I have placed this poster in the moderator queue based on RFC2418: Participation is by individual technical contributors, rather than by formal representatives of organizations [0]. They can rejoin using a personal account or identify who they are in their email’s signature.
spt [0] https://tools.ietf.org/rfcmarkup?doc=2418#section-1 > Begin forwarded message: > > From: Hot Middlebox <hot.middle...@gmail.com> > Subject: Re: [TLS] Four concerns (was Re: draft-rhrd-tls-tls13-visibility at > IETF101) > Date: March 14, 2018 at 22:08:44 GMT > To: "Salz, Rich" <rs...@akamai.com> > Cc: IETF TLS <tls@ietf.org> > > The requirements for visibility exist in an array of regulated environments > worldwide. It is one of the presentation areas in the Hot Middlebox > Workshop. > http://www.etsi.org/etsi-security-week-2018/middlebox-security?tab=1 > <http://www.etsi.org/etsi-security-week-2018/middlebox-security?tab=1> > > The Middlebox Hackathon site is also now public so everyone can experience > how a browser plug-in client (to be provided) can be used in conjunction with > a fine grained Middlebox Security Protocol for Middlebox discovery and > controlled visibility by an end-user in a way that meets both user and > regulatory interests. The draft specification will be published in two weeks. > > --the Hot Middlebox organizers > > On Wed, Mar 14, 2018 at 9:42 AM, Salz, Rich <rs...@akamai.com > <mailto:rs...@akamai.com>> wrote: > > > So aside from enabling MitM, this also enables session resumption by > the decryption service, something that the security considerations > neglects to include in its list. > > So I think this is an important point. I assume the authors did not realize > this. That shows how hard, and risky, it is to get this right. In the US, we > have been having arguments where the national police force (FBI) is insisting > that tech companies can create a "golden key" that only they can use, and the > security people are saying it is impossible. This seems like another > instance, no? > > Oh heck, let me ask the uncomfortable question: Russ, did you know this or > was Martin's point new to you? > > /r$ > > > _______________________________________________ > TLS mailing list > TLS@ietf.org <mailto:TLS@ietf.org> > https://www.ietf.org/mailman/listinfo/tls > <https://www.ietf.org/mailman/listinfo/tls> > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls