Re: [OPSEC] [TLS] Call For Adoption: draft-wang-opsec-tls-proxy-bp
"Salz, Rich" <rsalz@akamai.com> Thu, 30 July 2020 12:33 UTC
Return-Path: <rsalz@akamai.com>
X-Original-To: opsec@ietfa.amsl.com
Delivered-To: opsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F0F773A10E2; Thu, 30 Jul 2020 05:33:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dfMBfJFeMVz4; Thu, 30 Jul 2020 05:33:28 -0700 (PDT)
Received: from mx0a-00190b01.pphosted.com (mx0a-00190b01.pphosted.com [IPv6:2620:100:9001:583::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B3B553A10DF; Thu, 30 Jul 2020 05:33:28 -0700 (PDT)
Received: from pps.filterd (m0122332.ppops.net [127.0.0.1]) by mx0a-00190b01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 06UCNl6d001802; Thu, 30 Jul 2020 13:33:26 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=jan2016.eng; bh=wotw9HUyHF9K1FK2sHGtlWe93q2VZTxHaO4N2acwO9A=; b=oSlKg7sfLOlA+AFXL3xGs4uwMzEkvd4j5anIqv7L8T6Jv+PdKmWmioxA+R/YjAtsF+c7 ifC4Zh+dfZdasgvCMvwRluvtd/W0Yzt96+25LQHtd298nyQ0AjsMQqlfBuCl551nnbV/ gD7fgXl4JzCruYekktXXrgyL9vxZIPoo6utwlQdmmHYG4ZnK697S6XwHGhlpFsrSQNrG dsKvdXzSNt/wNLugCP8YM2WFna16DjN2/o3shbKA47y5XQUlZe9B+I1Z7RmPDTuP5/zb wUAnGhQ6HlT59luY7m2ohEHf7sbdwvrabExtSvlUx+EGJBoSy28TouZ0rJDBrDw5po+P oQ==
Received: from prod-mail-ppoint8 (a72-247-45-34.deploy.static.akamaitechnologies.com [72.247.45.34] (may be forged)) by mx0a-00190b01.pphosted.com with ESMTP id 32gcsrwekf-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 30 Jul 2020 13:33:26 +0100
Received: from pps.filterd (prod-mail-ppoint8.akamai.com [127.0.0.1]) by prod-mail-ppoint8.akamai.com (8.16.0.42/8.16.0.42) with SMTP id 06UCKAwn027325; Thu, 30 Jul 2020 08:33:25 -0400
Received: from email.msg.corp.akamai.com ([172.27.165.115]) by prod-mail-ppoint8.akamai.com with ESMTP id 32kfr636bq-2 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Thu, 30 Jul 2020 08:33:25 -0400
Received: from USTX2EX-DAG1MB1.msg.corp.akamai.com (172.27.165.119) by ustx2ex-dag1mb3.msg.corp.akamai.com (172.27.165.121) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Thu, 30 Jul 2020 07:33:24 -0500
Received: from USTX2EX-DAG1MB1.msg.corp.akamai.com ([172.27.165.119]) by ustx2ex-dag1mb1.msg.corp.akamai.com ([172.27.165.119]) with mapi id 15.00.1497.006; Thu, 30 Jul 2020 07:33:24 -0500
From: "Salz, Rich" <rsalz@akamai.com>
To: Töma Gavrichenkov <ximaera@gmail.com>
CC: Watson Ladd <watsonbladd@gmail.com>, "Eric Wang (ejwang)" <ejwang@cisco.com>, Jen Linkova <furry13@gmail.com>, OPSEC <opsec@ietf.org>, OpSec Chairs <opsec-chairs@ietf.org>, "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] [OPSEC] Call For Adoption: draft-wang-opsec-tls-proxy-bp
Thread-Index: AdZd8qs4MVhjKcpfSaSC3eC5PK0rEQCv6iMAAH8Fd4AAUf7RAABaakYAAA6JtwAAPo6TAP//wx4A
Date: Thu, 30 Jul 2020 12:33:23 +0000
Message-ID: <D4AEF5C1-7AAE-44EE-B52B-ED0FC6A47642@akamai.com>
References: <DM6PR05MB634890A51C4AF3CB1A03DA0BAE7A0@DM6PR05MB6348.namprd05.prod.outlook.com> <CAFU7BAS=ymUPTAGB_fOSrHTG0OajV1n5M1-yOBWxvGam-a89AA@mail.gmail.com> <d9d6d8c2-3916-be28-d01f-f040a28ce361@cs.tcd.ie> <4937FCE4-23EF-4585-8675-C07F3B347AC6@cisco.com> <CACsn0cmC=MX8p3HA4cZHnmQwoiE8BLiB1Vo__QEjzVBksvQbrw@mail.gmail.com> <E39579F4-B561-4B12-A9BF-8625B05ACA34@akamai.com> <CALZ3u+brCV_qR9Q6EhaCMSsnohwk2FnjVG=NxOnA9CaBYtW2ug@mail.gmail.com>
In-Reply-To: <CALZ3u+brCV_qR9Q6EhaCMSsnohwk2FnjVG=NxOnA9CaBYtW2ug@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.38.20061401
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [172.19.32.61]
Content-Type: multipart/alternative; boundary="_000_D4AEF5C17AAE44EEB52BED0FC6A47642akamaicom_"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687 definitions=2020-07-30_10:2020-07-30, 2020-07-30 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 mlxscore=0 phishscore=0 mlxlogscore=999 malwarescore=0 bulkscore=0 spamscore=0 suspectscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2006250000 definitions=main-2007300092
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687 definitions=2020-07-30_10:2020-07-30, 2020-07-30 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 impostorscore=0 mlxscore=0 adultscore=0 mlxlogscore=999 lowpriorityscore=0 clxscore=1011 spamscore=0 bulkscore=0 suspectscore=0 priorityscore=1501 phishscore=0 malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2006250000 definitions=main-2007300092
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsec/rmSiJpZeL-GrzQTFFh1ylbfh2cE>
Subject: Re: [OPSEC] [TLS] Call For Adoption: draft-wang-opsec-tls-proxy-bp
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsec/>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Jul 2020 12:33:30 -0000
* It is (in all but a couple of implementations I think) a *proxy* that the origin has contracted with. Could you please elaborate on your point? It has a TLS cert that identifies itself as the origin. It doesn’t just terminate TLS, but it does work at the HTTP layer. How is it different from an origin that uses load-balancing to send you somewhere? Is www.facebook.com<http://www.facebook.com> a CDN or intermediary, or is it the origin?
- [OPSEC] Call For Adoption: draft-wang-opsec-tls-p… Ron Bonica
- Re: [OPSEC] Call For Adoption: draft-wang-opsec-t… Jen Linkova
- Re: [OPSEC] Call For Adoption: draft-wang-opsec-t… Tobias Mayer (tmayer)
- Re: [OPSEC] Call For Adoption: draft-wang-opsec-t… Nancy Cam-Winget (ncamwing)
- Re: [OPSEC] [TLS] Call For Adoption: draft-wang-o… Stephen Farrell
- Re: [OPSEC] [TLS] Call For Adoption: draft-wang-o… Eric Wang (ejwang)
- Re: [OPSEC] [TLS] Call For Adoption: draft-wang-o… Blumenthal, Uri - 0553 - MITLL
- Re: [OPSEC] [TLS] Call For Adoption: draft-wang-o… Ira McDonald
- Re: [OPSEC] [TLS] Call For Adoption: draft-wang-o… Salz, Rich
- Re: [OPSEC] [TLS] Call For Adoption: draft-wang-o… Stephen Farrell
- Re: [OPSEC] [TLS] Call For Adoption: draft-wang-o… Nancy Cam-Winget (ncamwing)
- Re: [OPSEC] [TLS] Call For Adoption: draft-wang-o… Blumenthal, Uri - 0553 - MITLL
- Re: [OPSEC] [TLS] Call For Adoption: draft-wang-o… Ben Schwartz
- Re: [OPSEC] [TLS] Call For Adoption: draft-wang-o… Nick Harper
- Re: [OPSEC] [TLS] Call For Adoption: draft-wang-o… Salz, Rich
- Re: [OPSEC] [TLS] Call For Adoption: draft-wang-o… Blumenthal, Uri - 0553 - MITLL
- Re: [OPSEC] [EXTERNAL] Re: [TLS] Call For Adoptio… Andrei Popov
- Re: [OPSEC] [TLS] Call For Adoption: draft-wang-o… Roelof duToit
- Re: [OPSEC] [EXTERNAL] Re: [TLS] Call For Adoptio… Roelof duToit
- Re: [OPSEC] [TLS] Call For Adoption: draft-wang-o… Eric Wang (ejwang)
- Re: [OPSEC] [TLS] Call For Adoption: draft-wang-o… Eric Wang (ejwang)
- Re: [OPSEC] [TLS] Call For Adoption: draft-wang-o… Stephen Farrell
- Re: [OPSEC] [TLS] Call For Adoption: draft-wang-o… Roelof duToit
- Re: [OPSEC] [TLS] Call For Adoption: draft-wang-o… Ashutosh Singh
- Re: [OPSEC] [TLS] Call For Adoption: draft-wang-o… Martin Thomson
- Re: [OPSEC] [TLS] Call For Adoption: draft-wang-o… Arnaud.Taddei.IETF
- Re: [OPSEC] [TLS] Call For Adoption: draft-wang-o… Eric Rescorla
- Re: [OPSEC] Call For Adoption: draft-wang-opsec-t… tom petch
- Re: [OPSEC] [TLS] Call For Adoption: draft-wang-o… Eric Wang (ejwang)
- Re: [OPSEC] [TLS] Call For Adoption: draft-wang-o… Watson Ladd
- Re: [OPSEC] [TLS] Call For Adoption: draft-wang-o… Nick Harper
- Re: [OPSEC] [TLS] Call For Adoption: draft-wang-o… Rob Sayre
- Re: [OPSEC] [TLS] Call For Adoption: draft-wang-o… Martin Thomson
- Re: [OPSEC] [TLS] Call For Adoption: draft-wang-o… Salz, Rich
- Re: [OPSEC] [TLS] Call For Adoption: draft-wang-o… Eric Wang (ejwang)
- Re: [OPSEC] [TLS] Call For Adoption: draft-wang-o… Eric Wang (ejwang)
- Re: [OPSEC] [TLS] Call For Adoption: draft-wang-o… Stephen Farrell
- Re: [OPSEC] [TLS] Call For Adoption: draft-wang-o… Eric Rescorla
- Re: [OPSEC] [TLS] Call For Adoption: draft-wang-o… Stephen Farrell
- Re: [OPSEC] [TLS] Call For Adoption: draft-wang-o… Carrick Bartle
- Re: [OPSEC] [TLS] Call For Adoption: draft-wang-o… Eric Rescorla
- Re: [OPSEC] [TLS] Call For Adoption: draft-wang-o… Rob Sayre
- Re: [OPSEC] [TLS] Call For Adoption: draft-wang-o… Salz, Rich
- Re: [OPSEC] [TLS] Call For Adoption: draft-wang-o… Eric Wang (ejwang)
- Re: [OPSEC] [TLS] Call For Adoption: draft-wang-o… Rob Sayre
- Re: [OPSEC] [TLS] Call For Adoption: draft-wang-o… Paul Brears
- Re: [OPSEC] [TLS] Call For Adoption: draft-wang-o… Töma Gavrichenkov
- Re: [OPSEC] [TLS] Call For Adoption: draft-wang-o… Töma Gavrichenkov
- Re: [OPSEC] [TLS] Call For Adoption: draft-wang-o… Salz, Rich
- Re: [OPSEC] [TLS] Call For Adoption: draft-wang-o… Töma Gavrichenkov
- Re: [OPSEC] [TLS] Call For Adoption: draft-wang-o… Salz, Rich
- Re: [OPSEC] [TLS] Call For Adoption: draft-wang-o… Töma Gavrichenkov
- Re: [OPSEC] [TLS] Call For Adoption: draft-wang-o… Nick Harper
- Re: [OPSEC] Call For Adoption: draft-wang-opsec-t… Eric Wang (ejwang)
- Re: [OPSEC] [TLS] Call For Adoption: draft-wang-o… Rob Sayre