Re: [TLS] Breaking into TLS for enterprise "visibility" (don't do it)
mrex@sap.com (Martin Rex) Wed, 28 March 2018 23:17 UTC
Return-Path: <mrex@sap.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4EA911271FD for <tls@ietfa.amsl.com>; Wed, 28 Mar 2018 16:17:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.521
X-Spam-Level:
X-Spam-Status: No, score=-5.521 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id x0lGazIhRIQh for <tls@ietfa.amsl.com>; Wed, 28 Mar 2018 16:17:20 -0700 (PDT)
Received: from smtpde01.smtp.sap-ag.de (smtpde01.smtp.sap-ag.de [155.56.68.170]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DB84312895E for <tls@ietf.org>; Wed, 28 Mar 2018 16:17:16 -0700 (PDT)
Received: from mail08.wdf.sap.corp (mail01.sap.corp [194.39.131.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtpde01.smtp.sap-ag.de (Postfix) with ESMTPS id 40BP0p3zFdzyY6; Thu, 29 Mar 2018 01:17:14 +0200 (CEST)
X-purgate-ID: 152705::1522279034-00000856-EF78B344/0/0
X-purgate-size: 947
X-purgate: clean
X-purgate: This mail is considered clean (visit http://www.eleven.de for further information)
X-purgate-Ad: Categorized by eleven eXpurgate (R) http://www.eleven.de
X-purgate-type: clean
X-SAP-SPAM-Status: clean
Received: from ld9781.wdf.sap.corp (ld9781.wdf.sap.corp [10.21.82.193]) by mail08.wdf.sap.corp (Postfix) with ESMTP id 40BP0n45fdz2y6c; Thu, 29 Mar 2018 01:17:13 +0200 (CEST)
Received: by ld9781.wdf.sap.corp (Postfix, from userid 10159) id 6B3D9409B; Thu, 29 Mar 2018 01:17:13 +0200 (CEST)
In-Reply-To: <03EC7170-1559-4D1B-ABB0-552DC5C2A3B0@gmail.com>
References: <1521920255951.94271@s21sec.com> <03EC7170-1559-4D1B-ABB0-552DC5C2A3B0@gmail.com>
To: Steve Fenter <steven.fenter58@gmail.com>
Date: Thu, 29 Mar 2018 01:17:13 +0200
CC: Ion Larranaga Azcue <ilarra@s21sec.com>, "tls@ietf.org" <tls@ietf.org>
Reply-To: mrex@sap.com
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="US-ASCII"
Message-Id: <20180328231713.6B3D9409B@ld9781.wdf.sap.corp>
From: mrex@sap.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/5JAwHq5SNeS4Vq1nD1PgcBiXfjg>
Subject: Re: [TLS] Breaking into TLS for enterprise "visibility" (don't do it)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Mar 2018 23:17:22 -0000
Steve Fenter <steven.fenter58@gmail.com> wrote: > > To clarify for anyone who has confusion on the enterprise TLS visibility > use case, I think enterprises need to be able to do out-of-band decryption > anywhere in the network that they own. This is argument is so lame. In Germany, monitoring communications between individuals or between individuals and legal entities, including communications over corporate networks, was made a serious crime in 2004 (TKG 2004) with a penalty of up to 5 years in prison for listening into such communication. The world didn't end. Really, consider it proven that there is no need. There may be _desires_. For me, those desires are no less unethical as data collections by apple, camebridge analytica, facebook, google, microsoft, whathaveyou... ... and fortunately, for corporations in germany, such data gathering is not just unethical, but truely criminal by law. -Martin
- Re: [TLS] Breaking into TLS for enterprise "visib… Dan Brown
- Re: [TLS] Breaking into TLS for enterprise "visib… Alex C
- Re: [TLS] Breaking into TLS for enterprise "visib… Tony Arcieri
- Re: [TLS] Breaking into TLS for enterprise "visib… Jim Reid
- Re: [TLS] Breaking into TLS for enterprise "visib… Carl Wallace
- Re: [TLS] Breaking into TLS for enterprise "visib… Ion Larranaga Azcue
- Re: [TLS] Breaking into TLS for enterprise "visib… Steve Fenter
- Re: [TLS] Breaking into TLS for enterprise "visib… Steve Fenter
- Re: [TLS] Breaking into TLS for enterprise "visib… Ion Larranaga Azcue
- Re: [TLS] Breaking into TLS for enterprise "visib… Martin Rex
- Re: [TLS] Breaking into TLS for enterprise "visib… Vakul Garg
- Re: [TLS] Breaking into TLS for enterprise "visib… Hubert Kario
- Re: [TLS] Breaking into TLS for enterprise "visib… Roland Zink
- Re: [TLS] Breaking into TLS for enterprise "visib… Hubert Kario