This does not seem to address a problem which was brought up when the similar draft-green-tls-static-dh-in-tls13-00 was discussed, namely any system in possession of one of the non-ephemeral-ECDHE private keys, ostensibly for the purposes of passive traffic decryption, can arbitrarily resume decrypted sessions and therefore impersonate any observed clients.
I'm not a fan of systems like this, but I believe for security reasons they should be designed in such a way that only the confidentiality of traffic is impacted, and a "visibility" system isn't able to leverage the decrypted traffic to resume decrypted sessions and thereby impersonate clients. -- Tony Arcieri
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
