On Mon, Jul 24, 2017 at 10:33 AM, Paul Turner <ptur...@equio.com> wrote:
> > > Of course, this is precisely the point. All your proposal does is > complicate the process of sharing sessions with a third-party: it doesn't > stop an endpoint from surreptitiously doing evil. > > > > Is the objective to have the protocol prevent an endpoint “surreptitiously > doing evil”? > To the extent it can, it should (within bounds of performance, deployability, etc.). Many of us have been pointing out that there are limits to what's possible, and tradeoffs involved in other facets. Also, can you define what you mean by evil? > I am using it as shorthand in this conversation for the general notion of actively enabling pervasive surveillance, which might be logging keys to a government server or using a government-generated DH share, among other possibilities. I am happy to use a different phrasing, but this one is useful because it's pithy: it invokes intent, which separates it conceptually from other classes of peer trust violations. Kyle
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
