Hi Ilari,
At 12:18 AM 28-02-2025, Ilari Liusvaara wrote:
What kind of private keys? Is that just the known trouble (TLS_RSA_*,
TLS_PSK_* and the session ticket extension), or is it also other key
types? Of those, only the pure-PSK stuff remains in TLS 1.3 (TLS 1.3
does have session tickets, but the mechanism is not a security
disaster).
Thank you for asking those questions. I don't have any information
about the key types.
Those three are especially suited for large-scale monitoring, because
all destroy any forward secrecy, avoiding attacker having to steal
keys on per-connection basis. Which is certainly highly convinient
for attacker.
I don't think putting non-ephemeral keys into SSLKEYLOGFILE would
be even remotely reasonable.
One of the advantages, in my opinion, of having an open discussion
could be to figure out all that.
Regards,
S. Moonesamy
_______________________________________________
TLS mailing list -- tls@ietf.org
To unsubscribe send an email to tls-le...@ietf.org
