I have not heard any assertions that looking at unencrypted tls traffic is not valuable. I agree that there are cases that it is. What I and others have disagreed with is that the examples provided on the list and in the draft of where it is necessary are either not applicable, or simply 'easier' rather than necessary. In the email below, I was trying to find out which case malware would fall into. do you have an example of where malware would be on your intranet using this draft (the only way that this draft would help you with malware analyzing), if you do not, let's remove malware analysis from this list of arguments for this draft.
On Mon, Jul 17, 2017 at 8:54 AM, Dobbins, Roland <rdobb...@arbor.net> wrote: > > > On Jul 17, 2017, at 15:40, Carl Mehner <c...@cem.me> wrote: > > Why would malware use this draft? > > > Nobody said anything about malware using this draft. > > What I'm saying is that the ability to look inside the TLS tunnel & infer > the presence of an additional, unexpected cryptostream - even without the > ability to decrypt it - is quite valuable. > > ----------------------------------- > Roland Dobbins <rdobb...@arbor.net> > > ----------------------------------- > Roland Dobbins <rdobb...@arbor.net> _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
