A New Internet-Draft is available from the on-line Internet-Drafts directories.
Title : TLS over HTTP
Author : Christian Huitema
Filename : draft-huitema-tls-tlsoverhttp-00.txt
Pages : 8
Date : 2015-03-09
Abstract:
We observe that attacks against HTTPS are getting more and more
popular. The attacks typically exploit weaknesses in PKI certificate
verification software. These weaknesses allow a third party to
insert itself as a Man-In-The-Middle in a TLS connection, accessing
the content of messages that were previously encrypted and in some
case changing these messages.
TLS over HTTP allows clients and servers to carry a TLS conversation
on top of HTTP, and thus bypass the man-in-the-middle attackers.
Different deployment models are possible, e.g., HTTP over TLS over
HTTP, application-layer-protocol over TLS over HTTP, or HTTP over TLS
over HTTP over TLS.
The proposed solution allows for reuse of the existing TLS
implementation, thus minimizing the development costs and risks. It
includes an optional obfuscation layer, to maximize the likelihood of
working unnoticed by firewalls and other MITM boxes.
The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-huitema-tls-tlsoverhttp/
There's also a htmlized version available at:
http://tools.ietf.org/html/draft-huitema-tls-tlsoverhttp-00
Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.
Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/
_______________________________________________
I-D-Announce mailing list
I-D-Announce@ietf.org
https://www.ietf.org/mailman/listinfo/i-d-announce
Internet-Draft directories: http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
