scope:

The present document specifies a protocol to enable secure transparent communication sessions between network endpoints with one or more middleboxes between these endpoints, using data encryption and integrity protection, as well as authentication of the identity of the endpoints and the identity of any middlebox present. This protocol can be mapped to the abstract MSP protocol capability requirements in ETSI TS 103 523-1 [i.5].

The Middlebox Security Protocol builds on TLS 1.2 [1] and is an extensively modified version of the mcTLS protocol [i.1]. Whilst basic concepts are inherited from the mcTLS variant, the protocol specified in the present document also contains significant additional functionality and feature changes that would render it incompatible with the original version published.

The present document focuses on TLMSP usage with TCP as it is the most common usage. Usages with other transport protocols are possible but left out of scope. In the remainder of the present document, unless otherwise noted, the word TLS refers to TLS 1.2 [1].

The present document defines a set of five sub-protocols for specific purposes: Handshake (authenticating endpoints and middleboxes and negotiating cryptographic configuration among those entities); Alert (signalling errors and notifications); Application (carrying data generated by higher layers); ChangeCipherSpec (signalling the activation of the negotiated cryptographic configuration) and a Record protocol, (responsible for applying the activated security configuration to all of the other aforementioned sub-protocols).

Since TLMSP is a generic protocol, usable with a wide range of applications, issues related to mapping of application-specific security policy to explicit configurations of TLMSP is largely left out of scope. Further, out-of-band provisioning aspects relating to policies, pre-configuration of the client, details on actions in error situations are also out of scope. While some informal discussion on the security properties of TLMSP is provided, a complete (formal) security analysis of the protocol is currently left out of scope.

A reference implementation of TLMSP is being developed and can be accessed at [i.7].