Cheat sheets

Enterprise Transport Security (ETS) vs TLS

Share this with people that should know this:

This is the reality, companies rely on weaknesses, they abuse weaknesses in the encryption communication models in order to keep track and identify what is happening on their network. To make it worse, a new protocol is being designed which will force the removal of forward secrecy. This protocol is called ETS, which stands for Enterprise Transport Security, but to be honest, you should simply call it ‘Extra Terrible Security’.  

What is forward secrecy

Forward secrecy is a feature that is used in TLS 1.2, this feature provides an additional security layer, and because of this advantage, the new protocol TLS 1.3 will have forward secrecy as a mandatory for a secure connection this decision was made by IETF, the Internet Engineering Task Force.

Forward secrecy is an optional feature, that if enabled, would ensure that sniffed and intercepted communication could not be decrypted.

Image result for forward secrecy model
Forward secrecy since 2013 @ Twitter

So why use ETS if it is weaker?

Companies want to be in control, especially financial companies like banks. These type of companies rely on the technique to decrypt TLS traffic, they use this for intrusion detection and prevention, monitoring, packet capture and DDoS mitigation.

The ETS protocol allows this as it does not support the forward secrecy feature. The same companies actually requested IETF to make forward secrecy optional again in TLS 1.3, luckily IETF said NO to this.

IETF said no, ETSI said yes

The IETF said no, we will not standardize this model, the risks are too great, but this did not mean that the proposal was killed. The proposal was send towards ETSI, and since 2017 ETSI has been working on the model, in October 2018, the even released multiple articles and papers to support ETS.

Real harm can be done if you use ETS

Webservers and public environments that do make use of the weaker ETS protocol will intentionally or accidently make all of their visitors vulnerable to snooping, meaning that personal information and intellectual property can and will be exposed.

Don’t use it!

A healthy brain
Share this with people that should know this: