Hi all,
I wanted to briefly introduce network tokens ( https://networktokens.org ) into
this list, how they relate with TLS and ESNI, and kindly ask anyone that is
interested to share feedback and join the discussion.
Network tokens is a method for endpoints to explicitly and securely coordinate
with networks about how their traffic is treated. They are inserted by
endpoints in existing protocols, interpreted by trusted networks, and may be
signed or encrypted to meet security and privacy requirements. Network tokens
provide a means for network operators to expose datapath services (such as a
zero-rating service, a user-driven QoS service, or a firewall whitelist), and
for end users and application providers to access such services. Network tokens
are inspired and derived by existing security tokens (like JWT and CWT),
borrowing several of their security and privacy properties, and adjusting them
for use in a networking context.
There are two ways that network tokens relate with TLS:
* They can support ESNI adoption: in a world where ESNI is widely adopted,
network tokens can enable use cases where endpoint-network coordination is
required, without having to go back to plaintext SNI that everyone can read..
* Network tokens are embedded as TLS handshake extensions (among others).
We are shooting for a BoF in November, and are very much interested into
feedback around the concept, use cases, what we need to do to make network
tokens adopted as a TLS handshake extension, and folks that are interested to
get involved in the effort!
Links to an IETF I-D, a mailing list, and initial implementation are available
at https://networktokens.org ( https://networktokens.org/ ).
Best,
Yiannis
=====================
Yiannis Yiakoumis
Co-Founder & CEO
https://selfienetworks.com | +1-650-644-7857
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls