Addressing Visibility Challenges with TLS 1.3 Within the Enterprise

[josephcsible]

Yes, I believe they own all the endpoints, so I'm fine that they're doing the telemetry at all. But if the method they had in mind for doing the telemetry doesn't require that they do, then I'm opposed to that method in particular.

[tptacek]

You get that Intel can make the same argument about sealed remote attestation protocols embedded in their chipset, right? You don't tolerate that argument when it's your network hosting sealed protocols, but you do when it's other people's. That's a strange position.

[josephcsible]

That argument isn't valid for Intel, because when they sell me their sealed chipset, it stops being theirs and becomes mine.

[tptacek]

Do you not see how that's exactly what the banks are saying about their own computing infrastructure?