Re: [TLS] [OPSEC] Call For Adoption: draft-wang-opsec-tls-proxy-bp

"Nancy Cam-Winget (ncamwing)" <ncamwing@cisco.com> Mon, 27 July 2020 12:56 UTC

Return-Path: <ncamwing@cisco.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 459733A196B; Mon, 27 Jul 2020 05:56:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.62
X-Spam-Level:
X-Spam-Status: No, score=-9.62 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=CU02yAx8; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=VmjDvawH
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id utM8YmYfVsD2; Mon, 27 Jul 2020 05:56:43 -0700 (PDT)
Received: from rcdn-iport-2.cisco.com (rcdn-iport-2.cisco.com [173.37.86.73]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9CF063A1AC8; Mon, 27 Jul 2020 05:56:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=3198; q=dns/txt; s=iport; t=1595854570; x=1597064170; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=SWj4BSjtpw2I6iJ/7UQ6FLrk/nFdjiuXFuVd/I5GGfU=; b=CU02yAx8ScDjVA7QC1gwQoqFjGpi2WPu2yhj39orlpNia3/mF7QCvOnc O8H8ny1DwJD92QKjs96sO4PAHZEZvyhz8XeOF8RJmlwxLO+5g+jS/q2No exO9LeJc9ra9jv/KjsLaGtnJHYNRxrHNOkJRVTDrBldhRGBiGFwr8plJX c=;
IronPort-PHdr: =?us-ascii?q?9a23=3AVsYHUBeGi/2GAHj6fJd+/MaslGMj4e+mNxMJ6p?= =?us-ascii?q?chl7NFe7ii+JKnJkHE+PFxlwaQA9ff77RBivaQvqz9CiQM4peE5XYFdpEEFx?= =?us-ascii?q?oIkt4fkAFoBsmZQVb6I/jnY21ffoxCWVZp8mv9PR1TH8DzNFnW5Hiz8XgfFg?= =?us-ascii?q?isfQZwL/7+T4jVicn/3uuu+prVNgNPgjf1Yb57IBis6wvLscxDiop5IaF3wR?= =?us-ascii?q?zM8XY=3D?=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0BVCAB9zh5f/5hdJa1gDg4BAQEBAQE?= =?us-ascii?q?HAQESAQEEBAEBQIFKgVJRB29YLywKhCqDRgONMiWYYYFCgREDVQsBAQEMAQE?= =?us-ascii?q?YCwoCBAEBhEwCF4IQAiQ4EwIDAQELAQEFAQEBAgEGBG2FXAyFcgEBBAEBEAs?= =?us-ascii?q?GEQwBASMJCwEPAgEIGAICJgICAiULFAEQAgQBDQUigwQBgksDLgEOohQCgTm?= =?us-ascii?q?IYXaBMoMBAQEFhTMYgg4DBoEOKoJtg1mCM4QEGoIAgREnDBCCTT6CXAEBAoE?= =?us-ascii?q?oARIBIReCfzOCLZJgkiuQYwqCXpluAx6Ce4lIkyGSFp8aAgQCBAUCDgEBBYF?= =?us-ascii?q?qI2dwcBU7KgGCPlAXAg2OHoNxhRSFBAUBOHQCNQIGAQcBAQMJfI4PAYEQAQE?=
X-IronPort-AV: E=Sophos;i="5.75,402,1589241600"; d="scan'208";a="806848440"
Received: from rcdn-core-1.cisco.com ([173.37.93.152]) by rcdn-iport-2.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 27 Jul 2020 12:55:38 +0000
Received: from XCH-RCD-001.cisco.com (xch-rcd-001.cisco.com [173.37.102.11]) by rcdn-core-1.cisco.com (8.15.2/8.15.2) with ESMTPS id 06RCtcbt029852 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Mon, 27 Jul 2020 12:55:38 GMT
Received: from xhs-rcd-003.cisco.com (173.37.227.248) by XCH-RCD-001.cisco.com (173.37.102.11) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Mon, 27 Jul 2020 07:55:38 -0500
Received: from xhs-rtp-003.cisco.com (64.101.210.230) by xhs-rcd-003.cisco.com (173.37.227.248) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Mon, 27 Jul 2020 07:55:37 -0500
Received: from NAM04-SN1-obe.outbound.protection.outlook.com (64.101.32.56) by xhs-rtp-003.cisco.com (64.101.210.230) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Mon, 27 Jul 2020 08:55:37 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=cv1GtlFMQlGj99L3yM9w8Ickl8Ct3M0VTQ3BKjovUWXvS8uEQvsEECERofPRp9+DtivsPe8+L5whAgPaJXJZbJLkPDf3xfKoDqSu0Bje3+wgmLgrvncmgm/zMCJp7lkOe7xAHK9wM6TZ0JYOO3Eo/Slnt4t/EC/ViLtaMjiXdTrzUj4VPntzleN/cu5z3zKxL1/bmr+stTchV2R02LFQgq2IEqI7bjk7ua2YH1yy8a2Y/2s7lxFj805MT6V+lXQw2cqucrQZE8NV6m+TWE0cT7Yca0oJwaunG4yeLeP4VvodCuLPFwoqeCgyiBkCsKDE1B8NDeLpnEYLuFIR+6338g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=SWj4BSjtpw2I6iJ/7UQ6FLrk/nFdjiuXFuVd/I5GGfU=; b=U8PFTHGtb53UCLpqnShUJHaVc0/2qFY7pRujihJwac5bC0bSP83JzvY+844PfYgyCPv02saZKVdFgdaeEHJPPAdJjtoHbW2hzLLM3aUJV8w1+0i8lmcWWrepXy2GHkjh0l7a84YnP3CYbywo9W1ioiW/Nk4pCdCbj1oZ47/Lty7eDyRymE4DVxW5lJOwOlw5x0t8qn/NvkFAffJUGYa50rn6qB7aAqbx86zaKjjp7Y68O4WFImYNjTOVPw/MVbdzmdEw0reCamD5uLmfLxiqJl44W0U1++pocSs09KNFu1hTOgAYz8kaxzn9t+3nYs1Dg+jkerls9NThWHptwlBMSA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=SWj4BSjtpw2I6iJ/7UQ6FLrk/nFdjiuXFuVd/I5GGfU=; b=VmjDvawHDbX1CdsDNvHa2wri+ijw/4DYBCrhE9buqhDg8uUj57iT+TDzQC6tWZk5g/H8ouvvBA4mtMTdPT6EbjExOSR+QuVEyDfXjSmN1o2kER37Orq8I3t8S3JkoJwSZrRuSEDpWe9WYrAsa15JvI8D1jwEJq6n6CBM5yMMwlQ=
Received: from BY5PR11MB4070.namprd11.prod.outlook.com (2603:10b6:a03:181::16) by BYAPR11MB3158.namprd11.prod.outlook.com (2603:10b6:a03:1c::29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3216.24; Mon, 27 Jul 2020 12:55:36 +0000
Received: from BY5PR11MB4070.namprd11.prod.outlook.com ([fe80::e42f:216e:af3e:8ce5]) by BY5PR11MB4070.namprd11.prod.outlook.com ([fe80::e42f:216e:af3e:8ce5%7]) with mapi id 15.20.3216.033; Mon, 27 Jul 2020 12:55:36 +0000
From: "Nancy Cam-Winget (ncamwing)" <ncamwing@cisco.com>
To: "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>, Stephen Farrell <stephen.farrell@cs.tcd.ie>, Jen Linkova <furry13@gmail.com>, OPSEC <opsec@ietf.org>, "tls@ietf.org" <tls@ietf.org>
CC: OpSec Chairs <opsec-chairs@ietf.org>
Thread-Topic: [OPSEC] [TLS] Call For Adoption: draft-wang-opsec-tls-proxy-bp
Thread-Index: AQHWZBBXfEOfXmicKUiEGO0IxBKiNaka7PaA
Date: Mon, 27 Jul 2020 12:55:36 +0000
Message-ID: <43A56381-0BA8-4123-A2D5-950FD1EDFC86@cisco.com>
References: <DM6PR05MB634890A51C4AF3CB1A03DA0BAE7A0@DM6PR05MB6348.namprd05.prod.outlook.com> <CAFU7BAS=ymUPTAGB_fOSrHTG0OajV1n5M1-yOBWxvGam-a89AA@mail.gmail.com> <d9d6d8c2-3916-be28-d01f-f040a28ce361@cs.tcd.ie> <9F2FDA20-12AA-4523-905D-7C9380B7A390@ll.mit.edu>
In-Reply-To: <9F2FDA20-12AA-4523-905D-7C9380B7A390@ll.mit.edu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.10.18.200713
authentication-results: ll.mit.edu; dkim=none (message not signed) header.d=none;ll.mit.edu; dmarc=none action=none header.from=cisco.com;
x-originating-ip: [73.162.233.180]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: d1c9f0ab-5fd8-4aae-5bd1-08d8322c5b4e
x-ms-traffictypediagnostic: BYAPR11MB3158:
x-microsoft-antispam-prvs: <BYAPR11MB3158607AB57EDC9BA320CFA2D6720@BYAPR11MB3158.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: +fY/AnkBsh5wLjlNNfqsyGJYk78CHfrGsGnwm7Y8dbx807dBHSxqEyipnF+pIDMnOSpS8GXOo74fxpnTPC6ZwtpSb6RqSAKCb/Fe6WRVCAFlhJiMvBp3Q/AbMY+GepN9mWB+8pHMRB+j26bSsVgSiuodstgVoLMFDDRXJobn8DF5hmgDgybqLNHwFT1UTF1eqx19xD3CCX1FhMcMWSe/RFqkD+hJEvXA7jR279QIamWLTYhrOX2pWnIjNPjk0Pn7Ca3AVkzAn29NkVy7glltmjGc8xNFf26j0Uccs1P4obaOBAojDX+AmrrS07YSUAAY5n27K+OYPNeplCU5M1PLOe5plMNImo9OsiYVA19ImkRPJyS2JeeSl05gd78dDNS5oSx2qGku6CUrYh8ykdLG5w==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BY5PR11MB4070.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(366004)(136003)(346002)(396003)(39860400002)(376002)(5660300002)(6506007)(53546011)(66476007)(66446008)(66946007)(186003)(66556008)(76116006)(64756008)(26005)(6486002)(6512007)(4326008)(8676002)(71200400001)(966005)(316002)(2616005)(86362001)(2906002)(110136005)(36756003)(8936002)(478600001)(33656002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: AVc1T9ryuN66HGZ5eRWNFsb4hZTzLDkC0s5LpEYhK7M8vEAr8dLWAPebXagj2LD5toRslSUD7rIVCOxneCrcY8Z4UN4Z6eyLyMAzL1AG0RcAPGMTxVB3qk9Uc0d6k+209lCfVfPGcuUf7rqgq/Pnyxcoc8tS8JZ0fOsLJhH+1EwD1vpsvGekvgZoXb04yNsFuKboYSDuF/yfweN4lMiYuviCrxjia+SGFNfbg//R52+pU6lYrDmUw0PGGXTee8+siRxxxyvz1vYNYLzNPnXnRRG1Zp+3D0cub9XBYOG+AIKE0rwpWLqswYYak2dT+SgcV+vK+CpKi2+xfvWjQ8hkanRKFuxlgWfHBadPUWq06/lPOP+TpvjXUTivBAEo8mGvRpdVEanqCWRnFqjBRMsEYjBmsSTJyn6eKRS4W2/6824dw+AAw2I1vgCTako7psCBhmmuBX89bi+yEN5+NGdjBcIJlRAmjZIdjM53GTYAqNBlxYYZ6zaomF9E+fWA8daZ
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <ACBF446D6323E64281EC60657BDD48E1@namprd11.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BY5PR11MB4070.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: d1c9f0ab-5fd8-4aae-5bd1-08d8322c5b4e
X-MS-Exchange-CrossTenant-originalarrivaltime: 27 Jul 2020 12:55:36.3737 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: IwcNl9W5e8ul/v6ZANtZ677OpYUGd2SqDXxuIff2tClhItlRGT5qwQSjPt3YLBmWmQ8JxugI9Qk1st9MBhLlBw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR11MB3158
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.11, xch-rcd-001.cisco.com
X-Outbound-Node: rcdn-core-1.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/hcR1GojyFdq6K1iJdiKmx9Wm7Bw>
Subject: Re: [TLS] [OPSEC] Call For Adoption: draft-wang-opsec-tls-proxy-bp
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Jul 2020 12:56:46 -0000

The document is not imposing any standards but rather provide guidelines for those implementing TLS proxies;  given that proxies will continue to exist I'm not sure why there is a belief that the IETF should ignore this.

Warm regards, Nancy

On 7/27/20, 5:20 AM, "OPSEC on behalf of Blumenthal, Uri - 0553 - MITLL" <opsec-bounces@ietf.org on behalf of uri@ll.mit.edu> wrote:

    I support Stephen and oppose adoption. IMHO, this is not a technology that IETF should standardize.
    
    
    On 7/25/20, 10:07, "TLS on behalf of Stephen Farrell" <tls-bounces@ietf.org on behalf of stephen.farrell@cs.tcd.ie> wrote:
    
    
        I oppose adoption. While there could be some minor benefit
        in documenting the uses and abuses seen when mitm'ing tls,
        I doubt that the effort to ensure a balanced document is at
        all worthwhile. The current draft is too far from what it'd
        need to be to be adopted.
    
        Send to ISE.
    
        S.
    
        On 23/07/2020 02:30, Jen Linkova wrote:
        > One thing to add here: the chairs would like to hear active and
        > explicit support of the adoption. So please speak up if you believe
        > the draft is useful and the WG shall work on getting it published.
        > 
        > On Mon, Jul 20, 2020 at 3:35 AM Ron Bonica
        > <rbonica=40juniper.net@dmarc.ietf.org> wrote:
        >>
        >> Folks,
        >>
        >>
        >>
        >> This email begins a Call For Adoption on draft-wang-opsec-tls-proxy-bp.
        >>
        >>
        >>
        >> Please send comments to opsec@ietf.org by August 3, 2020.
        >>
        >>
        >>
        >>                                                                 Ron
        >>
        >>
        >>
        >>
        >> Juniper Business Use Only
        >>
        >> _______________________________________________
        >> OPSEC mailing list
        >> OPSEC@ietf.org
        >> https://www.ietf.org/mailman/listinfo/opsec
        > 
        > 
        > 
        > --
        > SY, Jen Linkova aka Furry
        > 
        > _______________________________________________
        > TLS mailing list
        > TLS@ietf.org
        > https://www.ietf.org/mailman/listinfo/tls
        >