I do not entirely have context on for the requirements for something like that, I would imagine that the requirements would be significantly different and would need to be clearly defined. However, at a high level I'm not sure using a DC would be different from a provider obtaining a certificate for a short time duration instead. The DC use case for short duration is for increased reliability during normal service operation, however for these kinds of cases, which might be one off use cases, one could obtain a real certificate.
Subodh ________________________________ From: TLS <tls-boun...@ietf.org> on behalf of Florian Weimer <f...@deneb.enyo..de> Sent: Friday, November 1, 2019 1:13 PM To: tls@ietf.org <tls@ietf.org> Subject: [TLS] Delegated Credentials and Lawful Intercept Would it be possible to use delegated credentials to address lawful intercept concerns, similar to eTLS? Basically, the server operator would issue a delegated credential to someone who has to decrypt or modify the traffic after intercepting it, without having to disclose that backdoor in certificate transparency logs. And in a data center scenario, perhaps people feel more comfortable loading those short-term credentials into their monitoring equipment. _______________________________________________ TLS mailing list TLS@ietf.org https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_tls&d=DwICAg&c=5VD0RTtNlTh3ycd41b3MUw&r=h3Ju9EBS7mHtwg-wAyN7fQ&m=t6MvhK2KrPUKpEpozCS52kUs5eut_Pp-vjNPUa2R8gw&s=B6JEL8LBe1zq0d4EA0GgjAf8-H3ocB-zBLNnDTFkToM&e=
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
