In https://www.ietf.org/mail-archive/web/tls/current/msg24789.html, Nick Sullivan concluded:
>- on the other hand using draft-rhrd is safer than allowing organizations to >hack single-key escrow into TLS 1.3 or continue to use TLS 1.2 with >non-forward-secret cipher suites I think this sets up a false comparison. Existing TLS 1.3 debugging systems – Wireshark – can debug individual TLS sessions with the session key information being made available. This is what the RHRD draft would require an organization to do, but it adds the additional signaling that the client is willing to allow it. The Wireshark example shows that the signaling is not needed. Servers can unilaterally do it now. I maintain that the cleartext signal servers no useful purpose, except to provide a mechanism for entities to segregate traffic.
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
