Re: [TLS] TLS Proxy Server Extension

Matt McCutchen <> Wed, 27 July 2011 02:42 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 01C5E11E80CB for <>; Tue, 26 Jul 2011 19:42:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id b+ZXpR0CCOLf for <>; Tue, 26 Jul 2011 19:42:34 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 7917211E80A5 for <>; Tue, 26 Jul 2011 19:42:34 -0700 (PDT)
Received: from (localhost []) by (Postfix) with ESMTP id 263D820806B; Tue, 26 Jul 2011 19:42:34 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; c=nofws;; h=subject:from :to:cc:in-reply-to:references:content-type:date:message-id :mime-version:content-transfer-encoding; q=dns; s=; b=X7/0tjCVhhvosw0agIQoh3+P6cofvN5E/lb5yREamTy fJh7JcDhBu/Q5dxTEDNji62ku0odr1VRbmh7pROQfqyHUBoYyNHXixqKdTpvCx7K tzFVTX4bsPaHk9zTjR+KW2KF6xMMhV+qV5HsbXnNXkjPr0umtcYLmVHZi7kPWMUo =
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed;; h= subject:from:to:cc:in-reply-to:references:content-type:date :message-id:mime-version:content-transfer-encoding; s=; bh=8oyKKW4gFlEwrT981FZkBpLo4nM=; b=VLmpqB21pY oXRyqRs74in+w/v59DsRYlzxnjPbYpxdhfSEXNz9iQttUIREXuBUjnpfNuftSnf7 r+H+yNmOuwkQWlJc8rLXsaIDq2h3unYfc7uzEXkNyK1R7qQbNK73aC6EMNbAEOmJ OQGU2O9aXLOCohUPK2kg628vB/cd/iG0k=
Received: from [] ( []) (using SSLv3 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: by (Postfix) with ESMTPSA id 8969D208069; Tue, 26 Jul 2011 19:42:33 -0700 (PDT)
From: Matt McCutchen <>
To: David McGrew <>
In-Reply-To: <>
References: <>
Content-Type: text/plain; charset="UTF-8"
Date: Tue, 26 Jul 2011 22:42:30 -0400
Message-ID: <1311734551.7071.72.camel@localhost>
Mime-Version: 1.0
X-Mailer: Evolution 2.32.3
Content-Transfer-Encoding: 7bit
Cc: Philip Gladstone <>,
Subject: Re: [TLS] TLS Proxy Server Extension
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 27 Jul 2011 02:42:35 -0000

On Tue, 2011-07-26 at 08:01 -0700, David McGrew wrote:
> I would like to request feedback on a new draft that Philip Gladstone  
> and I put together, which aims to solve some of the security problems  
> that happen when there is a (HTTP) proxy present and TLS is in use.

It doesn't seem that this work is in any way specific to HTTP.


- If you're going to require support from the client, you might as well
do something to support client authentication on the server-side
connection, e.g., tunnel the PKCS#11 protocol back to the client.

- You could bundle the whole sequence of handshake messages from the
server-side connection in the ProxyInfo and let the client deal with it
rather than muck about with the ConnectionSecurityParameters here.  This
would include any further ProxyInfos without making a special case.

- It would be better design to put the whole certificate acceptance test
(trust anchor validation + server name check) on the client.  Schemes
such as DANE replace the certificate acceptance test as a whole.

- One approach would be to do a real escrowed TLS where the client
negotiates directly with the server but releases the confidentiality key
and optionally also the integrity key to the proxy.  This subsumes all
of the above concerns but doesn't allow the proxy to manipulate the
handshake in any finer way than blocking the connection if it doesn't
like the outcome.