On Wed, Jul 29, 2020 at 5:06 PM Stephen Farrell <stephen.farr...@cs.tcd.ie> wrote:
> > Hiya, > > On 30/07/2020 00:56, Eric Rescorla wrote: > > What text in TLS do you believe terminating proxies (in either direction) > > do not conform to? > > I gtend to start with the abstract: "TLS allows > client/server applications to communicate over the > Internet in a way that is designed to prevent > eavesdropping, tampering, and message forgery." > > I think that text has remained through various > iterations. > Yes, and in this context, the MITM proxy is a server from the client's perspective and a client from the origin server's perspective. More importantly, the analyses done for tls1.3 > afaik do not consider such 3rd parties except as > an attacker. > I would say rather that those analyses consider them as protocol endpoints and address the two individual connections terminated by the proxy and have nothing to say about the composition of those two connections. I'm by no means denying the fact that MITM boxen > are deployed, but the idea that some of them are > "conformant" and some are not seems bogus. > Well, they are either conformant with the text of 8446 S 9.3 or they are not (and just to be clear, being conformant with 9.3 does not make them good for the reason indicated above). -Ekr
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
