On Sat, Jul 15, 2017 at 12:12 PM, Salz, Rich <rs...@akamai.com> wrote:
> > On the public internet, it's increasingly common for traffic to be MITMd > in the form of a CDN. > > A CDN is not a middlebox, it is not a MITM. It is a site that the origin > has hired to act as a "front" to it. > Don't take it as a criticism; I've built two CDNs, and I think they are an awesome and important part of the internet. But CDNs certainly are middle boxes; they sit between the origin and the client. A box, in the middle. What I'm trying to get it is the inconsistency of logic we are applying. So far responses on the mailing list have been saying "Don't use pcap, instead run proxies". For some reason we find proxies less distasteful, even though they have unbounded capability to destroy forward secrecy, even though they must be in-line and hence subject to exploit, even though it comes at massive cost (in my opinion), even though it's much harder to use proxies to examine plaintext in a forensic and selective way. Not only is this very unlikely to be an answer that will work for the enterprise network folks, if they did take our advice, it would actually be /worse/ security than what they have today. That has to be a bizarre outcome to promote. For what? moral purity? With regard to CDNs, that's more illogic: why are we so against a key being shared to decrypt session keys, but fine with a key being shared to facilitate total impersonation? I can't make sense of it. PS: I expect everyone who argues against facilitating PCAP decryption on the ground of "Forward secrecy is a must have" to make identical demands of 0-RTT, which can do much more damage to FS. -- Colm
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
