Fascinating thread. I propose *NoSecurity* mode. Debug mode, with an insecurity label.
Perhaps defining SSLKEYLOGFILE only in debug mode is tolerable. On Thu, 20 Feb 2025, 11:28 Ben Smyth, <resea...@bensmyth.com> wrote: > On Thu, 20 Feb 2025 at 10:13, Bellebaum, Thomas < > thomas.belleb...@aisec.fraunhofer.de> wrote: > >> > A TLS application interacting with an end-user (e.g. a browser) MUST >> clearly communicate any requests to log TLS secrets to the user and MUST >> NOT indicate a secure connection. >> > > The connection is secure. TLS doesn't defend against compromised devices. >
_______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
