Hi Russ, On 07/07/17 17:35, Russ Housley wrote: > Repeating from above, the non-ephemeral DH keys are associated only > with sessions that are inside the enterprise datacenter.
I find it really hard to believe anyone is convinced of that. Yes, one could chose to use this proposed wiretapping scheme like that but figure 3 in the draft makes if fully clear that this colluding or coerced wiretapping device can be anywhere on the Internet. 2804 says "no" here - are you proposing to obsolete that? If so, being up-front about that is IMO a pre-requisite and talk of "datacentres" avoided as the misdirection that it is. Again, I hope the chairs do not devote/waste more time on this until there is a demonstrated IETF consensus to obsolete 2804. We cannot honestly have both this and that. S.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
