On Mon, Jul 17, 2017 at 8:35 AM, Dobbins, Roland <rdobb...@arbor.net> wrote: >> On Jul 17, 2017, at 15:15, Carl Mehner <c...@cem.me> wrote: >> beginning to encrypt traffic inside the TLS tunnel. > Yes, some (but by no means all) are - which means that in such cases, the > ability to look inside the TLS tunnel so as to be able to detect the > presence of an additional level of encryption as a possible indicator of > compromise is extremely important.
Are you worried about malware encrypting traffic between nodes in an intranet communicating with servers on that intranet you control which would use this draft? that seems very unlikely. Why would malware use this draft? Malware would use either it's own server, or basic utilities provided by the system (i.e. wannacry's use of SMB). _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
