Kyle Hamilton wrote: > > Martin Rex <[email protected]> wrote: > > > > The fact that there are products (client-side HTTPS proxies that > > perform MITM and inspect content) actively sold and used, > > which are vitally dependent on being able to exploit weaknesses > > of the existing TLS X.509 PKI security&trust model, is a sure proof > > that something is wrong with the existing security model. > > I completely agree. The existing security model does not take into > account the fact that owners of networks get to impose their own > security policies, and aims to do everything it can to prevent useful > deployment of interoperable low-security routine key-continuity > verification that isn't "pay to play". > > > I do not think there is value in maintaining backward compatible > > weaknesses, and personally, I do not mind the slightest about breaking > > those protocol subverting middle boxes, be it by the use of TLS channel > > bindings, or the checking of DANE TLSA records. > > There are environments in which the data sent off of the network MUST NOT > be unknown to the network owner/operator. This is not by any protocol > standards body action, but rather by law or regulation. It's just like > the original order from DARPA Command, that TCP/IP would be used on ARPAnet > -- once it comes down, it's too late to argue. I think law rather trumps > our desire to deprive everyone of the capacity to perform MITM. > > We can continue to outlaw it, in which case it will continue to exist > outside of our sight.
There are two solutions for this type of "usage". - Provide terminal servers that you monitor, to which your users have to dial-in when they want to connect to the outside. - set up IPsec on your network and disallow the use of TLS on your internal network (require them to use an application gateway similar to a HTTP CONNECT proxy) TLS was not designed to provide wiretapping http://tools.ietf.org/html/rfc2804 What is currently exploited is a serious flaw in the security of the trust model used by TLS. And it can be abused by evil just as easily, see the DigiNotar hack and for what it was used. Keeping rfc2804 in mind, when fixing the weaknesses in the trust model of TLS, maintaining wiretapping capabilities is *NOT* appropriate. -Martin _______________________________________________ therightkey mailing list [email protected] https://www.ietf.org/mailman/listinfo/therightkey
