[Lurk] 答复: 答复: 答复: 答复: Is this scenario covered by LURK?
Youjianjie <youjianjie@huawei.com> Fri, 24 June 2016 07:14 UTC
Return-Path: <youjianjie@huawei.com>
X-Original-To: lurk@ietfa.amsl.com
Delivered-To: lurk@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7826112D99B for <lurk@ietfa.amsl.com>; Fri, 24 Jun 2016 00:14:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.647
X-Spam-Level:
X-Spam-Status: No, score=-5.647 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-1.426, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xRGktmQVIkXV for <lurk@ietfa.amsl.com>; Fri, 24 Jun 2016 00:14:01 -0700 (PDT)
Received: from lhrrgout.huawei.com (lhrrgout.huawei.com [194.213.3.17]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 211DD12D1AF for <lurk@ietf.org>; Fri, 24 Jun 2016 00:13:59 -0700 (PDT)
Received: from 172.18.7.190 (EHLO lhreml702-cah.china.huawei.com) ([172.18.7.190]) by lhrrg02-dlp.huawei.com (MOS 4.3.7-GA FastPath queued) with ESMTP id CMN05132; Fri, 24 Jun 2016 07:13:57 +0000 (GMT)
Received: from NKGEML412-HUB.china.huawei.com (10.98.56.73) by lhreml702-cah.china.huawei.com (10.201.5.99) with Microsoft SMTP Server (TLS) id 14.3.235.1; Fri, 24 Jun 2016 08:13:56 +0100
Received: from NKGEML515-MBX.china.huawei.com ([fe80::a54a:89d2:c471:ff]) by nkgeml412-hub.china.huawei.com ([10.98.56.73]) with mapi id 14.03.0235.001; Fri, 24 Jun 2016 15:13:50 +0800
From: Youjianjie <youjianjie@huawei.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, "Fossati, Thomas (Nokia - GB)" <thomas.fossati@nokia.com>, Daniel Migault <daniel.migault@ericsson.com>, "lurk@ietf.org" <lurk@ietf.org>
Thread-Topic: 答复: [Lurk] 答复: 答复: Is this scenario covered by LURK?
Thread-Index: AQHRzG/vBmCWQurogUis1mxvUwcY7Z/2sytQ//+KTwCAAfRicA==
Date: Fri, 24 Jun 2016 07:13:49 +0000
Message-ID: <F6C28B32DA084644BB6C8D0BD65B669DC0D181@NKGEML515-MBX.china.huawei.com>
References: <D390086C.6A76E%thomas.fossati@alcatel-lucent.com> <F6C28B32DA084644BB6C8D0BD65B669DC0C87E@NKGEML515-MBX.china.huawei.com> <576A66C7.1080602@cs.tcd.ie> <F6C28B32DA084644BB6C8D0BD65B669DC0CD7D@NKGEML515-MBX.china.huawei.com> <576BA616.7070101@cs.tcd.ie>
In-Reply-To: <576BA616.7070101@cs.tcd.ie>
Accept-Language: zh-CN, en-US
Content-Language: zh-CN
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.136.78.148]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-CFilter-Loop: Reflected
X-Mirapoint-Virus-RAPID-Raw: score=unknown(0), refid=str=0001.0A090202.576CDDB6.0011, ss=1, re=0.000, recu=0.000, reip=0.000, cl=1, cld=1, fgs=0, ip=0.0.0.0, so=2013-06-18 04:22:30, dmn=2013-03-21 17:37:32
X-Mirapoint-Loop-Id: e4a9686088ad2ddb4a003c4a157b6972
Archived-At: <https://mailarchive.ietf.org/arch/msg/lurk/G5Ddu41H_GK6qLHlQm0MDBiQ36U>
Subject: [Lurk] 答复: 答复: 答复: 答复: Is this scenario covered by LURK?
X-BeenThere: lurk@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Limited Use of Remote Keys <lurk.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lurk>, <mailto:lurk-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lurk/>
List-Post: <mailto:lurk@ietf.org>
List-Help: <mailto:lurk-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lurk>, <mailto:lurk-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Jun 2016 07:14:04 -0000
Hi Stephen, Thanks for detailed explanation. I've got better understanding of RFC2804. I agree that TLS MitM should not be in the scope of LURK. I've a question about the current use cases (https://tools.ietf.org/html/draft-mglt-lurk-tls-use-cases-01), do you think the TLS client needs to be aware of the decryption by the edge server? For example, in Content Owner / Content Provider Use Case, they are in different administrative domain. The TLS client is the subscriber of the content owner not the content provider. Thanks, Jianjie > -----邮件原件----- > 发件人: Stephen Farrell [mailto:stephen.farrell@cs.tcd.ie] > 发送时间: 2016年6月23日 17:04 > 收件人: Youjianjie; Fossati, Thomas (Nokia - GB); Daniel Migault; lurk@ietf.org > 主题: Re: 答复: [Lurk] 答复: 答复: Is this scenario covered by LURK? > > > > On 23/06/16 09:13, Youjianjie wrote: > > Hi Stephen, > > > > I read RFC2804. I'm confused about the problem for the middle-box use > > case. In this use case, the sending party, the recipient party and > > the middle-box are all know about the traffic management. > > "Traffic management" here being a euphemism for TLS MitM I guess. > > > The > > assumption is they've negotiated and agreed for doing this. Is it > > still inconsistent with RFC2804? > > IMO, practically, yes. Standardising a TLS MitM is exactly the kind > of thing that is not consistent with RFC2804. And that has been > proposed and rejected numerous times. Please see the httpbis and TLS > WG archives for discussion that we ought not repeat here for the N-th > time. > > Second, any assumption that the TLS client is modified, is also, I > think, likely best considered out of scope of LURK. The one use-case > on which we clearly have interest involves browsers and CDNs and web > sites. Browsers afaik have zero interest in enabling a new TLS MitM > (I certainly hope they don't) no matter how such a "feature" is > named. > > ISTM that this thread is a side-track that leads nowhere. > > S. > > > > > Thanks, Jianjie > > > >> -----邮件原件----- 发件人: Stephen Farrell > >> [mailto:stephen.farrell@cs.tcd.ie] 发送时间: 2016年6月22日 18:22 收 > 件人: > >> Youjianjie; Fossati, Thomas (Nokia - GB); Daniel Migault; > >> lurk@ietf.org 主题: Re: [Lurk] 答复: 答复: Is this scenario covered by > >> LURK? > >> > >> > >> > >> On 22/06/16 09:40, Youjianjie wrote: > >>> It is about decryption under the negotiation agreement among the > >> participated parties. > >> > >> Not wearing any hats, but if work in lurk is inconsistent with > >> RFC2804 that will IMO be a significant negative. > >> > >> I'd say there are use-cases for lurk that don't have that problem > >> and that developing those would be more productive. > >> > >> S. > >> > >> PS: I'd say exactly the same about using spud/plus to do things > >> that RFC2804 says we don't do so this isn't really a "what venue" > >> issue. > >
- [Lurk] 答复: 答复: 答复: 答复: 答复: Is this scenario cover… Youjianjie
- Re: [Lurk] 答复: 答复: 答复: 答复: Is this scenario cover… Stephen Farrell
- [Lurk] 答复: 答复: 答复: 答复: Is this scenario covered b… Youjianjie
- Re: [Lurk] 答复: 答复: 答复: Is this scenario covered b… Stephen Farrell
- [Lurk] 答复: 答复: 答复: Is this scenario covered by LU… Youjianjie
- Re: [Lurk] 答复: 答复: Is this scenario covered by LU… Fossati, Thomas (Nokia - GB)
- Re: [Lurk] 答复: 答复: Is this scenario covered by LU… Stephen Farrell
- Re: [Lurk] 答复: 答复: 答复: 答复: 答复: Is this scenario c… Fossati, Thomas (Nokia - GB)
- [Lurk] 答复: 答复: Is this scenario covered by LURK? Youjianjie