Some comments on draft-ietf-tls-sni-encryption-03:
Section 2.3 "End-to-end alternatives"
"Enterprises can deploy monitoring software to control usage of the enterprises
[sic] computers."
At the moment enterprises have the option of installing a firewall performing
SNI filtering to black-list
>Nope, I've raised this *EVERY* time on the list when the dead horse was
newly beaten.
And you were in the minority, the WG consensus has clearly been to work on
this, despite your objections.
___
TLS mailing list
TLS@ietf.org
On Wed, Oct 17, 2018 at 07:25:38PM -0700, Eric Rescorla wrote:
> >> As it is, there are a number of servers which desperately require
> >> the presence of TLS extension SNI, or will fail TLS handshakes either
> >> by choking and dropping connections (Microsoft IIS 8.5+) or by
> >>
m...@sap.com (Martin Rex) writes:
> If anyone really thinks that there should be a scheme where a
> server's hostname is no longer transfered in a cleartext (including
> TLS extension SNI), then first of all a *NEW* distinct URI method
> should be defined for that purpose, e.g. "httph://" as a
On Wed, Oct 17, 2018 at 4:41 PM Martin Rex wrote:
> Eric Rescorla wrote:
> > Martin Rex wrote:
> >
> > > Sean Turner wrote:
> > > >
> > > > This is the working group last call for the
> > > > "Issues and Requirements for SNI Encryption in TLS"
> > > > draft available at
> > > >
Eric Rescorla wrote:
> Martin Rex wrote:
>
> > Sean Turner wrote:
> > >
> > > This is the working group last call for the
> > > "Issues and Requirements for SNI Encryption in TLS"
> > > draft available at
> > > http://datatracker.ietf.org/doc/draft-ietf-tls-sni-encryption/.
> > > Please review
On Wed, Oct 17, 2018 at 10:03 AM Martin Rex wrote:
> Sean Turner wrote:
> >
> > This is the working group last call for the
> > "Issues and Requirements for SNI Encryption in TLS"
> > draft available at
> > http://datatracker.ietf.org/doc/draft-ietf-tls-sni-encryption/.
> > Please review the
Sean Turner wrote:
>
> This is the working group last call for the
> "Issues and Requirements for SNI Encryption in TLS"
> draft available at
> http://datatracker.ietf.org/doc/draft-ietf-tls-sni-encryption/.
> Please review the document and send your comments to the list
> by 2359 UTC on 31
Hiya,
I think this is more-or-less ready and I support
publication. My comments below, none of which are
show-stoppers but they might be worth a look.
Cheers,
S.
1. Shouldn't there be some mention of CT here somewhere?
Say if we have a good solution, but the hidden service's
cert is in CT
This is a pretty good piece of information that is very nearly done.
Regarding the idnits results, DoH is done, but DTLS and QUIC are still
a way off. Would we prefer publication with downref or waiting? For
me, this depends somewhat on the maturity of the documents that depend
on this. I'd be
All,
I ran I-D nits before hitting the appropriate buttons to place this draft in
WGLC. I figured we could address the following before we send the draft to Ben:
== Outdated reference: draft-ietf-tls-tls13 has been
published as RFC 8446
== Outdated reference: A later version (-14)
All,
This is the working group last call for the "Issues and Requirements for SNI
Encryption in TLS" draft available at
http://datatracker.ietf.org/doc/draft-ietf-tls-sni-encryption/. Please review
the document and send your comments to the list by 2359 UTC on 31 October 2018.
Thanks your
12 matches
Mail list logo