>>> And also: I'm sorry to have to say it, but I consider that >>> attempted weasel wording around the clear intent of 2804. The >>> clear and real effect if your wiretapping proposal were standardised >>> by the IETF would be that we'd be standardising ways in which >>> TLS servers can be compelled into breaking TLS - it'd be a standard >>> wiretapping API that'd be insisted upon in many places and would >>> mean significantly degrading TLS (only *the* most important >>> security protocol we maintain) and the community's perception >>> of the IETF. It's all a shockingly bad idea. >> I clearly disagree. Otherwise, I would not have put any work into the draft. > > What are the specific mechanisms that would allow this technique to be > used where you > intend it, i.e. within a data center, and not where Stephen fears it > would be, i.e., on > the broad Internet? For example, what mechanism could a client use to > guarantee > that this sort of "static DH" intercept could NOT be used against them? >
Christian: In draft-green-tls-static-dh-in-tls13, there is not one. I have not thought about it in these terms. The server, if acting in bad faith, can always release the client's traffic. Russ _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
