Stephen: > You didn't refer to 2804 and the standards track. As an > author do you really think this can be on the standards > track and yet not obsolete 2804?
Yes. Section 3 of RFC 2804 offers pretty clear definition of wiretapping, and that is not what is going on here. In this situation, all of the parties are part of the same organization, under common key management. The server must explicitly accept and use the centrally managed (EC)DH key, so that party is completely aware and, in fact, enabling the other parties to decrypt the traffic. Russ _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
