Re: [TLS] Malware (was Re: draft-green-tls-static-dh-in-tls13-01)

"Roland Dobbins" <rdobbins@arbor.net> Mon, 17 July 2017 16:48 UTC

From: Roland Dobbins <rdobbins@arbor.net>
To: Simon Friedberger <simon.tls@a-oben.org>
Cc: "tls@ietf.org" <tls@ietf.org>
Date: Mon, 17 Jul 2017 18:48:22 +0200
Message-ID: <64A2BAB5-5EAC-4608-9BF4-856CA0859042@arbor.net>
In-Reply-To: <dfc93b70-0fa4-6cac-8c3d-5f2ff771f85d@a-oben.org>
References: <CABkgnnU8ho7OZpeF=BfEZWYkt1=3ULjny8hcwvp3nnaCBtbbhQ@mail.gmail.com> <2A9492F7-B5C5-49E5-A663-8255C968978D@arbor.net> <CABkgnnX7w0+iH=uV7LRKnsVokVWpCrF1ZpTNhSXsnZaStJw2cQ@mail.gmail.com> <FDDB46BC-876C-49FC-9DAE-05C61BB5EFC9@vigilsec.com> <9C81BE7B-7C21-4504-B60D-96BA95C3D2FD@arbor.net> <CAEa9xj55jzch-v0mysbRSryNM0Y7Bdtevmrc3+FVxMO8EP5zWA@mail.gmail.com> <CC3CE5F8-C8C2-4A70-829D-483E26D20733@arbor.net> <CAEa9xj5eR6b_+CsSDArMWWr-u8hx5B81kDVEMEX8sgfUeMUS8g@mail.gmail.com> <C3B01C35-E3A2-4A8B-9DD7-D6E4153ED39F@arbor.net> <CAEa9xj6p0y9ZzxLJvtv9GDzzfs5s13nnLqm=4_fNDPGV+=Od8Q@mail.gmail.com> <BE4E8E4A-51FC-4211-A16F-EBA8B3F01757@arbor.net> <CAEa9xj7sVcGAR03f3pWsK7giFqmu7GRHN4gqh9Nb6uEAOM88Yw@mail.gmail.com> <637C97B3-DA63-4F61-8EB5-D938136D520C@arbor.net> <dfc93b70-0fa4-6cac-8c3d-5f2ff771f85d@a-oben.org>
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Jul 2017 16:48:39.4062 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR0101MB1039
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/qBdoWzvO-KH8FVES0k8C9i7Gjjc>
Subject: Re: [TLS] Malware (was Re: draft-green-tls-static-dh-in-tls13-01)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Jul 2017 16:48:43 -0000

On 17 Jul 2017, at 18:40, Simon Friedberger wrote:

> I'm not sure the same considerations should apply to both those 
> situations.

Actually, they do, when you're on your network prior to the egress point 
- apologies for being unclear about that.

Many enterprises force all outbound user-generated traffic through 
proxies, which then inspect TLS-wrapped traffic, blocking bad traffic 
(like data exfiltration) while then opening up proxy connections for 
legitimate traffic, FYI.

Conversely, they do the same with inbound traffic in response to said 
user-generated traffic, and block things like malware downloads.

-----------------------------------
Roland Dobbins <rdobbins@arbor.net>

[TLS] Malware (was Re: draft-green-tls-static-dh-… Martin Thomson
Re: [TLS] Malware (was Re: draft-green-tls-static… Blumenthal, Uri - 0553 - MITLL
Re: [TLS] Malware (was Re: draft-green-tls-static… Kathleen Moriarty
Re: [TLS] Malware (was Re: draft-green-tls-static… Roland Dobbins
Re: [TLS] Malware (was Re: draft-green-tls-static… Roland Dobbins
Re: [TLS] Malware (was Re: draft-green-tls-static… Martin Thomson
Re: [TLS] Malware (was Re: draft-green-tls-static… Dobbins, Roland
Re: [TLS] Malware (was Re: draft-green-tls-static… Russ Housley
Re: [TLS] Malware (was Re: draft-green-tls-static… Dobbins, Roland
Re: [TLS] Malware (was Re: draft-green-tls-static… Carl Mehner
Re: [TLS] Malware (was Re: draft-green-tls-static… Dobbins, Roland
Re: [TLS] Malware (was Re: draft-green-tls-static… Carl Mehner
Re: [TLS] Malware (was Re: draft-green-tls-static… Dobbins, Roland
Re: [TLS] Malware (was Re: draft-green-tls-static… Carl Mehner
Re: [TLS] Malware (was Re: draft-green-tls-static… Dobbins, Roland
Re: [TLS] Malware (was Re: draft-green-tls-static… Blumenthal, Uri - 0553 - MITLL
Re: [TLS] Malware (was Re: draft-green-tls-static… Jeffrey Walton
Re: [TLS] Malware (was Re: draft-green-tls-static… Carl Mehner
Re: [TLS] Malware (was Re: draft-green-tls-static… Roland Dobbins
Re: [TLS] Malware (was Re: draft-green-tls-static… Roland Dobbins
Re: [TLS] Malware (was Re: draft-green-tls-static… Carl Mehner
Re: [TLS] Malware (was Re: draft-green-tls-static… Simon Friedberger
Re: [TLS] Malware (was Re: draft-green-tls-static… Roland Dobbins
Re: [TLS] Malware (was Re: draft-green-tls-static… Watson Ladd
Re: [TLS] Malware (was Re: draft-green-tls-static… Roland Dobbins
Re: [TLS] Malware (was Re: draft-green-tls-static… Roland Dobbins
Re: [TLS] Malware (was Re: draft-green-tls-static… Blumenthal, Uri - 0553 - MITLL
Re: [TLS] Malware (was Re: draft-green-tls-static… Dobbins, Roland
Re: [TLS] Malware (was Re: draft-green-tls-static… Blumenthal, Uri - 0553 - MITLL
Re: [TLS] Malware (was Re: draft-green-tls-static… Roland Dobbins
Re: [TLS] Malware (was Re: draft-green-tls-static… Roland Dobbins