On Mon, Dec 9, 2013 at 7:47 PM, Eliot Lear <lear@xxxxxxxxx> wrote:
So back to our example: would transparent/intercepting proxies be
something you bounced back if the working group decided to allow them
after due consideration? I ask because that is still a possible outcome.
In order to avoid any possibility of intercept in many systems, you need to use full end-to-end encryption, where the ends are "here" and "eternity" respectively.
I'm not sure there's any way of preventing a transparent proxy when the end users desire it, for that matter, but they might well end up having to entirely break their own security in doing so.
As such, I would expect (and hope) that rather than forcing cases to use nasty things like "magic CA" TLS MITM proxies where the provider has to, by necessity, MITM *all* data, we'd acknowledge that there exist some use-cases where no mitigation is possible, and any heavy-handed approaches to mitigation may prove worse in those cases than no mitigation at all.
I've currently got visions of a private key painstakingly written out onto a post-it note on the side of the monitor.
Dave.