IETF Logo Mail Archive

RE: Request for Authenticated but not Encrypted Traffic

Antoine FRESSANCOURT <antoine.fressancourt@huawei.com> Mon, 03 October 2022 09:16 UTC

Return-Path: <antoine.fressancourt@huawei.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CD439C14F613 for <quic@ietfa.amsl.com>; Mon, 3 Oct 2022 02:16:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.21
X-Spam-Level:
X-Spam-Status: No, score=-4.21 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2-NTsqKhrw6y for <quic@ietfa.amsl.com>; Mon, 3 Oct 2022 02:16:57 -0700 (PDT)
Received: from frasgout.his.huawei.com (frasgout.his.huawei.com [185.176.79.56]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E99CCC14F693 for <quic@ietf.org>; Mon, 3 Oct 2022 02:16:56 -0700 (PDT)
Received: from fraeml714-chm.china.huawei.com (unknown [172.18.147.206]) by frasgout.his.huawei.com (SkyGuard) with ESMTP id 4MgwD458TMz68944; Mon, 3 Oct 2022 17:15:32 +0800 (CST)
Received: from lhrpeml500006.china.huawei.com (7.191.161.198) by fraeml714-chm.china.huawei.com (10.206.15.33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 3 Oct 2022 11:16:53 +0200
Received: from lhrpeml500003.china.huawei.com (7.191.162.67) by lhrpeml500006.china.huawei.com (7.191.161.198) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 3 Oct 2022 10:16:53 +0100
Received: from lhrpeml500003.china.huawei.com ([7.191.162.67]) by lhrpeml500003.china.huawei.com ([7.191.162.67]) with mapi id 15.01.2375.031; Mon, 3 Oct 2022 10:16:53 +0100
From: Antoine FRESSANCOURT <antoine.fressancourt@huawei.com>
To: "Randy Armstrong (OPC)" <randy.armstrong@opcfoundation.org>
CC: "quic@ietf.org" <quic@ietf.org>
Subject: RE: Request for Authenticated but not Encrypted Traffic
Thread-Topic: Request for Authenticated but not Encrypted Traffic
Thread-Index: AdjT/etteyPc96T0SA+BuKbhQ9/5AQAPBNYAAABhQAAAAw3BEwAAbsaAACLPvwAAAbL3gAAAgL+AAADW4IAABH6qgAABDPgAAAEv1YAACBmmgAAAfSuAAANFcoAAAB30AAB3J2eg
Date: Mon, 03 Oct 2022 09:16:53 +0000
Message-ID: <1eaaeaa271a645faa472aee43225f1fc@huawei.com>
References: <CAMm+Lwgo5i=FD9sMcp+o_N-e5MprDDCDobzjh-FpwGKhiH99iQ@mail.gmail.com> <3C9CC208-E4E1-4F9F-B10A-6ACF485A0CEF@huitema.net> <CAMm+LwhVM+7Db6ZPLuE5A5VLYqocvZWr=hfKcN=HgYhrdLrgTQ@mail.gmail.com> <SJ0PR08MB82888AF87EE732F97717AFF4FA569@SJ0PR08MB8288.namprd08.prod.outlook.com> <7a099cee-59db-5c6d-2026-3216c60b37ea@huitema.net> <CAMm+Lwg7f226X+jR5_LmuMP2B172pA-W638hskJUpvRzNL++Qw@mail.gmail.com> <SJ0PR08MB828871DF21A3D22656B394AEFA599@SJ0PR08MB8288.namprd08.prod.outlook.com>
In-Reply-To: <SJ0PR08MB828871DF21A3D22656B394AEFA599@SJ0PR08MB8288.namprd08.prod.outlook.com>
Accept-Language: fr-FR, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.203.70.66]
Content-Type: multipart/alternative; boundary="_000_1eaaeaa271a645faa472aee43225f1fchuaweicom_"
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/qScbzMKi3WRN8i8o-DtSeYtZcrw>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Oct 2022 09:16:59 -0000

Hello,

Since the beginning of the discussion, I am really wondering why you want to use QUIC while it seems (in my view) that you “just” need to use an authentication header with IPv6, or change DTLS the way you changed TLS to provide only authentication without encryption.

But again, I might be completely misunderstanding your requirements

Best,

Antoine

From: QUIC <quic-bounces@ietf.org> On Behalf Of Randy Armstrong (OPC)
Sent: samedi 1 octobre 2022 03:21
To: Phillip Hallam-Baker <phill@hallambaker.com>; Christian Huitema <huitema@huitema.net>
Cc: quic@ietf.org
Subject: RE: Request for Authenticated but not Encrypted Traffic


  *   That is pretty much the only model we have been using but it isn't the only model and it is a straightjacket.

We have other protocols for publish-subscribe patterns (including multicast). We would not want to use QUIC for those use cases. QUIC only makes sense for request-response.

From: Phillip Hallam-Baker <phill@hallambaker.com<mailto:phill@hallambaker.com>>
Sent: Saturday, October 1, 2022 10:18 AM
To: Christian Huitema <huitema@huitema.net<mailto:huitema@huitema.net>>
Cc: Randy Armstrong (OPC) <randy.armstrong@opcfoundation.org<mailto:randy.armstrong@opcfoundation.org>>; quic@ietf.org<mailto:quic@ietf.org>
Subject: Re: Request for Authenticated but not Encrypted Traffic

Both of you are assuming a request/response paradigm.

That is pretty much the only model we have been using but it isn't the only model and it is a straightjacket.

On Fri, Sep 30, 2022 at 7:44 PM Christian Huitema <huitema@huitema.net<mailto:huitema@huitema.net>> wrote:

On 9/30/2022 4:30 PM, Randy Armstrong (OPC) wrote:
>    *   Sure, we could design a presentation layer on top of QUIC. I think it is better to design a transport/presentation layer for the problem space and then see how we might make use of QUIC.
>
> Not quite sure why you make a big deal about this. OPC UA supports the kinds of operations you described but the complex operations are broken into multiple request-response pairs for transport. All OPC UA needs is a full duplex channel that allows responses to be returned in any order. I would imagine that any other protocol built on QUIC would do the same.
That's exactly the way DNS over QUIC is designed. Full duplex channel
(QUIC connection) allowing for series of transactions. Each transaction
request (from the client) is mapped to a new duplex stream stream;
response come back on the reverse part of that stream; responses to
transactions arrive in any order.
> The important question is: does QUIC have any inherent limitations that would make it difficult to implement complex operations over top of QUIC?

No.

You have to pay attention to the management of connections, how to
resume connections after they break, etc. But that's pretty standard
when designing a distributed application.

-- Christian Huitema

v2.23.0 | Report a Bug | By Email