On 12/1/2018 9:24 AM, Tony Arcieri wrote: > On Sat, Dec 1, 2018 at 8:12 AM Dmitry Belyavsky <beld...@gmail.com > <mailto:beld...@gmail.com>> wrote: > > I do not understand why the ETSI solution does not provide ability > to impersonate clients/servers. > > > My understanding of this solution is a "visibility" system would have > access to a not-so-ephemeral ECDHE private key. This gives it access > (via passive observation) to all session keys ultimately derived from > ECDHE key agreement, including the resumption master secret.
Which is indeed a huge problem. Security conscious implementations of TLS should detect the use of such "enhancements", and either abort the session or automatically treat it as insecure. -- Christian Huitema
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls