> So it is an openbsd decision although it is not clear to me if it is a
> security
> design decision or rather a standards adherence decision, since it seems to
> me
> that the software that implements this feature does it outside the
> standards.
It's a debugging tool amounting to a complete compromise of the most
important guarantees provided by TLS. It is not formally standardized
yet but that's just a matter of time at this point:
https://datatracker.ietf.org/doc/draft-ietf-tls-keylogfile/
If the security considerations are about as long as the description of
the thing you specify...
No comments:
Post a Comment