Re: [TLS] TLS Proxy Server Extension

Ralph Holz <ralph-tls-tum@ralphholz.de> Fri, 05 August 2011 10:56 UTC

Return-Path: <ralph-tls-tum@ralphholz.de>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A41A921F8C1F for <tls@ietfa.amsl.com>; Fri, 5 Aug 2011 03:56:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.249
X-Spam-Level:
X-Spam-Status: No, score=-2.249 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_DE=0.35]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XQfVEw2PHUl8 for <tls@ietfa.amsl.com>; Fri, 5 Aug 2011 03:56:12 -0700 (PDT)
Received: from serverkommune.de (serverkommune.de [88.198.12.136]) by ietfa.amsl.com (Postfix) with ESMTP id C1BE821F8C1D for <tls@ietf.org>; Fri, 5 Aug 2011 03:56:11 -0700 (PDT)
Received: (qmail 13233 invoked by uid 89); 5 Aug 2011 12:56:21 +0200
Received: from serverkommune.de (HELO ?131.159.20.131?) (ralph@serverkommune.de@88.198.12.136) by serverkommune.de with ESMTPA; 5 Aug 2011 12:56:21 +0200
Message-ID: <4E3BCC55.4000504@ralphholz.de>
Date: Fri, 05 Aug 2011 12:56:21 +0200
From: Ralph Holz <ralph-tls-tum@ralphholz.de>
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.18) Gecko/20110617 Thunderbird/3.1.11
MIME-Version: 1.0
To: tls@ietf.org
References: <201108011615.p71GFGMT019612@fs4113.wdf.sap.corp> <2A88269D-38AF-4695-8DD0-0543C2391423@cisco.com> <C1A47F1540DF3246A8D30C853C05D0DA03DE24AC@DABECK.missi.ncsc.mil> <F9944E17-65C1-4B64-92C3-93D2BC85D8C5@cisco.com>
In-Reply-To: <F9944E17-65C1-4B64-92C3-93D2BC85D8C5@cisco.com>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: Re: [TLS] TLS Proxy Server Extension
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Aug 2011 10:56:12 -0000

Hi,

> It would be most correct to describe the goals of the draft as
> establishing a pair of confidential and authenticated data streams
> between C/P and P/S, while having a three-party entitiy
> authentication.   I think a good way to describe the goal would be:
> multiparty entity authentication with pairwise key establishment.

On a related note, the following patent has just been brought to my
attention:

http://www.google.com/patents?id=MjTHAAAAEBAJ

In essence, what is proposed is that a client consents to monitoring of
its TLS connection. The assignee is Bluecoat - they sell TLS proxies,
among other things.

Ralph