But it's also important for understand that security is additive in nature,
not all the criminals are bright or sophisticated, & so the emergence of a few smarter ones doesn't make those less so disappear. :-) It’s the Law Enforcement job to make the dumber ones disappear. The question is whether the risk all of the legit users would be subjected to is justified by the preserved ability to detect the dumber criminals using an outdated method, instead of evolving with times. In reality, most of them are awful blunderers - they succeed because the defenders are worse blunderers. Consequently, there hasn't been an alarming (heh) dropoff in the need for TLS visibility on the intranet - quite the opposite. Let’s exchange our criminals – I’d much rather deal with yours. ;-) My point though is – this dropoff in visibility *will* come, like it or not. And the need for it isn't limited to the security space. It'd extremely important for troubleshooting, as well. Based on my experience troubleshooting – I disagree. If I control at least one end of the communications – I have all the visibility into the traffic that I need.
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
