Encrypted Traffic Inspection (ETI)
More and more applications use encrypted network connections to secure the transport of data. While this trend may be useful for enhanced security, it introduces new challenges for traffic inspection by trusted parties.
For example, most network operators and users want to manage their traffic effectively, meet Service Level Agreements and regulatory requirements, and apply security policies to their internet traffic like malware detection, data leak prevention or similar.
Additionally, current solutions do not allow the client to see, verify the trust level, or control who is inspecting the traffic. They also fail completely if the client applies additional certificate checks (e.g., certificate pinning).
The ETI working group’s aim is to help develop an accepted way of traffic inspection, on top of encrypted transport standards. The group will also discuss requirements for traffic inspection mechanisms based on different use cases and explore proofs of concepts of implementations.
The ETI is an entity based group and you may join as a company or organization. For further information, please send your request to Olaf Bonorden.