In the event that it is not feasible for an operator to obtain the plaintext of a message without the key, isn't that because they don't control either endpoint? If so, why would it be their responsibility to obtain the plaintext? It should be the responsibility of the controller of one of the endpoints.
If they do control one of the endpoints, then they don't need the key, or rather, they have it. So it is not our problem to provide them with a way to change it less frequently, which is really what this proposal boils down to. Can you give an example of a use case for this proposal where what I just said is not true, and explain why it is not true for that use case? Sorry if I am being dense, but I just don't understand why this is an issue. On Sat, Jul 15, 2017 at 9:42 AM, Dobbins, Roland <rdobb...@arbor.net> wrote: > > > > On Jul 15, 2017, at 13:26, Daniel Kahn Gillmor <d...@fifthhorseman.net> > wrote: > > > > Could you point to an example of any regulation that requires plaintext > > from network capture specifically? > > It often isn't feasible to obtain the plaintext any other way in a given > circumstance. > > Not to mention the security & troubleshooting applications which require > insight into the cryptostream on the wire. > > ----------------------------------- > Roland Dobbins <rdobb...@arbor.net> > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
