Multiplexed Application Substrate over QUIC Encryption
charter-ietf-masque-03
Yes
(Magnus Westerlund)
(Martin Duke)
No Objection
Murray Kucherawy
(Alissa Cooper)
(Barry Leiba)
(Deborah Brungard)
(Robert Wilton)
- Ready for external review (00-00)
- Approve (00-01)
- Ready for external review (01-00)
- Approve (01-01)
- Ready for external review (02-01)
- Approve (02-02)
Note: This ballot was opened for revision 00-00 and is now closed.
Ballot question: "Is this charter ready for external review?"
Erik Kline
No Objection
Comment
(2020-05-20 for -00-00)
Sent
* 4th paragraph says "over MASQUE" without previously declaring the term MASQUE. Suggest either to reword without MASQUE or add sentence declaring "all of the above proxying games are collectively called MASQUE", or something.
Murray Kucherawy
No Objection
Roman Danyliw
No Objection
Comment
(2020-05-20 for -00-00)
Not sent
Concur with Ben Kaduk. It would be helpful to qualitatively describe the security properties we want ensure.
Magnus Westerlund Former IESG member
Yes
Yes
(for -00-00)
Not sent
Martin Duke Former IESG member
Yes
Yes
(for -00-00)
Sent for earlier
Alissa Cooper Former IESG member
No Objection
No Objection
(for -00-00)
Not sent
Alvaro Retana Former IESG member
No Objection
No Objection
(2020-05-21 for -00-00)
Not sent
[nit] s/Multicast UDP and multicast IP support are out of scope./Multicast support is out of scope.
Barry Leiba Former IESG member
No Objection
No Objection
(for -00-00)
Not sent
Benjamin Kaduk Former IESG member
No Objection
No Objection
(2020-05-20 for -00-00)
Sent
Just "HTTP" does not imply any particular level of security mechanism, though "HTTP/3" would. I think we need to say something about what security properties we expect MASQUE to provide, even if it's just "equivalent to HTTP/3 or better". (This would be a BLOCK at external-review time but may not need to hold up asking for external review.) Proxying technologies such as SOCKS and HTTP(S) CONNECT exist, albeit with their own shortcomings. For example, SOCKS signalling is not encrypted and HTTP CONNECT is currently limited to TCP. In contrast, HTTP/3 is a viable candidate protocol for proxying arbitrary traffic, as it provides secure connectivity, multiplexed streams, and migration for a single connection while taking advantage of a unified congestion controller. An HTTP/3 datagram construct Am I parsing this properly that the last thing in the list of what HTTP/3 provides is just "migration", and that the "for a single connection [...]" stuff applies to all of it? I'm not sure if another comma would help make that separation more clear. The primary goal of this working group is to develop mechanisms that allow nit: maybe "mechanism(s)"? and/or HTTP/3 extensions to enable this functionality. The group will focus on a limited set of client-initiated services: (1) UDP CONNECT and (2) IP proxying. Server-initiated services are out of scope. The working group will first deliver a protocol solution for UDP CONNECT and a requirements document for IP proxying. Once both are complete, the working group will focus on a protocol solution for IP proxying. I assume there's a reason to do UDP separately instead of just letting UDP run on top of proxied IP. (Expediency?) The working group will consider fallback to versions of HTTP that operate over TCP as a mitigation to UDP or HTTP/3 blocking. Moreover, the working group will consider implications of tunneling protocols with congestion control and loss recovery over MASQUE, and may issue recommendations accordingly. New congestion This sounds like "nested congestion controllers". Is that more of a research question or an engineering one? Multicast UDP and multicast IP support are out of scope. However, the group may specify extension points that would enable future work on multicast. Specifying proxy server discovery mechanisms is also out of scope, but the group may specify techniques for identifying proxy servers to aid future discovery mechanisms. How do "techniques" differ from "mechanisms"? Impacts on address migration, NAT rebinding, and future multipath mechanisms of QUIC are not anticipated. However, the working group should document these impacts if they arise. Presumably we also want to pay attention to any other developments in QUIC that would be impacted by MASQUE, and document those, too.
Deborah Brungard Former IESG member
No Objection
No Objection
(for -00-00)
Not sent
Robert Wilton Former IESG member
No Objection
No Objection
(for -00-00)
Sent