A Rationale for Fine-grained Intermediary-aware End-to-End Protocols
draft-reschke-objsec-01

Document Type Expired Internet-Draft (individual)
Last updated 2015-04-30 (latest revision 2014-10-27)
Stream (None)
Intended RFC status (None)
Formats
Expired & archived
pdf htmlized (tools) htmlized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at
https://www.ietf.org/archive/id/draft-reschke-objsec-01.txt

Abstract

A tremendous growth in different uses of the Internet has let to a growing need to protect data sent over public networks, including data sent via http. Use of end-to-end TLS for the majority of traffic looks at first a most feasible response. However, the web architecture has become more sophisticated and as it has now gone beyond the simple client-server model, the end-to-end used of TLS is increasingly showing its downside. The end-to-end use of TLS excludes the use of beneficial intermediaries such as use of caches or proxies that provide instrumental services. Then need for greater privacy seems to collide with the equally growing desire for better end-to-end performance and user experience. As an example, the use of HTTP/TLS often appears to maximise the benefit for the combination of both. This document describes the above dichotomy and lays out a number of objectives of what can ideally be achieved, namely catering for sufficient security and privacy whilst providing users with the opportunity to make use of intermediaries' services where considered beneficial. This document introduces a number of potential solutions towards use of suitable protocol mechanisms and data formats. End- to-end protocols which are aware of intermediaries should enable users and/or content providers to exercise fine-grained control over what intermediaries should be able to do and what exposure to data or metadata they shall be permitted to get. The document then highlights anticipated benefits to key stakeholders such as users, content providers and intermediaries. As elements such as object security can play a useful role, this document encourages the analysis of related work to discern their applicability, limitations, and coverage of use cases. Such an effort may us espouse innovation to frame an overall architecture and motivate more detailed work on protocols and mechanisms in the future.

Authors

Dan Druta (dd5826@att.com)
Thomas Fossati (thomas.fossati@alcatel-lucent.com)
Marcus Ihlar (marcus.ihlar@ericsson.com)
Guenter Klas (guenter.klas@vodafone.com)
Diego Lopez (diego.r.lopez@telefonica.com)
Julian Reschke (julian.reschke@greenbytes.de)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)