Skip to main content

Liaison statement
Reply LS to IETF Security area directors on middlebox

State Posted
Submitted Date 2017-08-11
From Contact Charles Brookson
To Group SEC
To Contacts Eric Rescorla <>
Benjamin Kaduk <>
Cc Benjamin Kaduk <>
The IETF Chair <>
Eric Rescorla <>
Kathleen Moriarty <>
Response Contact
Purpose In response
Attachments CYBER(17)011006r1_Reply_LS_to_IETF_Security_area_directors_on_middlebox
Liaisons referred by this one OMA LS 0051 (PAG) Proposing Solution to XCAP Issues
TC CYBER thanks the IETF Security Area Directors for their interest in our work
on cyber security. TC CYBER confirms its upmost interest in preserving network
security and user privacy, which are among the essential principles considered
in the development of this work.

The intention of TC CYBER is to innovate to help ensure that cyber security
(particularly in the enterprise) can continue to be provided as networks and
device types evolve. By creating secure interoperable standards to provide for
cyber security, end to end security is increased and the opportunity for ad-hoc
ill-considered cyber security workarounds are minimised. TC CYBER would like to
work with the Security Area and any other relevant IETF Area in the development
of these standards.

In response to your specific concern about the term TLS, TC CYBER notes that
the Transport Layer Security protocol and TLS originated as part of the ITU-T –
ISO/IEC JTC1 X,802, Lower Layers Security Model (04/1995) as Rec. ITU-T X.274,
(ISO/IEC 10736-4:1995), Transport Layer Security Protocol (X.tlsp) (Jul 1994). 
The IETF’s TLS protocol v1.0 in the form of RFC2246 followed in 1999 as a
derivative of the Netscape Corporation’s Secure Sockets Layer (SSL) – which
itself was a derivative of many other transport layer specifications which had
existed for many years.  Ref. RFC 6101, The Secure Sockets Layer (SSL) Protocol
Version 3.

TC CYBER also notes that other standards bodies – especially ITU-T - have
produced derivative versions of the IETF’s TLS specification as part of
middlebox protocols in a manner similar our own work item with widespread
industry implementation and no apparent concern being expressed.  See, e.g.,
Rec. ITU-T H.248.90, Gateway control protocol: ITU-T H.248 packages for control
of transport security using transport layer security (TLS), (10/2014).

TC CYBER’s use of the term TLS in conjunction with its work for both the
published TR 103 321, CYBER: Network Gateway Cyber Defence (2017-04) and the
ongoing work item DTS/CYBER-0027, CYBER; Middlebox Security Protocol, reflects
the existence of an enormous array of Transport Layer Security/TLS protocols
long extant in the industry produced and built upon by many diverse standards,
academic, and industry product development activity.

In response to your specific concern about the name TLS, TC CYBER does not plan
to use the name TLS apart from referring to the IETF standards. Furthermore,
mcTLS is the name originally given by their authors to one of the techniques TC
CYBER is considering as input for its work. There are no plans to use the same
term for the results of this work.