Hi Stephen, Thanks for your feedback. I’d like to clarify, given the reality today that CDN/load balancers and enterprises deploy TLS proxy, this draft is merely to lay out a baseline guidance to the implementation and operation[1]. It is not meant to analyze "use and abuse" or "pros and cons", for which there were many discussions and publications in the past and the draft references some of them.
Given the progression of TLS and its wide adoption, the use of TLS proxy is also becoming a practice and is growing in enterprise/CDN. We felt it’s a good thing for the community to define a set of best practices for practitioners to reference when implementing and operating TLS proxy. Without one, TLS deployments would be negatively impacted. Also, given some of the implementation inconsistencies noted during the TLS 1.3 evolution, we felt a bcp guide could help the community moving forward. That’s the purpose of this draft. Best, -Eric [1] https://tools.ietf.org/html/draft-wang-opsec-tls-proxy-bp-00#section-1 On Jul 25, 2020, at 7:07 AM, Stephen Farrell <[email protected]<mailto:[email protected]>> wrote: I oppose adoption. While there could be some minor benefit in documenting the uses and abuses seen when mitm'ing tls, I doubt that the effort to ensure a balanced document is at all worthwhile. The current draft is too far from what it'd need to be to be adopted. Send to ISE. S. On 23/07/2020 02:30, Jen Linkova wrote: One thing to add here: the chairs would like to hear active and explicit support of the adoption. So please speak up if you believe the draft is useful and the WG shall work on getting it published. On Mon, Jul 20, 2020 at 3:35 AM Ron Bonica <[email protected]<mailto:[email protected]>> wrote: Folks, This email begins a Call For Adoption on draft-wang-opsec-tls-proxy-bp. Please send comments to [email protected]<mailto:[email protected]> by August 3, 2020. Ron Juniper Business Use Only _______________________________________________ OPSEC mailing list [email protected]<mailto:[email protected]> https://www.ietf.org/mailman/listinfo/opsec -- SY, Jen Linkova aka Furry _______________________________________________ TLS mailing list [email protected]<mailto:[email protected]> https://www.ietf.org/mailman/listinfo/tls <0x5AB2FAF17B172BEA.asc>_______________________________________________ TLS mailing list [email protected]<mailto:[email protected]> https://www.ietf.org/mailman/listinfo/tls
_______________________________________________ OPSEC mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsec
