IETF Logo Mail Archive

Re: [keyassure] The SSL Proxy Issue

Paul Hoffman <paul.hoffman@vpnc.org> Sun, 20 February 2011 01:15 UTC

Return-Path: <paul.hoffman@vpnc.org>
X-Original-To: keyassure@core3.amsl.com
Delivered-To: keyassure@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 29DC53A7051 for <keyassure@core3.amsl.com>; Sat, 19 Feb 2011 17:15:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -100.551
X-Spam-Level:
X-Spam-Status: No, score=-100.551 tagged_above=-999 required=5 tests=[AWL=0.006, BAYES_05=-1.11, HELO_MISMATCH_COM=0.553, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZgIYzhTTf6aF for <keyassure@core3.amsl.com>; Sat, 19 Feb 2011 17:15:27 -0800 (PST)
Received: from hoffman.proper.com (Hoffman.Proper.COM [207.182.41.81]) by core3.amsl.com (Postfix) with ESMTP id 8221B3A6A6E for <keyassure@ietf.org>; Sat, 19 Feb 2011 17:15:27 -0800 (PST)
Received: from MacBook-08.local (75-101-30-90.dsl.dynamic.sonic.net [75.101.30.90]) (authenticated bits=0) by hoffman.proper.com (8.14.4/8.14.3) with ESMTP id p1K1G4da049799 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO) for <keyassure@ietf.org>; Sat, 19 Feb 2011 18:16:05 -0700 (MST) (envelope-from paul.hoffman@vpnc.org)
Message-ID: <4D606B54.1020402@vpnc.org>
Date: Sat, 19 Feb 2011 17:16:04 -0800
From: Paul Hoffman <paul.hoffman@vpnc.org>
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.13) Gecko/20101207 Thunderbird/3.1.7
MIME-Version: 1.0
To: keyassure@ietf.org
References: <AANLkTim9=3=GJZmSQRqJp7_p4_4wqTAoF7zrmAMoACQj@mail.gmail.com> <AANLkTinAcUsg4shshQrKrC-c71HoTdC+Sjix7JHrfsxh@mail.gmail.com> <AANLkTinAotQwLQC91gWZrHDz1DBPoHZ-DH-q+_UYZrWU@mail.gmail.com> <4D600FF8.3050002@vpnc.org> <5EE049BA3C6538409BBE6F1760F328ABEB3AAD71D9@DEN-MEXMS-001.corp.ebay.com> <4D6029E8.9020203@vpnc.org> <20110219214226.GC23898@odin.mars.sol> <AANLkTi=Wh18YShhugVi5EROLbHbxw7ObK5oOwW-UUe4r@mail.gmail.com>
In-Reply-To: <AANLkTi=Wh18YShhugVi5EROLbHbxw7ObK5oOwW-UUe4r@mail.gmail.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Subject: Re: [keyassure] The SSL Proxy Issue
X-BeenThere: keyassure@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Key Assurance With DNSSEC <keyassure.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/keyassure>, <mailto:keyassure-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/keyassure>
List-Post: <mailto:keyassure@ietf.org>
List-Help: <mailto:keyassure-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/keyassure>, <mailto:keyassure-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 20 Feb 2011 01:15:28 -0000

On 2/19/11 4:59 PM, Phillip Hallam-Baker wrote:
> It really depends on the browser providers. If they consider this to be
> an essential market requirement then it is going to be supported and I
> would prefer for support to be made explicit rather than be something
> buried in the small print. If they don't consider it to be a market
> requirement it is merely something to note in the security considerations.

For now, we'll put it in the Security Considerations. If the WG wants to 
do something more, we'll need an open issue with one or more proposals 
for how to do it technically.

v2.23.0 | Report a Bug | By Email