Re: [TLS] [saag] looking to hold a TLS VPN side meeting at IETF 92
Michael Richardson <mcr+ietf@sandelman.ca> Sat, 14 March 2015 19:47 UTC
Return-Path: <mcr@sandelman.ca>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E67A71A0204; Sat, 14 Mar 2015 12:47:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.911
X-Spam-Level:
X-Spam-Status: No, score=-1.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WFumaO-AK18y; Sat, 14 Mar 2015 12:47:51 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3C1FE1A0194; Sat, 14 Mar 2015 12:47:51 -0700 (PDT)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id EF90120012; Sat, 14 Mar 2015 15:57:05 -0400 (EDT)
Received: by sandelman.ca (Postfix, from userid 179) id 7D49263784; Sat, 14 Mar 2015 15:47:49 -0400 (EDT)
Received: from sandelman.ca (localhost [127.0.0.1]) by sandelman.ca (Postfix) with ESMTP id 67D48636B6; Sat, 14 Mar 2015 15:47:49 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: "Boyle, Vincent M" <vmboyle@nsa.gov>
In-Reply-To: <E18BF42C3D667642ABC0EF4B6064EB67D0918938@MSMR-GH1-UEA04.corp.nsa.gov>
References: <E18BF42C3D667642ABC0EF4B6064EB67D0918938@MSMR-GH1-UEA04.corp.nsa.gov>
X-Mailer: MH-E 8.6; nmh 1.3-dev; GNU Emacs 24.4.2
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha1"; protocol="application/pgp-signature"
Date: Sat, 14 Mar 2015 15:47:49 -0400
Message-ID: <13453.1426362469@sandelman.ca>
Sender: mcr@sandelman.ca
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/1uh8fJ3mjlKCtMxY8FqNMpHBglg>
X-Mailman-Approved-At: Mon, 16 Mar 2015 13:19:08 -0700
Cc: "'ipsec@ietf.org'" <ipsec@ietf.org>, "'saag@ietf.org'" <saag@ietf.org>, "'tls@ietf.org'" <tls@ietf.org>
Subject: Re: [TLS] [saag] looking to hold a TLS VPN side meeting at IETF 92
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 14 Mar 2015 19:47:53 -0000
I sure hope that you will give us a definition of a TLS VPN. It's really important that we know what is in scope and what is not. My take is that solutions that run TCP and/or HTTPS proxy over TLS, are not TLS VPNs, because they don't pass the "N"etwork part of VPN. They are useful mechanisms, and I'm all for standardizing them, but the word VPN should not be applied. OpenVPN is a TLS keyed VPN. It can and does run over a single TCP port, but that has congestion issues (tcp over tcp), so running the data part it over UDP is preferrale, but not always possible. (Meanwhile,there are IPsec vendors that run ESP over TCP in non-standard fashions...) I'd like to see some convergence at the dataplane side. -- Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works -= IPv6 IoT consulting =-
- Re: [TLS] [saag] looking to hold a TLS VPN side m… Yoav Nir
- [TLS] looking to hold a TLS VPN side meeting at I… Boyle, Vincent M
- Re: [TLS] [saag] looking to hold a TLS VPN side m… Michael Richardson