[TLS] Fwd: New Version Notification for draft-schwartz-tls-lb-02.txt

Thu, 31 Oct 2019 15:05:45 -0700 

Hi TLS,

This is an updated version of the TLS-LB draft that I presented in
Montreal.  The draft is intended for load balancers (or "SNI reverse
proxies") that sit between the client and the actual server, directing
traffic without decrypting TLS.  This is relevant to split mode ESNI.

Some major changes since the previous version:
 * No more mention of QUIC.  This draft is now TLS-only.  (We can come back
to QUIC in the future, perhaps in a separate draft.)
 * Communication is bidirectional, so that overloaded backend servers can
tell the load balancer to shift traffic away.
 * Added a certificate padding procedure
 * Added a replay defense

Please review.

There were several requests in Montreal for a proper security analysis of
the authentication procedure in this draft, so I would especially
appreciate reviews or referrals on that front.

Thanks,
Ben Schwartz

---------- Forwarded message ---------
From: <internet-dra...@ietf.org>
Date: Thu, Oct 31, 2019 at 5:49 PM
Subject: New Version Notification for draft-schwartz-tls-lb-02.txt
To: Benjamin M. Schwartz <bem...@google.com>



A new version of I-D, draft-schwartz-tls-lb-02.txt
has been successfully submitted by Benjamin M. Schwartz and posted to the
IETF repository.

Name:           draft-schwartz-tls-lb
Revision:       02
Title:          TLS Metadata for Load Balancers
Document date:  2019-10-31
Group:          Individual Submission
Pages:          12
URL:
https://www.ietf.org/internet-drafts/draft-schwartz-tls-lb-02.txt
Status:         https://datatracker.ietf.org/doc/draft-schwartz-tls-lb/
Htmlized:       https://tools.ietf.org/html/draft-schwartz-tls-lb-02
Htmlized:       https://datatracker.ietf.org/doc/html/draft-schwartz-tls-lb
Diff:           https://www.ietf.org/rfcdiff?url2=draft-schwartz-tls-lb-02

Abstract:
   A load balancer that does not terminate TLS may wish to provide some
   information to the backend server, in addition to forwarding TLS
   data.  This draft proposes a protocol between load balancers and
   backends that enables secure, efficient delivery of TLS with
   additional information.  The need for such a protocol has recently
   become apparent in the context of split mode ESNI.




Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

The IETF Secretariat

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

Reply via email to