I've already responded to this! Why are you wasting everyone's time by
asking the same questions over and over, even though I've already
clearly answered them?
An airplane/wifi provider might say "download our free browser," but it
won't rely on draft-rhrd-tls-tls13-visibility to snoop on its customers.
If the airplane/wifi provider controls the software on its customers'
computers, it doesn't need the cooperation of the servers that the
customers are connecting to in order to snoop, so it wouldn't go through
the effort of trying to get that cooperation. And, if the airplane/wifi
provider has the cooperation of the servers that the customers are
connecting to it doesn't need to convince its customers to download any
software or in any other way get the customers to cooperate in allowing
the snooping, so it won't bother.. If you believe otherwise, then you
are the one who is being very naïve.
I can't guarantee that enterprise visibility will stop at the enterprise
firewall. My argument is simply that use of the protocol in this draft
will stop at the enterprise firewall since outside the firewall, when
communicating with clients outside of the enterprise's control, the
enterprises that want to enable "visibility" into such traffic will use
other means that don't require the the cooperation or knowledge of the
clients, since those other means would be easier and more effective. You
have done nothing to suggest otherwise.
On 10/25/2017 10:56 AM, Salz, Rich wrote:
This question is based on your that belief that this protocol will "escape"
onto the public Internet
Yes. Are you saying that you don’t believe that the enterprise visibility will
stop at their firewall? That they will allow ‘stock’ TLS 1.3 to work
connecting to their sites? That the airplane/wifi provider won’t say ‘download
our free browser’?
I think you’re being very naïve to think otherwise.
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
