|
I'm not suggesting that cash strapped
schools would use one of these devices. I'm simply saying that
such a solution would be simpler and far more effective than
trying to use draft-rhrd-tls-tls13-visibility to snoop on outgoing
traffic.
Those who are suggesting draft-rhrd-tls-tls13-visibility could be used to snoop on outgoing traffic are imagining a scenario in which the school (or other snooper) would make arrangements with each TLS-protected server that they would allow their clients to connect to receive copies of the keys that would be needed to decrypt the traffic. How effective would that be? How expensive would that be? Besides, the scenario I described previously is just one possibility (although perhaps the easiest to implement). The software that the middlebox requires clients to use could just send the traffic in plaintext to the middlebox while falsely indicating to the client that the connection is secure. Plainly, if the attacker developed the software that the client is running, then there is no protection from the attacker. On 10/24/2017 04:01 PM, Ted Lemon wrote: On Oct 24, 2017, at 3:59 PM, Ted Lemon <mel...@fugue.com> wrote:
|
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
