ailto:tls-boun...@ietf.org] On Behalf Of Martin Rex
> >>> Sent: Thursday, March 29, 2018 4:47 AM
> >>> To: Steve Fenter
> >>> Cc: tls@ietf.org
> >>> Subject: Re: [TLS] Breaking into TLS for enterprise "visibility" (don't
> >
: [TLS] Breaking into TLS for enterprise "visibility" (don't do
it)>
Steve Fenter wrote:
To clarify for anyone who has confusion on the enterprise TLS
visibility use case, I think enterprises need to be able to do
out-of-band decryption anywhere in the network that they own.
This
> Subject: Re: [TLS] Breaking into TLS for enterprise "visibility" (don't do
> > it)>
> > Steve Fenter wrote:
> > > To clarify for anyone who has confusion on the enterprise TLS
> > > visibility use case, I think enterprises need to be able
Hi Martin
> -Original Message-
> From: TLS [mailto:tls-boun...@ietf.org] On Behalf Of Martin Rex
> Sent: Thursday, March 29, 2018 4:47 AM
> To: Steve Fenter
> Cc: tls@ietf.org
> Subject: Re: [TLS] Breaking into TLS for enterprise "visibility" (don'
Steve Fenter wrote:
>
> To clarify for anyone who has confusion on the enterprise TLS visibility
> use case, I think enterprises need to be able to do out-of-band decryption
> anywhere in the network that they own.
This is argument is so lame.
In Germany, monitoring communications between indivi
Fenter
Enviado el: lunes, 26 de marzo de 2018 13:49
Para: Tony Arcieri
CC: tls@ietf.org
Asunto: Re: [TLS] Breaking into TLS for enterprise "visibility" (don't do it)
MITM as a solution doesn't scale for the needs of the enterprise. Packet
decryption and inspection is need
MITM as a solution doesn't scale for the needs of the enterprise. Packet
decryption and inspection is needed at many locations within the data center:
at many tiers of an application, within the virtual environment, and within the
cloud environment, all of which may be TLS encrypted. Speaking
> monitor tasks to that point.
>
> So maybe it's because the presentation is obsolete or because I lack context
> but... no, I don't think those specific slides are a valid example today.
>
> ____________
> De: TLS en nombre de Jim Reid
___
De: TLS en nombre de Jim Reid
Enviado: sábado, 24 de marzo de 2018 16:56
Para: Dan Brown
Cc: tls@ietf.org
Asunto: Re: [TLS] Breaking into TLS for enterprise "visibility" (don't do it)
> On 19 Mar 2018, at 15:18, Dan Brown wrote:
>
> PS: I never directly worked
From: TLS on behalf of Tony Arcieri
Date: Saturday, March 24, 2018 at 11:31 AM
Subject: Re: [TLS] Breaking into TLS for enterprise "visibility" (don't do
it)
> On Fri, Mar 23, 2018 at 11:26 PM, Alex C wrote:
>> As I understand it (poorly!) the idea is exactly to
> On 19 Mar 2018, at 15:18, Dan Brown wrote:
>
> PS: I never directly worked on enterprise security (usually, I just think
> about the math of basic crypto primitives), but I don't recall hearing about
> such a "visibility" feature in the enterprise security work of colleagues
> (whom I do _
On Fri, Mar 23, 2018 at 11:26 PM, Alex C wrote:
> As I understand it (poorly!) the idea is exactly to have a single system
> on the network that monitors all traffic in cleartext.
>
And more specifically: to be able to *passively* intercept traffic and
allow it to be decrypted by a central syste
As I understand it (poorly!) the idea is exactly to have a single system on
the network that monitors all traffic in cleartext.
It's fundamentally impossible to prevent someone from copying all their
traffic to another system in cleartext. If they're going to do it, they
will.
The functionality is
Dear TLS WG,
Enterprise "visibility" is a network issue, not an Internet issue, and thus, to
my _limited_ understanding, should be out of scope of IETF.
Nonetheless, enterprise security is important, and enterprise networks use
Internet technology internally, so the topic is perhaps still proce
14 matches
Mail list logo
