On 7/17/2017, 12:45, "TLS on behalf of Roland Dobbins" <[email protected] on behalf of [email protected]> wrote:
On 17 Jul 2017, at 18:35, Benjamin Kaduk wrote:
> it could easily be enabled accidentally on the Internet, or coercively
> required
> of certain entities, e.g., by national security letter, once
> enablement
> is just a configuration setting (as opposed to writing code)
Yes, concur.
> So, in order to have something that is verifiably opt-in by both
> parties, it seems like it would have to be a ClientHello/ServerHello
> extension (included in the transcript for the generated traffic keys)
> where both sides commit that they are willing to exfiltrate keys to a
> given named entity(ies) (whether that's by raw public key, certificate
> name, etc., is quite flexible).
I agree that the extension approach is something which is worthy of
exploration.
Great. Then we all are in agreement.
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
