How I wrote a Python client for HTTP/3 proxies
2022-07-14 13:35-14:05 (Africa/Abidjan), Wicklow Hall 1

MASQUE (Multiplexed Application Substrate over QUIC Encryption) is a draft of a new protocol that allows running proxy or VPN services indistinguishable from HTTPS servers. Akamai built a managed proxy service based on the MASQUE protocol to provide egress proxy for iCloud Private Relay.

While working on the proxy at Akamai, I wrote a Python client for testing the proxy service. The MASQUE protocol can tunnel traffic through HTTP/3 or HTTP/2, but common Python libraries only support HTTP/1.1. The tunneled traffic can use any protocol on top of TCP or UDP, including all HTTP versions, so MASQUE can be proxied through MASQUE for onion routing.

In this talk, I will show that the MASQUE proxy design is simple and yet client implementations are complex. To put everything into context, I will recap how HTTP proxies operate and how HTTP versions differ. I will highlight lessons learned from designing a low-level HTTP client using Python asyncio.


Expected audience expertise: Python:

none

Expected audience expertise: Domain:

some

Abstract as a tweet:

HTTP proxies are not dead! MASQUE protects your privacy by onion routing through HTTP/3 proxies. Can Python HTTP clients support that?

I build data pipelines for change safety and performance monitoring in Akamai. Our Protocol optimization team implements and deploys standards for the future Internet.

Previously, I worked for Seznam.cz, where I moved from complex business applications to big data processing.

I have a software engineering degree from Czech technical university in Prague, but I started to write webs a long time before studying it.