IETF Logo Mail Archive

Re: [TLS] New Version Notification for draft-friel-tls-over-http-00.txt

Mark Nottingham <mnot@mnot.net> Mon, 30 October 2017 23:26 UTC

Return-Path: <mnot@mnot.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4FA90C9F8 for <tls@ietfa.amsl.com>; Mon, 30 Oct 2017 16:26:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.72
X-Spam-Level:
X-Spam-Status: No, score=-2.72 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mnot.net header.b=lVqeR2Ym; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=ofhiU0vD
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ze9xIq7Pga6K for <tls@ietfa.amsl.com>; Mon, 30 Oct 2017 16:26:14 -0700 (PDT)
Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3125913F57C for <tls@ietf.org>; Mon, 30 Oct 2017 16:26:14 -0700 (PDT)
Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.nyi.internal (Postfix) with ESMTP id 8714C20BC4; Mon, 30 Oct 2017 19:26:13 -0400 (EDT)
Received: from frontend2 ([10.202.2.161]) by compute3.internal (MEProxy); Mon, 30 Oct 2017 19:26:13 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mnot.net; h=cc :content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc; s=fm1; bh=KU+ITxp+p/EStVjPHdgVcO57mVONU H6n//YLfJ4x2v0=; b=lVqeR2YmEjEN1+G3/4y31ykqeAyycq+Pl0tU5Sv6p4vKx qHjk54Beg5ai6Tj5KSAY3Nmf13zULYiHuGTkJ6K5tzKwdVbKu/q9SxXP3yGKlst+ YCzXO8SsiWbz7ni80wC/e4qErPl64dkjy9yv+vop69s0vDe/NYEAs4/agtQn6mT3 Wc2XFOgo6QusBBtyoZqGgRYBWP+sa7dSVB9XmEue+HaKjDYwJHclTDrOKLGxpDmL YBYHgswGHqfB1laV/9wMWUQKoEVwN6tcMqGaC3IMnD7l9GliBV3BO0HRUewq7Mwx 08jrU6p5/y9Hz1dza1zhxtq2J9IQPbvsh+3JhSvbA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=KU+ITx p+p/EStVjPHdgVcO57mVONUH6n//YLfJ4x2v0=; b=ofhiU0vD67APsHM6FbfcjP p+1VnaqkcoXA0r9gT7zGeeasAQYAV/dQ6wAucr4gwHnQjwkoaLPjN3iUOgRPpgIM qqoYIXLDhzP0ec6OAT92aVWu95NqYSZ9Js4dkzcMwmpzkH+hoXPEVKEsrIZeVRin z1h51deULVi3uL8G1BDy9AvqnOazqL9Ng2N3/BhkGr6TU76MP12YitA/Oks1Z/eY nl79MYcbulZWiZ8gMgO4wscJoZcThTfTr/gVujwcngCf2H3euzycdsykz2MOtYXb ke71TyOrENHXV7tjOoaXe4EA+Hq2zQpDVpRI4r2EVAwVUAyndhvwd9vaVrIMpksw ==
X-ME-Sender: <xms:FbX3WTQfOKEN_4S-qI3V3CDmuo1Ct6xucJaiTOMYexxwcz4txPw1QQ>
Received: from [192.168.1.18] (cpe-124-188-19-231.hdbq1.win.bigpond.net.au [124.188.19.231]) by mail.messagingengine.com (Postfix) with ESMTPA id 99220244C7; Mon, 30 Oct 2017 19:26:12 -0400 (EDT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 11.0 \(3445.1.7\))
From: Mark Nottingham <mnot@mnot.net>
In-Reply-To: <CAL02cgRS715Vc+4_QNDSNBW8LP1f-Rmp0FW9W_pyHHpAnkX7Sg@mail.gmail.com>
Date: Tue, 31 Oct 2017 10:26:11 +1100
Cc: "<tls@ietf.org>" <tls@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <3E00833D-ED75-4F60-B655-0DE4D324C82B@mnot.net>
References: <150939282345.7694.10153977158870845060.idtracker@ietfa.amsl.com> <CAL02cgRS715Vc+4_QNDSNBW8LP1f-Rmp0FW9W_pyHHpAnkX7Sg@mail.gmail.com>
To: Richard Barnes <rlb@ipv.sx>
X-Mailer: Apple Mail (2.3445.1.7)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/Q7ReKF6Yhl2bF_qXOTB9Lyuzmq0>
Subject: Re: [TLS] New Version Notification for draft-friel-tls-over-http-00.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 30 Oct 2017 23:26:17 -0000

Please consult with the HTTP WG *before* you start work in this area.

Thanks,


> On 31 Oct 2017, at 9:17 am, Richard Barnes <rlb@ipv.sx> wrote:
> 
> Hey TLS folks,
> 
> Owen, Max, and I have been kicking around some ideas for how to make secure connections in environments where HTTPS is subject to MitM / proxying.
> 
> The below draft lays out a way to tunnel TLS over HTTPS, in hopes of creating a channel you could use when you really need things to be private, even from the local MitM.  
> 
> Feedback obviously very welcome.  Interested in whether folks think this is a useful area in which to develop an RFC, and any thoughts on how to do this better.
> 
> Thanks,
> --Richard
> 
> 
> On Mon, Oct 30, 2017 at 3:47 PM, <internet-drafts@ietf.org> wrote:
> 
> A new version of I-D, draft-friel-tls-over-http-00.txt
> has been successfully submitted by Owen Friel and posted to the
> IETF repository.
> 
> Name:           draft-friel-tls-over-http
> Revision:       00
> Title:          Application-Layer TLS
> Document date:  2017-10-30
> Group:          Individual Submission
> Pages:          20
> URL:            https://www.ietf.org/internet-drafts/draft-friel-tls-over-http-00.txt
> Status:         https://datatracker.ietf.org/doc/draft-friel-tls-over-http/
> Htmlized:       https://tools.ietf.org/html/draft-friel-tls-over-http-00
> Htmlized:       https://datatracker.ietf.org/doc/html/draft-friel-tls-over-http-00
> 
> 
> Abstract:
>    Many clients need to establish secure connections to application
>    services but face challenges establishing these connections due to
>    the presence of middleboxes that terminate TLS connections from the
>    client and restablish new TLS connections to the service.  This
>    document defines a mechanism for transporting TLS records in HTTP
>    message bodies between clients and services.  This enables clients
>    and services to establish secure connections using TLS at the
>    application layer, and treat any middleboxes that are intercepting
>    traffic at the network layer as untrusted transport.  In short, this
>    mechanism moves the TLS handshake up the OSI stack to the application
>    layer.
> 
> 
> 
> 
> Please note that it may take a couple of minutes from the time of submission
> until the htmlized version and diff are available at tools.ietf.org.
> 
> The IETF Secretariat
> 
> 
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls

--
Mark Nottingham   https://www.mnot.net/

v2.23.0 | Report a Bug | By Email