Re: [TLS] draft-green-tls-static-dh-in-tls13-01

["Roland Dobbins" <rdobbins@arbor.net>]

On 17 Jul 2017, at 21:11, Watson Ladd wrote:

> How do you detect unauthorized access separate from knowing what
> authorization is?

I think we're talking at cross purposes, here.  Can you clarify?

> Yes, but you'll rot13 or rot 128 the file first. Why wouldn't you?

Many don't.  And being able to see rot(x) in the cryptostream has value.


> And the endpoints taking logs won't be?

Logs are no substitute for seeing the packets on the wire.


> Applications can rate-limited their own endpoints.

There's a lot more to DDoS defense than rate-limiting.  Rate-limiting 
often leads to gross overblocking.

> You're telling me a dedicated out of stream box can handle this but a 
> beefy server cannot?

Sadly, in all too many cases, yes.


> No one is taking away the ability to log the PMS to a file. That's the
> capacity which exists now.

But the capacity in question here is to see the packets on the wire.

> Alternatively it's because you've decided to run your networks in ways 
> very
> different from the public internet and used this as a way to avoid
> organizational battles over giving operations the tools they need to 
> work.

I think that some perceptions of how these things are done even on the 
public Internet may be a bit circumscribed.

The tools that network engineers and security personnel need analyze 
network traffic.  Logs are insufficient.

-----------------------------------
Roland Dobbins <rdobbins@arbor.net>