[TLS] Fwd: I-D Action: draft-lemon-tls-blocking-alert-00.txt

Ted Lemon <mellon@fugue.com> Mon, 06 June 2016 17:21 UTC

Return-Path: <mellon@fugue.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B81FD12D871 for <tls@ietfa.amsl.com>; Mon, 6 Jun 2016 10:21:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id y5l5Ru6DmzIW for <tls@ietfa.amsl.com>; Mon, 6 Jun 2016 10:21:54 -0700 (PDT)
Received: from mail-lf0-x22b.google.com (mail-lf0-x22b.google.com [IPv6:2a00:1450:4010:c07::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B5A6612D0EB for <tls@ietf.org>; Mon, 6 Jun 2016 10:21:53 -0700 (PDT)
Received: by mail-lf0-x22b.google.com with SMTP id b73so99025469lfb.3 for <tls@ietf.org>; Mon, 06 Jun 2016 10:21:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=FiI7bYJ3kjuEW7Eh7jbQK2mYvgwkP1NSUFPn0dDavLo=; b=zEzO3wtT720ntfrVXiXi7CrHfygTA2D4UX5FShdnofRfZVj05H+4urcXS0KB3P8FmQ q+rPBBRIrnYT7QWFDt8xY1v0DFGf5j4i5Vxq+QMFQnkzhiSjtsx/hANGZmkkB0JHzNGe NxQpCYugWQLO4Q1Wvkfh+fcg2ylpV+x+TIaWBKxYdGeZac3gUnDbJsjoMfo8DSs4h+yW r+U9GzTpPVnt/oITsPlE40F52Nw3gqHP0x+p/SHEvO233Bagf6W1pESnnJayIZKoUK+m BGg8ydvhEkr1h+zMmmZB7i8TdmOzRXLArQ6LhFIfKUuLF3bnItIxtPs+7XAA8z/N1Gy7 e+8g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=FiI7bYJ3kjuEW7Eh7jbQK2mYvgwkP1NSUFPn0dDavLo=; b=SOiNO7+zuUCNaf0ayJof8gC0Th3Xsai2wiA494dHzKKLt7WsdtB5yxlQbYouvAYwu5 8zwP0VN/320JDn4DAigNwqycYfLDznRfT4QCCDtyN6B3WBGAnMKYYFKp5AWioKEGdECz rSqlHqpIXpbFDc1Z3YL6nMIdkpznodbeL+NyR8j2QEEqk2mZhwRg1HOiR5abFqwWWSIC 14KsdQqsKIl6awQpbsFKfteJ/qT0oUC592Yh0uigHB2H0qDRluMCIaJu8/QE1jTvUDGx CyeB486myfWMXiWCCuz1QJuUebAV0tv8aKJpUC+g923jdLBE+Py2Eq6R9qSNE7rqp5q8 MZhw==
X-Gm-Message-State: ALyK8tLsQjxDcnAlM/fMHPF9GvkiGdhmKQ3RkWBhrB2IIgZ8gjCfmvTltIU6QgOGip8bQKK8TJ4swW0njAGycw==
X-Received: by 10.25.91.196 with SMTP id p187mr1768896lfb.167.1465233711895; Mon, 06 Jun 2016 10:21:51 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.25.153.135 with HTTP; Mon, 6 Jun 2016 10:21:12 -0700 (PDT)
In-Reply-To: <20160606171459.20797.7839.idtracker@ietfa.amsl.com>
References: <20160606171459.20797.7839.idtracker@ietfa.amsl.com>
From: Ted Lemon <mellon@fugue.com>
Date: Mon, 6 Jun 2016 13:21:12 -0400
Message-ID: <CAPt1N1=YRyfmWDFxNHTj6Kb+mVf4w=sqt2Wp_i-gzp03+UjGqw@mail.gmail.com>
To: tls@ietf.org
Content-Type: multipart/alternative; boundary=001a11412792e92ab605349f4e9d
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/IWWa7kKfNAdQMuZiatYDth3YWAo>
Subject: [TLS] Fwd: I-D Action: draft-lemon-tls-blocking-alert-00.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Jun 2016 17:21:59 -0000

I've posted a new document to the datatracker that adds some TLS alert
codes that can be sent to indicate that a particular TLS request has been
blocked by the network.   This attempts to address the problem of notifying
the user of what went wrong when a site is blocked, without creating a
channel that can be used by a hostile network to attack a user.

Feedback is solicited, naturally.

Thanks!

A New Internet-Draft is available from the on-line Internet-Drafts
directories.


        Title           : Blocked Site Alerts for TLS
        Author          : Ted Lemon
        Filename        : draft-lemon-tls-blocking-alert-00.txt
        Pages           : 7
        Date            : 2016-06-06

Abstract:
   Hosts connecting to the Internet should generally be able to connect
   to all available services.  However, as a matter of policy, need or
   preference, some services may be blocked by the network.  TLS
   correctly treats attempts to communicate the reason for such blockage
   to the client as an attack.  This memo describes a safe way for hosts
   to be notified using the TLS alert mechanism that a connection has
   been blocked by the network.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-lemon-tls-blocking-alert/

There's also a htmlized version available at:
https://tools.ietf.org/html/draft-lemon-tls-blocking-alert-00