On Mon, Sep 26, 2016 at 4:55 PM, Martin Rex <m...@sap.com> wrote: > And no, there can not be any valid regulations to require such > monitoring, because _every_ to the secrecy provisions and criminalization > requires an explicit law from the parlamentarian legislator.
GDPR Article 88 leaves rules of processing employees' personal data in the employment context up to the Member States - so regulations in Germany may be different than ones in let's say Poland. About the main topic: TLS main task is to protect privacy and data integrity - essentially to prevent the MitM. Requests that are in direct conflict with that can't be treated seriously. TLS needs to provide secure connections, and PFS cipher suites are better choice than non-PFS ones. If anyone wants (or needs) to monitor the data, he should set proper trust boundaries, and do the monitoring between TLS terminators. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls