On Thu, Jan 4, 2018 at 6:43 AM, Mateusz Jończyk <[email protected]> wrote:
> W dniu 04.01.2018 o 15:22, Eric Rescorla pisze: > > > > > > On Thu, Jan 4, 2018 at 2:46 AM, Mateusz Jończyk <[email protected] > > <mailto:[email protected]>> wrote: > > > > W dniu 03.01.2018 o 18:05, Benjamin Kaduk pisze: > > > On 01/03/2018 10:17 AM, Mateusz Jończyk wrote: > > >> Judging from TLS1.3's problems with middleboxes, content > filtering isn't so > > >> rare, especially in the corporate world. > > >> > > >> The provider of filtering services (for example OpenDNS) / > middlebox > > >> manufacturer would have to recognize if the client supports this > mechanism. > > >> Having support for TLS1.3 could be one such flag. > > > > > > Cherry-picking this one part just for enhanced clarity: I do not > think > > > support for TLS 1.3 can or should be such a flag -- there does not > seem > > > sufficient reason to block TLS 1.3 finalization for this proposal. > > > > I would like to ask You to add just this one flag: > > access_administratively_disabled to TLS 1.3. This will allow > graceful upgrade to > > full proposed functionality of the access_administratively_disabled > mechanism. > > > > > > I am not in favor of this change at this time. > > > > I suspect I'm not in favor of the mechanism, but i'm definitely not in > favor of > > adding a placeholder alert for some mechanism which isn't specified. > > > OK, but what about this change considered separately? I have changed the > semantics slightly: > > +access_denied_by_intermediary > +: The access was denied by a network intermediary - i.e. a server other > + than the client or the desired server, for example by an Internet Sevice > + Provider. > > Justification: > Network intermediaries (for example ISPs) may block traffic by > using > e.g. access_denied anyway. Make it more explicit by adding > access_denied_by_intermediary. > > This will make censorship more transparent. > Sorry, no, I'm not persuaded. It's not clear to me that this is a benefit, and certainly not clear enough to merit a last minute change to 1.3. -Ekr > Greetings, > Mateusz > > > > -Ekr > > > > I will try to submit an Internet Draft for the full mechanism till > the end of > > this week. > > > > Greetings, > > Mateusz Jończyk > > > > > > > > -Ben > > > > > > > _______________________________________________ > > TLS mailing list > > [email protected] <mailto:[email protected]> > > https://www.ietf.org/mailman/listinfo/tls > > <https://www.ietf.org/mailman/listinfo/tls> > > > > > >
_______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
