So no options in TLS 1.3 that make it possible to see the server cert in the clear ?
On Sun, Jun 04, 2017 at 03:25:46PM -0500, Benjamin Kaduk wrote: > On 06/02/2017 08:28 AM, Toerless Eckert wrote: > > Another candidate use case coming to mind eg: auditing tht is required in > > many eg: financial > > environments. In the past i have seen even the requirement for the whole > > data streams to be unencrypted > > for auditing. Maybe that market segment would also be able to get more > > privacy but maintain a > > relevant level of auditing if the auditing relevant class of information > > was visible via > > the cert. > > That use case has been extensively discussed (look for the thread > "Industry Concerns about TLS 1.3", also a fair bit of hallway > discussions), and was not seen to provide a compelling argument for any > change in TLS 1.3. There are purely server-side options that should be > able to provide the necessary functionality (crypto details omitted for > now). > > -Ben _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
