On Mon, Jul 10, 2017 at 3:37 PM, Stephen Farrell <stephen.farr...@cs.tcd.ie> wrote: > > And if coercion of a server to comply with a wiretap > scheme like this stills fanciful to you, please check > out the history of lavabit - had there been a standard > wiretap API as envisaged here it's pretty certain that > would have been the device of choice in a case like that. > While it's easy enough to envisage many other abuses > that could be based on this wiretap scheme, that one is > a good match and a real one.
There's a lot of insight based on the history. If the mechanism operated at layer 3 or 4 (modify the protocol), then the net is cast overly wide in a shared hosting arrangement. That is, all virtual host's traffic is captured and recovered. If it operates at layer 6 or 7 (modify the applications and/or its libraries, like Apache or Nginx), then there is more precision in target traffic. That is, only the target's traffic can captured and recovered. Jeff _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
