On Oct 23, 2017, at 1:30 PM, Ackermann, Michael <mackerm...@bcbsm.com> wrote: > The WHY you ask is in the answer. > It is a huge proposition requiring change to virtually every platform and > application. Not to mention all the management, monitoring and security > platforms. > It would be very expensive and time consuming. > And when they ask why this is necessary, it is because the new version of > the existing protocol is not backwards compatible, which is something we > have come to expect.
I really tried to have sympathy for you about this in Prague. I know what it's like to get unreasonable pushes from management (not based on recent experience, fortunately). But this exact form of reasoning is why we're suffering from attacks on the internet like the Mirai botnet and the Reaper botnet, the Equifax hack, et cetera. You have come to a group of people who take these issues extremely seriously and asked them to bless you in going forward to create another problem of the same magnitude. I know you don't think that's what you're asking, but that really is what you are asking. It might not be on your network—maybe you will operate this technology securely. But you are asking us to create an attack surface, and it will be used. When you make requests like this, what you are really doing is pushing off costs your management doesn't want to pay on the users of the Internet as a whole. 130 million Americans are now doomed for life to suffer from attacks on their credit because of this kind of thinking. Stop asking us to take security less seriously, and start taking it more seriously. You work for BCBS: you are responsible for protecting the privacy of a similar number of Americans. I know this is hard, but it's time to stop imagining that you can lay costs off on us and start planning how you are going to migrate to a more secure architecture.
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
