> -----Mensaje original----- > De: Kathleen Moriarty [mailto:kathleen.moriarty.i...@gmail.com] > Enviado el: jueves, 15 de marzo de 2018 18:42 > Para: Carl Mehner <c...@cem.me> > CC: Ion Larranaga Azcue <ila...@s21sec.com>; tls@ietf.org > Asunto: Re: [TLS] Breaking into TLS to protect customers > > The example I provided is not about malware, it was about lateral movement > by threat actors within a network. The initial compromise that led to access > within the network may have been through malware or some other > vulnerability, but I do think monitoring on an internal network (encrypted or > not, through logs or on the wire) is the use case for attack detection that is > plausible with the proposed approach.
Ok, now it's clear for me. I don't know why I thought I had seen a couple of times these last days people talking about the need of IPS to decrypt traffic going from the enterprise to internet, trying to detect exfiltration of data or connections to a malware C&C, which is not the scope of the draft, and I thought we were starting to veer off-course in the discussion. As usually happens, I've been looking for those previous messages (not too hard I must admit) and I have been unable to find them, so I probably misunderstood what someone meant... My bad! _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
