Re: [TLS] Industry Concerns about TLS 1.3

Fri, 23 Sep 2016 18:31:59 -0700

On 9/23/16 at 2:24 PM, bitssecur...@fsroundtable.org (BITS Security) wrote:
But general-purpose messaging services (and other collaboration services) which don’t have an explicit man-in-the-middle (and don’t permit server-side access to user plaintext and can’t be observed by other means) can’t be used in supervised environments. This rules out many cloud-hosted services today. 

I see a train wreck coming and it looks like this:


The public internet, Google, Cloud services, Facebook, Twitter, 
etc. etc. move in the direction of improving security using 
things like PFS, because the idea of protecting human rights 
advocates in the parts of the world where people are routinely 
tortured sells well to the general public, people like me, and 
others on this list.



On the other hand, some major enterprises continue to depend on 
being able to break the security of their employees to monitor 
their networks in ways that the bad guys can easily use, as 
opposed to installing endpoint or gateway monitoring.



This train wreck results in fewer and fewer public internet 
services being available to users within these enterprises. 
Eventually, employees give up on the corporate network and start 
using their cell phones to communicate with customers, research 
investments etc., completely bypassing the regulatory required monitoring.



This scenario says it doesn't matter whether TLS 1.3 and 
successors allows RSA. If they have any PFS modes, these will be 
the only ones public internet servers will accept. If they are 
turned off in enterprise clients, they will not be able to 
connect without going through a gateway which turns them on.



My conclusion is that enterprises that depend on being able to 
decrypt traffic without involving the endpoints should start 
moving to systems that do involve the endpoints.


Cheers - Bill

-----------------------------------------------------------------------
Bill Frantz        | Ham radio contesting is a    | Periwinkle

(408)356-8506      | contact sport.               | 16345 
Englewood Ave
www.pwpconsult.com |  - Ken Widelitz K6LA / VY2TT | Los Gatos, 
CA 95032


_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls






















					Reply via email to