On Thu, Sep 29, 2022, at 16:51, Phillip Hallam-Baker wrote: > A better approach for this particular requirement is to have a > mechanism which uses encryption but explicitly provides the necessary > observer decryption capabilities.
This I agree with. > But that approach has been repeatedly rejected in IETF. Maybe. But the widespread adoption of SSLKEYLOGFILE would suggest otherwise. I think that the thing that is most objectionable is the weakening of TLS. Methods that don't affect TLS security - like SSLKEYLOGFILE - and engage with end systems and their users directly and honestly are less of a threat to the security of other TLS users.
