On Sat 2017-07-15 07:42:58 +0000, Dobbins, Roland wrote: >> On Jul 15, 2017, at 13:26, Daniel Kahn Gillmor <d...@fifthhorseman.net> >> wrote: >> >> Could you point to an example of any regulation that requires plaintext >> from network capture specifically? > > It often isn't feasible to obtain the plaintext any other way in a > given circumstance. > > Not to mention the security & troubleshooting applications which > require insight into the cryptostream on the wire.
I asked for examples of regulations that specifically require plaintext from the network. This e-mail contains no such example, just an assertion that it's technically easier/simpler to do network capture for some deployments. i believe this assertion, btw, so you don't need to argue it further. Whether it justifies a loss of security is a separate question. If anyone has a specific example of a regulation that mandates network capture, i'd like to know about it. If there are no such examples, and we plan to continue to discuss this draft, i'd appreciate it if folks could take the "regulators require it" argument off of the table, and we can focus on the actual technical merits and risks of the proposal directly. Regards, --dkg
signature.asc
Description: PGP signature
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls