W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2012

Re: breaking TLS (Was: Re: multiplexing -- don't do it)

From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Date: Fri, 06 Apr 2012 17:39:43 +0100
Message-ID: <4F7F1C4F.6020308@cs.tcd.ie>
To: Nicolas Mailhot <nicolas.mailhot@laposte.net>
CC: ietf-http-wg@w3.org


On 04/06/2012 03:18 PM, Nicolas Mailhot wrote:
> Stephen Farrell<stephen.farrell@...>  writes:
>
>> Is it clear that the corp IT guy is really benefiting from the MITM? I'm
>> not saying they are not benefiting, but I've not seen the evidence.
>
> Are you serious?

Yes.

> Take any IT net-zine, they post every few weeks about another corp getting
> infected with various malware, and how much it is costing them
>
> Compared to the cost of one such incident, passing smtp and http traffic through
> an anti-malware gateway is as cheap as it gets (yes it is not perfect, but it's
> a lot more reliable than praying every computer on the internal network is
> properly secured)

Detecting/blocking inbound malware is a real requirement. I was asking
for evidence that such detection/blocking is happening because of
MITMing TLS.

Others were claiming that enforcing policy on outbound content was
a reason for this MITM. In that case, I don't buy that argument as
it happens, so was again asking for evidence.

I've seen assertions, and arguments, but not evidence.

S

>
>
>
Received on Friday, 6 April 2012 16:40:11 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:59 GMT