Stephen:
>>> You didn't refer to 2804 and the standards track. As an author do
>>> you really think this can be on the standards track and yet not
>>> obsolete 2804?
>>
>> Yes.
>
> We disagree.
>
>> Section 3 of RFC 2804 offers pretty clear definition of
>> wiretapping, and that is not what is going on here. In this
>> situation, all of the parties are part of the same organization,
>> under common key management.
>
> That is one possible deployment. There is nothing in this
> proposal that limits it's use to that.
>
>> The server must explicitly accept and
>> use the centrally managed (EC)DH key, so that party is completely
>> aware and, in fact, enabling the other parties to decrypt the
>> traffic.
>
> Yes, and the server could equally be compelled to do that,
> in which case this technology would clearly be a standard
> form of wiretapping.
>
> Claiming that is not the case would be incredible so I have
> no idea how you maintain that this isn't in conflict with
> 2804.
That does not follow the definition in Section 3 of RFC 2804. If one of the
parties is "compelled" to install the centrally managed (EC)DH key, then the
server is aware. If you consider the server to be the sending party, then this
situation does not meet number 1 in the definition. If you consider the server
to be the receiving party, then this situation does not meet number 2 in the
definition.
To save everyone from looking it up, RFC 2804 says:
Wiretapping is what occurs when information passed across the
Internet from one party to one or more other parties is delivered to
a third party:
1. Without the sending party knowing about the third party
2. Without any of the recipient parties knowing about the delivery to
the third party
3. When the normal expectation of the sender is that the transmitted
information will only be seen by the recipient parties or parties
obliged to keep the information in confidence
4. When the third party acts deliberately to target the transmission
of the first party, either because he is of interest, or because
the second party's reception is of interest.
The term "party", as used here, can refer to one person, a group of
persons, or equipment acting on behalf of persons; the term "party"
is used for brevity.
Of course, many wiretaps will be bidirectional, monitoring traffic
sent by two or more parties to each other.
Thus, for instance, monitoring public newsgroups is not wiretapping
(condition 3 violated), random monitoring of a large population is
not wiretapping (condition 4 violated), a recipient passing on
private email is not wiretapping (condition 2 violated).
Russ
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
