The need for enterprise datacenters to access TLS 1.3 plaintext for security and operational requirements has been under discussion since shortly before the Seoul IETF meeting. This draft provides current thinking about the way to facilitate plain text access based on the use of static (EC)DH keys on the servers. These keys have a lifetime; they get replaced on a regular schedule. A key manager in the datacenter generates and distributes these keys. The Asymmetric Key Package [RFC5958] format is used to transfer and load the keys wherever they are authorized for use.
We have asked for a few minutes to talk about this draft in the TLS WG session at the upcoming Prague IETF. Please take a look so we can have a productive discussion. Of course, we're eager to start that discussion on the mail list in advance of the meeting. The draft can be found here: https://tools.ietf.org/html/draft-green-tls-static-dh-in-tls13-01 Thanks for your attention, Matt, Ralph, Paul, Steve, and Russ
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
