[TLS] Fwd: New Version Notification for draft-schwartz-tls-lb-02.txt
Ben Schwartz <bemasc@google.com> Thu, 31 October 2019 22:04 UTC
Return-Path: <bemasc@google.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CD91F12086F for <tls@ietfa.amsl.com>; Thu, 31 Oct 2019 15:04:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.499
X-Spam-Level:
X-Spam-Status: No, score=-17.499 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7ScqU7AcE8sI for <tls@ietfa.amsl.com>; Thu, 31 Oct 2019 15:03:58 -0700 (PDT)
Received: from mail-il1-x12c.google.com (mail-il1-x12c.google.com [IPv6:2607:f8b0:4864:20::12c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 611CB120825 for <tls@ietf.org>; Thu, 31 Oct 2019 15:03:58 -0700 (PDT)
Received: by mail-il1-x12c.google.com with SMTP id m16so6814229iln.13 for <tls@ietf.org>; Thu, 31 Oct 2019 15:03:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=eYprrGT0FZjN1Gq3wOmwJ+OjPTFYFAjFFVcm5le9Q7g=; b=ZyEvaIhdBFLBKgHKFtkR6Aj1eMEUb32D3dvm+BsWH71IR771AAsa7uNNQ1YAPxnpoF 7eiyxhZCLKpBdnAv2QhobDqVtN7wPbu3p4p6P8/keQCaZamwAHwAl1105VBJ5y/As34+ ixUMA4v4i8XhP+llL1xfRxOs6rGiJzXgpQcyesSyAINI38c0mSgPBjpxMiHpLcumQCUi s3C/BVtIWI6BVvFnrTu+vorv/0nJwIL3U3fClxWqPJQcRrcAJyXlTf+JD7Z3TAmL1FUp hWqfrZAWmi1B5q5BqNdxcZBOWERlTQGd0LHOcM8jhr4A/kJrJWLClbAXyRd/6VzJetcN PnmQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=eYprrGT0FZjN1Gq3wOmwJ+OjPTFYFAjFFVcm5le9Q7g=; b=YHkNLmL9klMqOxgkkBfnZbbPDluxEogx3X83D+dWlQkBwwvBOGOEIE6K/6mrFDRSDA Ba6jFLiSQeHRZfe0Z8exLt2bGYm5UBUbSijed2LjRemotMycNaemMAvCAuibr7igNeLW vRo2AQD/ds9nxJ0q4Y4Lox4HW3q0GKqzZyGGfPZU7yMRy9zWa1hDRkQQ+aBGGSo3p1aD BwsTIHO9TUvDxdkzaRaWZcbxPbhbV2EjXK0Gmd9IAxvq8A9omsL1tRxbqg3pKzJ508Bg lbJUE7WrAUaLcagca6jnqFktAU4WR2uo2NqCJJE/39daobukIYINb/emVIx1iRDGsUDY B32A==
X-Gm-Message-State: APjAAAX4r9KEMQjHyKYPc1C2cM5zoV7sEcI2P9QjRjdzFdyFIwRBnEak Lgg/bKHvjr7I+oHqsfWhbpb6ojZ8FCuA5M2yCcJdxN1U
X-Google-Smtp-Source: APXvYqyvgZ4YBUQOKa4ED6HBrYu1h3TYMBTe8FSbVI8n0a6fKRK4Ig1FDbJwGT62bRyUC2DOCePB0XM0aM534j+HSzA=
X-Received: by 2002:a92:9adb:: with SMTP id c88mr8713452ill.193.1572559437049; Thu, 31 Oct 2019 15:03:57 -0700 (PDT)
MIME-Version: 1.0
References: <157255857403.30497.13130592146602300409.idtracker@ietfa.amsl.com>
In-Reply-To: <157255857403.30497.13130592146602300409.idtracker@ietfa.amsl.com>
From: Ben Schwartz <bemasc@google.com>
Date: Thu, 31 Oct 2019 18:03:45 -0400
Message-ID: <CAHbrMsDjRzf2AJMaZWL04oYaynYipc1gAu2NxoKW9o3gaHAkHQ@mail.gmail.com>
To: "<tls@ietf.org>" <tls@ietf.org>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="000000000000ac1e9105963c063b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/nbE8Go5smSKA2Gq_gBly-YKKK38>
Subject: [TLS] Fwd: New Version Notification for draft-schwartz-tls-lb-02.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 31 Oct 2019 22:04:01 -0000
Hi TLS, This is an updated version of the TLS-LB draft that I presented in Montreal. The draft is intended for load balancers (or "SNI reverse proxies") that sit between the client and the actual server, directing traffic without decrypting TLS. This is relevant to split mode ESNI. Some major changes since the previous version: * No more mention of QUIC. This draft is now TLS-only. (We can come back to QUIC in the future, perhaps in a separate draft.) * Communication is bidirectional, so that overloaded backend servers can tell the load balancer to shift traffic away. * Added a certificate padding procedure * Added a replay defense Please review. There were several requests in Montreal for a proper security analysis of the authentication procedure in this draft, so I would especially appreciate reviews or referrals on that front. Thanks, Ben Schwartz ---------- Forwarded message --------- From: <internet-drafts@ietf.org> Date: Thu, Oct 31, 2019 at 5:49 PM Subject: New Version Notification for draft-schwartz-tls-lb-02.txt To: Benjamin M. Schwartz <bemasc@google.com> A new version of I-D, draft-schwartz-tls-lb-02.txt has been successfully submitted by Benjamin M. Schwartz and posted to the IETF repository. Name: draft-schwartz-tls-lb Revision: 02 Title: TLS Metadata for Load Balancers Document date: 2019-10-31 Group: Individual Submission Pages: 12 URL: https://www.ietf.org/internet-drafts/draft-schwartz-tls-lb-02.txt Status: https://datatracker.ietf.org/doc/draft-schwartz-tls-lb/ Htmlized: https://tools.ietf.org/html/draft-schwartz-tls-lb-02 Htmlized: https://datatracker.ietf.org/doc/html/draft-schwartz-tls-lb Diff: https://www.ietf.org/rfcdiff?url2=draft-schwartz-tls-lb-02 Abstract: A load balancer that does not terminate TLS may wish to provide some information to the backend server, in addition to forwarding TLS data. This draft proposes a protocol between load balancers and backends that enables secure, efficient delivery of TLS with additional information. The need for such a protocol has recently become apparent in the context of split mode ESNI. Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. The IETF Secretariat
- [TLS] Fwd: New Version Notification for draft-sch… Ben Schwartz