As Stephen noted in his presentation, a lot of the proposals for passive decryption can be seen as trying to turn TLS from a two-party protocol into a three-party protocol. Which is probably the right way to think about it, even when all (three) parties are within the same administrative domain.
Stephen also said something about it being hard to shoehorn a three-party protocol into the API for a two party protocol. But depending on the specifics, maybe it's not so bad. For example, if the only semantics you need are a new API for "this is the list of third parties I authorize to wiretap this connection", the scope seems fairly limited. Another thought spawned from today's session is that, given concerns about preventing/noticing if schemes intended for the datacenter leak out onto the internet, it's not really clear that "minimizes changes to the wire protocol" should be considered a benefit of proposals in this space. If there are clear changes to the wire protocol, that makes it easy to detect when the scheme is in use. -Ben
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
