Re: [TLS] [OPSEC] Call For Adoption: draft-wang-opsec-tls-proxy-bp

Paul Brears <paulbrears@hotmail.com> Thu, 30 July 2020 11:28 UTC

Return-Path: <paulbrears@hotmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2C6FA3A109B; Thu, 30 Jul 2020 04:28:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.099
X-Spam-Level:
X-Spam-Status: No, score=-1.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, FREEMAIL_REPLY=1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=hotmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Jku7XAqDIKZV; Thu, 30 Jul 2020 04:28:48 -0700 (PDT)
Received: from EUR04-HE1-obe.outbound.protection.outlook.com (mail-oln040092073104.outbound.protection.outlook.com [40.92.73.104]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2E1BA3A1094; Thu, 30 Jul 2020 04:28:48 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=JJYLz+uFZBOL+leiXpDy4j3FOoWrdXwl/s3lvWwcWRKstCVXmMAODW6WdHHbQEgkcr3oB+OK7bd9SyWhOqfQrCUmKT3AUqavGJmiwRerVGGznwKUHzv5Q6fjnyhXfUqql4ogzXu+dZFI1kqNhkDQ2M72zEujWDFeKOn2diLX8kEOTGvBDjumq0Yz5Rpfe4EQcYJNMYX7tf8us5vS9W0Cm1+Xw3fUonpNqEwclw+ZaMd76daSsDVIH2bwtOUPUS7+9fFbRI16P9gorIGYC2aAvKuLgpxJ7o/3PSsyTQ1x/lIQwG4APCpvg2stshLir1p9PuKweBJinxirs2Z+YPW6Ew==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Ew7vPa0m+68qCqWFbnIqVDIC7x/pAHXkYFR5sb4SZHw=; b=LIbD5D/HdhRmtiok63QOy2YoAQGyY7YGGm9E5C0taHu+km+uKlR1q1CkJdL6UlVO5MG/XFEhduN7Q3KWAvz0G/A5wQ/Ge5VPuatfqL130LxK7Y1X4MIbMSDnkyyJm3A3vcRTIKiM7eaJA6DVQCEWRaAqEEBSaDI8jQltc/q+hcU+iqWSprPvl5BjHrVLUy0A0swikfxqM2YbSM9pawIrETV15zrOQx0qDIxAQdPR14aPKZZiSwd+OurtAvO5qdrEk62GtCcbiX27MerhBZL6YVRMuMOxrQ8EdRPyS4anR5JivLfrBGpfwDUIFuZWeeDosjw7RGj2DV1CGyVRv86pJg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hotmail.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Ew7vPa0m+68qCqWFbnIqVDIC7x/pAHXkYFR5sb4SZHw=; b=mPmh9mgs0/eU5Uy08BPY+yTcervgHO5VRhezhlcDvSsXxMqjNTp4Rqef7GOuAcXSzB3+ipqIx0AYjHKzhzsLefDNvOzjuU8HJpNjwpG3wHFsB/PBfFv3oEAM7pyFTgat1LU8apAkuuGfX81Xg0EZWd4/u0YLrYA2UF9qLvLGC9B40ZYPTkrfiwOCWJaZ4EoNlsg6crTAaNnUvE26VJF+Hqt+bbdtJ85sAHWE4wLOn/u/PFMHv7oOn71CYGP31idXRNKpghCmEg8r+BuQNmtQNXaZfEu5VeHluJ1sBJ+Be9r7N0LVZd6R33zVRmeDvkeqDXMRrVUfze8lU2FUhpZJEA==
Received: from HE1EUR04FT049.eop-eur04.prod.protection.outlook.com (2a01:111:e400:7e0d::47) by HE1EUR04HT200.eop-eur04.prod.protection.outlook.com (2a01:111:e400:7e0d::398) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3239.17; Thu, 30 Jul 2020 11:28:45 +0000
Received: from CWLP265MB0643.GBRP265.PROD.OUTLOOK.COM (2a01:111:e400:7e0d::4d) by HE1EUR04FT049.mail.protection.outlook.com (2a01:111:e400:7e0d::171) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3239.17 via Frontend Transport; Thu, 30 Jul 2020 11:28:45 +0000
Received: from CWLP265MB0643.GBRP265.PROD.OUTLOOK.COM ([fe80::154c:d761:f115:e0eb]) by CWLP265MB0643.GBRP265.PROD.OUTLOOK.COM ([fe80::154c:d761:f115:e0eb%3]) with mapi id 15.20.3239.019; Thu, 30 Jul 2020 11:28:45 +0000
From: Paul Brears <paulbrears@hotmail.com>
To: "Arnaud.Taddei.IETF" <Arnaud.Taddei.IETF@protonmail.com>, Jen Linkova <furry13@gmail.com>
CC: OPSEC <opsec@ietf.org>, OpSec Chairs <opsec-chairs@ietf.org>, "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] [OPSEC] Call For Adoption: draft-wang-opsec-tls-proxy-bp
Thread-Index: AdZd8qs4MVhjKcpfSaSC3eC5PK0rEQCniF8AAQpSLQAAamJhqg==
Date: Thu, 30 Jul 2020 11:28:45 +0000
Message-ID: <CWLP265MB0643AFFDE43DF92784A14775D2710@CWLP265MB0643.GBRP265.PROD.OUTLOOK.COM>
References: <DM6PR05MB634890A51C4AF3CB1A03DA0BAE7A0@DM6PR05MB6348.namprd05.prod.outlook.com> <CAFU7BAS=ymUPTAGB_fOSrHTG0OajV1n5M1-yOBWxvGam-a89AA@mail.gmail.com>, <P3VX7yNLRHW2RJySpNXncc3tfSeyPArgUZnuPmIB7ybFPu_WELPek2GHERsJfvoNHvgQXKyCfLs5lFYJgZWeyurOu4UtUZj7E4t4A66CWVk=@protonmail.com>
In-Reply-To: <P3VX7yNLRHW2RJySpNXncc3tfSeyPArgUZnuPmIB7ybFPu_WELPek2GHERsJfvoNHvgQXKyCfLs5lFYJgZWeyurOu4UtUZj7E4t4A66CWVk=@protonmail.com>
Accept-Language: en-GB, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-incomingtopheadermarker: OriginalChecksum:C2A4EF67E387E02F55557F3DCBE41943B0C02DF80EAE594D7EE9A4C4D259E0CC; UpperCasedChecksum:0B5B8E92DEC6F7C0E56CB4613F09359669EC2D8A63462E3352D00388C66552C6; SizeAsReceived:7325; Count:45
x-ms-exchange-messagesentrepresentingtype: 1
x-tmn: [0rpwE4XknPleqAtQQj0FKp70lWYRM4Jy]
x-ms-publictraffictype: Email
x-incomingheadercount: 45
x-eopattributedmessage: 0
x-ms-office365-filtering-correlation-id: d5685188-dc26-434d-1289-08d8347bb8c9
x-ms-traffictypediagnostic: HE1EUR04HT200:
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: yH/GYu0SGgaCFrt9IJMn1v248z2uHCJ3gi9DAQ3kIimp0jv3aU5qBXGSxbvUZOAx0kGKCyemxUnzsumwFy6jAV5c0XnbVEyw8pPKicBnG5kuAEXIFKzjYesqNwMzikYOw7B5QEuH14UqmMXxrKy6ErgDbCwyBr9Yh50CDqQafaaz5EBhEmnuDw9DIyO420ngLrDSKKTT1cn8NAja75p4I2xUemCn1ov7Wj3SHyfBzDWTf2qMGii8WfbiDjJPNwpK
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:0; SRV:; IPV:NLI; SFV:NSPM; H:CWLP265MB0643.GBRP265.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFTY:; SFS:; DIR:OUT; SFP:1901;
x-ms-exchange-antispam-messagedata: G24s5DHw/26DnUkmbMWMXwvm4nmOtte/Y58LoFd7GTucZLziSOb8sIloEcmL2ZPNjJIOK6Mxbi0eOJcTBTjOHDq1m2sF6pmx+O/LcfSGJzPZqXvUIsKuXqNlRNmNd+LrXb5tsiAIc0n0JtEGrHcbeQ==
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_CWLP265MB0643AFFDE43DF92784A14775D2710CWLP265MB0643GBRP_"
MIME-Version: 1.0
X-OriginatorOrg: hotmail.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-AuthSource: HE1EUR04FT049.eop-eur04.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-CrossTenant-Network-Message-Id: d5685188-dc26-434d-1289-08d8347bb8c9
X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-CrossTenant-originalarrivaltime: 30 Jul 2020 11:28:45.7712 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Internet
X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1EUR04HT200
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/0ItFYA2P4HtkmIr75mLkIX_yc9w>
Subject: Re: [TLS] [OPSEC] Call For Adoption: draft-wang-opsec-tls-proxy-bp
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Jul 2020 11:28:50 -0000

I support this draft and agree with the points made below.

Paul

From: Arnaud.Taddei.IETF<mailto:Arnaud.Taddei.IETF=40protonmail.com@dmarc.ietf.org>
Sent: 28 July 2020 09:36
To: Jen Linkova<mailto:furry13@gmail.com>
Cc: OPSEC<mailto:opsec@ietf.org>; OpSec Chairs<mailto:opsec-chairs@ietf.org>; tls@ietf.org<mailto:tls@ietf.org>
Subject: Re: [TLS] [OPSEC] Call For Adoption: draft-wang-opsec-tls-proxy-bp

I strongly support this work as it represents capabilities that are being developed, deployed and used in practice. It has good intentions and provides a good approach in the context of defense in depth approaches. No security cannot be just on both ends of the communication. One can dream about it but that is not how reality is. Removing this possibility is a limit to the overall defense.

I do not understand the reasons behind ignoring reality and the IETF would have, in my naive mind, a strong interest in getting this work under good community adoption so that it is kept in good control with validated best practices. Everyone would win.

I support this draft


Sent with ProtonMail Secure Email.

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Thursday 23 July 2020 03:30, Jen Linkova <furry13@gmail.com> wrote:

> One thing to add here: the chairs would like to hear active and
> explicit support of the adoption. So please speak up if you believe
> the draft is useful and the WG shall work on getting it published.
>
> On Mon, Jul 20, 2020 at 3:35 AM Ron Bonica
> rbonica=40juniper.net@dmarc.ietf.org wrote:
>
> > Folks,
> > This email begins a Call For Adoption on draft-wang-opsec-tls-proxy-bp.
> > Please send comments to opsec@ietf.org by August 3, 2020.
> >
> >                                                                 Ron
> >
> >
> > Juniper Business Use Only
> >
> > OPSEC mailing list
> > OPSEC@ietf.org
> > https://www.ietf.org/mailman/listinfo/opsec
>
> --
>
> SY, Jen Linkova aka Furry
>
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls


_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls