[TLS] Fwd: I-D Action: draft-lemon-tls-blocking-alert-00.txt
Ted Lemon <mellon@fugue.com> Mon, 06 June 2016 17:21 UTC
Return-Path: <mellon@fugue.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B81FD12D871 for <tls@ietfa.amsl.com>; Mon, 6 Jun 2016 10:21:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id y5l5Ru6DmzIW for <tls@ietfa.amsl.com>; Mon, 6 Jun 2016 10:21:54 -0700 (PDT)
Received: from mail-lf0-x22b.google.com (mail-lf0-x22b.google.com [IPv6:2a00:1450:4010:c07::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B5A6612D0EB for <tls@ietf.org>; Mon, 6 Jun 2016 10:21:53 -0700 (PDT)
Received: by mail-lf0-x22b.google.com with SMTP id b73so99025469lfb.3 for <tls@ietf.org>; Mon, 06 Jun 2016 10:21:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=FiI7bYJ3kjuEW7Eh7jbQK2mYvgwkP1NSUFPn0dDavLo=; b=zEzO3wtT720ntfrVXiXi7CrHfygTA2D4UX5FShdnofRfZVj05H+4urcXS0KB3P8FmQ q+rPBBRIrnYT7QWFDt8xY1v0DFGf5j4i5Vxq+QMFQnkzhiSjtsx/hANGZmkkB0JHzNGe NxQpCYugWQLO4Q1Wvkfh+fcg2ylpV+x+TIaWBKxYdGeZac3gUnDbJsjoMfo8DSs4h+yW r+U9GzTpPVnt/oITsPlE40F52Nw3gqHP0x+p/SHEvO233Bagf6W1pESnnJayIZKoUK+m BGg8ydvhEkr1h+zMmmZB7i8TdmOzRXLArQ6LhFIfKUuLF3bnItIxtPs+7XAA8z/N1Gy7 e+8g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=FiI7bYJ3kjuEW7Eh7jbQK2mYvgwkP1NSUFPn0dDavLo=; b=SOiNO7+zuUCNaf0ayJof8gC0Th3Xsai2wiA494dHzKKLt7WsdtB5yxlQbYouvAYwu5 8zwP0VN/320JDn4DAigNwqycYfLDznRfT4QCCDtyN6B3WBGAnMKYYFKp5AWioKEGdECz rSqlHqpIXpbFDc1Z3YL6nMIdkpznodbeL+NyR8j2QEEqk2mZhwRg1HOiR5abFqwWWSIC 14KsdQqsKIl6awQpbsFKfteJ/qT0oUC592Yh0uigHB2H0qDRluMCIaJu8/QE1jTvUDGx CyeB486myfWMXiWCCuz1QJuUebAV0tv8aKJpUC+g923jdLBE+Py2Eq6R9qSNE7rqp5q8 MZhw==
X-Gm-Message-State: ALyK8tLsQjxDcnAlM/fMHPF9GvkiGdhmKQ3RkWBhrB2IIgZ8gjCfmvTltIU6QgOGip8bQKK8TJ4swW0njAGycw==
X-Received: by 10.25.91.196 with SMTP id p187mr1768896lfb.167.1465233711895; Mon, 06 Jun 2016 10:21:51 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.25.153.135 with HTTP; Mon, 6 Jun 2016 10:21:12 -0700 (PDT)
In-Reply-To: <20160606171459.20797.7839.idtracker@ietfa.amsl.com>
References: <20160606171459.20797.7839.idtracker@ietfa.amsl.com>
From: Ted Lemon <mellon@fugue.com>
Date: Mon, 06 Jun 2016 13:21:12 -0400
Message-ID: <CAPt1N1=YRyfmWDFxNHTj6Kb+mVf4w=sqt2Wp_i-gzp03+UjGqw@mail.gmail.com>
To: tls@ietf.org
Content-Type: multipart/alternative; boundary="001a11412792e92ab605349f4e9d"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/IWWa7kKfNAdQMuZiatYDth3YWAo>
Subject: [TLS] Fwd: I-D Action: draft-lemon-tls-blocking-alert-00.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Jun 2016 17:21:59 -0000
I've posted a new document to the datatracker that adds some TLS alert codes that can be sent to indicate that a particular TLS request has been blocked by the network. This attempts to address the problem of notifying the user of what went wrong when a site is blocked, without creating a channel that can be used by a hostile network to attack a user. Feedback is solicited, naturally. Thanks! A New Internet-Draft is available from the on-line Internet-Drafts directories. Title : Blocked Site Alerts for TLS Author : Ted Lemon Filename : draft-lemon-tls-blocking-alert-00.txt Pages : 7 Date : 2016-06-06 Abstract: Hosts connecting to the Internet should generally be able to connect to all available services. However, as a matter of policy, need or preference, some services may be blocked by the network. TLS correctly treats attempts to communicate the reason for such blockage to the client as an attack. This memo describes a safe way for hosts to be notified using the TLS alert mechanism that a connection has been blocked by the network. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-lemon-tls-blocking-alert/ There's also a htmlized version available at: https://tools.ietf.org/html/draft-lemon-tls-blocking-alert-00
- [TLS] Fwd: I-D Action: draft-lemon-tls-blocking-a… Ted Lemon
- Re: [TLS] Fwd: I-D Action: draft-lemon-tls-blocki… Hubert Kario
- Re: [TLS] Fwd: I-D Action: draft-lemon-tls-blocki… Ted Lemon
- Re: [TLS] Fwd: I-D Action: draft-lemon-tls-blocki… Brian Smith
- Re: [TLS] Fwd: I-D Action: draft-lemon-tls-blocki… Ted Lemon
- Re: [TLS] Fwd: I-D Action: draft-lemon-tls-blocki… Dave Garrett