[TLS] TLS Proxy Server Extension

David McGrew <mcgrew@cisco.com> Tue, 26 July 2011 15:01 UTC

Return-Path: <mcgrew@cisco.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E559821F85A1 for <tls@ietfa.amsl.com>; Tue, 26 Jul 2011 08:01:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.241
X-Spam-Level:
X-Spam-Status: No, score=-103.241 tagged_above=-999 required=5 tests=[AWL=-0.642, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WCUyJZWwiT6M for <tls@ietfa.amsl.com>; Tue, 26 Jul 2011 08:01:34 -0700 (PDT)
Received: from rcdn-iport-7.cisco.com (rcdn-iport-7.cisco.com [173.37.86.78]) by ietfa.amsl.com (Postfix) with ESMTP id 3A27B21F8582 for <tls@ietf.org>; Tue, 26 Jul 2011 08:01:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=mcgrew@cisco.com; l=689; q=dns/txt; s=iport; t=1311692494; x=1312902094; h=message-id:from:to:content-transfer-encoding: mime-version:subject:date:cc; bh=RExFT+OITsw5xWnyVKkLkZtdXPior5JQbxBf2m4WLmE=; b=S/BlbCoC7uXjqmCKxvIR+4eBmhJjzsxHVbj7/4+xUEU5wQBgE1P4qMud x7pvPdIxr2YcaOi2nPUyA89LrvATVLttmIAMHxDbgG7M38YEY7xbk8EOW GEBWVjzEWHWiUxKt5qBCW7lT9MUZcuQe2yz0neLbF1aJOPmFfRZKxx2Ms s=;
X-IronPort-AV: E=Sophos;i="4.67,269,1309737600"; d="scan'208";a="6518588"
Received: from mtv-core-1.cisco.com ([171.68.58.6]) by rcdn-iport-7.cisco.com with ESMTP; 26 Jul 2011 15:01:33 +0000
Received: from [130.129.23.131] ([10.86.246.150]) by mtv-core-1.cisco.com (8.14.3/8.14.3) with ESMTP id p6QF1WDU017049; Tue, 26 Jul 2011 15:01:33 GMT
Message-Id: <E210EEE3-1855-4513-87E3-C315E611AB5E@cisco.com>
From: David McGrew <mcgrew@cisco.com>
To: tls@ietf.org
Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (Apple Message framework v936)
Date: Tue, 26 Jul 2011 08:01:31 -0700
X-Mailer: Apple Mail (2.936)
Cc: Philip Gladstone <pgladstone@cisco.com>
Subject: [TLS] TLS Proxy Server Extension
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Jul 2011 15:01:35 -0000

Hi,

I would like to request feedback on a new draft that Philip Gladstone  
and I put together, which aims to solve some of the security problems  
that happen when there is a (HTTP) proxy present and TLS is in use.    
The approach is to require the proxy to provide the client with  
additional information that the client can use to make a well-informed  
decision about the security of the session.  This draft was put  
together too late to request a slot at the WG meeting this week, but  
if you have thoughts on either the goals or the mechanism, we can  
discuss either in person or on the list.

David

http://tools.ietf.org/html/draft-mcgrew-tls-proxy-server-00