> -----Original Message----- > From: TLS [mailto:tls-boun...@ietf.org] On Behalf Of Salz, Rich > Sent: Thursday, October 19, 2017 10:15 > To: Paul Turner <paul.tur...@venafi.com>; Kaduk, Ben > <bka...@akamai.com>; tls@ietf.org > Subject: Re: [TLS] Publication of draft-rhrd-tls-tls13-visibility-00 > > > ➢ I guess the basic question I'm asking is that if a third party is so > powerful > that they can do what you describe, aren't they going to force an even more > effective method (trusting their CA so that they can terminate the connection > as a middle man) on clients so that they don't have to coerce every server? > > The stated goal of this work (and its predecessor) is to allow enterprises to > capture traffic for later debugging and analysis. The client could be coming > in > via the generic public Internet, with a stock browser. > > Your question points out a danger of this mechanism: it becomes all too easy > to “escape” and enable nationwide wiretapping. > > Make sense? > Can you explain how nationwide wiretapping is going to be easy with this plan? Again, EVERY server owner will need to opt-in. > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
