* Nancy Cam-Winget: > @IETF99, awareness was raised to some of the security WGs (thanks > Kathleen ☺) that TLS 1.3 will obscure visibility currently afforded in > TLS 1.2 and asked what the implications would be for the security > solutions today. > https://tools.ietf.org/html/draft-camwinget-tls-use-cases-00 is an > initial draft to describe some of the impacts relating to current > network security solutions. The goal of the draft is NOT to propose > any solution as a few have been proposed, but rather to raise > awareness to how current network-based security solutions work today > and their impact on them based on the current TLS 1.3 specification.
I'm not sure if this approach is useful, I'm afraid. The draft is basically a collection of man-in-the-middle attacks many people would consider benign. It's unclear where the line is drawn: traffic optimization/compression and ad suppression/replacement aren't mentioned, for example, and I would expect both to be rather low on the scale of offensiveness. What the draft is essentially arguing is that many user cannot afford end-to-end encryption for various reasons, some legal, some technical, some political. But it seems to me that this is currently not a viewpoint shared by the IETF. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
