Re: [arch-d] Off topic [was: IAB Statement on Encryption and Mandatory Client-side Scanning of Content]
Phillip Hallam-Baker <phill@hallambaker.com> Tue, 19 December 2023 22:30 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: architecture-discuss@ietfa.amsl.com
Delivered-To: architecture-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B79A0C151072 for <architecture-discuss@ietfa.amsl.com>; Tue, 19 Dec 2023 14:30:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.403
X-Spam-Level:
X-Spam-Status: No, score=-1.403 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.25, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UBgoHl52pf83 for <architecture-discuss@ietfa.amsl.com>; Tue, 19 Dec 2023 14:30:13 -0800 (PST)
Received: from mail-ot1-f54.google.com (mail-ot1-f54.google.com [209.85.210.54]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 85527C151070 for <architecture-discuss@ietf.org>; Tue, 19 Dec 2023 14:29:54 -0800 (PST)
Received: by mail-ot1-f54.google.com with SMTP id 46e09a7af769-6d9dc789f23so3667054a34.3 for <architecture-discuss@ietf.org>; Tue, 19 Dec 2023 14:29:54 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1703024994; x=1703629794; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=MMHLUfJc/wvhWq9OB7znvzURoBf3jStplNQwfZrsX7k=; b=xFXXwjpFb01ewLFdjScnP5qmcvKTm6nJDpPQ4S6peW6DZOaf2JdmMjbgs3OIv1Szla w/b83XTbDe7ETddnZv7j8ApozNuO0UbzW8ZvFRVOjoFqpp9geTHhijER9SjepZB2sSKM m5yJ1DNqcrk22tQmPAnhmuLrLqFRkFYOAD/NfEfJK2c58hMfdVN1JeC6Kna4LBnZ2rwX G44nKKM93iXHXVFx2AGEEwjDadoyHzaXV965Plr+xbYn0nAc+mdul3eVRZuoYtF0+fQK 2DrGrI/DCCeZlwOfmoVci+smE+1v9gAdwQaw4l8GvD1X6Lo/XYyvqi2V9EqXHUYspT9E evBg==
X-Gm-Message-State: AOJu0YyG2l0zWzkwm4F6ZPw7GKQDpul6G2QTxM7sOjCpQV++mFohBHul +vnYIICxRzoQtRbzUUrvfXSLZhOPqc1TRRBLTzR382QRpmg=
X-Google-Smtp-Source: AGHT+IGpItquC4eM+1A7VvpKwSzUwACRtcCQSOEVYBMEZfNjIGwMcWFnL/7pAeeoPTOo5JBkOS3ZHesMMsukzc+nMyE=
X-Received: by 2002:a05:6830:1b70:b0:6db:a7f4:afa3 with SMTP id d16-20020a0568301b7000b006dba7f4afa3mr773952ote.2.1703024993706; Tue, 19 Dec 2023 14:29:53 -0800 (PST)
MIME-Version: 1.0
References: <170266952162.33107.14325064798861197261@ietfa.amsl.com> <6.2.5.6.2.20231216110256.18d0acd0@elandnews.com> <CWXP265MB5153610FBB98A7B06AF81040C290A@CWXP265MB5153.GBRP265.PROD.OUTLOOK.COM> <CAKr6gn2Hf4N+DgKHKyO+i3T3OJyYRBJhH1AdQf-uXZ0xKmJ4Eg@mail.gmail.com> <CWXP265MB515381523714FF99524410CFC290A@CWXP265MB5153.GBRP265.PROD.OUTLOOK.COM> <790032a6-24f6-60d1-fb60-4b44bd447bde@gmail.com> <fadd9250-4b31-4bf5-aa76-4f37d24fd650@cdt.org> <02ae01da31f2$80580630$81081290$@olddog.co.uk> <c96e396d-fc05-4bdd-a047-012cbf7366c1@cdt.org> <CAFvDQ9ouHUpn8PqcNLxT0yKGh+mPeOZE_g7a8Nz+rOzEViVL=g@mail.gmail.com> <e9f0c20a-f06c-eb8c-3261-b9c5a7f21b5f@gmail.com>
In-Reply-To: <e9f0c20a-f06c-eb8c-3261-b9c5a7f21b5f@gmail.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
Date: Tue, 19 Dec 2023 17:29:41 -0500
Message-ID: <CAMm+LwhsEAo=E_x2DLupzGWGou1z1vQEEUiG77oGvxx0QwRaCw@mail.gmail.com>
To: Brian E Carpenter <brian.e.carpenter@gmail.com>
Cc: Hesham ElBakoury <helbakoury@gmail.com>, architecture-discuss@ietf.org
Content-Type: multipart/alternative; boundary="000000000000cb2778060ce467c0"
Archived-At: <https://mailarchive.ietf.org/arch/msg/architecture-discuss/HHD14derxl8NqR5MyGnG-H2ctHo>
Subject: Re: [arch-d] Off topic [was: IAB Statement on Encryption and Mandatory Client-side Scanning of Content]
X-BeenThere: architecture-discuss@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: open discussion forum for long/wide-range architectural issues <architecture-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/architecture-discuss>, <mailto:architecture-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/architecture-discuss/>
List-Post: <mailto:architecture-discuss@ietf.org>
List-Help: <mailto:architecture-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/architecture-discuss>, <mailto:architecture-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Dec 2023 22:30:17 -0000
On Tue, Dec 19, 2023 at 5:00 PM Brian E Carpenter < brian.e.carpenter@gmail.com> wrote: > Hesham, > On 19-Dec-23 11:59, Hesham ElBakoury wrote: > > > Nubeva has developed technology to extract TLS keys to be used by 3rd > party tools to decrypt and inspect the traffic [ > https://www.nubeva.com/hubfs/Downloadables/Nubeva%20SSL%20Solution%20Brief_Nov%202019.pdf > ]. > > > > Would this violates client privacy? > > > > I may be missing something, but I don't understand how this product could > work unless the "Sensor" component is configured with the server's private > keys. Is that correct? > Not if the client or the server is leaking the session keys in-band. There is no statement to the effect that it doesn't require endpoint modification. This sort of mechanism is deployed inside environments like process control where you don't want to have any communications that can't be monitored. An engineer trying to work out what is happening on a nuclear site has to be able to read absolutely every piece of traffic on the SCADA network.
- Re: [arch-d] IAB Statement on Encryption and Mand… S Moonesamy
- Re: [arch-d] IAB Statement on Encryption and Mand… Brian E Carpenter
- Re: [arch-d] IAB Statement on Encryption and Mand… S Moonesamy
- Re: [arch-d] IAB Statement on Encryption and Mand… S Moonesamy
- Re: [arch-d] IAB Statement on Encryption and Mand… George Michaelson
- Re: [arch-d] IAB Statement on Encryption and Mand… Brian E Carpenter
- Re: [arch-d] IAB Statement on Encryption and Mand… Vittorio Bertola
- Re: [arch-d] IAB Statement on Encryption and Mand… Christian Huitema
- Re: [arch-d] IAB Statement on Encryption and Mand… Eric Rescorla
- Re: [arch-d] IAB Statement on Encryption and Mand… Andrew Campling
- Re: [arch-d] IAB Statement on Encryption and Mand… Andrew Campling
- Re: [arch-d] IAB Statement on Encryption and Mand… S Moonesamy
- Re: [arch-d] IAB Statement on Encryption and Mand… Brian E Carpenter
- Re: [arch-d] IAB Statement on Encryption and Mand… Wes Hardaker
- Re: [arch-d] IAB Statement on Encryption and Mand… Hesham ElBakoury
- Re: [arch-d] IAB Statement on Encryption and Mand… S Moonesamy
- Re: [arch-d] IAB Statement on Encryption and Mand… S Moonesamy
- Re: [arch-d] IAB Statement on Encryption and Mand… Eliot Lear
- Re: [arch-d] IAB Statement on Encryption and Mand… Eric Rescorla
- [arch-d] Off topic [was: IAB Statement on Encrypt… Brian E Carpenter
- Re: [arch-d] IAB Statement on Encryption and Mand… Phillip Hallam-Baker
- Re: [arch-d] IAB Statement on Encryption and Mand… Eric Rescorla
- Re: [arch-d] IAB Statement on Encryption and Mand… Arnaud Taddei
- Re: [arch-d] Off topic [was: IAB Statement on Enc… Phillip Hallam-Baker
- Re: [arch-d] IAB Statement on Encryption and Mand… Phillip Hallam-Baker
- Re: [arch-d] [EXTERNAL] Re: IAB Statement on Encr… Tommy Jensen
- Re: [arch-d] Off topic [was: IAB Statement on Enc… Phillip Hallam-Baker
- Re: [arch-d] IAB Statement on Encryption and Mand… Eric Rescorla
- Re: [arch-d] IAB Statement on Encryption and Mand… Phillip Hallam-Baker
- Re: [arch-d] IAB Statement on Encryption and Mand… Phillip Hallam-Baker
- Re: [arch-d] IAB Statement on Encryption and Mand… Mallory Knodel
- Re: [arch-d] IAB Statement on Encryption and Mand… Mallory Knodel
- Re: [arch-d] IAB Statement on Encryption and Mand… Phillip Hallam-Baker
- Re: [arch-d] IAB Statement on Encryption and Mand… Mallory Knodel
- Re: [arch-d] IAB Statement on Encryption and Mand… Adrian Farrel
- Re: [arch-d] IAB Statement on Encryption and Mand… Mallory Knodel
- Re: [arch-d] Off topic [was: IAB Statement on Enc… Hesham ElBakoury
- Re: [arch-d] Off topic [was: IAB Statement on Enc… Brian E Carpenter
- Re: [arch-d] IAB Statement on Encryption and Mand… Vittorio Bertola
- Re: [arch-d] IAB Statement on Encryption and Mand… John Levine
- Re: [arch-d] IAB Statement on Encryption and Mand… Mirja Kuehlewind (IETF)
- Re: [arch-d] [IAB] IAB Statement on Encryption an… Mirja Kuehlewind (IETF)