> So aside from enabling MitM, this also enables session resumption by
the decryption service, something that the security considerations
neglects to include in its list.
So I think this is an important point. I assume the authors did not realize
this. That shows how hard, and risky, it is to get this right. In the US, we
have been having arguments where the national police force (FBI) is insisting
that tech companies can create a "golden key" that only they can use, and the
security people are saying it is impossible. This seems like another instance,
no?
Oh heck, let me ask the uncomfortable question: Russ, did you know this or was
Martin's point new to you?
/r$
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
