On 14/03/18 23:16, Stephen Farrell wrote: > Of course some people who are used to MitMing connections will > have problems and will have to change.
I got an offlist message correcting me about the above. I do agree that it's odd to describe post-facto decryption of a TLS session that used RSA key transport (via a copy of the RSA private key) as a MitM. (The off list message didn't say "odd" - it said "wrong":-) It'd have been better if I'd said that all these approaches *enable* MitM rather than *are* MitMing - even if the holder of the copy of the RSA private key might never actually mount an MitM, they always do have the capability to MitM whenever they choose to do that. The same is true of Russ and Ralph's draft as well, though of course the on-path nature of that proposal makes an actual MitM attack more likely I'd guess, given it requires both the cryptographic and the topological capability to MitM whereas RSA based schemes only have to provide the cryptographic capability. So I accept the correction, it's a fair cop. That said, I find using the term MitM as a shorthand for all of the above to be waaaay more accurate than abusing the word "visibility" to describe standardising a MitM capability. S.
0x7B172BEA.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
