Re: [TLS] access_administratively_disabled v2

Thu, 04 Jan 2018 06:43:49 -0800 

W dniu 04.01.2018 o 15:22, Eric Rescorla pisze:
> 
> 
> On Thu, Jan 4, 2018 at 2:46 AM, Mateusz Jończyk <mat.jonc...@o2.pl
> <mailto:mat.jonc...@o2.pl>> wrote:
> 
>     W dniu 03.01.2018 o 18:05, Benjamin Kaduk pisze:
>     > On 01/03/2018 10:17 AM, Mateusz Jończyk wrote:
>     >> Judging from TLS1.3's problems with middleboxes, content filtering 
> isn't so
>     >> rare, especially in the corporate world.
>     >>
>     >> The provider of filtering services (for example OpenDNS) / middlebox
>     >> manufacturer would have to recognize if the client supports this 
> mechanism.
>     >> Having support for TLS1.3 could be one such flag.
>     >
>     > Cherry-picking this one part just for enhanced clarity: I do not think
>     > support for TLS 1.3 can or should be such a flag -- there does not seem
>     > sufficient reason to block TLS 1.3 finalization for this proposal.
> 
>     I would like to ask You to add just this one flag:
>     access_administratively_disabled to TLS 1.3. This will allow graceful 
> upgrade to
>     full proposed functionality of the access_administratively_disabled 
> mechanism.
> 
> 
> I am not in favor of this change at this time.
> 
> I suspect I'm not in favor of the mechanism, but i'm definitely not in favor 
> of
> adding a placeholder alert for some mechanism which isn't specified.
> 
OK, but what about this change considered separately? I have changed the
semantics slightly:

+access_denied_by_intermediary
+: The access was denied by a network intermediary - i.e. a server other
+  than the client or the desired server, for example by an Internet Sevice
+  Provider.

Justification:
        Network intermediaries (for example ISPs) may block traffic by using
        e.g. access_denied anyway. Make it more explicit by adding
        access_denied_by_intermediary.

        This will make censorship more transparent.

Greetings,
Mateusz
        

> -Ekr
> 
>     I will try to submit an Internet Draft for the full mechanism till the 
> end of
>     this week.
> 
>     Greetings,
>     Mateusz Jończyk
> 
>     >
>     > -Ben
>     >
> 
>     _______________________________________________
>     TLS mailing list
>     TLS@ietf.org <mailto:TLS@ietf.org>
>     https://www.ietf.org/mailman/listinfo/tls
>     <https://www.ietf.org/mailman/listinfo/tls>
> 
> 

_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

Reply via email to