IETF Logo Mail Archive

Re: [OPSEC] [TLS] Call For Adoption: draft-wang-opsec-tls-proxy-bp

Martin Thomson <mt@lowentropy.net> Wed, 29 July 2020 03:26 UTC

Return-Path: <mt@lowentropy.net>
X-Original-To: opsec@ietfa.amsl.com
Delivered-To: opsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F27383A0B38; Tue, 28 Jul 2020 20:26:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.12
X-Spam-Level:
X-Spam-Status: No, score=-2.12 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b=ZbfGLsAX; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=M8NNWx55
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5fntAfm2KTKN; Tue, 28 Jul 2020 20:26:34 -0700 (PDT)
Received: from wout5-smtp.messagingengine.com (wout5-smtp.messagingengine.com [64.147.123.21]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9BC273A0B31; Tue, 28 Jul 2020 20:26:34 -0700 (PDT)
Received: from compute2.internal (compute2.nyi.internal [10.202.2.42]) by mailout.west.internal (Postfix) with ESMTP id 9925642A; Tue, 28 Jul 2020 23:26:33 -0400 (EDT)
Received: from imap2 ([10.202.2.52]) by compute2.internal (MEProxy); Tue, 28 Jul 2020 23:26:33 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=mime-version:message-id:in-reply-to:references:date:from:to :cc:subject:content-type; s=fm2; bh=cQmUMN7lwIXrTInPjDol4VYlC2DH JljCrhfrv9cMr8o=; b=ZbfGLsAXqQVJuGBMqLLSk3jjMhCZYduKkk67ln90ijFn A/1JhDFOIl+1CuRmWyAtpW5QhhBTofSpQrc8Jd4iL/EP7GgizLDsYb13QWd/XYsf vURWN4NIxrTlNsSJ/Exr6fP53cc/ZR60UQtniIUx+oWyQENbu6bje5fRwoo6E5lf 3r+XPf7XPyuNoUhUUv3sOf1OnjBAWkMAn28/pGOm+plnu+49gTHbHShrgm7PIOKT jKsAqOnxvirco2ACDgR6PpIP59gqJY4xwMU/dFY4jQ0qw6yxlNu5YrNxrb3NUsRe PiFSAWCEVpoCNljv3jX0BDBJSV/mYu04Dyy+p1y5mA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; bh=cQmUMN 7lwIXrTInPjDol4VYlC2DHJljCrhfrv9cMr8o=; b=M8NNWx55AV4xjc1Jvs1WU3 ObrHDnR04uTczOlTfmRZvbvgrxema4sBEZ/1LA3O2ofU6cGead3/mEUQxvN3t+C3 K1e4mykmaywvfZn8L9D1MMl6p1m7PPARliV1AwydkTLe5ghCngrx+udEUnBaiOSk qap9TLnEBOba9UQQFczL1zSuoYPlhGhrvFsErownWUwCdLX7646x56ZK4G/lrmT7 t/kGMuj2ML1mZRzNdJnibG7zTxFrDEn9X9eIk4pa8HAqUh8wHkjURFSEo5DbyOQd y/ClvVz3jt0BEk2ye8r/7dnFc/hJdDAWCTeId+YBfslmvhHfhKbQLulx8jYLi3tQ ==
X-ME-Sender: <xms:aOwgX7icKJRYVAbvWM3LlkIB9QFFud3rNlRf3dIReYaht3XtOZY8Ig>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduiedrieefgdejtdcutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenuc fjughrpefofgggkfgjfhffhffvufgtsehttdertderredtnecuhfhrohhmpedfofgrrhht ihhnucfvhhhomhhsohhnfdcuoehmtheslhhofigvnhhtrhhophihrdhnvghtqeenucggtf frrghtthgvrhhnpeekteeuieektdekleefkeevhfekffevvdevgfekgfeluefgvdejjeeg ffeigedtjeenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhroh hmpehmtheslhhofigvnhhtrhhophihrdhnvght
X-ME-Proxy: <xmx:aOwgX4AmruNEd7DtlVl6RO2zVTJ2vgPEdRQibk1NMRjeCEHNnCVrqw> <xmx:aOwgX7G8Hd1wgxsWx8P_rKyjLauSuwDOHkqKm1dkB-LUAbtihNq-Vg> <xmx:aOwgX4TJP5NFK29gxVqaXkuOkRzVKNQvy1A21EsZdZYDwscP5WbXXQ> <xmx:aewgX-Ze6VVy2Ey0v7kjHW1H62MlBwmI_1r_1-yj9ATcZQIZJM4vhg>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 367F0E00A6; Tue, 28 Jul 2020 23:26:32 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.3.0-128-gd51a832-fm-20200728.001-gd51a8328
Mime-Version: 1.0
Message-Id: <90e5b7d5-a015-40f6-9d5b-b263c85cb2d3@www.fastmail.com>
In-Reply-To: <34226646-93F3-4592-A972-A55B160D5B78@cisco.com>
References: <DM6PR05MB634890A51C4AF3CB1A03DA0BAE7A0@DM6PR05MB6348.namprd05.prod.outlook.com> <d9a9ea94-4c4a-40eb-8841-7a92fa31103e@www.fastmail.com> <34226646-93F3-4592-A972-A55B160D5B78@cisco.com>
Date: Wed, 29 Jul 2020 13:26:13 +1000
From: Martin Thomson <mt@lowentropy.net>
To: "Eric Wang (ejwang)" <ejwang@cisco.com>
Cc: Ron Bonica <rbonica=40juniper.net@dmarc.ietf.org>, OPSEC <opsec@ietf.org>, "tls@ietf.org" <tls@ietf.org>
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsec/tnD6SyXMdGcgTzCYpyJQYRc95eI>
Subject: Re: [OPSEC] [TLS] Call For Adoption: draft-wang-opsec-tls-proxy-bp
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsec/>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Jul 2020 03:26:36 -0000

Hi Eric,

On Wed, Jul 29, 2020, at 07:18, Eric Wang (ejwang) wrote:
> In any case, the proxy has to conduct selective proxying in a safe, 
> non-disruptive manner. 

I will try to be clearer on this point.

This requires design work and this document is a poor vehicle for that.  It needs a separate document that documents the design, the properties of that design, and the assumptions that it requires to achieve those properties.

The TLS working group has decided not to undertake work in this area.  That TLS working group decision needs to be respected by other parts of the IETF.

v2.23.0 | Report a Bug | By Email