On Thu 2018-03-15 20:10:46 +0200, Yoav Nir wrote: >> On 15 Mar 2018, at 10:53, Ion Larranaga Azcue <ila...@s21sec.com> wrote: >> >> I fail to see how the current draft can be used to provide visibility >> to an IPS system in order to detect bots that are inside the bank… >> >> On the one hand, the bot would never opt-in for visibility if it’s >> trying to exfiltrate data… > > The presumption is that any legitimate application would opt-in, so > the IPS blocks any TLS connection that does not opt in.
Thanks for clarifying the bigger picture here, Yoav. So if this technology were deployed on a network where not all parties are mutually trusting, it would offer network users a choice between surveillance by the network on the one hand (opt-in) and censorship on the other (opt-out and be blocked). Is that right? Designing mechanism for the Internet that allows/facilitates/encourages the network operator to force this choice on the user seems problematic. Why do we want this for a protocol like TLS that is intended to be used across potentially adversarial networks? datacenter operators who want access to the cleartext passing through machines they already control already have mechanisms at their disposal to do this (whether they can do so at scale safely without exposing their customers' data to further risks is maybe an open question, regardless of mechanism). Mechanisms that increase "visibility" of the cleartext run counter to the goals of TLS as an end-to-end two-party secure communications protocol. Regards, --dkg
signature.asc
Description: PGP signature
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls