* I think the core of the discussion is that no matter how many times I say that enterprises are trying to protect their customers, you do not consider that a valid use case.
Can you point to a section in the Fenter draft that shows how customers are being protected? I could not find it. I only found the following: “Ubiquitous packet capture and decryption are required for enterprise troubleshooting, and without this capability there will be high severity outages that cannot be solved in an acceptable time frame.” And throughout the rest of that document there is discussion about various types of operational debugging. Can you tell show me where there is a “protect the customer” need, as opposed to “protecting the enterprise”? In my experiences, virtually no enterprise will allow TLS connections from Internet to pass through their DMZ. They terminate at an exterior firewall. Are you aware of organizations that would, for example, allow a user or partner in front of a browser to open a TLS connection all the way back to an internal service endpoint?
_______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
