Re: [TLS] Publication of draft-rhrd-tls-tls13-visibility-00

David A. Cooper Tue, 24 Oct 2017 13:42:15 -0700

On 10/24/2017 04:24 PM, Ted Lemon wrote:

On Oct 24, 2017, at 4:21 PM, David A. Cooper <david.coo...@nist.gov> wrote:

I'm not suggesting that cash strapped schools would use one of these devices. I'm simply saying that such a solution would be simpler and far more effective than trying to use draft-rhrd-tls-tls13-visibility to snoop on outgoing traffic.

Again, if that were true, then it would also be true that these devices would nicely solve the problem that draft-rhrd-tls-tls13-visibility solves.

Not at all. Visibility in the data center is a totally different problem than inspecting outgoing traffic. In the data center case the same organization controls the clients, servers, and the authorized listeners. That is very different from a scenario in which the organization that wants to listen in is different from the organizations that control the servers, and in which the organizations that control the servers are unlikely to want to grant this intermediary the ability to listen in on the traffic between it and its clients.

Also, in the data center case, there is no middlebox. Others, who know much more than I do about operational constraints in data center environments, have already argued that setting up a bunch of middleboxes would not be a viable solution.

_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

Re: [TLS] Publication of draft-rhrd-tls-tls13-visibility-00

Reply via email to