Good point Yoav. And this positive side effect holds true in the health care and insurance industries as well, and is not an accident. It is one of the primary reasons this monitoring is performed.
From: TLS [mailto:[email protected]] On Behalf Of Yoav Nir Sent: Thursday, March 15, 2018 12:58 AM To: Rich Salz <[email protected]> Cc: [email protected] Subject: Re: [TLS] Breaking into TLS to protect customers Hi, Rich. You are conflating customers and users. The customer that may be protected by breaking TLS in a bank’s server farm is the bank itself. An IPS system with visibility into the traffic may detect bots that are there to steal data or mine cryptocurrencies or whatever. If the customers of the bank are protected, it’s a happy side effect (collateral benefit?). The object is to protect the system integrity and the data. Yoav On 15 Mar 2018, at 5:29, Salz, Rich <[email protected]<mailto:[email protected]>> wrote: Some on this list have said that they need to break into TLS in order to protect customers. The thing customers seem to need the most protection is having their personal data stolen. It seems to happen with amazing and disappointing regularity on astounding scales. Some examples include · retailer Target, presumably subject to PCI-DSS rules · Anthem health insurance, presumably a regulated industry · Equifax, a financial-business organization (but apparently not regulated) · Yahoo, a company created on and by and for the Internet (one would think they know better) We could, of course, go on and on and on. NONE of those organizations are using TLS 1.3. So what kind of “protect the customer” requires breaking TLS? And what benefits and increased protection will customers see? _______________________________________________ TLS mailing list [email protected]<mailto:[email protected]> https://www.ietf.org/mailman/listinfo/tls The information contained in this communication is highly confidential and is intended solely for the use of the individual(s) to whom this communication is directed. If you are not the intended recipient, you are hereby notified that any viewing, copying, disclosure or distribution of this information is prohibited. Please notify the sender, by electronic mail or telephone, of any unintended receipt and delete the original message without making any copies. Blue Cross Blue Shield of Michigan and Blue Care Network of Michigan are nonprofit corporations and independent licensees of the Blue Cross and Blue Shield Association.
_______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
