On Thursday, 15 March 2018 05:51:31 CET Yoav Nir wrote: > At the risk of stating the obvious, it’s because server owners want to use > the same OpenSSL, NSS, SChannel, or whatever you call the Java library that > everybody else uses. They’re all widely used, actively maintained, and > essentially free. > > None of these libraries support any of this functionality.
huh? Sure, it is not nicely packaged in to allow integration with 3rd party systems, and sometimes disabled by default, but it's hardly missing... https://github.com/openssl/openssl/pull/1646 https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Key_Log_Format https://bugs.chromium.org/p/chromium/issues/detail?id=393477 > > On 15 Mar 2018, at 2:16, Watson Ladd <watsonbl...@gmail.com> wrote: > > > > One can either use a static DH share, save the ephemerals on the > > servers and export them, or log all the data on the servers. > > > > These options don't require any change to the wire protocol: they just > > require vendors supporting them. Why don't they meet the needs cited? > > > > Sincerely, > > Watson > > > > _______________________________________________ > > TLS mailing list > > TLS@ietf.org > > https://www.ietf.org/mailman/listinfo/tls > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls -- Regards, Hubert Kario Senior Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 115, 612 00 Brno, Czech Republic
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls