Hi, Daniel Inline...
> On 19 Mar 2018, at 7:32, Daniel Kahn Gillmor <d...@fifthhorseman.net> wrote: > > On Thu 2018-03-15 20:10:46 +0200, Yoav Nir wrote: >>> On 15 Mar 2018, at 10:53, Ion Larranaga Azcue <ila...@s21sec.com> wrote: >>> >>> I fail to see how the current draft can be used to provide visibility >>> to an IPS system in order to detect bots that are inside the bank… >>> >>> On the one hand, the bot would never opt-in for visibility if it’s >>> trying to exfiltrate data… >> >> The presumption is that any legitimate application would opt-in, so >> the IPS blocks any TLS connection that does not opt in. > > Thanks for clarifying the bigger picture here, Yoav. > > So if this technology were deployed on a network where not all parties > are mutually trusting, it would offer network users a choice between > surveillance by the network on the one hand (opt-in) and censorship on > the other (opt-out and be blocked). Is that right? I see it a little differently. Your computer or my computer, both of which are not configured to opt-in, should not be on such networks. In the corporate world, there could be a production network that enforces this and has access to corporate resources. There will usually also be a “guest” network with unfiltered connectivity, but no access to internal databases. This is where visitors go, but also where employee phones connect. Of course the government of Elbonia might require all networks to have this feature, and then you’ll have to decide if you want to configure your laptop to opt-in. I would prefer to stay off-line while I’m in Elbonia in that case. > Designing mechanism for the Internet that allows/facilitates/encourages > the network operator to force this choice on the user seems problematic. > Why do we want this for a protocol like TLS that is intended to be used > across potentially adversarial networks? This is for hosts using network owned by the same entity that owns the hosts. When such hosts communicate outside this network, it’s for the leg of the connection that is within this network. I don’t see any use for it across an adversarial network. If you trust it enough to give it your keys, it’s not adversarial. > datacenter operators who want access to the cleartext passing through > machines they already control already have mechanisms at their disposal > to do this (whether they can do so at scale safely without exposing > their customers' data to further risks is maybe an open question, > regardless of mechanism). I don’t think these mechanisms are currently available. That’s a good subject for discussion. If such mechanisms can be written without extending TLS, that’s obviously better. > > Mechanisms that increase "visibility" of the cleartext run counter to > the goals of TLS as an end-to-end two-party secure communications > protocol. > > Regards, > > --dkg
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
