On 17/10/17 16:46, Ion Larranaga Azcue wrote: > The problem I see with a "server to third party" OOB look up or > export of the keys is that the client will not be notified of this > export taking place and so will lose the chance to reject > surveillance... IIUC, with the draft-rehired proposal, the client can in any case not be told - the TLS protocol extensions are mere politeness and the client does not get to know what snooper(s) are involved, nor can the client influence the snooping keys. Once, any infrastructure for this was deployed, I think it'd be used without telling clients for sure. (And we would be fully complicit in helping that happen, if the WG adopted this stuff, because we know that such abuses would be inevitable.)
I think this WG was correct years ago when we passed on the DNT proposal which had the same "just politeness" aspect - the web is not really such a friendly place that one can depend on the kindness of strangers. Nor are many of the many other applications using TLS. S.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
