[TLS] Client based approval of multihop TLS in RTSP 2.0
Magnus Westerlund <magnus.westerlund@ericsson.com> Wed, 15 March 2006 10:48 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1FJTXt-0006be-D6; Wed, 15 Mar 2006 05:48:01 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FJTXs-0006bZ-N9 for tls@lists.ietf.org; Wed, 15 Mar 2006 05:48:00 -0500
Received: from mailgw3.ericsson.se ([193.180.251.60]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FJTXs-0004Up-8f for tls@lists.ietf.org; Wed, 15 Mar 2006 05:48:00 -0500
Received: from esealmw128.eemea.ericsson.se (unknown [153.88.254.121]) by mailgw3.ericsson.se (Symantec Mail Security) with ESMTP id 72146622; Wed, 15 Mar 2006 11:47:59 +0100 (CET)
Received: from esealmw128.eemea.ericsson.se ([153.88.254.176]) by esealmw128.eemea.ericsson.se with Microsoft SMTPSVC(6.0.3790.1830); Wed, 15 Mar 2006 11:47:59 +0100
Received: from [147.214.30.119] ([147.214.30.119]) by esealmw128.eemea.ericsson.se with Microsoft SMTPSVC(6.0.3790.1830); Wed, 15 Mar 2006 11:47:58 +0100
Message-ID: <4417F0DE.3020901@ericsson.com>
Date: Wed, 15 Mar 2006 11:47:58 +0100
From: Magnus Westerlund <magnus.westerlund@ericsson.com>
User-Agent: Thunderbird 1.5 (Windows/20051201)
MIME-Version: 1.0
To: tls@lists.ietf.org
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
X-OriginalArrivalTime: 15 Mar 2006 10:47:58.0868 (UTC) FILETIME=[ECAD7540:01C6481D]
X-Brightmail-Tracker: AAAAAA==
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 0bc60ec82efc80c84b8d02f4b0e4de22
Cc: Joerg Ott <jo@netlab.hut.fi>, Colin Perkins <csp@csperkins.org>
Subject: [TLS] Client based approval of multihop TLS in RTSP 2.0
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org
Hi, RTSP 2.0 (real-time streaming protocol) draft proposed what I think is a quite novel idea of allowing the usage of TLS despite the need for proxying the connection. This allows the user to receive and approve the certificate of the next hop TLS connection the proxy is establishing on behalf of the client. Of course this requires trust in the proxy, but seems to be applicable in a number of environments, where the only alternative may be to not use TLS at all. For example through company firewalls that require auditing. To help ensuring the correct specification and that we haven't created any security holes beyond the one of the trust model we desire your review of this proposal. It is documented in section 18.3 of the following draft, but please look at 18.2 also: http://www.ietf.org/internet-drafts/draft-ietf-mmusic-rfc2326bis-12.txt All type of feedback is appreciated. Thanks Magnus Westerlund Multimedia Technologies, Ericsson Research EAB/TVA/A ---------------------------------------------------------------------- Ericsson AB | Phone +46 8 4048287 Torshamsgatan 23 | Fax +46 8 7575550 S-164 80 Stockholm, Sweden | mailto: magnus.westerlund@ericsson.com _______________________________________________ TLS mailing list TLS@lists.ietf.org https://www1.ietf.org/mailman/listinfo/tls
- [TLS] Client based approval of multihop TLS in RT… Magnus Westerlund