On Sat, Jul 15, 2017 at 10:22 AM, Dobbins, Roland <rdobb...@arbor.net> wrote: > > I think that your first and third points are actually non-sequiturs: the > unencrypted stream is available to the entities controlling either > endpoint, not just the log. > > This assertion is both incorrect & incomplete in its scope. >
Okay. What did I miss? > There is no *technical *reason that in-flight capture is required to > address those two points. > > This assertion is factually incorrect. There are quite frequently reasons > to have both visibility & the ability to intercede into the traffic in > question at one or more specific points in the network topology *between* > endpoints. > For example? > This is network security & troubleshooting 101. > Great! Can you point me to the textbook for that class, because I must have missed it! > No - the attempt to denigrate & dismiss real-world technical operational > requirements is invalid, as is the dismissal of the administrative context > of actual network operators in the real world. > I believe that I merely described the situation. If you think my description was not accurate, then it would be great if you could explain in what way it was not accurate. I realize that institutional problems of the sort that I described do exist, are real, and do cause real pain for ops people--that's not my point. My point is that what you are describing sounds like it's a layer 9 problem. If it's not, I'm genuinely not seeing it. Rather than being offended at what you say is my mischaracterization of the situation, could you just point out where the mischaracterization lies?
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls