Hi, I have a use-case for allowing an MITM to monitor traffic, but not impersonate a server, and to allow MITM signing for replay of server-responses to support caching.
As far as I'm aware, TLS currently only supports a shared-secret once session initialisation is complete, so I'd need to extend the protocol to support asymmetric encryption for the session. Would there be interest in extending TLS to: - allow monitoring-with-consent (based on asymmetric encryption)? - allow re-signing from an authorised MITM to support caching? Best wishes, Phil Lello
_______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
