The MASQUE (Multiplexed Application Substrate over QUIC Encryption) protocol is a framework designed to enhance internet communication by allowing the multiplexing of different application layer protocols over a single HTTP/3 connection.
HTTP/3 runs on QUIC which runs on UDP. HTTP/3 uses QUIC's built-in encryption mechanisms which include TLS 1.3.
You can tunnel anything over MASQUE tunnels. This will be better than traditional TCP TLS protocols because
QUIC is faster than TCP.
MASQUE traffic looks like HTTP/3 traffic on QUIC. Thus, it is more difficult for governments, schools, coffee shops, and corporations to identify and block MASQUE.
Can anyone QUIC-ly look into MASQUE and assess whether it is a good fit for openziti?
I think it would be fantastic if OpenZiti moved in this direction. Cloudflare's Zero-Trust platform is doing a lot of work on this, and I think it is great future-proofing.
It would have the added benefit of enabling silent connection refusal (à la Wireguard) because of UDP if I am correct. It also would mean less bother with DTLS in development and moving straight to QUIC, though that might mean waiting on OpenSSL to eventually ship QUIC server components.
OpenZiti would really be perfect if it supported MASQUE as its main overlay connection mechanism.
We've looked into quic in the past, and even had an implementation at the router/router level so we could use it for mesh. We've since stripped it out.
Quic has the following advantages:
Fast connection times
Can work across network boundaries (if you go from WiFi to cellular, your connection won't be force to drop)
For routers, which are generally not mobile and have long lived connections, neither of these is very relevant.
Where it would make sense is on the edge, for communications from clients to edge routers. We'd like to implement it there, mostly for the ability to work well across network boundaries.
The binary framing protocol we use already allows multiplexing of multiple virtual connections across a single network connection, so I'm not sure that MASQUE would add anything beyond that. However, I'm going to read up on it, and I'll post if I have further thoughts.
I'll most likely be spending my time post-HA working on improving routing and the edge to fabric layer, so this is a good time to read up this
