Re: [TLS] TLS Proxy Server Extension

[Martin Rex <mrex@sap.com>]

Matt McCutchen wrote:
> 
> A person using a corporate laptop has no expectation of privacy from the
> company.  The proxy extension just offers a technically more capable
> solution for that scenario.

Not everyone is living in totalitarian countries where this might apply.

As I previously said, our constitution provides fundamental gurantees
of privacy, and protects against both, government agencies spying
on citizens as well as employers spying on employees.


> 
> No one is proposing, per se, that TLS interception be used in any more
> places than it is now.  Of course, interception may now be used in
> places where it was always desired but could not be used before due to
> protocol issues.  However, it's hard to believe that the proxy extension
> would change the market and/or legal forces that currently restrain ISPs
> from routinely intercepting customer traffic, if that is what Martin is
> worried about.

No, it is primarily about the employer spying on employee case, which
has been clearly ruled unconstitutional in Germany.  But the stiff penal
code that might provide sufficient deterrant for ISPs does not universally
apply to employers, leaving you with civil action an "cease and desist"
and a number of completely clueless entry courts.


> 
> The TLS WG may have a personal distaste for the use case addressed by
> the extension.  But I would reason that the use case is valid, thus the
> extension is worthy of standardization to get interoperable
> implementations, and the TLS WG is the best venue available for
> technical discussion.  As David explained
> (https://www.ietf.org/mail-archive/web/tls/current/msg07920.html), the
> use case does not constitute wiretapping as defined in RFC 2804.

I haven't heard any use cases for the TLS proxy in this discussion
that are not factually equivalent to wiretapping.


-Martin