> > There’s no way to limit it to the use-case it was putatively intended for. We > now have a signaling mechanism that says “allow interception.” Firewalls can > drop connections where the client doesn’t send that extension. Therefore they > can force only tappable TLS traffic. This makes the job easier. >
Can you please be more specific about the scenario(s) you're describing? 1) Is this for communication between servers within the nation state's boundaries and do they have complete control over the owners of those servers (totalitarian state). 2) Is this for communication between servers within the nation state's boundaries and do they not have complete control over the owners of those servers (an apparently democratic state). 3) Is this for communication between servers outside the nation state's boundaries and do not they not have complete control over the owners of those servers (international scenario). And, based on the scenario, how is the third party going to coerce the server vendors into cooperating (for 1, that seems clear, but then they have complete access to all communications anyways)? I'm not just asking these questions to be difficult. I would like to better understand the scenario in which a client and server can be coerced so that it is possible to judge "easier" against the alternatives. > I take it you want to see this draft adopted? > Yes but I'm also keeping my mind open to understand all of perspectives to see if something would change my opinion. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls