[TLS] Fwd: New Version Notification for draft-schwartz-tls-lb-02.txt

Ben Schwartz <bemasc@google.com> Thu, 31 October 2019 22:04 UTC

Return-Path: <bemasc@google.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CD91F12086F for <tls@ietfa.amsl.com>; Thu, 31 Oct 2019 15:04:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.499
X-Spam-Level:
X-Spam-Status: No, score=-17.499 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7ScqU7AcE8sI for <tls@ietfa.amsl.com>; Thu, 31 Oct 2019 15:03:58 -0700 (PDT)
Received: from mail-il1-x12c.google.com (mail-il1-x12c.google.com [IPv6:2607:f8b0:4864:20::12c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 611CB120825 for <tls@ietf.org>; Thu, 31 Oct 2019 15:03:58 -0700 (PDT)
Received: by mail-il1-x12c.google.com with SMTP id m16so6814229iln.13 for <tls@ietf.org>; Thu, 31 Oct 2019 15:03:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=eYprrGT0FZjN1Gq3wOmwJ+OjPTFYFAjFFVcm5le9Q7g=; b=ZyEvaIhdBFLBKgHKFtkR6Aj1eMEUb32D3dvm+BsWH71IR771AAsa7uNNQ1YAPxnpoF 7eiyxhZCLKpBdnAv2QhobDqVtN7wPbu3p4p6P8/keQCaZamwAHwAl1105VBJ5y/As34+ ixUMA4v4i8XhP+llL1xfRxOs6rGiJzXgpQcyesSyAINI38c0mSgPBjpxMiHpLcumQCUi s3C/BVtIWI6BVvFnrTu+vorv/0nJwIL3U3fClxWqPJQcRrcAJyXlTf+JD7Z3TAmL1FUp hWqfrZAWmi1B5q5BqNdxcZBOWERlTQGd0LHOcM8jhr4A/kJrJWLClbAXyRd/6VzJetcN PnmQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=eYprrGT0FZjN1Gq3wOmwJ+OjPTFYFAjFFVcm5le9Q7g=; b=YHkNLmL9klMqOxgkkBfnZbbPDluxEogx3X83D+dWlQkBwwvBOGOEIE6K/6mrFDRSDA Ba6jFLiSQeHRZfe0Z8exLt2bGYm5UBUbSijed2LjRemotMycNaemMAvCAuibr7igNeLW vRo2AQD/ds9nxJ0q4Y4Lox4HW3q0GKqzZyGGfPZU7yMRy9zWa1hDRkQQ+aBGGSo3p1aD BwsTIHO9TUvDxdkzaRaWZcbxPbhbV2EjXK0Gmd9IAxvq8A9omsL1tRxbqg3pKzJ508Bg lbJUE7WrAUaLcagca6jnqFktAU4WR2uo2NqCJJE/39daobukIYINb/emVIx1iRDGsUDY B32A==
X-Gm-Message-State: APjAAAX4r9KEMQjHyKYPc1C2cM5zoV7sEcI2P9QjRjdzFdyFIwRBnEak Lgg/bKHvjr7I+oHqsfWhbpb6ojZ8FCuA5M2yCcJdxN1U
X-Google-Smtp-Source: APXvYqyvgZ4YBUQOKa4ED6HBrYu1h3TYMBTe8FSbVI8n0a6fKRK4Ig1FDbJwGT62bRyUC2DOCePB0XM0aM534j+HSzA=
X-Received: by 2002:a92:9adb:: with SMTP id c88mr8713452ill.193.1572559437049; Thu, 31 Oct 2019 15:03:57 -0700 (PDT)
MIME-Version: 1.0
References: <157255857403.30497.13130592146602300409.idtracker@ietfa.amsl.com>
In-Reply-To: <157255857403.30497.13130592146602300409.idtracker@ietfa.amsl.com>
From: Ben Schwartz <bemasc@google.com>
Date: Thu, 31 Oct 2019 18:03:45 -0400
Message-ID: <CAHbrMsDjRzf2AJMaZWL04oYaynYipc1gAu2NxoKW9o3gaHAkHQ@mail.gmail.com>
To: "<tls@ietf.org>" <tls@ietf.org>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-256; boundary="000000000000ac1e9105963c063b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/nbE8Go5smSKA2Gq_gBly-YKKK38>
Subject: [TLS] Fwd: New Version Notification for draft-schwartz-tls-lb-02.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 31 Oct 2019 22:04:01 -0000

Hi TLS,

This is an updated version of the TLS-LB draft that I presented in
Montreal.  The draft is intended for load balancers (or "SNI reverse
proxies") that sit between the client and the actual server, directing
traffic without decrypting TLS.  This is relevant to split mode ESNI.

Some major changes since the previous version:
 * No more mention of QUIC.  This draft is now TLS-only.  (We can come back
to QUIC in the future, perhaps in a separate draft.)
 * Communication is bidirectional, so that overloaded backend servers can
tell the load balancer to shift traffic away.
 * Added a certificate padding procedure
 * Added a replay defense

Please review.

There were several requests in Montreal for a proper security analysis of
the authentication procedure in this draft, so I would especially
appreciate reviews or referrals on that front.

Thanks,
Ben Schwartz

---------- Forwarded message ---------
From: <internet-drafts@ietf.org>
Date: Thu, Oct 31, 2019 at 5:49 PM
Subject: New Version Notification for draft-schwartz-tls-lb-02.txt
To: Benjamin M. Schwartz <bemasc@google.com>



A new version of I-D, draft-schwartz-tls-lb-02.txt
has been successfully submitted by Benjamin M. Schwartz and posted to the
IETF repository.

Name:           draft-schwartz-tls-lb
Revision:       02
Title:          TLS Metadata for Load Balancers
Document date:  2019-10-31
Group:          Individual Submission
Pages:          12
URL:
https://www.ietf.org/internet-drafts/draft-schwartz-tls-lb-02.txt
Status:         https://datatracker.ietf.org/doc/draft-schwartz-tls-lb/
Htmlized:       https://tools.ietf.org/html/draft-schwartz-tls-lb-02
Htmlized:       https://datatracker.ietf.org/doc/html/draft-schwartz-tls-lb
Diff:           https://www.ietf.org/rfcdiff?url2=draft-schwartz-tls-lb-02

Abstract:
   A load balancer that does not terminate TLS may wish to provide some
   information to the backend server, in addition to forwarding TLS
   data.  This draft proposes a protocol between load balancers and
   backends that enables secure, efficient delivery of TLS with
   additional information.  The need for such a protocol has recently
   become apparent in the context of split mode ESNI.




Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

The IETF Secretariat