Hi Mike, not sure I count, because on the one side I did voice concern about the lack of user-warnings [1,2] but on the other side I agreed that some IETF standardization was helpful if done right [3].
Most importantly, the threat model is different. HNDL due to a broken KEM is a passive network attack. It works at scale, simply by collecting ciphertexts. Lawful interception and relationship abuse are not only active attacks, but require a partial system compromise (e.g. by RCE or physical access). Secondly, the use cases of SSLKEYLOGFILE are at least reasonable to me. If every application becomes encrypted, tool-based debugging becomes much easier with a standardized format, in part because no reasonable alternative exists. The reasonable alternative here is hybrids, and to the extend that we may one day move past those, waiting for future improvements. Cheers, -- TBB [1] https://mailarchive.ietf.org/arch/msg/tls/nnqmXWtuBUD7W5NOkB57BYk723c/ [2] https://mailarchive.ietf.org/arch/msg/tls/dN09iEO9Zt9aOLoFw72pjFoLgKw/ [3] https://mailarchive.ietf.org/arch/msg/tls/FWmfouytzzqMb614Jv4y1cJxTqc/
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
