On Thu 2018-03-15 20:10:46 +0200, Yoav Nir wrote: >> On 15 Mar 2018, at 10:53, Ion Larranaga Azcue <ila...@s21sec.com> wrote: >> >> I fail to see how the current draft can be used to provide visibility >> to an IPS system in order to detect bots that are inside the bank… >> >> On the one hand, the bot would never opt-in for visibility if it’s >> trying to exfiltrate data… > > The presumption is that any legitimate application would opt-in, so > the IPS blocks any TLS connection that does not opt in.
Thanks for clarifying the bigger picture here, Yoav.
So if this technology were deployed on a network where not all parties
are mutually trusting, it would offer network users a choice between
surveillance by the network on the one hand (opt-in) and censorship on
the other (opt-out and be blocked). Is that right?
Designing mechanism for the Internet that allows/facilitates/encourages
the network operator to force this choice on the user seems problematic.
Why do we want this for a protocol like TLS that is intended to be used
across potentially adversarial networks?
datacenter operators who want access to the cleartext passing through
machines they already control already have mechanisms at their disposal
to do this (whether they can do so at scale safely without exposing
their customers' data to further risks is maybe an open question,
regardless of mechanism).
Mechanisms that increase "visibility" of the cleartext run counter to
the goals of TLS as an end-to-end two-party secure communications
protocol.
Regards,
--dkg
signature.asc
Description: PGP signature
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
