I agree with the proposed approach and I also believe in discussion around safe and responsible middlebox deployment. I support the adoption of this draft!
Regards -Ashu On Mon, Jul 27, 2020 at 7:45 PM Roelof duToit <r@nerd.ninja> wrote: > RFC 8446, section 9.3 states: > *Note that TLS's protocol requirements and security analysis only* > *apply to the two connections separately. Safely deploying a TLS* > *terminator requires additional security considerations which are* > *beyond the scope of this document.* > > The context of that paragraph is "*A middlebox which terminates a TLS > connection*" and it implies that there are *undocumented* security > considerations. > The tls-proxy-bp draft is a contribution towards that goal and we think it > is worth the effort. > > --Roelof > > > On Jul 27, 2020, at 8:35 PM, Stephen Farrell <stephen.farr...@cs.tcd.ie> > wrote: > > > > On 28/07/2020 00:48, Eric Wang (ejwang) wrote: > > We felt the lack of a > baseline bcp is going to hurt the security posture of TLS rather than > driving the intermediary away. > > > That makes no sense to me. > > Adopting this draft will require eliminating all such > gibberish and instead finding text that can garner IETF > consensus. I really do not think that effort is worth > the significant cost for anyone involved, pro-MITM or > not. > > S. > > <0x5AB2FAF17B172BEA.asc>_______________________________________________ > OPSEC mailing list > op...@ietf.org > https://www.ietf.org/mailman/listinfo/opsec > > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
