This is exactly right. We have a *real* problem here. We should *really* solve it. We should do the math. :)
On Wed, Jul 19, 2017 at 3:09 PM, Benjamin Kaduk <bka...@akamai.com> wrote: > As Stephen noted in his presentation, a lot of the proposals for passive > decryption can be seen as trying to turn TLS from a two-party protocol into > a three-party protocol. Which is probably the right way to think about it, > even when all (three) parties are within the same administrative domain. > > Stephen also said something about it being hard to shoehorn a three-party > protocol into the API for a two party protocol. But depending on the > specifics, maybe it's not so bad. For example, if the only semantics you > need are a new API for "this is the list of third parties I authorize to > wiretap this connection", the scope seems fairly limited. > > Another thought spawned from today's session is that, given concerns about > preventing/noticing if schemes intended for the datacenter leak out onto > the internet, it's not really clear that "minimizes changes to the wire > protocol" should be considered a benefit of proposals in this space. If > there are clear changes to the wire protocol, that makes it easy to detect > when the scheme is in use. > > -Ben > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls > >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
