your point is taken. But given that it's optional and only used when negotiated by both parties in the TLS handshake, it doesn't seem that invasive to me.
-
-
The argument I heard was that because this will break Antivirus (I'm the last person who would complain about that), they will just start being more invasive with hooks and patching. That's pretty convincing argument, bluecoat aren't just going to close down the business
1 reply 0 retweets 3 likes -
I took it the other way, IMO, someone at MSFT mentioned it as another way to get endpoint TLS MitM further untenable
1 reply 0 retweets 4 likes -
Replying to @SwiftOnSecurity @__b_c and
Right, but is that good or bad? They can switch to hooking and patching instead - they're going to do that, because they're business depends on that and they already need Admin to install cert. So did we make things better or worse?
1 reply 0 retweets 3 likes -
Replying to @taviso @SwiftOnSecurity and
If we could prevent endpoint mitm, you know I would be all for this, but aren't we just forcing them to be more sketchy?
1 reply 0 retweets 4 likes -
Replying to @taviso @SwiftOnSecurity and
It's true for regulated industries, but maybe it's time for that split. Token Binding allows for U2F tokens to be part of handshake and kills off MITM for 2FA auth, even with a good cert... But... Some industries have regulatory requirements to capture user generated content.
2 replies 0 retweets 0 likes -
Replying to @mdhardeman @SwiftOnSecurity and
I think you're saying that it will break TLS MITM middleware boxes (like bluecoat). True, but for those to work you already need Administrator access to endpoint (to install CA). If you have Admin, you can just hook and patch browser instead, which is worse!
2 replies 0 retweets 3 likes -
Replying to @taviso @mdhardeman and
So I'm saying, it doesn't make TLS MITM untenable, it forces the vendors hand to do dangerous things. Do you want more security vendors patching around in chrome.exe? If we could prevent Administrators from MitMing endpoints, you better believe I would be hassling chrome devs
3 replies 0 retweets 2 likes -
Replying to @taviso @mdhardeman and
Make it illegal to display the Chrome name and logo in a browser modified to support MITM.
1 reply 0 retweets 1 like -
Replying to @RichFelker @taviso and
Yep. DMCA, Copyright, and Trademark law certainly would enable this, particularly if you add some protective DRM even if it's only minimal. Let them do what they want under their own badged version of Chromium..
1 reply 0 retweets 1 like
Come on, you think you're in the right, but so do they and they have just as much money to spend on lawyers and lobbyists. Both sides are saying "we need to do this for security" and both sides think the users are on their side. Do you really believe this is easy? 
-
-
Replying to @taviso @RichFelker and
Of course it's not easy, but at least there's extant case law for unauthorized derivative works. Trademark law is pretty clear here too. If they effectively alter your product but keep your branding, it's an actionable violation.
0 replies 0 retweets 0 likesThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.