RFC 8446, section 9.3 states: Note that TLS's protocol requirements and security analysis only apply to the two connections separately. Safely deploying a TLS terminator requires additional security considerations which are beyond the scope of this document.
The context of that paragraph is "A middlebox which terminates a TLS connection" and it implies that there are undocumented security considerations. The tls-proxy-bp draft is a contribution towards that goal and we think it is worth the effort. --Roelof > On Jul 27, 2020, at 8:35 PM, Stephen Farrell <stephen.farr...@cs.tcd.ie> > wrote: > > > > On 28/07/2020 00:48, Eric Wang (ejwang) wrote: >> We felt the lack of a >> baseline bcp is going to hurt the security posture of TLS rather than >> driving the intermediary away. > > That makes no sense to me. > > Adopting this draft will require eliminating all such > gibberish and instead finding text that can garner IETF > consensus. I really do not think that effort is worth > the significant cost for anyone involved, pro-MITM or > not. > > S. > > <0x5AB2FAF17B172BEA.asc>_______________________________________________ > OPSEC mailing list > op...@ietf.org > https://www.ietf.org/mailman/listinfo/opsec
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls