**Session Date/Time:** 23 Jul 2024 22:30 # masque ## Summary This MASQUE meeting covered several key topics, including Quick Aware Proxying, Proxying Listener UDP in HTTP (CONNECT-UDP-BIND), Ethernet Proxying in HTTP (CONNECT-ETHERNET), and DNS Configuration for MASQUE. Discussions centered on open issues, implementation status, potential adoption, and future directions for the MASQUE working group, with a focus on real-world deployment experiences. ## Key Discussion Points * **Quick Aware Proxying:** * Discussion on handling preferred addresses and client migration. Consensus leaned towards clients initiating a separate CONNECT-UDP request for the target address. * Limiting the number of concurrent registered connection IDs. The group favored a flow control mechanism similar to QUIC for managing connection ID registration to prevent resource exhaustion. * The virtual connection ID should be at least as long as the actual client connection ID. * **Proxying Listener UDP in HTTP (CONNECT-UDP-BIND):** * Address reuse for compression IDs is not allowed. * Discussed the new capsule types including compression assigned and compression closed. * The draft should indicate that releasing the resources is associated with the context ID, not the number itself. * Recommendation for an editorial pass and subsequent working group last call after implementation and interoperability testing. * **Ethernet Proxying in HTTP (CONNECT-ETHERNET):** * Discussion on VLAN tagging and client configuration, including the possibility of naming networks instead of numbering VLANs. * Need for normative language specifying Ethernet frame (802.3 Ethernet 2 frames). * Layer separation and congestion control: No protocol requirements but allowing for optional text in an appendix. * **DNS Configuration for MASQUE:** * Not DNS over MASQUE, but rather DNS configuration when using CONNECT-IP tunnels. * Using capsules to exchange DNS configuration information. * Adoption of existing formats for DNS configuration (SVCB records). * Discussion on bootstrapping problems and potentially different approaches to solving the problem, including JSON blobs and provisioning domains. * Security considerations regarding DNS servers reachable over the tunnel, particularly for traditional DNS 53. * Clarification needed to define how narrowly this applies to Connect IP. * **Future Directions for MASQUE:** * Discussion about real-world deployment experiences, scaling, performance, and challenges encountered. * Tooling, nested congestion control, and the possibility of adopting extensions to address real-world problems. * Nested congestion control needs more research and better tooling. ## Decisions and Action Items * **Quick Aware Proxying:** * Authors to update the draft to reflect the decision on preferred address handling. * Eric Rosenberg to add flow control logic similar to QUIC for managing connection IDs. * Authors to change "should" to "must" for VCID length requirement. * **Proxying Listener UDP in HTTP (CONNECT-UDP-BIND):** * Editors to perform an editorial pass on the document. * Implement and test the latest changes. * Schedule interop testing between implementations. * **Ethernet Proxying in HTTP (CONNECT-ETHERNET):** * Authors to add normative language specifying Ethernet frame. * **DNS Configuration for MASQUE:** * Authors to clarify the scope of the document to focus on VPN use cases of CONNECT-IP. * Authors to convert DNS configuration to use SVCB record format. * Authors to clarify the DNS configuration is only accessible through the tunnel. * **MASQUE Working Group:** * Dennis and Eric to coordinate presentations on real-world deployment experiences. * Check charter to ensure DNS configuration is in scope. ## Next Steps * Authors of each draft will work on addressing the open issues and incorporating feedback from the meeting. * CONNECT-UDP-BIND implementations will be completed, followed by interoperability testing. * The AD will review the charter and comment. * The WG will solicit deployment experience presentations for upcoming meetings.