On Wed, Jul 19, 2017 at 6:09 AM, Benjamin Kaduk <bka...@akamai.com> wrote:
> As Stephen noted in his presentation, a lot of the proposals for passive > decryption can be seen as trying to turn TLS from a two-party protocol into > a three-party protocol. Which is probably the right way to think about it, > even when all (three) parties are within the same administrative domain. > > Stephen also said something about it being hard to shoehorn a three-party > protocol into the API for a two party protocol. > Trying to turn a two-party protocol into a three party protocol is a classical source of confused deputy vulnerabilities: http://www.hpl.hp.com/techreports/2009/HPL-2009-20.pdf This is why I have been such a strong proponent of using something like a TLS extension for this sort of thing if it is to happen. At least that way we get mutual client and server consent. -- Tony Arcieri
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls