On Sat, Jul 15, 2017 at 7:59 AM, Roland Dobbins <rdobb...@arbor.net> wrote: > On 15 Jul 2017, at 18:23, Daniel Kahn Gillmor wrote: > >> Whether it justifies a loss of security is a separate question. > > > It isn't a loss of security - it's actually a net gain for security. > Network visibility, independent of any end-host, is a key requirement for > network security.
Visibility, yes, but I don't agree that you can't protect the network if traffic is encrypted. Many incident response teams are able to use indicators of compromise (IoCs) for encrypted streams. > > As to the specific regulations, folks from the appropriate verticals will > need to speak up. I know vaguely that there are regulations in the > financial sector and the defense contracting sector which apply, but can't > cite chapter and verse. > > I'm sure someone on the list can, however. > > > ----------------------------------- > Roland Dobbins <rdobb...@arbor.net> > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls -- Best regards, Kathleen _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
