On Thu, Oct 19, 2017 at 12:27 PM Salz, Rich <rs...@akamai.com> wrote:
> We disagree. > > Being able to block traffic is much less effort than pretending to be > another identity. > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls > First I want to thank the TLS WG for all their assistance and conversation around finding the right methodology for continued visibility. The question has been raised: "Why address visibility now?" The answer is that it is critical that the visibility capability is retained. It is available today through the RSA key exchange algorithm. We understand that the issue was raised late and have fallen on the preverbal sword for being late to the party but the issue is real. That is where the "rhrd" draft has come from. A way to retain that visibility capability but with a newer and more secure protocol. We need to protect and troubleshoot data that is within each of our companies. As encryption becomes more prevalent, it becomes more and more critical to see that data. The amount of people currently voicing concern is likely small for two reasons. One is that everything is public and many of the "lurkers" are hesitant to voice their concerns. The second reason is that so many don't know that visibility will be an issue. They will either discover this as they migrate to TLS 1.3 or as they start to encrypt within their data center. There is work to rapidly raise that awareness through roundtables, conferences and other venues. It is very positive that the WG has made a number of great recommendations that have led to this solution. That is the intention. We would appreciate the WG now adopting the extension so that it can be ushered through the process. This continued visibility can continue to be available as we all have expectations that our data is safeguarded and that websites are available to us quickly. Thank you for your valued assistance!
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
