W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2012

Re: breaking TLS (Was: Re: multiplexing -- don't do it)

From: Willy Tarreau <w@1wt.eu>
Date: Fri, 6 Apr 2012 21:54:24 +0200
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Cc: Nicolas Mailhot <nicolas.mailhot@laposte.net>, ietf-http-wg@w3.org
Message-ID: <20120406195424.GF32717@1wt.eu>
On Fri, Apr 06, 2012 at 05:39:43PM +0100, Stephen Farrell wrote:
> Detecting/blocking inbound malware is a real requirement. I was asking
> for evidence that such detection/blocking is happening because of
> MITMing TLS.

We do have customers asking for this. Their reasoning is simple :
  - either I can ensure they don't bring malware in ;
  - or I block the site.

Some sites are generally slightly more trusted than other ones. For
instance, https to gmail, yahoo, amazon, paypal or banks is trusted
because they're expected to clean their contents. So you end up with
the classical 3-level filtering :

  - white-list a bunch of trusted sites
  - black-list a bunch of other sites
  - block all other ones or apply MITM if you can

Contrary to a common belief, large corporations don't care a dime what
you're saying via your webmails, simply because there is far too much
traffic to have anyone analyze it. What would you expect them to see
at 1000 req/s ~ 30-50 million req/day ?

They care about keeping their employees efficient at work, which means
ensuring they don't break their tool with malware, and they don't waste
their time on online games and social networks. Of course legal stuff
is applied too (block access to hate & porn sites).

Regards,
Willy
Received on Friday, 6 April 2012 19:54:51 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:59 GMT