[prev in list] [next in list] [prev in thread] [next in thread]
List: ipsec
Subject: [IPsec] looking to hold a TLS VPN side meeting at IETF 92
From: "Boyle, Vincent M" <vmboyle () nsa ! gov>
Date: 2015-03-13 17:11:29
Message-ID: E18BF42C3D667642ABC0EF4B6064EB67D0918938 () MSMR-GH1-UEA04 ! corp ! nsa ! gov
[Download RAW message or body]
Hi all,
I'm planning to hold a side meeting at IETF 92 to gauge int=
erest in creating a standard for TLS VPNs. One motivating use case for my o=
rganization is the need to protect data between an app on a mobile device =
and the enterprise network that it connects to. For many of our customers,=
a TLS-based solution is preferable to IPSec (perhaps because their vendors=
support the former). For some sensitive military applications, there is a =
requirement to provide two layers of encryption, so using TLS for the secon=
d layer makes sense. Having each app invoke TLS is problematic because it i=
ntroduces validation costs for each app before it is deployed (to ensure th=
at it correctly implements TLS or makes the appropriate OS calls). We would=
prefer the option of validating a TLS VPN product and having it available =
for use by all apps on the device. To create the necessary validation requi=
rements and test activities, we need to have a standard that we can point t=
o. The development of an open standard would provide a consistent and fair=
method of measuring security (using Protection Profiles) which scales to e=
nable the validation and testing of TLS VPNs.
Beyond this specific (but fairly pressing) use case, we bel=
ieve that there are many organizations that would benefit from the availabi=
lity of a standards-based, validated mechanism to protect communications be=
tween their mobile devices and the enterprise network.
Please discuss on the saag mail list. I will schedule a me=
eting time at a local drinking establishment for either Monday or Wednesday=
at 7:30 PM (local Dallas time). I'd appreciate feedback on the meeting tim=
es (if you expect to attend) as well as any comment on the usefulness or fe=
asibility of this effort.
Thanks,
Mike Boyle
Standards Lead
Information Assurance Directorate, NSA
[Attachment #3 (text/html)]
<html xmlns:v="urn:schemas-microsoft-com:vml" \
xmlns:o="urn:schemas-microsoft-com:office:office" \
xmlns:w="urn:schemas-microsoft-com:office:word" \
xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" \
xmlns="http://www.w3.org/TR/REC-html40"> <head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 12 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal">Hi all,<o:p></o:p></p>
<p class="MsoNormal"> \
I’m planning to hold a side meeting at IETF 92 to gauge interest in creating a \
standard for TLS VPNs. One motivating use case for my organization is the need to \
protect data between an app on a mobile device and the enterprise network that \
it connects to. For many of our customers, a TLS-based solution is preferable \
to IPSec (perhaps because their vendors support the former). For some sensitive \
military applications, there is a requirement to provide two layers of encryption, so \
using TLS for the second layer makes sense. Having each app invoke TLS is problematic \
because it introduces validation costs for each app before it is deployed (to ensure \
that it correctly implements TLS or makes the appropriate OS calls). We would prefer \
the option of validating a TLS VPN product and having it available for use by all \
apps on the device. To create the necessary validation requirements and test \
activities, we need to have a standard that we can point to. The development of \
an open standard would provide a consistent and fair method of measuring security \
(using Protection Profiles) which scales to enable the validation and testing of TLS \
VPNs. <o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"> \
Beyond this specific (but fairly pressing) use case, we believe that there are many \
organizations that would benefit from the availability of a standards-based, \
validated mechanism to protect communications between their mobile devices and the \
enterprise network.<o:p></o:p></p> <p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"> \
Please discuss on the saag mail list. I will schedule a meeting time at a local \
drinking establishment for either Monday or Wednesday at 7:30 PM (local Dallas time). \
I’d appreciate feedback on the meeting times (if you expect to attend) as well \
as any comment on the usefulness or feasibility of this effort.<o:p></o:p></p> <p \
class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal">Thanks,<o:p></o:p></p>
<p class="MsoNormal">Mike Boyle<o:p></o:p></p>
<p class="MsoNormal">Standards Lead<o:p></o:p></p>
<p class="MsoNormal">Information Assurance Directorate, NSA<o:p></o:p></p>
</div>
</body>
</html>
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
--===============7099448058357385194==--
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic