I must admit that I mostly agree with Stephan that this kind of
thing should not exist. However, it exists now, and the chairs
have decided we should at least discuss it.
I think there are many ways to meet the "requirements" of
network monitoring and protocol debugging, and some are worse
than others. Leading the world in the direction of the least
damaging ones seems to be the bese way to deal with a bad situation.
The major threats I see include:
Coerced use by oppressive governments.
Use outside the immediate private network
Use by an ISP on its customers
Use without both ends being aware that it is in use.
I think coerced use is by oppressive governments is an obvious
bad and I hope I have working group agreement on this point.
Limiting the protocol to the immediate private network will
prevent 3rd parties from activating it to spy on the enterprise.
One possible way to enforce this limitation is to require
compliant implementations to limit broadcast of decryption
information to the IP addresses on the local subnet.
I would be nice to be able to keep an ISP from spying on its
customers as part of its "private network". However, I don't see
how to differentiate an ISP's network from a enterprise network.
If it is not technically possible to use the protocol without
both ends being aware that it is in use, then user interfaces
can reflect its use. One result would be that enterprise users
would be continually warned that their messages aren't private.
Any technical fixes we build into the protocol that prevent
these actions are a positive improvement.
Cheers - Bill
---------------------------------------------------------------------------
Bill Frantz | If you want total security, go to prison.
There you're
408-356-8506 | fed, clothed, given medical care and so on.
The only
www.pwpconsult.com | thing lacking is freedom. - Dwight D. Eisenhower
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
