> On Mar 14, 2018, at 9:42 AM, Salz, Rich <rs...@akamai.com> wrote: > > >> So aside from enabling MitM, this also enables session resumption by > the decryption service, something that the security considerations > neglects to include in its list. > > So I think this is an important point. I assume the authors did not realize > this. That shows how hard, and risky, it is to get this right. In the US, we > have been having arguments where the national police force (FBI) is insisting > that tech companies can create a "golden key" that only they can use, and the > security people are saying it is impossible. This seems like another > instance, no? > > Oh heck, let me ask the uncomfortable question: Russ, did you know this or > was Martin's point new to you?
I think my reply to Martin already sows that I missed the point about resumption. I was trying to send the smallest amount of data, I should have made sure the things needed for resumption were not included. Russ _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
