Reply LS to IETF Security area directors on middlebox
|From Contact||Charles Brookson|
The IETF Chair
|Liaisons referred by this one||
OMA LS 0051 (PAG) Proposing Solution to XCAP Issues
TC CYBER thanks the IETF Security Area Directors for their interest in our work on cyber security. TC CYBER confirms its upmost interest in preserving network security and user privacy, which are among the essential principles considered in the development of this work. The intention of TC CYBER is to innovate to help ensure that cyber security (particularly in the enterprise) can continue to be provided as networks and device types evolve. By creating secure interoperable standards to provide for cyber security, end to end security is increased and the opportunity for ad-hoc ill-considered cyber security workarounds are minimised. TC CYBER would like to work with the Security Area and any other relevant IETF Area in the development of these standards. In response to your specific concern about the term TLS, TC CYBER notes that the Transport Layer Security protocol and TLS originated as part of the ITU-T – ISO/IEC JTC1 X,802, Lower Layers Security Model (04/1995) as Rec. ITU-T X.274, (ISO/IEC 10736-4:1995), Transport Layer Security Protocol (X.tlsp) (Jul 1994). The IETF’s TLS protocol v1.0 in the form of RFC2246 followed in 1999 as a derivative of the Netscape Corporation’s Secure Sockets Layer (SSL) – which itself was a derivative of many other transport layer specifications which had existed for many years. Ref. RFC 6101, The Secure Sockets Layer (SSL) Protocol Version 3. TC CYBER also notes that other standards bodies – especially ITU-T - have produced derivative versions of the IETF’s TLS specification as part of middlebox protocols in a manner similar our own work item with widespread industry implementation and no apparent concern being expressed. See, e.g., Rec. ITU-T H.248.90, Gateway control protocol: ITU-T H.248 packages for control of transport security using transport layer security (TLS), (10/2014). TC CYBER’s use of the term TLS in conjunction with its work for both the published TR 103 321, CYBER: Network Gateway Cyber Defence (2017-04) and the ongoing work item DTS/CYBER-0027, CYBER; Middlebox Security Protocol, reflects the existence of an enormous array of Transport Layer Security/TLS protocols long extant in the industry produced and built upon by many diverse standards, academic, and industry product development activity. In response to your specific concern about the name TLS, TC CYBER does not plan to use the name TLS apart from referring to the IETF standards. Furthermore, mcTLS is the name originally given by their authors to one of the techniques TC CYBER is considering as input for its work. There are no plans to use the same term for the results of this work.