[secdir] [new-work] WG Review: Multiplexed Application Substrate over QUIC Encryption (masque)
The IESG <iesg@ietf.org> Thu, 29 February 2024 23:51 UTC
Return-Path: <forwardingalgorithm@ietf.org>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 0D463C28FE7A; Thu, 29 Feb 2024 15:51:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1709250689; bh=HrPEPnI/33P05iYH1ELzgprPiVPUunbXMmZXWlWCVDg=; h=From:To:Date:Subject:List-Id:List-Unsubscribe:List-Archive: List-Post:List-Help:List-Subscribe:Reply-To; b=gGra6TWDx6tLIO/gr8ZLd6pquBbZAe9XEaIEZFWL+PD04YqDjgJu5OCeG2ZG8KtC2 tW105vEeenJZFla2r6BxvtNs/4/y/zHA8Hdl8If4oW51TRAR97sNnS5Mg2ea9hUeUo BKsCpltFCE9okSFosv9kT37Osq26H8DDAOQ3CuA4=
X-Mailbox-Line: From new-work-bounces@ietf.org Thu Feb 29 15:51:28 2024
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 67CA0C239612; Thu, 29 Feb 2024 15:51:28 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1709250688; bh=HrPEPnI/33P05iYH1ELzgprPiVPUunbXMmZXWlWCVDg=; h=From:To:Date:Subject:List-Id:List-Unsubscribe:List-Archive: List-Post:List-Help:List-Subscribe:Reply-To; b=bHAuG0TFHhm7l4/R9GE+7U15sg4+yEESacP8yxACz1z3Rm7YBQY9nT1c9lwD4wjFF Q6dWW9KZLYS/1eDg3MtwtKgPCLwGTBkpvWBIS/EqC/v1rIS1nJ7HCbn9s39hILoI6I Wv+6eCsOfYMis046+H/wWU87wMwVzrSTZNLo3Llk=
X-Original-To: new-work@ietf.org
Delivered-To: new-work@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 4F659C14F680 for <new-work@ietf.org>; Thu, 29 Feb 2024 15:51:20 -0800 (PST)
MIME-Version: 1.0
From: The IESG <iesg@ietf.org>
To: new-work@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 12.6.1
Auto-Submitted: auto-generated
Precedence: bulk
MIME-Version: 1.0
Reply_to: <iesg@ietf.org>
Message-ID: <170925068031.21559.18336003200404675487@ietfa.amsl.com>
Date: Thu, 29 Feb 2024 15:51:20 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/new-work/DGLF0eZJipZYcyVXSzWJ5BqJvKw>
X-BeenThere: new-work@ietf.org
X-Mailman-Version: 2.1.39
Reply-To: iesg@ietf.org
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: new-work-bounces@ietf.org
Sender: new-work <new-work-bounces@ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/udaakv4tq-1OT87x65LzsEdXJWE>
X-Mailman-Approved-At: Fri, 01 Mar 2024 08:48:43 -0800
Subject: [secdir] [new-work] WG Review: Multiplexed Application Substrate over QUIC Encryption (masque)
X-BeenThere: secdir@ietf.org
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Feb 2024 23:51:29 -0000
The Multiplexed Application Substrate over QUIC Encryption (masque) WG in the Web and Internet Transport of the IETF is undergoing rechartering. The IESG has not made any determination yet. The following draft charter was submitted, and is provided for informational purposes only. Please send your comments to the IESG mailing list (iesg@ietf.org) by 2024-03-11. Multiplexed Application Substrate over QUIC Encryption (masque) ----------------------------------------------------------------------- Current status: Active WG Chairs: Eric Kinnear <ekinnear@apple.com> Dennis Jackson <ietf@dennis-jackson.uk> Assigned Area Director: Martin Duke <martin.h.duke@gmail.com> Mailing list: Address: masque@ietf.org To subscribe: https://www.ietf.org/mailman/listinfo/masque Archive: https://mailarchive.ietf.org/arch/browse/masque/ Group page: https://datatracker.ietf.org/group/masque/ Charter: https://datatracker.ietf.org/doc/charter-ietf-masque/ Many network topologies lead to situations where transport protocol proxying is beneficial. For example, proxying enables endpoints to communicate when end-to-end connectivity is not possible or to apply additional encryption where desirable (such as a VPN). Proxying can also improve client privacy, e.g., by hiding a client's IP address from a target server. Proxying technologies such as SOCKS and HTTP(S) CONNECT exist, albeit with their own shortcomings. For example, SOCKS signalling is not encrypted and HTTP CONNECT is currently limited to TCP. The primary goal of this working group is to develop mechanism(s) that allow configuring and concurrently running multiple proxied stream- and datagram-based flows inside an HTTP connection. The group has specified CONNECT-UDP and CONNECT-IP, collectively known as MASQUE, to enable this functionality. MASQUE leverages the HTTP request/response semantics, multiplexes flows over streams, uses a unified congestion controller, encrypts flow metadata, and enables unreliable delivery suitable for UDP and IP-based applications. The MASQUE working group will now develop HTTP extensions, which might be specific to the HTTP version, to the core client-initiated CONNECT-UDP and CONNECT-IP functionality. Services that a proxy initiates without any prompt from a client are out of scope. Exercising the extension points defined by CONNECT-UDP and CONNECT-IP helps to make it easier to support new use cases or accommodate changes in the environment in which these protocols are deployed. The initial set of extensions will be in support of UDP listening, CONNECT-UDP proxying optimizations when the UDP traffic is QUIC, and tunneling of Ethernet packets. Additional extensions that provide missing functionality, improve performance, or otherwise ease deployability for use cases may be adopted where there are multiple implementation and/or deployment proponents. The intended status is Standards Track, but the WG may downgrade if it believes that is appropriate for the ultimate document maturity level. Extensions to HTTP Datagrams will be coordinated with HTTPBIS. Extensions that solely relate to generic proxying functionality, and are not specific to the core MASQUE documents, are out of scope. Specifying proxy server discovery mechanisms is out of scope. New congestion control and loss recovery algorithms are also out of scope. However, the working group will consider implications of tunneling protocols with congestion control and loss recovery over MASQUE proxies, and may issue recommendations accordingly. The working group will consider how the protocols it defines might operate over versions of HTTP that use TCP rather than QUIC, for use when QUIC is unavailable. This might include defining alternative extensions specifically for use in these HTTP versions. IP multicast is out of scope. Designs need not explicitly preclude multicast, but they will not focus on multicast-specific features. Impacts on address migration, NAT rebinding, and future multipath mechanisms of QUIC are not anticipated. However, the working group should document these impacts, or those of any other QUIC developments, if they arise. The group will coordinate closely with other working groups responsible for maintaining relevant protocol extensions, such as HTTPBIS, QUIC, or TLS. It will also coordinate closely with ICCRG and CCWG on congestion control and loss recovery considerations, and intarea for IP Proxying and Ethernet tunneling. Finally, it will coordinate with IEEE 802.3 to make sure Ethernet concepts are correctly represented. MASQUE is not intended to be a long-lived working group. Milestones: - Submit an extension for UDP listeners - Submit an extension for QUIC-aware proxying - Submit an extension for Ethernet over MASQUE _______________________________________________ new-work mailing list new-work@ietf.org https://www.ietf.org/mailman/listinfo/new-work