All,
I have just submitted a draft outlining enterprise use cases for
out-of-band TLS decryption.
Please review.
Thanks
Steve Fenter
-- Forwarded message --
From:
Date: Mon, Mar 5, 2018 at 1:05 PM
Subject: New Version Notification for draft-fenter-tls-decryption-00.txt
To
n
at many layers of this internal TLS network.
Steve Fenter
> On Mar 24, 2018, at 7:37 PM, Ion Larranaga Azcue wrote:
>
> I recognize I may lack context, because I have only seen Steve Fenter's
> slides, but apart from it not reaching consensus, the scenario it presents
ge is going to last five years as has been
suggested. And whenever RSA is deprecated, it takes a long time to implement a
new solution in a large enterprise, so we have to be well out in front of the
problem,
Steve Fenter
> On Mar 24, 2018, at 3:31 PM, Tony Arcieri wrote:
>
>>
I'd like to echo Dale's sentiments on the error codes. I've done a fair amount
of TLS handshake troubleshooting, and it's usually long and painful because the
error codes are so vague. Another factor in debugging is that people
troubleshooting TLS in the enterprise are typically not the same l
Proxies in the Data Center
There are a number of reasons that inline proxies are not a scalable solution
for monitoring communications in enterprise environments.
-- cost
-- production risk
-- latency
Here are some specific examples of where the use of proxies for monitoring
communications
> On Jul 11, 2017, at 2:15 PM, Stephen Farrell
> wrote:
>
>
> To add to Ted's clarification requests:
>
>> On 11/07/17 19:39, Steve Fenter wrote:
>> Network security monitoring is not just monitoring traffic that
>> results from communications with
The main problem with not addressing the TLS visibility issue now is that no
one knows when a vulnerability will be discovered in TLS 1.2 that forces
enterprises to upgrade to TLS 1.3. We've had guarantees that TLS 1.2 and the
RSA key exchange are going to be fine for 5 to 10 years, but nobody k
I know of a number of large enterprises in verticals including financial,
health care, retail, and government, across multiple countries, who are using
packet payload inspection within their data centers. Most of these enterprises
are reluctant to step forward in a public forum and reveal their
