ETSI releases standards for enterprise security and data centre management
Sophia Antipolis, 5 November 2018
eTLS was created by industry, for industry
ETSI Technical Committee CYBER has recently released a Middlebox Security Protocol specification, Profile For Enterprise Network and Data Centre Access Control, TS 103 523-3, known as Enterprise TLS or “eTLS”. This specification was driven by, and fulfils, an industry need to perform vital data centre operations – whilst supporting a recently standardized version of TLS (1.3). Such required operations include compliance, troubleshooting, detection of attacks (such as malware activity, data exfiltration, DDoS incidents), and more, on encrypted networks – functions which are enabled in the presence of TLS 1.3 by eTLS.
eTLS allows data centre and enterprise network operators to meet their service agreements and legal mandates; eTLS protects users from being forced to revert to older, less secure protocols; and eTLS allows data centre operators and users visibility over who has access to their data.
eTLS, defined in TS 103 523-3, specifies an implementation variant of TLS 1.3. This variant is needed because TLS 1.3 removes support for certain key exchange methods, which prevents passive decryption of TLS 1.3 sessions at any scale. However, there are operational circumstances where passive decryption of sessions is necessary. Such situations generally occur where both the parties in a connection, and by inference the data being exchanged, are under the control of the same entity. eTLS uses a key exchange message that supports these use cases and provides visibility information to the end user using the connection’s certificate.
ETSI creates standards that are driven by industry need. ETSI previously published a Technical Report, ETSI TR 103 421, that recommended providing a series of standards-based solutions to the evolving needs of industry, networks and middleboxes. Part 3 is the first published part of these recommended standards.
ETSI provides members with an open and inclusive environment to support the timely development, ratification and testing of globally applicable standards for ICT-enabled systems, applications and services across all sectors of industry and society. We are a not-for-profit body with more than 850 member organizations worldwide, drawn from 66 countries and five continents. Members comprise a diversified pool of large and small private companies, research entities, academia, government and public organizations. ETSI is one of only three bodies officially recognized by the EU as a European Standards Organization (ESO).
For more information please visit: www.etsi.org
Mob: +33 (0)6 87 60 84 40
Email: [email protected]