Hacker News new | ask | show | jobs
by blazespin 3546 days ago
The guy is basically complaining that they have to change all their infra over to MITM versus just decrypting traffic with private keys.

He is right, it will be expensive. And he has a right to complain. Should the working group ignore him? It's a tough call. You risk forking standards when you start to do that.
2 comments
drvdevd 3546 days ago
I think the working group should ignore him because he ultimately wants to save a buck now and shoot himself in the foot, he just doesn't realize it yet.

The enterprise as walled garden approach to security seems quite out of date and is harmful to all parties involved. Like it or not, the Internet at large has made our life one big WAN party, and we need to come to terms with that sooner rather than later.

link
xg15 3546 days ago
That clashes big time with the fact that more users than ever are online today with no clue at all about security. (And it's not practical to change that)

So how would that new approach look? The de-facto solution today is that security is more and more delegated to device vendors and cloud providers. But that seems worse to me than delegating it to the admins of your organization that you know and trust.

link
drvdevd 3546 days ago
I don't think it's so much about who you delegate responsibiltiy for securing networks to so much as how that security actually works. I believe traditional perimeter security is dead or dying and the idea of incident responders manually pouring over pcap files just doesn't scale much further either.

We need machines and global policy to help do this work and we need to stop putting faith in magic black boxes which we know will be thoroughly compromised (e.g.: all enterprise vendor equipment).

More on point, TLS 1.3 seems like a step in the right direction of thought: that you can improve your local security posture by improving the global posture.

link
ChoHag 3546 days ago
The problem he has is that while we're obviating the need for a wall, we're also denying even the possibility of an attractive ironwork fence.
link
ivan_gammel 3546 days ago
It will be expensive, but there's a big market for that. I'm pretty sure that the costs will fall, as soon as the industry understands the demand.
link
dimman 3546 days ago
Most likely yes, the only sad part is that as soon as there's a cost for banks, it's the customers who ends up paying for them one way or another.
link
Yaa101 3546 days ago
Which is not the worst outcome since customers too will benefit from the security...
link