On 30/10/17 22:17, Richard Barnes wrote: > Hey TLS folks, > > Owen, Max, and I have been kicking around some ideas for how to make secure > connections in environments where HTTPS is subject to MitM / proxying.
Interesting. One bit puzzles me: wouldn't the new content-type give the game away and cause middleboxes to block this? S. > > The below draft lays out a way to tunnel TLS over HTTPS, in hopes of > creating a channel you could use when you really need things to be private, > even from the local MitM. > > Feedback obviously very welcome. Interested in whether folks think this is > a useful area in which to develop an RFC, and any thoughts on how to do > this better. > > Thanks, > --Richard > > > On Mon, Oct 30, 2017 at 3:47 PM, <internet-dra...@ietf.org> wrote: > >> >> A new version of I-D, draft-friel-tls-over-http-00.txt >> has been successfully submitted by Owen Friel and posted to the >> IETF repository. >> >> Name: draft-friel-tls-over-http >> Revision: 00 >> Title: Application-Layer TLS >> Document date: 2017-10-30 >> Group: Individual Submission >> Pages: 20 >> URL: https://www.ietf.org/internet-drafts/draft-friel-tls-over- >> http-00.txt >> Status: https://datatracker.ietf.org/ >> doc/draft-friel-tls-over-http/ >> Htmlized: https://tools.ietf.org/html/draft-friel-tls-over-http-00 >> Htmlized: https://datatracker.ietf.org/ >> doc/html/draft-friel-tls-over-http-00 >> >> >> Abstract: >> Many clients need to establish secure connections to application >> services but face challenges establishing these connections due to >> the presence of middleboxes that terminate TLS connections from the >> client and restablish new TLS connections to the service. This >> document defines a mechanism for transporting TLS records in HTTP >> message bodies between clients and services. This enables clients >> and services to establish secure connections using TLS at the >> application layer, and treat any middleboxes that are intercepting >> traffic at the network layer as untrusted transport. In short, this >> mechanism moves the TLS handshake up the OSI stack to the application >> layer. >> >> >> >> >> Please note that it may take a couple of minutes from the time of >> submission >> until the htmlized version and diff are available at tools.ietf.org. >> >> The IETF Secretariat >> >> > > > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
signature.asc
Description: OpenPGP digital signature
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls