**Session Date/Time:** 24 Jul 2023 16:30 # masque ## Summary The MASQUE working group meeting at IETF 117 covered several key areas, including quick-aware proxying using HGP, connectivity to multiple targets with UDP listener support, configuring proxies with provisioning domains, proxying Ethernet over UDP, and sequence numbers for HTTP datagrams. The group made a decision to adopt the quick-aware proxying and connectivity to multiple targets drafts, pending further security analysis and confirmation on the mailing list. There was significant discussion about the security implications of optimizing quick proxying. Several drafts were presented with varying degrees of interest from the working group. ## Key Discussion Points * **Quick-Aware Proxying using HGP:** * The main open issue is how to add encryption around the forwarding context to prevent trivial correlation of packets. * Concerns were raised about the security properties of bypassing quick encryption and the need for a thorough security analysis. * The potential for tagging attacks with AES-CTR was discussed. * It was suggested that the baseline for analysis should be full encapsulation. * A design team was suggested to address the security and implementation concerns with RE-encryption * It was debated whether the design should attempt to offer more security than a simple NAT * **MASQUE Connectivity to UDP Listener:** * The draft proposes allowing a single MASQUE connection to connect to multiple UDP targets. * It was noted that this approach is similar to what Apple has deployed in production. * This approach allows applications to avoid a 3rd hop relay, which helps with latency. * This will allow sockname calls to work better with applications designed for an unconnected socket. * Several questions around restricting IP addresses and should we just copy/paste turn code here, or not. * **Configuring Proxies with Provisioning Domains:** * Use cases include network-provided proxy discovery, discovering related proxies, and learning about proxy properties. * The document proposes using provisioning domains (PVDs) to define proxy configuration. * Feedback suggested the need for a well-known URI and concerns about trust relationships. * **Proxying Ethernet over UDP:** * The draft proposes proxying Ethernet frames over UDP. * Concerns were raised about the use cases and the potential complexity. * The proposal may be useful for some enterprise use cases such as bridging to a trusted top of rack router. * Some discussion that 3gpp might be using this kind of mechanism. * **Sequence Numbers:** * Adding sequence numbers to Http Datagrams to enable multipath support at the proxy layer. * There were concerns about the implementation performance, and is it actually an improvement, or degradation to current technology. * The base transport protocol is quick, which is normally better than this mechanism, but it might need some help. ## Decisions and Action Items * **Decision:** Adopt the Quick-Aware Proxying using HGP draft as a working group document. *Action Item:* Confirm adoption on the mailing list and form a design team to address the security and implementation concerns of RE-encryption. * **Decision:** Adopt the MASQUE Connectivity to UDP Listener draft as a working group document. *Action Item:* Confirm adoption on the mailing list. * **Action Item:** Discuss the appropriate venue (MASQUE vs. Inter Area) for the configuring proxies with provisioning domains draft. Talk to Nate and other groups on whether to move the document or not. * **Action Item:** Determine if proxying Ethernet over UDP should be included as a working group item. Update the charter. ## Next Steps * Confirm the adoption of the Quick-Aware Proxying using HGP and MASQUE Connectivity to UDP Listener drafts on the mailing list. * Form design teams for Quick-Aware Proxying using HGP to address the security analysis and implementation details. * Further discussion and exploration of the use cases and benefits of sequence numbers, as well as Ethernet PDU sessions. * The discussion about SADCDN was added for those interested in it.