Riffing on Dennis' idea

draft-ietf-tls-keylogfile.md

@@ -247,6 +247,12 @@ consumption by other programs.  In both cases, applications might require
 special authorization or they might rely on system-level access control to limit
 access to these capabilities.
 
+Forward secrecy guarantees provided in TLS 1.3 (see {{Section 1.2 and Appendix
+E.1 of ?RFC8446}}) and some modes of TLS 1.2 (such as those in {{Sections 2.2
+and 2.4 of ?RFC4492}}) are not provided if keys are saved.  Logged keys
+therefore risk the authenticity, confidentiality, and integrity of any data that
+is exchanged.
+
 Logging the TLS 1.2 "master" secret provides the recipient of that secret far
 greater access to an active connection than TLS 1.3 secrets.  In addition to
 reading and altering protected messages, the TLS 1.2 "master" secret confers the