On Mon, Jul 27, 2020, 1:15 AM Eric Wang (ejwang) <ejwang= 40cisco....@dmarc.ietf.org> wrote:
> Hi Stephen, > > Thanks for your feedback. I’d like to clarify, given the reality today > that CDN/load balancers and enterprises deploy TLS proxy, this draft is > merely to lay out a baseline guidance to the implementation and > operation[1]. It is not meant to analyze "use and abuse" or "pros and > cons", for which there were many discussions and publications in the past > and the draft references some of them. > CDNs are usually aware of application level semantics and have some interesting security problems when not. There's no generic safe way to terminate TLS, and that's a real problem for this draft: it needs to be specific to certain use cases. > Given the progression of TLS and its wide adoption, the use of TLS proxy > is also becoming a practice and is growing in enterprise/CDN. We felt it’s > a good thing for the community to define a set of best practices for > practitioners to reference when implementing and operating TLS proxy. > Without one, TLS deployments would be negatively impacted. Also, given > some of the implementation inconsistencies noted during the TLS 1.3 > evolution, we felt a bcp guide could help the community moving forward. > That’s the purpose of this draft. > We've seen middlebox writers ignore black letter extensibility requirements in the existing RFCs and adopt broken patterns before. Why will another draft help? > Best, > -Eric > > [1] https://tools.ietf.org/html/draft-wang-opsec-tls-proxy-bp-00#section-1 > > > On Jul 25, 2020, at 7:07 AM, Stephen Farrell <stephen.farr...@cs.tcd.ie> > wrote: > > > I oppose adoption. While there could be some minor benefit > in documenting the uses and abuses seen when mitm'ing tls, > I doubt that the effort to ensure a balanced document is at > all worthwhile. The current draft is too far from what it'd > need to be to be adopted. > > Send to ISE. > > S. > > On 23/07/2020 02:30, Jen Linkova wrote: > > One thing to add here: the chairs would like to hear active and > explicit support of the adoption. So please speak up if you believe > the draft is useful and the WG shall work on getting it published. > > On Mon, Jul 20, 2020 at 3:35 AM Ron Bonica > <rbonica=40juniper....@dmarc.ietf.org> wrote: > > > Folks, > > > > This email begins a Call For Adoption on draft-wang-opsec-tls-proxy-bp. > > > > Please send comments to op...@ietf.org by August 3, 2020. > > > > Ron > > > > > Juniper Business Use Only > > _______________________________________________ > OPSEC mailing list > op...@ietf.org > https://www.ietf.org/mailman/listinfo/opsec > > > > > -- > SY, Jen Linkova aka Furry > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls > > <0x5AB2FAF17B172BEA.asc>_______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls > > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
