It's fascinating that people cannot seem to stop picking at the scab remaining after draft-green. I really think we'd be wiser to just let the wound heal. (And get on with the work that this WG has been chartered to do, which does not include wiretapping.)
On 23/07/17 18:17, Felix Wyss wrote: > How about requiring a record of a fixed size that either contains the > session key encrypted with a “leaking key” or the output of a stream > cipher keyed with the session key. A 3rd party observer would not be > able to determine whether the session key is being leaked but the > client can tell and act accordingly. The relevant signal is that a TLS deployment is able to be wiretapped. It doesn't matter how that signal is sent, via rfc1149 or in-band. Adding your putative field (which is eerily reminiscent of a Clipper LEAF) is such a signal, and it doesn't matter what content is in the field today, the "local" authorities will see that and send you the key to use for them. See also the many earlier points about consent, naming etc etc. S. > > --Felix > > From: TLS <tls-boun...@ietf.org> on behalf of Ted Lemon > <mel...@fugue.com> Date: Sunday, July 23, 2017 at 16:34 To: > "Blumenthal, Uri - 0553 - MITLL" <u...@ll.mit.edu> Cc: > "<tls@ietf.org>" <tls@ietf.org> Subject: Re: [TLS] datacenter TLS > decryption as a three-party protocol > > I did a little bit of rubber-duck debugging on this proposal with > Andrea on the way back from Boston this morning. It's actually > better for the server to secretly use a static key than to negotiate. > Stephen has already explained why: if this is a negotiation, then > it's possible for a third party to simply block any negotiation that > doesn't allow it. We have no control over evil endpoints, and it's > silly to pretend otherwise. Pretending otherwise makes us less > secure, not more secure. > > > > _______________________________________________ TLS mailing list > TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls >
signature.asc
Description: OpenPGP digital signature
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
