> dependency. >>>> >>>> RFC 9000 was written carefully to describe the interface that >>>> application-data-bearing streams can provide to applications. This is not >>>> related to HTTP, QUIC is independent of HTTP. Indeed, QUIC on its own means >>>> pretty much nothing. It needs an application mapping protocol. The >>>> recently-published applicability draft, RFC 9308 [1], is specifically >>>> written to aid designers or implementers of such mappings. Randy might find >>>> RFC 9308 informative if wishing to pursue QUIC as a transport substrate for >>>> the OT application layer traffic. >>>> >>>> Cheers >>>> Lucas >>>> >>>> [1] - https://www.rfc-editor.org/rfc/rfc9308.html >>>> >>>> >>>> >>>
- Request for Authenticated but not Encrypted Traff… Randy Armstrong (OPC)
- Re: Request for Authenticated but not Encrypted T… Paul Vixie
- RE: Request for Authenticated but not Encrypted T… Randy Armstrong (OPC)
- Re: Request for Authenticated but not Encrypted T… Roberto Peon
- RE: Request for Authenticated but not Encrypted T… Randy Armstrong (OPC)
- Re: Request for Authenticated but not Encrypted T… Salz, Rich
- Re: Request for Authenticated but not Encrypted T… Paul Vixie
- Re: Request for Authenticated but not Encrypted T… Phillip Hallam-Baker
- Re: Request for Authenticated but not Encrypted T… Martin Thomson
- RE: Request for Authenticated but not Encrypted T… Randy Armstrong (OPC)
- Re: Request for Authenticated but not Encrypted T… Eliot Lear
- Re: Request for Authenticated but not Encrypted T… Paul Vixie
- Re: Request for Authenticated but not Encrypted T… Carsten Bormann
- Re: Request for Authenticated but not Encrypted T… Paul Vixie
- Re: Request for Authenticated but not Encrypted T… Carsten Bormann
- RE: Request for Authenticated but not Encrypted T… Randy Armstrong (OPC)
- Re: Request for Authenticated but not Encrypted T… Eliot Lear
- Re: Request for Authenticated but not Encrypted T… Lucas Pardue
- RE: Request for Authenticated but not Encrypted T… Randy Armstrong (OPC)
- Re: Request for Authenticated but not Encrypted T… Eliot Lear
- RE: Request for Authenticated but not Encrypted T… Randy Armstrong (OPC)
- Re: Request for Authenticated but not Encrypted T… Lars Eggert
- RE: Request for Authenticated but not Encrypted T… Randy Armstrong (OPC)
- Re: Request for Authenticated but not Encrypted T… Behcet Sarikaya
- Re: Request for Authenticated but not Encrypted T… Phillip Hallam-Baker
- Re: Request for Authenticated but not Encrypted T… Phillip Hallam-Baker
- RE: Request for Authenticated but not Encrypted T… Randy Armstrong (OPC)
- Re: Request for Authenticated but not Encrypted T… Matt Joras
- Re: Request for Authenticated but not Encrypted T… Paul Vixie
- Re: Request for Authenticated but not Encrypted T… Dave Taht
- Re: Request for Authenticated but not Encrypted T… Lucas Pardue
- Re: Request for Authenticated but not Encrypted T… Phillip Hallam-Baker
- Re: Request for Authenticated but not Encrypted T… Christian Huitema
- Re: Request for Authenticated but not Encrypted T… Phillip Hallam-Baker
- RE: Request for Authenticated but not Encrypted T… Randy Armstrong (OPC)
- Re: Request for Authenticated but not Encrypted T… Christian Huitema
- Re: Request for Authenticated but not Encrypted T… Christian Huitema
- Re: Request for Authenticated but not Encrypted T… Phillip Hallam-Baker
- RE: Request for Authenticated but not Encrypted T… Randy Armstrong (OPC)
- Re: Request for Authenticated but not Encrypted T… Willy Tarreau
- Re: Request for Authenticated but not Encrypted T… Paul Vixie
- Re: Request for Authenticated but not Encrypted T… Lucas Pardue
- Re: Request for Authenticated but not Encrypted T… Phillip Hallam-Baker
- RE: Request for Authenticated but not Encrypted T… Antoine FRESSANCOURT
- Re: Request for Authenticated but not Encrypted T… Dirkjan Ochtman
- Re: Request for Authenticated but not Encrypted T… Behcet Sarikaya
- Re: Request for Authenticated but not Encrypted T… Lucas Pardue
- Re: Request for Authenticated but not Encrypted T… Phillip Hallam-Baker
- Re: Request for Authenticated but not Encrypted T… Lucas Pardue
- Re: Request for Authenticated but not Encrypted T… Martin Duke
- Re: Request for Authenticated but not Encrypted T… Michael Tuexen
- Re: Request for Authenticated but not Encrypted T… Roberto Peon
- Re: Request for Authenticated but not Encrypted T… Behcet Sarikaya
- Re: Request for Authenticated but not Encrypted T… Lucas Pardue
- Re: Request for Authenticated but not Encrypted T… Eliot Lear
- Re: Request for Authenticated but not Encrypted T… Phillip Hallam-Baker