Hi Mike,

not sure I count, because on the one side I did voice concern about the lack of 
user-warnings [1,2] but on the other side I agreed that some IETF 
standardization was helpful if done right [3].

Most importantly, the threat model is different.
HNDL due to a broken KEM is a passive network attack. It works at scale, simply 
by collecting ciphertexts.
Lawful interception and relationship abuse are not only active attacks, but 
require a partial system compromise (e.g. by RCE or physical access).

Secondly, the use cases of SSLKEYLOGFILE are at least reasonable to me.
If every application becomes encrypted, tool-based debugging becomes much 
easier with a standardized format, in part because no reasonable alternative 
exists.
The reasonable alternative here is hybrids, and to the extend that we may one 
day move past those, waiting for future improvements.

Cheers,

-- TBB

[1] https://mailarchive.ietf.org/arch/msg/tls/nnqmXWtuBUD7W5NOkB57BYk723c/
[2] https://mailarchive.ietf.org/arch/msg/tls/dN09iEO9Zt9aOLoFw72pjFoLgKw/
[3] https://mailarchive.ietf.org/arch/msg/tls/FWmfouytzzqMb614Jv4y1cJxTqc/

Attachment: smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
TLS mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to