➢ I guess the basic question I'm asking is that if a third party is so
powerful that they can do what you describe, aren't they going to force an even
more effective method (trusting their CA so that they can terminate the
connection as a middle man) on clients so that they don't have to coerce every
server?
The stated goal of this work (and its predecessor) is to allow enterprises to
capture traffic for later debugging and analysis. The client could be coming
in via the generic public Internet, with a stock browser.
Your question points out a danger of this mechanism: it becomes all too easy to
“escape” and enable nationwide wiretapping.
Make sense?
_______________________________________________
TLS mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/tls
