Re: [TLS] [OPSEC] Call For Adoption: draft-wang-opsec-tls-proxy-bp
Martin Thomson <mt@lowentropy.net> Wed, 29 July 2020 03:26 UTC
Return-Path: <mt@lowentropy.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F27383A0B38; Tue, 28 Jul 2020 20:26:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.12
X-Spam-Level:
X-Spam-Status: No, score=-2.12 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b=ZbfGLsAX; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=M8NNWx55
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5fntAfm2KTKN; Tue, 28 Jul 2020 20:26:34 -0700 (PDT)
Received: from wout5-smtp.messagingengine.com (wout5-smtp.messagingengine.com [64.147.123.21]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9BC273A0B31; Tue, 28 Jul 2020 20:26:34 -0700 (PDT)
Received: from compute2.internal (compute2.nyi.internal [10.202.2.42]) by mailout.west.internal (Postfix) with ESMTP id 9925642A; Tue, 28 Jul 2020 23:26:33 -0400 (EDT)
Received: from imap2 ([10.202.2.52]) by compute2.internal (MEProxy); Tue, 28 Jul 2020 23:26:33 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=mime-version:message-id:in-reply-to:references:date:from:to :cc:subject:content-type; s=fm2; bh=cQmUMN7lwIXrTInPjDol4VYlC2DH JljCrhfrv9cMr8o=; b=ZbfGLsAXqQVJuGBMqLLSk3jjMhCZYduKkk67ln90ijFn A/1JhDFOIl+1CuRmWyAtpW5QhhBTofSpQrc8Jd4iL/EP7GgizLDsYb13QWd/XYsf vURWN4NIxrTlNsSJ/Exr6fP53cc/ZR60UQtniIUx+oWyQENbu6bje5fRwoo6E5lf 3r+XPf7XPyuNoUhUUv3sOf1OnjBAWkMAn28/pGOm+plnu+49gTHbHShrgm7PIOKT jKsAqOnxvirco2ACDgR6PpIP59gqJY4xwMU/dFY4jQ0qw6yxlNu5YrNxrb3NUsRe PiFSAWCEVpoCNljv3jX0BDBJSV/mYu04Dyy+p1y5mA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; bh=cQmUMN 7lwIXrTInPjDol4VYlC2DHJljCrhfrv9cMr8o=; b=M8NNWx55AV4xjc1Jvs1WU3 ObrHDnR04uTczOlTfmRZvbvgrxema4sBEZ/1LA3O2ofU6cGead3/mEUQxvN3t+C3 K1e4mykmaywvfZn8L9D1MMl6p1m7PPARliV1AwydkTLe5ghCngrx+udEUnBaiOSk qap9TLnEBOba9UQQFczL1zSuoYPlhGhrvFsErownWUwCdLX7646x56ZK4G/lrmT7 t/kGMuj2ML1mZRzNdJnibG7zTxFrDEn9X9eIk4pa8HAqUh8wHkjURFSEo5DbyOQd y/ClvVz3jt0BEk2ye8r/7dnFc/hJdDAWCTeId+YBfslmvhHfhKbQLulx8jYLi3tQ ==
X-ME-Sender: <xms:aOwgX7icKJRYVAbvWM3LlkIB9QFFud3rNlRf3dIReYaht3XtOZY8Ig>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduiedrieefgdejtdcutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenuc fjughrpefofgggkfgjfhffhffvufgtsehttdertderredtnecuhfhrohhmpedfofgrrhht ihhnucfvhhhomhhsohhnfdcuoehmtheslhhofigvnhhtrhhophihrdhnvghtqeenucggtf frrghtthgvrhhnpeekteeuieektdekleefkeevhfekffevvdevgfekgfeluefgvdejjeeg ffeigedtjeenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhroh hmpehmtheslhhofigvnhhtrhhophihrdhnvght
X-ME-Proxy: <xmx:aOwgX4AmruNEd7DtlVl6RO2zVTJ2vgPEdRQibk1NMRjeCEHNnCVrqw> <xmx:aOwgX7G8Hd1wgxsWx8P_rKyjLauSuwDOHkqKm1dkB-LUAbtihNq-Vg> <xmx:aOwgX4TJP5NFK29gxVqaXkuOkRzVKNQvy1A21EsZdZYDwscP5WbXXQ> <xmx:aewgX-Ze6VVy2Ey0v7kjHW1H62MlBwmI_1r_1-yj9ATcZQIZJM4vhg>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 367F0E00A6; Tue, 28 Jul 2020 23:26:32 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.3.0-128-gd51a832-fm-20200728.001-gd51a8328
Mime-Version: 1.0
Message-Id: <90e5b7d5-a015-40f6-9d5b-b263c85cb2d3@www.fastmail.com>
In-Reply-To: <34226646-93F3-4592-A972-A55B160D5B78@cisco.com>
References: <DM6PR05MB634890A51C4AF3CB1A03DA0BAE7A0@DM6PR05MB6348.namprd05.prod.outlook.com> <d9a9ea94-4c4a-40eb-8841-7a92fa31103e@www.fastmail.com> <34226646-93F3-4592-A972-A55B160D5B78@cisco.com>
Date: Wed, 29 Jul 2020 13:26:13 +1000
From: Martin Thomson <mt@lowentropy.net>
To: "Eric Wang (ejwang)" <ejwang@cisco.com>
Cc: Ron Bonica <rbonica=40juniper.net@dmarc.ietf.org>, OPSEC <opsec@ietf.org>, "tls@ietf.org" <tls@ietf.org>
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/8yRbHZgbgXVzrkFc8yGmhEmdUZM>
Subject: Re: [TLS] [OPSEC] Call For Adoption: draft-wang-opsec-tls-proxy-bp
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Jul 2020 03:26:36 -0000
Hi Eric, On Wed, Jul 29, 2020, at 07:18, Eric Wang (ejwang) wrote: > In any case, the proxy has to conduct selective proxying in a safe, > non-disruptive manner. I will try to be clearer on this point. This requires design work and this document is a poor vehicle for that. It needs a separate document that documents the design, the properties of that design, and the assumptions that it requires to achieve those properties. The TLS working group has decided not to undertake work in this area. That TLS working group decision needs to be respected by other parts of the IETF.
- [TLS] Call For Adoption: draft-wang-opsec-tls-pro… Ron Bonica
- Re: [TLS] [OPSEC] Call For Adoption: draft-wang-o… Jen Linkova
- Re: [TLS] [OPSEC] Call For Adoption: draft-wang-o… Tobias Mayer (tmayer)
- Re: [TLS] [OPSEC] Call For Adoption: draft-wang-o… Nancy Cam-Winget (ncamwing)
- Re: [TLS] [OPSEC] Call For Adoption: draft-wang-o… Stephen Farrell
- Re: [TLS] [OPSEC] Call For Adoption: draft-wang-o… Eric Wang (ejwang)
- Re: [TLS] [OPSEC] Call For Adoption: draft-wang-o… Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] [OPSEC] Call For Adoption: draft-wang-o… Ira McDonald
- Re: [TLS] [OPSEC] Call For Adoption: draft-wang-o… Salz, Rich
- Re: [TLS] [OPSEC] Call For Adoption: draft-wang-o… Stephen Farrell
- Re: [TLS] [OPSEC] Call For Adoption: draft-wang-o… Nancy Cam-Winget (ncamwing)
- Re: [TLS] [OPSEC] Call For Adoption: draft-wang-o… Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] [OPSEC] Call For Adoption: draft-wang-o… Ben Schwartz
- Re: [TLS] [OPSEC] Call For Adoption: draft-wang-o… Nick Harper
- Re: [TLS] [OPSEC] Call For Adoption: draft-wang-o… Salz, Rich
- Re: [TLS] [OPSEC] Call For Adoption: draft-wang-o… Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] [EXTERNAL] Re: [OPSEC] Call For Adoptio… Andrei Popov
- Re: [TLS] [OPSEC] Call For Adoption: draft-wang-o… Roelof duToit
- Re: [TLS] [OPSEC] [EXTERNAL] Re: Call For Adoptio… Roelof duToit
- Re: [TLS] [OPSEC] Call For Adoption: draft-wang-o… Eric Wang (ejwang)
- Re: [TLS] [OPSEC] Call For Adoption: draft-wang-o… Eric Wang (ejwang)
- Re: [TLS] [OPSEC] Call For Adoption: draft-wang-o… Stephen Farrell
- Re: [TLS] [OPSEC] Call For Adoption: draft-wang-o… Roelof duToit
- Re: [TLS] [OPSEC] Call For Adoption: draft-wang-o… Ashutosh Singh
- Re: [TLS] Call For Adoption: draft-wang-opsec-tls… Martin Thomson
- Re: [TLS] [OPSEC] Call For Adoption: draft-wang-o… Arnaud.Taddei.IETF
- Re: [TLS] Call For Adoption: draft-wang-opsec-tls… Eric Rescorla
- Re: [TLS] [OPSEC] Call For Adoption: draft-wang-o… tom petch
- Re: [TLS] [OPSEC] Call For Adoption: draft-wang-o… Eric Wang (ejwang)
- Re: [TLS] [OPSEC] Call For Adoption: draft-wang-o… Watson Ladd
- Re: [TLS] [OPSEC] Call For Adoption: draft-wang-o… Nick Harper
- Re: [TLS] Call For Adoption: draft-wang-opsec-tls… Rob Sayre
- Re: [TLS] [OPSEC] Call For Adoption: draft-wang-o… Martin Thomson
- Re: [TLS] [OPSEC] Call For Adoption: draft-wang-o… Salz, Rich
- Re: [TLS] [OPSEC] Call For Adoption: draft-wang-o… Eric Wang (ejwang)
- Re: [TLS] [OPSEC] Call For Adoption: draft-wang-o… Eric Wang (ejwang)
- Re: [TLS] [OPSEC] Call For Adoption: draft-wang-o… Stephen Farrell
- Re: [TLS] [OPSEC] Call For Adoption: draft-wang-o… Eric Rescorla
- Re: [TLS] [OPSEC] Call For Adoption: draft-wang-o… Stephen Farrell
- Re: [TLS] [OPSEC] Call For Adoption: draft-wang-o… Carrick Bartle
- Re: [TLS] [OPSEC] Call For Adoption: draft-wang-o… Eric Rescorla
- Re: [TLS] [OPSEC] Call For Adoption: draft-wang-o… Rob Sayre
- Re: [TLS] [OPSEC] Call For Adoption: draft-wang-o… Salz, Rich
- Re: [TLS] [OPSEC] Call For Adoption: draft-wang-o… Eric Wang (ejwang)
- Re: [TLS] [OPSEC] Call For Adoption: draft-wang-o… Rob Sayre
- Re: [TLS] [OPSEC] Call For Adoption: draft-wang-o… Paul Brears
- Re: [TLS] [OPSEC] Call For Adoption: draft-wang-o… Töma Gavrichenkov
- Re: [TLS] [OPSEC] Call For Adoption: draft-wang-o… Töma Gavrichenkov
- Re: [TLS] [OPSEC] Call For Adoption: draft-wang-o… Salz, Rich
- Re: [TLS] [OPSEC] Call For Adoption: draft-wang-o… Töma Gavrichenkov
- Re: [TLS] [OPSEC] Call For Adoption: draft-wang-o… Salz, Rich
- Re: [TLS] [OPSEC] Call For Adoption: draft-wang-o… Töma Gavrichenkov
- Re: [TLS] [OPSEC] Call For Adoption: draft-wang-o… Nick Harper
- Re: [TLS] [OPSEC] Call For Adoption: draft-wang-o… Ben Smyth
- Re: [TLS] [OPSEC] Call For Adoption: draft-wang-o… Eric Wang (ejwang)
- Re: [TLS] [OPSEC] Call For Adoption: draft-wang-o… Rob Sayre