> Isn’t possible to achieve the goals of this proposal without re-using DH
> secrets?
> For example, let DH_secret = KDF ( monitoring_key, server.hello ,
> client.hello), or something similar. Ideally, the monitoring_key should be
> updated frequently as possible (while keeping it synchronized
: TLS [mailto:tls-boun...@ietf.org] On Behalf Of Matthew Green
Sent: Wednesday, November 16, 2016 8:55 AM
To: ynir.i...@gmail.com
Cc: tls@ietf.org
Subject: Re: [TLS] TLS Visibility Inside the Data Center (was: I-D Action:
draft-green-tls-static-dh-in-tls13-00.txt)
Thanks for pointing out the line
To: Sean Turner mailto:s...@sn3rd.com>>
> Cc: "mailto:tls@ietf.org>>" <mailto:tls@ietf.org>>
> Subject: Re: [TLS] TLS Visibility Inside the Data Center (was: I-D
> Action: draft-green-tls-static-dh-in-tls13-00.txt)
> Message-ID: <2f41d793-19
If I understand this draft correctly, this draft describes server behavior. It
does not change anything within the TLS 1.3 protocol. IOW a server doing this
will interoperate with any client.
I searched the tls13 draft to see if it has anything to say about this, and the
only thing I found was
Please note that this draft is related to the agenda item:
- TLS Visibility Inside the Data Center
spt
> Begin forwarded message:
>
> From: internet-dra...@ietf.org
> Subject: I-D Action: draft-green-tls-static-dh-in-tls13-00.txt
> Date: November 14, 2016 at 15:36:49 GMT+9
> To:
> Reply-To: in