W dniu 04.01.2018 o 15:22, Eric Rescorla pisze: > > > On Thu, Jan 4, 2018 at 2:46 AM, Mateusz Jończyk <mat.jonc...@o2.pl > <mailto:mat.jonc...@o2.pl>> wrote: > > W dniu 03.01.2018 o 18:05, Benjamin Kaduk pisze: > > On 01/03/2018 10:17 AM, Mateusz Jończyk wrote: > >> Judging from TLS1.3's problems with middleboxes, content filtering > isn't so > >> rare, especially in the corporate world. > >> > >> The provider of filtering services (for example OpenDNS) / middlebox > >> manufacturer would have to recognize if the client supports this > mechanism. > >> Having support for TLS1.3 could be one such flag. > > > > Cherry-picking this one part just for enhanced clarity: I do not think > > support for TLS 1.3 can or should be such a flag -- there does not seem > > sufficient reason to block TLS 1.3 finalization for this proposal. > > I would like to ask You to add just this one flag: > access_administratively_disabled to TLS 1.3. This will allow graceful > upgrade to > full proposed functionality of the access_administratively_disabled > mechanism. > > > I am not in favor of this change at this time. > > I suspect I'm not in favor of the mechanism, but i'm definitely not in favor > of > adding a placeholder alert for some mechanism which isn't specified. > OK, but what about this change considered separately? I have changed the semantics slightly:
+access_denied_by_intermediary +: The access was denied by a network intermediary - i.e. a server other + than the client or the desired server, for example by an Internet Sevice + Provider. Justification: Network intermediaries (for example ISPs) may block traffic by using e.g. access_denied anyway. Make it more explicit by adding access_denied_by_intermediary. This will make censorship more transparent. Greetings, Mateusz > -Ekr > > I will try to submit an Internet Draft for the full mechanism till the > end of > this week. > > Greetings, > Mateusz Jończyk > > > > > -Ben > > > > _______________________________________________ > TLS mailing list > TLS@ietf.org <mailto:TLS@ietf.org> > https://www.ietf.org/mailman/listinfo/tls > <https://www.ietf.org/mailman/listinfo/tls> > > _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls