Re: [OPSEC] Call For Adoption: draft-wang-opsec-tls-proxy-bp

"Tobias Mayer (tmayer)" <tmayer@cisco.com> Thu, 23 July 2020 16:56 UTC

Return-Path: <tmayer@cisco.com>
X-Original-To: opsec@ietfa.amsl.com
Delivered-To: opsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5F2F43A0BCD; Thu, 23 Jul 2020 09:56:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.619
X-Spam-Level:
X-Spam-Status: No, score=-14.619 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=IErpECO3; dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=cisco.onmicrosoft.com header.b=lvDj5Mnm
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gg84WuVaIb7B; Thu, 23 Jul 2020 09:56:44 -0700 (PDT)
Received: from rcdn-iport-1.cisco.com (rcdn-iport-1.cisco.com [173.37.86.72]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ED2D13A0BCA; Thu, 23 Jul 2020 09:56:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=10668; q=dns/txt; s=iport; t=1595523403; x=1596733003; h=from:to:cc:subject:date:message-id:mime-version; bh=ayeI/dRktl8OVhMNu4jlLTwUO020SrLCID4SIZz96Zs=; b=IErpECO39Ws1tnopE/TWkfLpFoRcQtG2QrwHXi7PmfFQeiS9X+i27fvd q9/c6D0lBVZPa3De8IjJHFc1Hu9LtDYYw/zEOUCscGD7p2bogf9GHw8zp 4MOMQmW2SR1lRF+fkRvg/qX+/ewe5PlLwtHuPUXRiHO/qdUotz0QjgNKs E=;
X-Files: smime.p7s : 3695
IronPort-PHdr: =?us-ascii?q?9a23=3AYC744hG5XfbmYuvqQqB1gJ1GYnJ96bzpIg4Y7I?= =?us-ascii?q?YmgLtSc6Oluo7vJ1Hb+e401gObUYDS8fkCiufKvebnQ2NTqZqCsXVXdptKWl?= =?us-ascii?q?dFjMgNhAUvDYaDDlGzN//laSE2XaEgHF9o9n22Kw5ZTcD5YVCBrni79zVUGx?= =?us-ascii?q?jjO0xyPOumUoLXht68gua1/ZCbag5UhT27NLV1Khj+rQjYusQMx4V4LaNkwR?= =?us-ascii?q?rSqXwOcONTlm4=3D?=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0BoBgBlwBlf/5hdJa1gHgEBCxIMgX8?= =?us-ascii?q?LgSMvUQdvDh0tLyyEM4NGA40qJYdYjBuEbIEuFIERA1UEBwEBAQkDAQEjCgI?= =?us-ascii?q?EAQGETCKBegIkNAkOAgMBAQsBAQUBAQECAQYEbYVcDIVxAQIBAxILBhoDAQE?= =?us-ascii?q?3AREBCBEDAQIrAgQwFAkKBAENBQ4UgwQBgksDHw8BDqMQAoE5iGF2gTKDAQE?= =?us-ascii?q?BBYFHQUKCThiCBwcDBoE4gVOBGYYEhAQagUE/gTgMEIJNPoJcAgIBAYEmARI?= =?us-ascii?q?BQQ2CaTOCLZpvigyQYQqCXYQzgliBS5ETAx6Ce4lEkxySDoorlGECBAIEBQI?= =?us-ascii?q?OAQEFgVM6Z3BwFWUBgj5QFwINjh6DcYUUhUJ0AjUCBggBAQMJfI8TAQE?=
X-IronPort-AV: E=Sophos;i="5.75,387,1589241600"; d="p7s'?scan'208,217";a="792811130"
Received: from rcdn-core-1.cisco.com ([173.37.93.152]) by rcdn-iport-1.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 23 Jul 2020 16:56:42 +0000
Received: from XCH-ALN-005.cisco.com (xch-aln-005.cisco.com [173.36.7.15]) by rcdn-core-1.cisco.com (8.15.2/8.15.2) with ESMTPS id 06NGugHU027697 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 23 Jul 2020 16:56:42 GMT
Received: from xhs-rcd-002.cisco.com (173.37.227.247) by XCH-ALN-005.cisco.com (173.36.7.15) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Thu, 23 Jul 2020 11:56:42 -0500
Received: from xhs-aln-002.cisco.com (173.37.135.119) by xhs-rcd-002.cisco.com (173.37.227.247) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Thu, 23 Jul 2020 11:56:42 -0500
Received: from NAM04-BN3-obe.outbound.protection.outlook.com (173.37.151.57) by xhs-aln-002.cisco.com (173.37.135.119) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Thu, 23 Jul 2020 11:56:42 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=FKQTDRlX23RJ4Jt4FNy5CFBAMpxCCmcy6Jc3lPItqCKSEPS2ux1xP0r/tJDfRpLBaECYV+RTXMmcEXF4g31Oeae4QofqGgwQEtmphG98gqhX+fOm1Wf8SJpX/aCbBuIv2DmP9SLXb0r4KjrqOhO3IJfMJQ4THwqqO7xJ2pwrtDbWMnMQ3RQIzWDgEzKwKBWfgyFq/XEtlhXy+WqGgSs79p86CfKWZ/dzBPUzovzrECuNPI8Mw9daBU+oRIn32hxVzlIBdTtSV7TXsuZ79ASrA8S9ShDh89p3JIy8SLbwKgzVUAMJFjuU7SecDxNUCssPK8oTapnvL2x/OOfqv5q29Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=RndN2GCcwjMXmNEk4LrMZ6DcGWge48SrUvJj6tvaDho=; b=CcBEZznFdQwo7cn8SlU86Qa3TjrszqQMFZGc1jBVw5RURDrdaUVTz/78ubqfZQ5ZzVpk/bt0u0Uos7mjCWOb21LAHgd5KRq9tMY9IBJAIHgN3rb1paOWRPVOkmm8ezsuDS630g/XgwU+WeCwQRCHQLYu3CIpkgBZn5vWt/4nOILf1E7sMs3aWRt+4GnC4KeKQUMHvw+cAbDLZotzt02a0Aja6eq739fb1cwY8wwldj+w2zRUqSZodPjsOKx0Y88mEi9z6Sb4KQJ4YFdQoJ8WRnqyG0L7/8ISLH++8DKNyuv0XZs+RjMuTIZDyMFi/VL98g4vfrTEWRDBVP/YzigVIg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=RndN2GCcwjMXmNEk4LrMZ6DcGWge48SrUvJj6tvaDho=; b=lvDj5Mnm0EwFlXvZdy9mck0yp19p6ewA3fUZiZJSQEFAfRQ73kS9YU2NvdcCdQrmDGn8GPXxro3g16VgaxI7o8UNzWgtNDjlxzCv57DGiJUbtY9gd8h/Hi1B7hY64XZjNdtuLz48SLIbwJzxWYSZTLX/m1uDSqzrVY+oohf7BRk=
Received: from DM6PR11MB3691.namprd11.prod.outlook.com (2603:10b6:5:146::33) by DM5PR11MB1819.namprd11.prod.outlook.com (2603:10b6:3:10a::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3216.23; Thu, 23 Jul 2020 16:56:40 +0000
Received: from DM6PR11MB3691.namprd11.prod.outlook.com ([fe80::9c5f:90ad:15d5:615d]) by DM6PR11MB3691.namprd11.prod.outlook.com ([fe80::9c5f:90ad:15d5:615d%3]) with mapi id 15.20.3216.020; Thu, 23 Jul 2020 16:56:40 +0000
From: "Tobias Mayer (tmayer)" <tmayer@cisco.com>
To: Ron Bonica <rbonica=40juniper.net@dmarc.ietf.org>, OPSEC <opsec@ietf.org>
CC: "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [OPSEC] Call For Adoption: draft-wang-opsec-tls-proxy-bp
Thread-Index: AQHWYRI8MVhjKcpfSaSC3eC5PK0rEQ==
Date: Thu, 23 Jul 2020 16:56:40 +0000
Message-ID: <1EDB061F-C469-4464-B7FA-4BD2DD1C7100@cisco.com>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.39.20071300
authentication-results: dmarc.ietf.org; dkim=none (message not signed) header.d=none;dmarc.ietf.org; dmarc=none action=none header.from=cisco.com;
x-originating-ip: [2003:c3:3716:2900:21d3:70c:d7a6:c599]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 7d1ea8db-c945-440e-00ce-08d82f295eb7
x-ms-traffictypediagnostic: DM5PR11MB1819:
x-microsoft-antispam-prvs: <DM5PR11MB18195D1C81EC721C6D15EA06D6760@DM5PR11MB1819.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:7219;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: PJz8SEtAqPfIYJHmZIrvUGDvdT/m2CGJjll/IfKgRFbcB7xZrQhO9PWajZyMJD3oFpI2blXnqXQgtp0nN2fohCBA4acZKysgU4v07ovNqxeaBqknqk6W0rxiczFN1ppDo/iIcpVrhQteczGSKiZXAl0LIh1nesePxq2kdnhEZQ52ThzSDrC6ETlcv2C5i7X2Im4SiZ5B254g9A77DIJH32iunXgHFotEf3j1P2ifatHlTkQPTVaAXqPR8myzoiEjcaZ70t0P4edNz8mLHabvxWrMN8UvNNlJTr7LLJBmdGiigKyxrrCcjoDBSeZcNzRZue4MbTv3n77JRHmODbePzar7Jag3TAX5StKV8n1dRiqcMPtRxDsHv1iahS1l+kTOINPHPT6K0iL6HxbXHFiEXQ==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM6PR11MB3691.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(346002)(366004)(396003)(376002)(136003)(39860400002)(6512007)(110136005)(91956017)(76116006)(66946007)(4326008)(5660300002)(71200400001)(166002)(6506007)(53546011)(2616005)(4744005)(8676002)(6486002)(99936003)(186003)(8936002)(33656002)(86362001)(66616009)(66476007)(66556008)(2906002)(66446008)(64756008)(36756003)(478600001)(316002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: vTkAVko5V7Oq2SKgP5SiX0s3tZaIApvN92phJhkg6QWLrxVrFx/+Glt3iLNMJ58lwqPEHdG0NTEYC0Oq+S6L2aY+AvD/thn20h8Wy9VV30kLl95W8jML4uzl3lhi9ux7NdltHFdpeeOUbExRzdjMisI7WC+YK0sMecDyCqd+JudDKNLJSTliR/RZq3tX9xh+3ofyfRAMqKo2y3TeOh0AtmiV/99IR9Chg3wb2m+TVa43fVDjCIzrFOc3exT37cTsl+ShLCO+SVBPk1XXjdGwTbmev+rjR9YumfPpRGsYKCH5MBKoOLthZhzWMPawQqkWKpSN+HLzW+EuTJGFUbJIgAm33TU4KTeWe9FcR5JlccZA3teefBarTOecoUWhhxluTrQ9pMcfcLOR9e6nn6C3tpJqM+l4bhaFPaWSZUFHDKk7IDGOVCBncejJ5Bgocji5NDI9aRouOv4vt54PmSqGzx/ouYDzF4mE0ZgbuTtHhkKKIgr2JkZNm0sVxdhAB4pdbN6sJgkvvsuZl2CK1Oe6Cog7sgW/cBixGh5PvhCrbDA=
x-ms-exchange-transport-forked: True
Content-type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha256; boundary="B_3678375399_790696632"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM6PR11MB3691.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 7d1ea8db-c945-440e-00ce-08d82f295eb7
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Jul 2020 16:56:40.0552 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: yxqOJR/cOurfEOXwndoSBXcW7WV2G17TIjcEsTvz+FJ6Jg7+IBbXbjwGLKUuci1nJmBMZIb+VAydwjGEGskn0Q==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR11MB1819
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.15, xch-aln-005.cisco.com
X-Outbound-Node: rcdn-core-1.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsec/zrbEAuCEI84MDFAloMynplwaxHc>
Subject: Re: [OPSEC] Call For Adoption: draft-wang-opsec-tls-proxy-bp
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsec/>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Jul 2020 16:56:48 -0000

The Draft gives a good baseline on TLS Proxies and what you should consider.

I support the adoption.

 

Tobias

 

From: OPSEC <opsec-bounces@ietf.org> on behalf of Ron Bonica <rbonica=40juniper.net@dmarc.ietf.org>
Date: Sunday, 19. July 2020 at 19:35
To: OPSEC <opsec@ietf.org>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: [OPSEC] Call For Adoption: draft-wang-opsec-tls-proxy-bp

 

Folks,

 

This email begins a Call For Adoption on draft-wang-opsec-tls-proxy-bp.

 

Please send comments to opsec@ietf.org by August 3, 2020.

 

                                                                Ron

 

 

Juniper Business Use Only