IETF Logo Mail Archive

Re: Request for Authenticated but not Encrypted Traffic

Behcet Sarikaya <sarikaya2012@gmail.com> Wed, 05 October 2022 15:00 UTC

Return-Path: <sarikaya2012@gmail.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B34F1C14CF0B for <quic@ietfa.amsl.com>; Wed, 5 Oct 2022 08:00:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.855
X-Spam-Level:
X-Spam-Status: No, score=-1.855 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EO8q0hiIeRNt for <quic@ietfa.amsl.com>; Wed, 5 Oct 2022 08:00:34 -0700 (PDT)
Received: from mail-vs1-xe35.google.com (mail-vs1-xe35.google.com [IPv6:2607:f8b0:4864:20::e35]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D1434C14CF09 for <quic@ietf.org>; Wed, 5 Oct 2022 08:00:34 -0700 (PDT)
Received: by mail-vs1-xe35.google.com with SMTP id 126so17994905vsi.10 for <quic@ietf.org>; Wed, 05 Oct 2022 08:00:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:from:reply-to:in-reply-to:references :mime-version:from:to:cc:subject:date; bh=/3jX08S+QVdx9Lgu/iKK0JzbVcsjZXGMtSN/7INhRZU=; b=cmKkUJIHsqO97LkWpg6o0fC0rQ3RDruxNanj4b86SRbOxTdneS4wRbqA59k49nrgL7 Y2jeZOUXM7z9XNCm3/JCbkjQN2ujR5XZmiRVUjv01kHY4ga60teJIz6WP+1n/SuiPGDy w7GwOm4raDgf4ICU3BKZsKSX7oXIzho+YV8/jF7c2lmuLdLc+/zz6MIn3g5GakmGb5LC vzh7ZD8T+D1HgHu/vKWdRs5l6h8eDFMWFXI1CY8QzvflLBUer6S1Kd83nqAnUkeGXUia 4FfkptDVRvHVGPG+Gd2ahAm6ZYZhV/+kccbQDTshyUSqsuwVs5KQ/wph8ATRYE2O9Bwb O3zA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:reply-to:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date; bh=/3jX08S+QVdx9Lgu/iKK0JzbVcsjZXGMtSN/7INhRZU=; b=2GA18vL+m9WAZhgExnlKFYHtp8Qs1eE6Tc86qsA4WFaHhyQOEYwIrlM3kcnj+DDFB1 hK6VfiQCoOjMHcESRDAmzahamZG0JF1E2zxSwSfh61337myIQDSjk3nVol3v9PyNBsAe 8UIjpT58QBtxO+oUoTKKP5z5R/xhJBMRP3+0nuW5VFL4vlDdTP55ZvYniH7xCLUasJWM 5/w5ZL5j6pBYwMwFm0JhGh//mU3KA7cdM3unPpTRtRd/adOPDY24teRtliRvUhX8ISIy LduEEvaORLS4jAuiac8QnQa7vATsBCH1Sdcy3IzQhumGsYOiJl3pjDUB4JQyuhb8H9X6 +NTQ==
X-Gm-Message-State: ACrzQf2/eIKsqLK6zMNr6ccMjGO9/mlLM6GaC09DHwld3CVCFgBg1KyQ izrtcbv3Hz/WJ5qSW0MMY9S+2ct16cgNU82SqFJttZ5/X6E=
X-Google-Smtp-Source: AMsMyM6/A46S8hbNGyvqwX0lS4QSoqF5Skf14pIlTYhJlCeI55w8+j92TpWDwRxXrQUjNTAkfNr1pkj8S9tE6273Y48=
X-Received: by 2002:a05:6102:3c8d:b0:39c:2f54:9f7c with SMTP id c13-20020a0561023c8d00b0039c2f549f7cmr13934286vsv.32.1664982033469; Wed, 05 Oct 2022 08:00:33 -0700 (PDT)
MIME-Version: 1.0
References: <CAMm+Lwgo5i=FD9sMcp+o_N-e5MprDDCDobzjh-FpwGKhiH99iQ@mail.gmail.com> <3C9CC208-E4E1-4F9F-B10A-6ACF485A0CEF@huitema.net> <CAMm+LwhVM+7Db6ZPLuE5A5VLYqocvZWr=hfKcN=HgYhrdLrgTQ@mail.gmail.com> <dbf9c81b-38f5-2767-1a1b-3309077764aa@huitema.net> <CAC8QAcdfiHvir=jbzegVAi1vqYHiucX4w4J=+vOaiDm14sjDOA@mail.gmail.com> <CALGR9oa_gGx=kdgFcoG+7MXW4km8vs60_sUW=6on82AfPsnAqw@mail.gmail.com> <CAMm+LwhbLZ44+9ZwDRuOFfkR=i5e1QG01FQe-TZdo_KQKdwkdA@mail.gmail.com> <CALGR9oZxmfZJSi16ima7a=bufV_HC2kEsf=YDBOuBFTRA+YPWA@mail.gmail.com> <CAM4esxTDwW_1ggzeHV0WG_g+34_WcP4SvqRMzOn3T-Y6va1wyw@mail.gmail.com>
In-Reply-To: <CAM4esxTDwW_1ggzeHV0WG_g+34_WcP4SvqRMzOn3T-Y6va1wyw@mail.gmail.com>
Reply-To: sarikaya@ieee.org
From: Behcet Sarikaya <sarikaya2012@gmail.com>
Date: Wed, 05 Oct 2022 10:00:21 -0500
Message-ID: <CAC8QAceouoQxHvVOojcAMm3eKJA9Zn-mtZ9vS5y7A=fMXpPemg@mail.gmail.com>
Subject: Re: Request for Authenticated but not Encrypted Traffic
To: Martin Duke <martin.h.duke@gmail.com>
Cc: Lucas Pardue <lucaspardue.24.7@gmail.com>, Phillip Hallam-Baker <phill@hallambaker.com>, QUIC WG <quic@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000a995a505ea4ad6fa"
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/pG6WmJs88Wi3d4PGgZ3nR3EQKBo>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Oct 2022 15:00:38 -0000

Hi Martin,

On Mon, Oct 3, 2022 at 4:59 PM Martin Duke <martin.h.duke@gmail.com> wrote:

> I'm late to this discussion, but if the need is a protocol that delivers
> streams without encryption, SCTP (or SCTP over UDP) is a reasonably
> well-vetted choice that would appear to meet the requirements. It
> certainly sounds superior to asking people to invent a new protocol.
>
>
Exactly. The requirement to have the payload encrypted seems to be the
reason why Quic was connected to HTTP over TLS.
I am not sure for IoT such a requirement could be defended in every use
case.

(Which is not to say that the suggestions to making QUIC work in this use
> case are unworkable)
>
>
+1

Behcet

> On Mon, Oct 3, 2022 at 11:38 AM Lucas Pardue <lucaspardue.24.7@gmail.com>
> wrote:
>
>> Hi Phillip,
>>
>> On Mon, 3 Oct 2022, 19:13 Phillip Hallam-Baker, <phill@hallambaker.com>
>> wrote:
>>
>>> I think we have to actually build a prototype of a transactional-first
>>> transport, then build some applications over it and only then look to see
>>> whether/how we might re-use QUIC.
>>>
>>> That is how I originally worked on HTTP, I build applications using HTTP
>>> as a transport, one of which was the first Webmail service, those allowed
>>> me to discover the need for content length and start working on connection
>>> keepalive and framing.
>>>
>>> And we need to build any such system around the capabilities of modern
>>> programming languages which support threads and asynchronous methods.
>>> Otherwise we just end up trapped in subordination type interactions and
>>> don't progress beyond RPC.
>>>
>>> What I am saying is, let me build something, then take a look at it and
>>> tell me if/how to build it using QUIC.
>>>
>>
>> In case I was unclear, I think building something and revisitng later
>> sounds like a good approach. Look forward to seeing your progress
>>
>> In the meantime, and tangentially, I think its important to we provide a
>> consistent reminder that QUIC is very unopinionted about the applications
>> on top. This has been the case for years. I suspect many application
>> protocols that already exist would straightforwardly map to QUIC. We have
>> RFCs that do this, many I-Ds either individual or adopted by WGs, and I'm
>> aware of many protocol mappings that are defined outside the IETF - either
>> openly documented or private.
>>
>> Should future evolution of QUIC provide opportunity for alternative
>> (re)mappings that people think would be useful, that is entirely possible
>> and supported. Extension like that should probably also add a section that
>> extends the applicability document to aid designers and implementers.
>>
>> Cheers
>> Lucas
>>
>>
>>
>>>
>>> On Mon, Oct 3, 2022 at 1:19 PM Lucas Pardue <lucaspardue.24.7@gmail.com>
>>> wrote:
>>>
>>>> Hi Behcet,
>>>>
>>>>
>>>> On Mon, Oct 3, 2022 at 5:56 PM Behcet Sarikaya <sarikaya2012@gmail.com>
>>>> wrote:
>>>>
>>>>> Hi Christian,
>>>>>
>>>>> I quickly glanced through RFC 9250 which defines DoQ and references
>>>>> ALPN in RFC 7301.
>>>>> Agree with Philip that DoQ does not define something that is
>>>>> independent of HTTP.
>>>>>
>>>>> Will it come one day, we don't know?
>>>>> Behcet
>>>>>
>>>>
>>>> DoQ is an application mapping over QUIC. ALPN is an extension to TLS.
>>>> DoQ might use a transactional model that maps to bidirectional streams but
>>>> that is the full extent of similarities to HTTP; there is no normative
>>>> dependency.
>>>>
>>>> RFC 9000 was written carefully to describe the interface that
>>>> application-data-bearing streams can provide to applications. This is not
>>>> related to HTTP, QUIC is independent of HTTP. Indeed, QUIC on its own means
>>>> pretty much nothing. It needs an application mapping protocol. The
>>>> recently-published applicability draft, RFC 9308 [1], is specifically
>>>> written to aid designers or implementers of such mappings. Randy might find
>>>> RFC 9308 informative if wishing to pursue QUIC as a transport substrate for
>>>> the OT application layer traffic.
>>>>
>>>> Cheers
>>>> Lucas
>>>>
>>>> [1] - https://www.rfc-editor.org/rfc/rfc9308.html
>>>>
>>>>
>>>>
>>>

v2.23.0 | Report a Bug | By Email