> -----Original Message----- > From: TLS [mailto:tls-boun...@ietf.org] On Behalf Of Stephen Farrell > Sent: 30 October 2017 22:56 > To: Richard Barnes <r...@ipv.sx>; <tls@ietf.org> <tls@ietf.org> > Subject: Re: [TLS] New Version Notification for > draft-friel-tls-over-http-00.txt > > > > On 30/10/17 22:17, Richard Barnes wrote: > > Hey TLS folks, > > > > Owen, Max, and I have been kicking around some ideas for how to make > > secure connections in environments where HTTPS is subject to MitM / > proxying. > > Interesting. One bit puzzles me: wouldn't the new content-type give the game > away and cause middleboxes to block this? > > S. >
[ofriel] The intention isn’t to try and obscure the fact that there is an ATLS session. Even if that new content-type was not defined, it would be easy to write a simple pattern match script on the middlebox to identity the JSON body and leading base64 bytes of the TLS records in the body. > > > > The below draft lays out a way to tunnel TLS over HTTPS, in hopes of > > creating a channel you could use when you really need things to be > > private, even from the local MitM. > > > > Feedback obviously very welcome. Interested in whether folks think > > this is a useful area in which to develop an RFC, and any thoughts on > > how to do this better. > > > > Thanks, > > --Richard > > > > > > On Mon, Oct 30, 2017 at 3:47 PM, <internet-dra...@ietf.org> wrote: > > > >> > >> A new version of I-D, draft-friel-tls-over-http-00.txt has been > >> successfully submitted by Owen Friel and posted to the IETF > >> repository. > >> > >> Name: draft-friel-tls-over-http > >> Revision: 00 > >> Title: Application-Layer TLS > >> Document date: 2017-10-30 > >> Group: Individual Submission > >> Pages: 20 > >> URL: https://www.ietf.org/internet-drafts/draft-friel-tls-over- > >> http-00.txt > >> Status: https://datatracker.ietf.org/ > >> doc/draft-friel-tls-over-http/ > >> Htmlized: https://tools.ietf.org/html/draft-friel-tls-over-http-00 > >> Htmlized: https://datatracker.ietf.org/ > >> doc/html/draft-friel-tls-over-http-00 > >> > >> > >> Abstract: > >> Many clients need to establish secure connections to application > >> services but face challenges establishing these connections due to > >> the presence of middleboxes that terminate TLS connections from the > >> client and restablish new TLS connections to the service. This > >> document defines a mechanism for transporting TLS records in HTTP > >> message bodies between clients and services. This enables clients > >> and services to establish secure connections using TLS at the > >> application layer, and treat any middleboxes that are intercepting > >> traffic at the network layer as untrusted transport. In short, this > >> mechanism moves the TLS handshake up the OSI stack to the application > >> layer. > >> > >> > >> > >> > >> Please note that it may take a couple of minutes from the time of > >> submission until the htmlized version and diff are available at > >> tools.ietf.org. > >> > >> The IETF Secretariat > >> > >> > > > > > > > > _______________________________________________ > > TLS mailing list > > TLS@ietf.org > > https://www.ietf.org/mailman/listinfo/tls > > _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
