[TLS] looking to hold a TLS VPN side meeting at IETF 92
"Boyle, Vincent M" <vmboyle@nsa.gov> Fri, 13 March 2015 17:11 UTC
Return-Path: <vmboyle@nsa.gov>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 356D81A8965; Fri, 13 Mar 2015 10:11:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.01
X-Spam-Level:
X-Spam-Status: No, score=-5.01 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id W5xQ1Jp5BPXN; Fri, 13 Mar 2015 10:11:39 -0700 (PDT)
Received: from emvm-gh1-uea08.nsa.gov (emvm-gh1-uea08.nsa.gov [63.239.67.9]) by ietfa.amsl.com (Postfix) with ESMTP id 135771A8A9A; Fri, 13 Mar 2015 10:11:33 -0700 (PDT)
X-TM-IMSS-Message-ID: <8a06fd0800122d48@nsa.gov>
Received: from MSHT-GH1-UEA01.corp.nsa.gov (msht-gh1-uea01.corp.nsa.gov [10.215.227.18]) by nsa.gov ([63.239.67.9]) with ESMTP (TREND IMSS SMTP Service 7.1; TLSv1/SSLv3 AES128-SHA (128/128)) id 8a06fd0800122d48 ; Fri, 13 Mar 2015 13:11:26 -0400
Received: from MSMR-GH1-UEA08.corp.nsa.gov (10.215.225.3) by MSHT-GH1-UEA01.corp.nsa.gov (10.215.227.18) with Microsoft SMTP Server (TLS) id 14.2.347.0; Fri, 13 Mar 2015 13:11:31 -0400
Received: from MSMR-GH1-UEA04.corp.nsa.gov ([10.215.228.141]) by MSMR-GH1-UEA08.corp.nsa.gov ([10.215.225.3]) with mapi id 14.02.0347.000; Fri, 13 Mar 2015 13:11:30 -0400
From: "Boyle, Vincent M" <vmboyle@nsa.gov>
To: "'saag@ietf.org'" <saag@ietf.org>
Thread-Topic: looking to hold a TLS VPN side meeting at IETF 92
Thread-Index: AdBdsL81XCyfXC5pQPeZlyI69acR3g==
Date: Fri, 13 Mar 2015 17:11:29 +0000
Message-ID: <E18BF42C3D667642ABC0EF4B6064EB67D0918938@MSMR-GH1-UEA04.corp.nsa.gov>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.215.225.46]
Content-Type: multipart/alternative; boundary="_000_E18BF42C3D667642ABC0EF4B6064EB67D0918938MSMRGH1UEA04cor_"
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/NifFRQrDI4iGdgccd9NCKXHPCiw>
X-Mailman-Approved-At: Mon, 16 Mar 2015 13:19:08 -0700
Cc: "'ipsec@ietf.org'" <ipsec@ietf.org>, "'tls@ietf.org'" <tls@ietf.org>
Subject: [TLS] looking to hold a TLS VPN side meeting at IETF 92
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Mar 2015 17:11:43 -0000
Hi all,
I'm planning to hold a side meeting at IETF 92 to gauge interest in creating a standard for TLS VPNs. One motivating use case for my organization is the need to protect data between an app on a mobile device and the enterprise network that it connects to. For many of our customers, a TLS-based solution is preferable to IPSec (perhaps because their vendors support the former). For some sensitive military applications, there is a requirement to provide two layers of encryption, so using TLS for the second layer makes sense. Having each app invoke TLS is problematic because it introduces validation costs for each app before it is deployed (to ensure that it correctly implements TLS or makes the appropriate OS calls). We would prefer the option of validating a TLS VPN product and having it available for use by all apps on the device. To create the necessary validation requirements and test activities, we need to have a standard that we can point to. The development of an open standard would provide a consistent and fair method of measuring security (using Protection Profiles) which scales to enable the validation and testing of TLS VPNs.
Beyond this specific (but fairly pressing) use case, we believe that there are many organizations that would benefit from the availability of a standards-based, validated mechanism to protect communications between their mobile devices and the enterprise network.
Please discuss on the saag mail list. I will schedule a meeting time at a local drinking establishment for either Monday or Wednesday at 7:30 PM (local Dallas time). I'd appreciate feedback on the meeting times (if you expect to attend) as well as any comment on the usefulness or feasibility of this effort.
Thanks,
Mike Boyle
Standards Lead
Information Assurance Directorate, NSA
- Re: [TLS] [saag] looking to hold a TLS VPN side m… Yoav Nir
- [TLS] looking to hold a TLS VPN side meeting at I… Boyle, Vincent M
- Re: [TLS] [saag] looking to hold a TLS VPN side m… Michael Richardson