> -----Original Message----- > From: TLS [mailto:[email protected]] On Behalf Of Salz, Rich > Sent: Thursday, October 19, 2017 10:15 > To: Paul Turner <[email protected]>; Kaduk, Ben > <[email protected]>; [email protected] > Subject: Re: [TLS] Publication of draft-rhrd-tls-tls13-visibility-00 > > > ➢ I guess the basic question I'm asking is that if a third party is so > powerful > that they can do what you describe, aren't they going to force an even more > effective method (trusting their CA so that they can terminate the connection > as a middle man) on clients so that they don't have to coerce every server? > > The stated goal of this work (and its predecessor) is to allow enterprises to > capture traffic for later debugging and analysis. The client could be coming > in > via the generic public Internet, with a stock browser. > > Your question points out a danger of this mechanism: it becomes all too easy > to “escape” and enable nationwide wiretapping. > > Make sense? > Can you explain how nationwide wiretapping is going to be easy with this plan? Again, EVERY server owner will need to opt-in. > > _______________________________________________ > TLS mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/tls
_______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
