Hi Stephen, Thanks for your feedback. I’d like to clarify, given the reality today that CDN/load balancers and enterprises deploy TLS proxy, this draft is merely to lay out a baseline guidance to the implementation and operation[1]. It is not meant to analyze "use and abuse" or "pros and cons", for which there were many discussions and publications in the past and the draft references some of them.
Given the progression of TLS and its wide adoption, the use of TLS proxy is also becoming a practice and is growing in enterprise/CDN. We felt it’s a good thing for the community to define a set of best practices for practitioners to reference when implementing and operating TLS proxy. Without one, TLS deployments would be negatively impacted. Also, given some of the implementation inconsistencies noted during the TLS 1.3 evolution, we felt a bcp guide could help the community moving forward. That’s the purpose of this draft. Best, -Eric [1] https://tools.ietf.org/html/draft-wang-opsec-tls-proxy-bp-00#section-1 On Jul 25, 2020, at 7:07 AM, Stephen Farrell <stephen.farr...@cs.tcd.ie<mailto:stephen.farr...@cs.tcd.ie>> wrote: I oppose adoption. While there could be some minor benefit in documenting the uses and abuses seen when mitm'ing tls, I doubt that the effort to ensure a balanced document is at all worthwhile. The current draft is too far from what it'd need to be to be adopted. Send to ISE. S. On 23/07/2020 02:30, Jen Linkova wrote: One thing to add here: the chairs would like to hear active and explicit support of the adoption. So please speak up if you believe the draft is useful and the WG shall work on getting it published. On Mon, Jul 20, 2020 at 3:35 AM Ron Bonica <rbonica=40juniper....@dmarc.ietf.org<mailto:rbonica=40juniper....@dmarc.ietf.org>> wrote: Folks, This email begins a Call For Adoption on draft-wang-opsec-tls-proxy-bp. Please send comments to op...@ietf.org<mailto:op...@ietf.org> by August 3, 2020. Ron Juniper Business Use Only _______________________________________________ OPSEC mailing list op...@ietf.org<mailto:op...@ietf.org> https://www.ietf.org/mailman/listinfo/opsec -- SY, Jen Linkova aka Furry _______________________________________________ TLS mailing list TLS@ietf.org<mailto:TLS@ietf.org> https://www.ietf.org/mailman/listinfo/tls <0x5AB2FAF17B172BEA.asc>_______________________________________________ TLS mailing list TLS@ietf.org<mailto:TLS@ietf.org> https://www.ietf.org/mailman/listinfo/tls
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
