Pawel Jakub Dawidek wrote: > > Because of that, every corporate network needs visibility inside TLS > traffic not only incoming, but also outgoing, so they can not only > debug, but also look for data leaks, malware, etc.
There may be a some countries with poor civil liberty protections where such activies (employee communication surveillance) has not been criminalized yet, but at least in the European Union, there is EU Directive 2002/58/EC which requires member states to criminalize such surveillance. In Germany, this was criminalized with the 2004 update of the TKG (Telekommunikationsgesetz) and will get every employer up to 5 years prison term for doing this. And no, there can not be any valid regulations to require such monitoring, because _every_ to the secrecy provisions and criminalization requires an explicit law from the parlamentarian legislator. "regulations" are issued by parts of the government (executive power), and the German national law (TKG) and the German constitution (GG) formally excludes the executive power from defining/creating exceptions to telecommunication secrecy. -Martin _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls