highly situationally-specific.
-------
Roland Dobbins
___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
On 19 Jul 2017, at 20:37, Blumenthal, Uri - 0553 - MITLL wrote:
I keep telling that this pool is drying up.
The organizations who need this the most are already working in
all-crypto environments. Nothing about that pool is going to change.
---
Roland
There's some quite useful and constructive discussion of possible
approaches taking place - I'm observing it with interest.
-------
Roland Dobbins
___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
some perceptions of how these things are done even on the
public Internet may be a bit circumscribed.
The tools that network engineers and security personnel need analyze
network traffic. Logs are insufficient.
---
Roland Dobbins
___
On 17 Jul 2017, at 20:49, Roland Dobbins wrote:
Based on my experience troubleshooting, I disagree with your
disagreement; while in many circumstances a great deal can be inferred
from one end, it's sometimes vitally necessary to gain visibility from
multiple points in the rel
roubleshoot differs
considerably.
-----------
Roland Dobbins
___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
On 17 Jul 2017, at 19:01, Roland Dobbins wrote:
Many organizations do this, today.
And some also go the passive-only route - I forgot to mention that.
They'll use commercial IDS/IPS, or Snort with viewssld, et. al.
---
Roland Do
given
investigative context (and possibly groveled through), which is a
genuine operational concern. So, having the ability to look at this
traffic prior to it reaching the proxy can be valuable.
Many organizations do this, today.
---
Roland Do
ock things like malware downloads.
-------
Roland Dobbins
___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
x27;s by raw public key, certificate
name, etc., is quite flexible).
I agree that the extension approach is something which is worthy of
exploration.
---
Roland Dobbins
___
TLS mailing list
TLS@ietf.org
https://www.iet
!
Intranet administrators must have visibility into the traffic traversing
their intranets in order to be able to maintain, troubleshoot, and
secure those intranets. This often includes TLS-encrypted traffic, too.
---
Roland Dobbins
the crypto was doubled.
Was the malware in question using countersurveillance/obfuscation
techniques that made it more difficult to infer the presence of the
additional layer of encryption?
---
Roland Dobbins
___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
it, is very
useful in a security context.
Sorry for being unclear!
-------
Roland Dobbins
___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
On 16 Jul 2017, at 11:19, Salz, Rich wrote:
> The key point here is Within the enterprise.
+1
---
Roland Dobbins
___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
Concur 100%.
---
Roland Dobbins
___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
g proprietary,
non-auditable crypto. That would be bad for everyone.
---
Roland Dobbins
___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
On 17 Jul 2017, at 16:15, Yoav Nir wrote:
> Obligatory XKCD link:
This one is actually more relevant, IMHO:
<https://xkcd.com/538/>
-------
Roland Dobbins
___
TLS mailing list
TLS@ietf.org
https://www.ietf.or
unilaterally without detection by the
unwitting peer?
Quite possibly, yes - the devil will be in the details, but the concept
is perfectly valid, IMHO.
---
Roland Dobbins
___
TLS mailing list
TLS@ietf.org
https
mandate TLS 1.3 or above - which will happen, at some point in
the not-too-distant future.
---
Roland Dobbins
___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
t and classify aberrant behavior which
can't otherwise be detected/classified standing outside the tunnel.
Organizations do this to identify compromised/abusive machines on
intranet networks all the time.
-------
Rola
is used very heavily for that purpose on intranets, and has been for
many years.
-----------
Roland Dobbins
___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
On 16 Jul 2017, at 0:07, Watson Ladd wrote:
How does an endpoint not know the source?
You do not seem to have a good grasp of Internet operations at scale and
necessary division of functions.
---
Roland Dobbins
days, when hubs were a thing, I used those for
this purpose, with the appropriate connections diked out.
I still carry around a small GigE switch with SPAN capabilities, just in
case.
;>
---
Roland Dobbins
___
s,
troubleshooting, and security.
The fact that we're even having this discussion at this point in time is
because of an astounding lack of due diligence on the part of those who
are pushing to remove the capability to monitor standards-based
encrypted traffic on intranet
he list can, however.
-------
Roland Dobbins
___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
ir customers and
constituents - i.e., proles like you and me.
It isn't new, it isn't unique, it isn't a case of a small group engaging
in special pleading. What's amazing is that very few engaged in this
discussion seems to understand all this.
act on the operational community
and the networks, services, and applications for which they are
responsible, and upon which we all depend, every day.
---
Roland Dobbins
___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
27 matches
Mail list logo
