[secdir] [new-work] WG Review: Multiplexed Application Substrate over QUIC Encryption (masque)
The IESG <iesg@ietf.org> Thu, 20 April 2023 21:51 UTC
Return-Path: <new-work-bounces@ietf.org>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 5BAC7C54244F; Thu, 20 Apr 2023 14:51:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1682027511; bh=81zQp6cWoISbGbZO0qVuinZSo/kOoCnVePoYlzf8FJM=; h=From:To:Date:Subject:List-Id:List-Unsubscribe:List-Archive: List-Post:List-Help:List-Subscribe:Reply-To; b=grGEZxIg5LJN2WXCY2ii86DQ3TV0GRkeK//7GtSiCa5VKgo//mHAy4OXtFN2BVB3z iMCl9gBqTGP40UFhhcwBE7IUeHNjK6Bu3ai+c3rxHc0WStxZiId23aB37BpdTR9S1Q dLFPAi3xCGkCe9qkD2zygKn9crFiMNLV9/y0lYS0=
X-Mailbox-Line: From new-work-bounces@ietf.org Thu Apr 20 14:51:51 2023
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 9B91BC169524; Thu, 20 Apr 2023 14:51:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1682027510; bh=81zQp6cWoISbGbZO0qVuinZSo/kOoCnVePoYlzf8FJM=; h=From:To:Date:Subject:List-Id:List-Unsubscribe:List-Archive: List-Post:List-Help:List-Subscribe:Reply-To; b=Kzo1tZSrXxBgLGWCeMh5gqX4UR/fMTEVIpmAaHtfVXv9ieO1oYnmH8jZH0b/wFVK4 Ir9ng3/+BkrwqQYmUXmnpre4D0kb3pkOxIsc+cMbB8xcMlRVBZYzDLTh8TNGcW0AeZ lkYMnz9SBFrmIxgQCBY+bE0NOtNd3QWJvxtKNQn8=
X-Original-To: new-work@ietf.org
Delivered-To: new-work@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 1A7E7C15170B for <new-work@ietf.org>; Thu, 20 Apr 2023 14:51:43 -0700 (PDT)
MIME-Version: 1.0
From: The IESG <iesg@ietf.org>
To: new-work@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 10.0.0
Auto-Submitted: auto-generated
Precedence: bulk
MIME-Version: 1.0
Reply_to: <iesg@ietf.org>
Message-ID: <168202750310.62983.18213774710903370409@ietfa.amsl.com>
Date: Thu, 20 Apr 2023 14:51:43 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/new-work/XlWcZJGn9TebyQ6L87z2gTEPaEc>
X-BeenThere: new-work@ietf.org
X-Mailman-Version: 2.1.39
Reply-To: iesg@ietf.org
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: new-work-bounces@ietf.org
Sender: new-work <new-work-bounces@ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/rs7t9Gp3K1UnUBA0ULiiQmoJrsU>
X-Mailman-Approved-At: Thu, 20 Apr 2023 19:03:12 -0700
Subject: [secdir] [new-work] WG Review: Multiplexed Application Substrate over QUIC Encryption (masque)
X-BeenThere: secdir@ietf.org
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Apr 2023 21:51:51 -0000
The Multiplexed Application Substrate over QUIC Encryption (masque) WG in the Transport Area of the IETF is undergoing rechartering. The IESG has not made any determination yet. The following draft charter was submitted, and is provided for informational purposes only. Please send your comments to the IESG mailing list (iesg@ietf.org) by 2023-04-30. Multiplexed Application Substrate over QUIC Encryption (masque) ----------------------------------------------------------------------- Current status: Active WG Chairs: Christopher Wood <caw@heapingbits.net> Eric Kinnear <ekinnear@apple.com> Assigned Area Director: Martin Duke <martin.h.duke@gmail.com> Transport Area Directors: Martin Duke <martin.h.duke@gmail.com> Zaheduzzaman Sarker <Zaheduzzaman.Sarker@ericsson.com> Mailing list: Address: masque@ietf.org To subscribe: https://www.ietf.org/mailman/listinfo/masque Archive: https://mailarchive.ietf.org/arch/browse/masque/ Group page: https://datatracker.ietf.org/group/masque/ Charter: https://datatracker.ietf.org/doc/charter-ietf-masque/ Many network topologies lead to situations where transport protocol proxying is beneficial. For example, proxying enables endpoints to communicate when end-to-end connectivity is not possible or to apply additional encryption where desirable (such as a VPN). Proxying can also improve client privacy, e.g., by hiding a client's IP address from a target server. Proxying technologies such as SOCKS and HTTP(S) CONNECT exist, albeit with their own shortcomings. For example, SOCKS signalling is not encrypted and HTTP CONNECT is currently limited to TCP. The primary goal of this working group is to develop mechanism(s) that allow configuring and concurrently running multiple proxied stream- and datagram-based flows inside an HTTP connection. The group has specified CONNECT-UDP and CONNECT-IP, collectively known as MASQUE, to enable this functionality. MASQUE leverages the HTTP request/response semantics, multiplexes flows over streams, uses a unified congestion controller, encrypts flow metadata, and enables unreliable delivery suitable for UDP and IP-based applications. The MASQUE working group will now develop HTTP extensions, which might be specific to the HTTP version, to the core client-initiated CONNECT-UDP and CONNECT-IP functionality. Services that a proxy initiates without any prompt from a client are out of scope. Exercising the extension points defined by CONNECT-UDP and CONNECT-IP helps to make it easier to support new use cases or accommodate changes in the environment in which these protocols are deployed. The initial set of extensions will be in support of UDP listening, and CONNECT-UDP proxying optimizations when the UDP traffic is QUIC. Additional extensions that provide missing functionality, improve performance, or otherwise ease deployability for use cases may be adopted where there are multiple implementation and/or deployment proponents. The intended status is Standards Track, but the WG may downgrade if it believes that is appropriate for the ultimate document maturity level. Extensions to HTTP Datagrams will be coordinated with HTTPBIS. Extensions that solely relate to generic proxying functionality, and are not specific to the core MASQUE documents, are out of scope. Specifying proxy server discovery mechanisms is out of scope. New congestion control and loss recovery algorithms are also out of scope. However, the working group will consider implications of tunneling protocols with congestion control and loss recovery over MASQUE proxies, and may issue recommendations accordingly. The working group will consider how the protocols it defines might operate over versions of HTTP that use TCP rather than QUIC, for use when QUIC is unavailable. This might include defining alternative extensions specifically for use in these HTTP versions. IP multicast is out of scope. Designs need not explicitly preclude multicast, but they will not focus on multicast-specific features. Impacts on address migration, NAT rebinding, and future multipath mechanisms of QUIC are not anticipated. However, the working group should document these impacts, or those of any other QUIC developments, if they arise. The group will coordinate closely with other working groups responsible for maintaining relevant protocol extensions, such as HTTPBIS, QUIC, or TLS. It will also coordinate closely with ICCRG and TSVWG on congestion control and loss recovery considerations, and intarea for IP Proxying. MASQUE is not intended to be a long-lived working group. Milestones: - Submit an extension for UDP listeners - Submit an extension for QUIC-aware proxying _______________________________________________ new-work mailing list new-work@ietf.org https://www.ietf.org/mailman/listinfo/new-work