Edits to 3. Enterprise Requirements for Passive (out-of-band) TLS Decryption

rdroms / draft-green-tls-static-dh-in-tls13

Work area for Internet Draft draft-green-tls-static-dh-in-tls13

0 stars 0 forks source link

Edits to 3. Enterprise Requirements for Passive (out-of-band) TLS Decryption #17

Closed rdroms closed 7 years ago

rdroms commented 7 years ago

From Tim Polk:

Second bulleted list: OLD o Key material must be preserved a minimum of 30 days for back-in- time analysis. Using the average time to breach detection as the guide for packet and key retention, the number of days increases. NEW o Key material must be preserved for back-in-time analysis. The period for key retention depends upon local policy, reflecting security and compliance requirements.

rdroms commented 7 years ago

From Steve Fenter:

On the statement above I agree it's probably good to get out of a prescribed number of days which may not fit in every environment. However, I would like to see the word "troubleshooting" included in the retention statement, because troubleshooters have their own requirements for key retention separate from security and compliance requirements.
NEW o Key material must be preserved for back-in-time analysis. The period for key retention depends upon local policy, reflecting troubleshooting, security and compliance requirements.

rdroms commented 7 years ago

From Paul Turner:

You might want to use “operational” instead of “troubleshooting” so that it is more general. Performance monitoring could fall under operational.

rdroms commented 7 years ago

Agreed on new text, using "operational"

Change made and update pushed.