I-D Action: draft-mcgrew-tls-proxy-server-01.txt

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

A New Internet-Draft is available from the on-line Internet-Drafts directories.


	Title           : TLS Proxy Server Extension
	Author(s)       : David A. McGrew
                          Dan Wing
                          Philip Gladstone
	Filename        : draft-mcgrew-tls-proxy-server-01.txt
	Pages           : 18
	Date            : 2012-07-16

Abstract:
   Transport Layer Security (TLS) is commonly used to protect HTTP and
   other protocols; it provides encrypted and authenticated
   conversations between a client and a server.  In some scenarios, two
   TLS sessions are used, so that a third device can participate in the
   protected communication.  In these cases, separate TLS sessions are
   run between the client and the middle device, on one side, and the
   middle device and the server on the other side.  This provides the
   needed security, as long as the client, server, and middle device use
   appropriate and consistent security policies.  However, this last
   part is problematic; how can the middle device know if a client
   trusts a server?  At present, TLS provides no mechanism to coordinate
   policies, and there is no convenient way to do so.

   This note defines a TLS extension that allows a TLS server to provide
   a TLS client with all of information about the other TLS server (or
   servers) that are participating in the application layer traffic that
   the client needs to make a well-informed access control decision.
   This empowers the client to reject TLS sessions that include servers
   that it does not trust.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-mcgrew-tls-proxy-server

There's also a htmlized version available at:
http://tools.ietf.org/html/draft-mcgrew-tls-proxy-server-01

A diff from previous version is available at:
http://tools.ietf.org/rfcdiff?url2=draft-mcgrew-tls-proxy-server-01


Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

_______________________________________________
I-D-Announce mailing list
I-D-Announce@ietf.org
https://www.ietf.org/mailman/listinfo/i-d-announce
Internet-Draft directories: http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
[Index of Archives]     [IETF]     [IETF Discussion]     [Linux Kernel]

  Powered by Linux