First, I do not see this as a “wiretapping discussion” based on my reading of 2804, although others may disagree.
Second, I believe that this discussion should go forward based on several points: 1. this proposal does not involve any changes to the bits on the wire specified in the TLS 1.3 document 2. this proposal offers significantly better security properties than current practice (central distribution of static RSA keys) 3. alternative solutions with significantly worse security properties are also feasible under TLS 1.3, and I would like to avoid them! We should be in the business of developing pragmatic, interoperable solutions with appropriate security properties. Balancing cryptographic security with other security requirements to achieve such solutions should be an acceptable path, and pursuing this work in the TLS working group gives the IETF the best opportunity to influence these solutions.
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
