The requirements for visibility exist in an array of regulated environments worldwide. It is one of the presentation areas in the Hot Middlebox Workshop. http://www.etsi.org/etsi-security-week-2018/middlebox-security?tab=1
The Middlebox Hackathon site is also now public so everyone can experience how a browser plug-in client (to be provided) can be used in conjunction with a fine grained Middlebox Security Protocol for Middlebox discovery and controlled visibility by an end-user in a way that meets both user and regulatory interests. The draft specification will be published in two weeks. --the Hot Middlebox organizers On Wed, Mar 14, 2018 at 9:42 AM, Salz, Rich <rs...@akamai.com> wrote: > > > So aside from enabling MitM, this also enables session resumption by > the decryption service, something that the security considerations > neglects to include in its list. > > So I think this is an important point. I assume the authors did not > realize this. That shows how hard, and risky, it is to get this right. In > the US, we have been having arguments where the national police force (FBI) > is insisting that tech companies can create a "golden key" that only they > can use, and the security people are saying it is impossible. This seems > like another instance, no? > > Oh heck, let me ask the uncomfortable question: Russ, did you know this > or was Martin's point new to you? > > /r$ > > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
