Application Network Security and Observability in an Encrypted Future

Explore the challenges and solutions for application network security and observability in an increasingly encrypted landscape. Delve into the collision course between traditional security tools and modern encryption protocols like TLS1.3, encrypted SNI, and HTTPS. Learn about proposed solutions, including moving observability into encryption libraries and implementing proxy logic. Discover how Linux's building blocks, particularly kTLS and BPF, can be leveraged to create a better security model. Examine the necessary threat models for effective security and reliable observability platforms. Investigate current limitations, potential improvements, and performance benchmarks for these systems. Gain insights into how extending the operating system with BPF can pave the way for transparent encryption while maintaining robust security tooling.

Application network security and observability in an encrypted future -John Fastabend