[Cryptography] [TLS] ETSI releases standards for enterprise security and data centre management
Dmitry Belyavsky
beldmit at gmail.com
Sat Dec 1 11:11:54 EST 2018
On Sat, Dec 1, 2018 at 6:59 PM Tony Arcieri <bascule at gmail.com> wrote:
> This does not seem to address a problem which was brought up when the
> similar draft-green-tls-static-dh-in-tls13-00 was discussed, namely any
> system in possession of one of the non-ephemeral-ECDHE private keys,
> ostensibly for the purposes of passive traffic decryption, can arbitrarily
> resume decrypted sessions and therefore impersonate any observed clients.
>
> I'm not a fan of systems like this, but I believe for security reasons
> they should be designed in such a way that only the confidentiality of
> traffic is impacted, and a "visibility" system isn't able to leverage the
> decrypted traffic to resume decrypted sessions and thereby impersonate
> clients.
>
I do not understand why the ETSI solution does not provide ability to
impersonate clients/servers.
--
SY, Dmitry Belyavsky
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20181201/516d2052/attachment.html>
More information about the cryptography
mailing list