On Mon, Jan 09, 2017 at 02:55:57PM -0500, Adam Langley wrote: > On Mon, Jan 2, 2017 at 3:57 PM, Adam Langley <a...@imperialviolet.org> wrote: > > I don't expect that those who want to intercept TLS connections will > > see a MUST NOT and go do something else. Rather I think they should > > understand that TLS isn't supposed to be intercepted and, if they want > > to do that, then they're going to be breaking the spec in places. I > > think they're going to do that no matter what we do so I want to > > ensure that these "interceptable" implementations don't inadvertently > > proliferate. (Because if everything Just Works when you accidentally > > copy such a config to your frontend server, then it'll happen.) > > I had understood that the desire from some large institutions to > intercept TLS connections arose only in a datacenter setting. However, > based on private conversations, it appears that at-least one of those > institutions does this on their public frontends and will very likely > do something worse than persistent ECDHE if that's not possible with > TLS 1.3.
Why can't they just decrypt it, possibly encrypt it with some other key, and store that? Kurt _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
