On Tue, Sep 27, 2016 at 06:07:28PM +0000, BITS Security wrote: > Hi Eric--Thank you for the prompt. > > Our requirements are for the same capabilities we have today with TLS > 1.2, namely to be able to take a trace anywhere in our enterprise and > decrypt it out of band (assuming that we own the TLS server). This > includes traces taken from physical taps, traces from span or mirror > ports, traces from the virtual environment, and/or traces from agents > on workstations. We need to be able to apply a key to sniffer > devices, security and fraud monitoring tools, APM devices, and/or TLS > decryption appliances.
No changes to standards are going to happen to make that any easier. Don't waste your time. -Ilari _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls