[Apparently this was stuck in my 'drafts' folder; sorry if it has
since become stale...]
On Mon, Mar 19, 2018 at 07:20:04AM -0700, Colm MacCárthaigh wrote:
> It's true that breaking open cleartext runs counter to the mission of
> end-to-end TLS, but it also seems like operators are going to do it
On Mon, Mar 19, 2018 at 9:23 AM, Yoav Nir wrote:
[snip]
> > On 19 Mar 2018, at 7:32, Daniel Kahn Gillmor
> wrote:
> > So if this technology were deployed on a network where not all parties
> > are mutually trusting, it would offer network users a
* It's difficult to speculate here about the potential impact, but isn't
another possibility that it would legitimize a mass-market of such products,
particularly if such capabilities were introduced into clients and browsers?
That is definitely a goal. The people who are in favor of this,
On Mon, Mar 19, 2018 at 12:22:48PM -0400, Ryan Sleevi wrote:
> On Mon, Mar 19, 2018 at 10:20 AM, Colm MacCárthaigh
> wrote:
>
> > 2/ clients and browsers could easily consider such sessions insecure by
> > default. This would mean that adopters would have to deploy
On Mon, Mar 19, 2018 at 01:23:30PM +, Yoav Nir wrote:
> Hi, Daniel
>
> Inline...
>
> > On 19 Mar 2018, at 7:32, Daniel Kahn Gillmor wrote:
> >
> >
> > So if this technology were deployed on a network where not all parties
> > are mutually trusting, it would offer
On Mon, Mar 19, 2018 at 10:20 AM, Colm MacCárthaigh
wrote:
> 2/ clients and browsers could easily consider such sessions insecure by
> default. This would mean that adopters would have to deploy configurations
> and mechanisms to enable this functionality, similar to - but
rch 19, 2018 at 10:21 AM
To: Daniel Kahn Gillmor <d...@fifthhorseman.net>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Breaking into TLS to protect customers
It's true that breaking open cleartext runs counter to the mission of
end-to-end TLS, but it also se
It's true that breaking open cleartext runs counter to the mission of
end-to-end TLS, but it also seems like operators are going to do it if they
can. Whether by staying on plain RSA, using static-DH, MITM through
installing a private trusted CA, or exporting session secrets, they can
certainly do
Hi, Daniel
Inline...
> On 19 Mar 2018, at 7:32, Daniel Kahn Gillmor wrote:
>
> On Thu 2018-03-15 20:10:46 +0200, Yoav Nir wrote:
>>> On 15 Mar 2018, at 10:53, Ion Larranaga Azcue wrote:
>>>
>>> I fail to see how the current draft can be used to
+1
On Mon, Mar 19, 2018 at 3:32 AM, Daniel Kahn Gillmor
wrote:
> On Thu 2018-03-15 20:10:46 +0200, Yoav Nir wrote:
>>> On 15 Mar 2018, at 10:53, Ion Larranaga Azcue wrote:
>>>
>>> I fail to see how the current draft can be used to provide visibility
On Thu 2018-03-15 20:10:46 +0200, Yoav Nir wrote:
>> On 15 Mar 2018, at 10:53, Ion Larranaga Azcue wrote:
>>
>> I fail to see how the current draft can be used to provide visibility
>> to an IPS system in order to detect bots that are inside the bank…
>>
>> On the one hand,
Hi Darin,
> On 18 Mar 2018, at 16:09, Darin Pettis wrote:
>
> pushing this to another technology or WG isn't going to solve the current
> problem in time.
In time for what?
Mat
___
TLS mailing list
TLS@ietf.org
olds true in the health care and insurance
>> industries as well, and is not an accident. It is one of the primary
>> reasons this monitoring is performed.
>>
>>
>>
>> *From:* TLS [mailto:tls-boun...@ietf.org] *On Behalf Of *Yoav Nir
>> *Sent:* Thursday
gt;
> *From:* TLS [mailto:tls-boun...@ietf.org] *On Behalf Of *Yoav Nir
> *Sent:* Thursday, March 15, 2018 12:58 AM
> *To:* Rich Salz <rs...@akamai.com>
> *Cc:* tls@ietf.org
> *Subject:* Re: [TLS] Breaking into TLS to protect customers
>
>
>
> Hi, Rich.
>
>
>
> Y
12:58 AM
To: Rich Salz <rs...@akamai.com>
Cc: tls@ietf.org
Subject: Re: [TLS] Breaking into TLS to protect customers
Hi, Rich.
You are conflating customers and users. The customer that may be protected by
breaking TLS in a bank’s server farm is the bank itself. An IPS system with
visi
Am 15.03.2018 um 17:58 schrieb Carl Mehner:
On Thu, Mar 15, 2018 at 9:59 AM, Kathleen Moriarty
> wrote:
> I think what Yoav is referring to by detecting BOTS within the
> network, is really so called advance
> On 15 Mar 2018, at 10:53, Ion Larranaga Azcue wrote:
>
> I fail to see how the current draft can be used to provide visibility to an
> IPS system in order to detect bots that are inside the bank…
>
> On the one hand, the bot would never opt-in for visibility if it’s
> -Mensaje original-
> De: Kathleen Moriarty [mailto:kathleen.moriarty.i...@gmail.com]
> Enviado el: jueves, 15 de marzo de 2018 18:42
> Para: Carl Mehner <c...@cem.me>
> CC: Ion Larranaga Azcue <ila...@s21sec.com>; tls@ietf.org
> Asunto: Re: [TLS] Breaking
On Thu, Mar 15, 2018 at 12:58 PM, Carl Mehner wrote:
>
>
> On Thu, Mar 15, 2018 at 9:59 AM, Kathleen Moriarty
> wrote:
>> I think what Yoav is referring to by detecting BOTS within the
>> network, is really so called advance persistent threat (APT)
On Thu, Mar 15, 2018 at 9:59 AM, Kathleen Moriarty <
kathleen.moriarty.i...@gmail.com> wrote:
> I think what Yoav is referring to by detecting BOTS within the
> network, is really so called advance persistent threat (APT) actors
> that are moving around the internal network leveraging existing
r maybe I misunderstood the use case altogether…
>
>
>
>
>
> De: TLS [mailto:tls-boun...@ietf.org] En nombre de Yoav Nir
> Enviado el: jueves, 15 de marzo de 2018 5:58
> Para: Rich Salz <rs...@akamai.com>
> CC: tls@ietf.org
> Asunto: Re: [TLS] Breaking i
;
Date: Thursday, March 15, 2018 at 12:57 AM
To: Rich Salz <rs...@akamai.com>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Breaking into TLS to protect customers
Hi, Rich.
You are conflating customers and users. The customer that may be protected by
breaking TLS in a ba
lowering the TLS protocol security level.
Or maybe I misunderstood the use case altogether…
De: TLS [mailto:tls-boun...@ietf.org] En nombre de Yoav Nir
Enviado el: jueves, 15 de marzo de 2018 5:58
Para: Rich Salz <rs...@akamai.com>
CC: tls@ietf.org
Asunto: Re: [TLS] Breaking into TLS to p
> Are we going to discuss draft-fenter ad hoc, or we'll start a new thread
dedicated to that? Because I strongly believe I also have some suggestions
for that draft.
Artyom, yes, as far as I am concerned at least, please start a new thread.
Sorry I am getting behind on responding to all the
Hi, Rich.
You are conflating customers and users. The customer that may be protected by
breaking TLS in a bank’s server farm is the bank itself. An IPS system with
visibility into the traffic may detect bots that are there to steal data or
mine cryptocurrencies or whatever.
If the customers
Are we going to discuss draft-fenter ad hoc, or we'll start a new thread
dedicated to that? Because I strongly believe I also have some suggestions
for that draft.
ср, 14 мар. 2018 г., 23:30 Salz, Rich :
> Some on this list have said that they need to break into TLS in order to
Some on this list have said that they need to break into TLS in order to
protect customers.
The thing customers seem to need the most protection is having their personal
data stolen. It seems to happen with amazing and disappointing regularity on
astounding scales. Some examples include
*
27 matches
Mail list logo