On 7/17/2017, 12:45, "TLS on behalf of Roland Dobbins" <tls-boun...@ietf.org on behalf of rdobb...@arbor.net> wrote:
On 17 Jul 2017, at 18:35, Benjamin Kaduk wrote: > it could easily be enabled accidentally on the Internet, or coercively > required > of certain entities, e.g., by national security letter, once > enablement > is just a configuration setting (as opposed to writing code) Yes, concur. > So, in order to have something that is verifiably opt-in by both > parties, it seems like it would have to be a ClientHello/ServerHello > extension (included in the transcript for the generated traffic keys) > where both sides commit that they are willing to exfiltrate keys to a > given named entity(ies) (whether that's by raw public key, certificate > name, etc., is quite flexible). I agree that the extension approach is something which is worthy of exploration. Great. Then we all are in agreement.
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls