Hi Brian, Stephen,
At 06:18 AM 27-02-2025, Stephen Farrell wrote:
From my POV yes: fundamentally it is a bad idea for
the IETF to standardise ways to exfiltrate keys
even if there may be innocuous uses for those. And
this latest ask (extending the exfiltration from
being a TLS-only thing, to cover other protocols
such as EDHOC) IMO nicely demonstrates the danger
of the TLS WG publishing this document.
According to Sheffer, Holz and Saint-Andre, "It is known that stolen
(or otherwise obtained) private keys have been used as part of
large-scale monitoring [RFC7258] of certain servers."
Regards,
S. Moonesamy
_______________________________________________
TLS mailing list -- tls@ietf.org
To unsubscribe send an email to tls-le...@ietf.org
