A New Internet-Draft is available from the on-line Internet-Drafts directories.
Title : TLS Proxy Server Extension
Author(s) : David A. McGrew
Philip Gladstone
Filename : draft-mcgrew-tls-proxy-server-00.txt
Pages : 13
Date : 2011-07-04
Transport Layer Security (TLS) is commonly used to protect HTTP and
other protocols. HTTP is often proxied, for instance, to allow an
application-layer firewall to inspect the HTTP traffic between the
client and the server. A TLS session cannot protect traffic between
the client and server when an HTTP proxy is present. Separate TLS
sessions can be run between the client and the proxy, on one side,
and the proxy and the server on the other side. This provides the
needed security, as long as the client, server, and proxy device use
appropriate and consistent security policies. However, this last
part is problematic; how can a proxy know if a client trusts a
server? At present, TLS provides no mechanism to coordinate
policies.
This note defines a TLS extension that allows a TLS proxy to provide
a TLS client with all of information about the TLS server that the
client needs to make a well-informed access control decision.
A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-mcgrew-tls-proxy-server-00.txt
Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/
This Internet-Draft can be retrieved at:
ftp://ftp.ietf.org/internet-drafts/draft-mcgrew-tls-proxy-server-00.txt
_______________________________________________
I-D-Announce mailing list
I-D-Announce@ietf.org
https://www.ietf.org/mailman/listinfo/i-d-announce
Internet-Draft directories: http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
