Re: [TLS] I-D Action: draft-ietf-tls-sni-encryption-03.txt
Artyom Gavrichenkov <ximaera@gmail.com> Wed, 23 May 2018 19:44 UTC
Return-Path: <ximaera@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9DBFB12E8DF for <tls@ietfa.amsl.com>; Wed, 23 May 2018 12:44:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tW_trKSTaLyU for <tls@ietfa.amsl.com>; Wed, 23 May 2018 12:44:18 -0700 (PDT)
Received: from mail-ua0-x233.google.com (mail-ua0-x233.google.com [IPv6:2607:f8b0:400c:c08::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B933B12E868 for <tls@ietf.org>; Wed, 23 May 2018 12:44:18 -0700 (PDT)
Received: by mail-ua0-x233.google.com with SMTP id i2-v6so15575450uah.0 for <tls@ietf.org>; Wed, 23 May 2018 12:44:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=63mErz1Z/3tyMpRNQ2GolVUSdZw3+/j75tkxo3/nATQ=; b=L3kmXpLrsfzzhEZJlpBLm3PZoVBDF9pBIQ0JFnDj6wZShmK+dkEUBxDe5lFXSrZtp6 dSYKZCcWMWffjJkt0knRE8ePd7ucnoTXn1f9dL5EtttHqeUDJ1ltFGhBYe5i+lEfQ97i Vq1/d+NOQyBt+fXyQRPfs+osCs5L/7hHA54lk2KCd7JlMjkzHWXFKCEOQaZ1yfw0Izmw xF04xrCfJQ8uM25wnaF54l3r3J9GooZLtGb2+WcmHKwFxdMP8stQy+DgXnlgKqUz5vWx BInqz4uOhyJOAy/B1HjU7LYPitn922IpWTyJLLZ4jy+5yPGexmxioIfbtaUb5Borppr3 jWhw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=63mErz1Z/3tyMpRNQ2GolVUSdZw3+/j75tkxo3/nATQ=; b=FUFWg2l9TMqR8iRLgNWFY/mA3EkebJCTdO4WKQ9oLpBUEUnUsKXZwyqzEco6+Ua8yH 2PnKyoQb3XRbTsV78qSg6YVzpEFrfoPkp2OVKpHS4DCcHUkYQvOUYPZYawYJZPHzIi4J wlCxgSa6ghpgExM0rnk6PH6uUYcScq6SVwq8RZe4YdUlN8JMCUFvFv2U81jFh+WpYlc8 DzbiA1pXouQ0SqA0/SXDvloRps7DA5W9S8jMoqdLW03rqXZz0Gubb0jSbE3T6Yr+/oCe CubZ0u3Fp8gc01L093zPYkSwyAmVrubeWlJpag//Y35mwdYS1adVL4ajDZnMPCd1JR9T OESw==
X-Gm-Message-State: ALKqPwe4RSJpWjzmt/8KCo2tXxFv8yleDAuTP3v+btY6rMwgIgm1IsHC YGERtjRcIldMskEQ8hwHCJHAF85cdPIiMBo2zgc=
X-Google-Smtp-Source: AB8JxZo/UFsY/7snwchco320B0g0cYUTu96KzYwFPMb4PhVv59UIVUnq7Dnsww6KvvI+q0b/nNJn2vvbAYQ5hWk+e3A=
X-Received: by 2002:ab0:5a30:: with SMTP id l45-v6mr2872491uad.79.1527104657577; Wed, 23 May 2018 12:44:17 -0700 (PDT)
MIME-Version: 1.0
References: <152684342781.2913.14066810928653071971@ietfa.amsl.com> <f0d20cd1-136f-7c27-cad0-69c95d19ba17@huitema.net> <CAHbrMsDFsWT4kjQv-LWq6QLgrX8SZfm7zGLoaR_NNjiGxTSkkw@mail.gmail.com> <F821665A-F2A6-4BC6-AF1E-F6B2D02C72D1@sn3rd.com> <CAHbuEH6RKizDShsk=mhxqQs3jms4Nhm-AR1UppqE=tV0aUzZMw@mail.gmail.com>
In-Reply-To: <CAHbuEH6RKizDShsk=mhxqQs3jms4Nhm-AR1UppqE=tV0aUzZMw@mail.gmail.com>
From: Artyom Gavrichenkov <ximaera@gmail.com>
Date: Wed, 23 May 2018 22:44:05 +0300
Message-ID: <CALZ3u+YSGmJtc=sgX3Db=N0mkeeXfagFxy9Q_2vb+rR3ey0SzQ@mail.gmail.com>
To: kathleen.moriarty.ietf@gmail.com
Cc: Christian Huitema <huitema@huitema.net>, "<tls@ietf.org>" <tls@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/hUEplq6g2gyPRSSZbHmgYZPDGEM>
Subject: Re: [TLS] I-D Action: draft-ietf-tls-sni-encryption-03.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 May 2018 19:44:28 -0000
Hello Kathleen, On Wed, May 23, 2018 at 9:11 PM Kathleen Moriarty < kathleen.moriarty.ietf@gmail.com> wrote: > In section 2.2, Do you mean 2.1? > enterprises can still use proxy based or active > interception solutions to enable inspection of traffic on their > network. Or, they can easily set up some group policy to inspect and/or block some specific resources. Or, in most cases they just had an unrestricted physical access to a user's machine before, so they could have installed an arbitrary inspection app onto it. In case of BYOD approach, an enterprise is not in any way different from just an arbitrary ISP. I support removal of this case, it's virtually impossible to protect against it. | Artyom Gavrichenkov | gpg: 2deb 97b1 0a3c 151d b67f 1ee5 00e7 94bc 4d08 9191 | mailto: ximaera@gmail.com | fb: ximaera | telegram: xima_era | skype: xima_era | tel. no: +7 916 515 49 58
- [TLS] I-D Action: draft-ietf-tls-sni-encryption-0… internet-drafts
- Re: [TLS] I-D Action: draft-ietf-tls-sni-encrypti… Christian Huitema
- Re: [TLS] I-D Action: draft-ietf-tls-sni-encrypti… Ben Schwartz
- Re: [TLS] I-D Action: draft-ietf-tls-sni-encrypti… Sean Turner
- Re: [TLS] I-D Action: draft-ietf-tls-sni-encrypti… Kathleen Moriarty
- Re: [TLS] I-D Action: draft-ietf-tls-sni-encrypti… Artyom Gavrichenkov