On Mon, Aug 20, 2018 at 5:36 PM, Jack Visoky <jmvis...@ra.rockwell.com> wrote:
> 2. In some cases the code size is quite important. It’s not uncommon for > hardware to be in the field in Industrial Automation for 15 or more years, > so in some cases the hardware is already stretched pretty thin and might > not be able to handle the demands of encryption. At the same time it is > hugely beneficial to take advantage of the security of TLS for many of > these installations. > Given that you work for Rockwell, I'm assuming that you have specific devices in mind, that these devices are already in the field, and that you intend to upgrade their firmware to support CORE or something like that. Is this the use case you're talking about? > 3. Another use case for these NULL encryption suites is around inspection > of data. I think this has been discussed in this forum already, but these > cipher suites could support that as well. > I would really encourage you to take a look at MUD (Manufacturer Usage Description) <https://datatracker.ietf.org/doc/draft-ietf-opsawg-mud/> as a way to configure these devices. I presume that the use case here is that you have a device that could be pwned, and you want to be able to see what it is sending. But really it shouldn't even be having the conversation, right? MUD lets you configure your firewall automatically, preventing the device, if it's pwned, from talking to the controlling botnet.
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
