On 12/07/17 13:24, Kyle Rose wrote: > This proposal (and related proposals involving encrypting session keys to > inspection boxes, either in-band or OOB) violates condition 2 because one > endpoint would have to intentionally take action to deliver the session key > or private DH share to the third party.
I agree if there are only two parties, i.e. some deployments of schemes like this wiretapping scheme, do not meet the definition of wiretapping in 2804. > If one endpoint is feeding > cryptographic material to a third party (the only way that information gets > out to the third party, vulnerabilities notwithstanding), they are > collaborating, not enabling wiretapping. That's nonsense. In the POTS case, telcos are collaborating with their local LEAs and that is wiretapping. Claiming that no deployment of this scheme (e.g. the SMTP or wordpress.com type ones already described on the list) meets the 2804 definition is just silly. S.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
