IETF Logo Mail Archive

Re: [TLS] New Version Notification for draft-friel-tls-over-http-00.txt

Peter Saint-Andre <stpeter@stpeter.im> Tue, 07 November 2017 16:25 UTC

Return-Path: <stpeter@stpeter.im>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DC3A61241F3 for <tls@ietfa.amsl.com>; Tue, 7 Nov 2017 08:25:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.721
X-Spam-Level:
X-Spam-Status: No, score=-2.721 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=stpeter.im header.b=oWFFmaco; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=PZch/7Jz
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G_ohjXZj2JX0 for <tls@ietfa.amsl.com>; Tue, 7 Nov 2017 08:25:48 -0800 (PST)
Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D19F713380C for <tls@ietf.org>; Tue, 7 Nov 2017 08:21:47 -0800 (PST)
Received: from compute2.internal (compute2.nyi.internal [10.202.2.42]) by mailout.nyi.internal (Postfix) with ESMTP id 4435A20D67; Tue, 7 Nov 2017 11:21:47 -0500 (EST)
Received: from frontend1 ([10.202.2.160]) by compute2.internal (MEProxy); Tue, 07 Nov 2017 11:21:47 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=stpeter.im; h= content-type:date:from:in-reply-to:message-id:mime-version :references:subject:to:x-me-sender:x-me-sender:x-sasl-enc; s= fm1; bh=agQgpEwS5vO9tLTT924scXFd6LtyPbVr8g8nd5Ja5w4=; b=oWFFmaco cMnhG1xIkGbsy8mhSGaw06Hwif6tSuO7mmr6kMSwtAVZw0BqTYl+al4eakuAuwQ4 jEk+CZTrffVW/6Z0AIkzEkriwXyc5dqHe4elB6hF3fXVwKokbgOMceohQiRlCJiG 3/j5pSSEzOtI90/dXCjA4c7XjIx1Wpq7Q/MHKVoNtziJimdWdy6L55uu77M5PV2T hZBGKgTKTgbx4qBmL+0kRj6O6DM+9rdsUuOTXbnDp5P+PES84fFrmnwS2IbV/Ssj n7ujhVA3Rzeq36LXBHWxO87IFZqwrLsv+hBKfp4Rk681GUV+FLPeNRL10ZHqnDJ4 cw9lvZoM95X+og==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc; s=fm1; bh=agQgpEwS5vO9tLTT924scXFd6LtyP bVr8g8nd5Ja5w4=; b=PZch/7JzdDXobvdbmYp0DUERnSJ+GI96bvN7M2klLiJjL Vth/+GcPWG4BDVPgt2JxJE3iQDdXYD1hKOsKCqbSlmr79z9akqQjThuX+/h5LP5W EgGgc0XSxoVjH4ypqtj+S8mxe7Zauc3WOUljfa5apLhVTdshTDqNCxzOSNXOetUb Helrla+Yx7iXWmGrxXpMgtI1M6vED2tsRxUzNQ1/uuhfhco2cwI4t5Dl5IIJyqC3 sPbCZuGcrFMOOwFJ0MIccQuVuFDgUYYms4V7HiRkFyZ3xlobIkxvjax2/HXPQWPk F5Pqftjbk/7y8fkzF/Oi4YPExQsuoqIaEL1r0P3Sw==
X-ME-Sender: <xms:m90BWsaN-oUNTgQeZs5QouN0lgLo3UwbK98HxzqgNmzuiwwcr186xA>
Received: from aither.local (unknown [76.25.3.152]) by mail.messagingengine.com (Postfix) with ESMTPA id BD7477FADE; Tue, 7 Nov 2017 11:21:46 -0500 (EST)
To: tls@ietf.org
References: <150939282345.7694.10153977158870845060.idtracker@ietfa.amsl.com> <CAL02cgRS715Vc+4_QNDSNBW8LP1f-Rmp0FW9W_pyHHpAnkX7Sg@mail.gmail.com> <CAMqknA6-+=W8j77xZ80M8Y+bz3V+VLUDOYjgK2vA0=HLHk7k2w@mail.gmail.com> <da4504a1-f868-bf66-1f28-2b7716207d07@gmx.net>
From: Peter Saint-Andre <stpeter@stpeter.im>
Message-ID: <c10b7153-510b-89e9-2a50-6ea88528c12e@stpeter.im>
Date: Tue, 07 Nov 2017 09:21:45 -0700
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Thunderbird/52.4.0
MIME-Version: 1.0
In-Reply-To: <da4504a1-f868-bf66-1f28-2b7716207d07@gmx.net>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="7pouqj6CIrJWAwvQ9O9Uf8rX4blhWGISR"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/2vV_X5A4jGbyMhYYvxjExb1gZbE>
Subject: Re: [TLS] New Version Notification for draft-friel-tls-over-http-00.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Nov 2017 16:25:50 -0000

On 11/7/17 8:15 AM, Hannes Tschofenig wrote:
> FWIW: I can tell you what the threat model was with the layered TLS work.
> 
> Let me give you a very specific example. Imagine a Bluetooth Low Energy
> device that communicates via a phone to a cloud-based service. The
> communication from the phone to the cloud uses HTTPS. The communication
> from the BLE device to the phone uses ordinary BLE
> services/characteristics.
> 
> The Layered TLS/application layer TLS would in this case run from the
> BLE device all the way to the cloud-based service at the application layer.
> 
> This allows us to provide end-to-end security across a proxy (in this
> case the phone) and independent of the underlying protocols.
> 
> Does this make sense?

Given your assumptions, yes. Although IMHO there's got to be a better
way to accomplish the goal of end-to-end security here. If I were going
to IETF 100, I'd propose getting together for a beer to discuss...

Peter

v2.23.0 | Report a Bug | By Email