I recognize I may lack context, because I have only seen Steve Fenter's slides,
but apart from it not reaching consensus, the scenario it presents (user
connecting to online banking service) seems to be visibility of connections
from the internet to internal servers.
I think that not even visi
From: TLS on behalf of Tony Arcieri
Date: Saturday, March 24, 2018 at 11:31 AM
Subject: Re: [TLS] Breaking into TLS for enterprise "visibility" (don't do
it)
> On Fri, Mar 23, 2018 at 11:26 PM, Alex C wrote:
>> As I understand it (poorly!) the idea is exactly to have a single system on
>>
> On 19 Mar 2018, at 15:18, Dan Brown wrote:
>
> PS: I never directly worked on enterprise security (usually, I just think
> about the math of basic crypto primitives), but I don't recall hearing about
> such a "visibility" feature in the enterprise security work of colleagues
> (whom I do _
On Fri, Mar 23, 2018 at 11:26 PM, Alex C wrote:
> As I understand it (poorly!) the idea is exactly to have a single system
> on the network that monitors all traffic in cleartext.
>
And more specifically: to be able to *passively* intercept traffic and
allow it to be decrypted by a central syste
