This document describes MASQUE (Multiplexed Application Substrate
over QUIC Encryption). MASQUE is a mechanism that allows co-locating
and obfuscating networking applications behind an HTTPS web server.
The currently prevalent use-case is to allow running a VPN server
that is indistinguishable from an HTTPS server to any unauthenticated
observer. We do not expect major providers and CDNs to deploy this
behind their main TLS certificate, as they are not willing to take
the risk of getting blocked, as shown when domain fronting was
blocked. An expected use would be for individuals to enable this
behind their personal websites via easy to configure open-source
software.