On 14 Jul 2017, at 12:17, Kathleen Moriarty wrote:
Otherwise, with the proposed solution, your still relying on indicators of compromise that can be detected using the encrypted traffic.
Actually, it's often important to have visibility into the intranet cryptostream in order to detect and classify aberrant behavior which can't otherwise be detected/classified standing outside the tunnel.
Organizations do this to identify compromised/abusive machines on intranet networks all the time.
----------------------------------- Roland Dobbins <rdobb...@arbor.net> _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
