> On 12 Jul 2017, at 0:21, Stephen Farrell <stephen.farr...@cs.tcd.ie> wrote: > > > > On 11/07/17 22:10, Yoav Nir wrote: >> If one of the parties to a conversation cooperates with the wiretap, >> this isn’t an attack. > Lemme try on this one again from a different angle. > > In classic telephony wiretaps the carrier does the > tap. There are similar situations with TLS... > > In hosted platforms (e.g. wordpress.com and many > others) where the senders and receivers (or publishers > & readers) have read and write access via PHP code > and not via a shell, and cannot therefore control web > or TLS configuration, the platform would be doing a > wiretap if it turned this on, whilst colluding with > or being coerced by some other entity that collects > and later decrypts the ciphertext and packets. > > Are we agreed that that use-case is wiretapping via > this mechanism? > > There are many millions of people who use such > constrained hosted environments.
Wordpress.com <http://wordpress.com/> is a party to the session. It has access to the plaintext and could deliver it to whatever third party whenever they wanted. This draft may be an optimization, but the plaintext was always theirs to give. I might be deluding myself that I’m sending this email to you over TLS. In fact I’m only uploading it to gmail.com <http://gmail.com/> who will forward it to TCD’s server. Both servers will have access to the plaintext. Both servers can send it to a third party, or share session keys or share ECDHE private keys. Whether one party to a conversation (phone or IP) has the right to share private contents with a third party is a legal matter that varies from country to country and from state to state. I only claim that this draft does not change the fact that is true for PFS suites in TLS 1.x and for all suites in TLS 1.3, that it’s impossible to decrypt a recorded session without cooperation from either party, and that cooperation has to start *before* the session is recorded. That is not the case for POTS wiretap or for the RSA key exchange. Yoav
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
