**Session Date/Time:** 06 Nov 2024 15:00

# masque

## Summary

The MASQUE working group meeting at IETF 121 covered updates and progress on four working group documents: Quick Aware Proxying, Proxying Listener UDP with Connect-UDP Bindings, Processing Ethernet in HTTP/3 Generic Connect, and DNS configuration with Connect-IP. Discussions included connection ID limits for Quick Aware Proxying, congestion control considerations for Connect-Ethernet, and the use of SVCB records for DNS configuration in Connect-IP. The group is approaching working group last call for several drafts and emphasized the need for more implementation and interop testing.

## Key Discussion Points

*   **Quick Aware Proxying:**
    *   Introduction of a maximum connection ID limit to prevent resource exhaustion attacks.
    *   Discussion of a potential "blocked" capsule to signal the need for more connection IDs, but ultimately decided against it in favor of fallback mechanisms.
    *   Documentation of active attacks on the scramble transform.
*   **Proxying Listener UDP with Connect-UDP Bindings:**
    *   Editorial updates since the last meeting.
    *   Need for interoperability testing between different implementations.
*   **Processing Ethernet in HTTP/3 Generic Connect:**
    *   Interop testing with ARP request and reply exchange.
    *   Debate on whether to include text regarding MTU issues.
    *   Extensive discussion on congestion control and the implications of encapsulating Ethernet within a congestion-controlled tunnel.
*   **DNS configuration with Connect-IP:**
    *   Adoption of SVCB records for DNS configuration.
    *   Concerns raised regarding the semantics of "internal domains" and "search domains."
    *   Discussion on whether to follow the Ikev2 split DNS model.

## Decisions and Action Items

*   **Quick Aware Proxying:**
    *   File a new issue for a "blocked" like signal.
    *   Document the active attack on the scramble transform.
    *   Prioritize implementation and interoperability testing.
*   **Processing Ethernet in HTTP/3 Generic Connect:**
    *   Include text about what to do when you can't fit the Ethernet frame and the underlying connection says it won't fit.
    *   Request an early review from the INT area.
*   **DNS configuration with Connect-IP:**
    *   Revise the draft based on the discussion of internal domains and search domains.
    *   Consult with DNS experts, possibly via the DNS-OP mailing list.
    *   Consider Ben's request to also go to ADD.
    *   Coordinate with the PVD proxy draft authors.

## Next Steps

*   Implementers to prioritize interoperability testing across all documents, particularly scramble transforms in Quick Aware Proxying and connectivity bindings in Connect-UDP.
*   Authors to address open issues and incorporate feedback from the meeting.
*   Working group to plan for working group last call once sufficient implementation and interop data is available.
*   Authors to seek early reviews from relevant areas (INT, DNS, ADD).