[Secdispatch] Fwd: New Version Notification for draft-zubov-snif-04.txt
Jim Zubov <ietf-list@commercebyte.com> Thu, 17 February 2022 17:37 UTC
Return-Path: <ietf-list@commercebyte.com>
X-Original-To: secdispatch@ietfa.amsl.com
Delivered-To: secdispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A515E3A0D90 for <secdispatch@ietfa.amsl.com>; Thu, 17 Feb 2022 09:37:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=commercebyte.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Kd2pgvji2VRJ for <secdispatch@ietfa.amsl.com>; Thu, 17 Feb 2022 09:37:42 -0800 (PST)
Received: from ocean1.commercebyte.com (ocean1.commercebyte.com [104.131.120.15]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EF66C3A0D97 for <secdispatch@ietf.org>; Thu, 17 Feb 2022 09:37:37 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=commercebyte.com; s=default; h=Content-Transfer-Encoding:Content-Type:MIME-Version:Message-ID:References:In-Reply-To:Subject:To:From:Date; bh=lYlBpTbGB2NV7fe7oz+U6S2KGHQH/mradzsIS6ReqcY=; b=WlRV35VB86yPLvaC2Nwn4YFEN7RqzOvTQqVu6ofFppNukwyU+S9yrX6aVvj8nCM8Q3FHmEJhE2cDQrkBBxTWRRozIynA2Mop/vnqdOnoCsmUerBrJCyFo8+FWCO9jt/pptPDk5OGxo0qT2mHG21Yz/nZ8CsGlyBOwv6Uq/RQT1g=;
Received: from [47.204.174.73] (port=47500 helo=[127.0.0.1]) by ocean1.commercebyte.com with esmtpsa (UNKNOWN:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.82) (envelope-from <ietf-list@commercebyte.com>) id 1nKkil-0002JP-In for secdispatch@ietf.org; Thu, 17 Feb 2022 12:37:35 -0500
Received: from [206.81.2.95]:7120 (helo=[127.0.0.1]) by [192.168.254.152]:43186 (localhost) with VESmail ESMTP Proxy 1.59 (encrypt=FALSE mode=FALLBACK); Thu, 17 Feb 2022 12:37:35 -0500
Date: Thu, 17 Feb 2022 12:37:26 -0500
From: Jim Zubov <ietf-list@commercebyte.com>
To: secdispatch@ietf.org
User-Agent: K-9 Mail for Android
In-Reply-To: <82ED3C66-583B-4A1A-A98A-5AE7E40541E2@commercebyte.com>
References: <82ED3C66-583B-4A1A-A98A-5AE7E40541E2@commercebyte.com>
Message-ID: <8034BD7C-7D82-4B1E-9A32-18A9493370A3@commercebyte.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - ocean1.commercebyte.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - commercebyte.com
X-Get-Message-Sender-Via: ocean1.commercebyte.com: authenticated_id: jz@nixob.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdispatch/l5AC4g9ssbt8KF_fJ1MVO0otqbc>
Subject: [Secdispatch] Fwd: New Version Notification for draft-zubov-snif-04.txt
X-BeenThere: secdispatch@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Dispatch <secdispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdispatch/>
List-Post: <mailto:secdispatch@ietf.org>
List-Help: <mailto:secdispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Feb 2022 17:37:48 -0000
A new revision of the SNIF draft, according to Michael Richardson's suggestions. - An https only high security option for CA proxy API, which involves an additional {apiUrl} configuration parameter for SNIF connectors, - Amended security section, SNIF relay identity verification as a high security option, - Private key algo as per CA suggestions and industry practices. -------- Original Message -------- A new version of I-D, draft-zubov-snif-04.txt has been successfully submitted by Jim Zubov and posted to the IETF repository. Name: draft-zubov-snif Revision: 04 Title: Deploying Publicly Trusted TLS Servers on IoT Devices Using SNI-based End-to-End TLS Forwarding (SNIF) Document date: 2022-02-16 Group: Individual Submission Pages: 21 URL: https://www.ietf.org/archive/id/draft-zubov-snif-04.txt Status: https://datatracker.ietf.org/doc/draft-zubov-snif/ Html: https://www.ietf.org/archive/id/draft-zubov-snif-04.html Htmlized: https://datatracker.ietf.org/doc/html/draft-zubov-snif Diff: https://www.ietf.org/rfcdiff?url2=draft-zubov-snif-04 Abstract: This document proposes a solution, referred as SNIF, that provides the means for any Internet connected device to: * allocate a globally unique anonymous hostname; * obtain and maintain a publicly trusted X.509 certificate issued for the allocated hostname; * accept incoming TLS connections on specific TCP ports of the allocated hostname from any TLS clients that are capable of sending Server Name Indication. The private key associated with the X.509 certificate is securely stored on the TLS terminating device, and is never exposed to any other party at any step of the process. About This Document This note is to be removed before publishing as an RFC. Status information for this document may be found at https://datatracker.ietf.org/doc/draft-zubov-snif. Information can be found at https://snif.host. Source for this draft and an issue tracker can be found at https://github.com/vesvault/snif-i-d. The IETF Secretariat