On 2022-09-30, at 09:25, Paul Vixie <[email protected]> wrote: > > what did you have in mind as an example of this, that i might not dislike?
I think most people who run large (I)OT networks know about the importance of Visibility, i.e., the need for actors that are not immediate parties to the exchange of data to be aware of some of the characteristics of that data. The part I do not understand is why this is always framed in terms of uncontrolled (unrestricted) visibility, i.e., everybody who manages to get hold of a packet has full visibility. (Well, I do understand that uncontrolled visibility (UC) is how systems started to inspect traffic, and that today many of these systems are addicted to uncontrolled visibility.) Instead, I'd prefer to pursue something that I'd call Authorized Visibility (AV). Here, the communication actors explicitly provide visibility to additional justified parties, not simply to any eavesdropper that comes along. This of course requires modelling the additional justified parties, and to explicitly provide the authorization (e.g., in terms of data structured to provide visibility and the provision of access in terms of decryption keys), making it a larger project than just breaking security for all. Grüße, Carsten
