Re: [TLS] [OPSEC] Call For Adoption: draft-wang-opsec-tls-proxy-bp

[Ashutosh Singh <ashusing@gmail.com>]

I agree with the proposed approach and I also believe in discussion around
safe and responsible middlebox deployment. I support the adoption of this
draft!

Regards
-Ashu

On Mon, Jul 27, 2020 at 7:45 PM Roelof duToit <r@nerd.ninja> wrote:

> RFC 8446, section 9.3 states:
> *Note that TLS's protocol requirements and security analysis only*
> *apply to the two connections separately.  Safely deploying a TLS*
> *terminator requires additional security considerations which are*
> *beyond the scope of this document.*
>
> The context of that paragraph is "*A middlebox which terminates a TLS
> connection*" and it implies that there are *undocumented* security
> considerations.
> The tls-proxy-bp draft is a contribution towards that goal and we think it
> is worth the effort.
>
> --Roelof
>
>
> On Jul 27, 2020, at 8:35 PM, Stephen Farrell <stephen.farrell@cs.tcd.ie>
> wrote:
>
>
>
> On 28/07/2020 00:48, Eric Wang (ejwang) wrote:
>
> We felt the lack of a
> baseline bcp is going to hurt the security posture of TLS rather than
> driving the intermediary away.
>
>
> That makes no sense to me.
>
> Adopting this draft will require eliminating all such
> gibberish and instead finding text that can garner IETF
> consensus. I really do not think that effort is worth
> the significant cost for anyone involved, pro-MITM or
> not.
>
> S.
>
> <0x5AB2FAF17B172BEA.asc>_______________________________________________
> OPSEC mailing list
> OPSEC@ietf.org
> https://www.ietf.org/mailman/listinfo/opsec
>
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>