From 44a27e075d50c29459624613994c21cbacce9644 Mon Sep 17 00:00:00 2001 From: Martin Thomson Date: Sat, 16 Mar 2024 12:39:28 +1100 Subject: [PATCH] gap --- draft-ietf-tls-keylogfile.md | 1 + 1 file changed, 1 insertion(+) diff --git a/draft-ietf-tls-keylogfile.md b/draft-ietf-tls-keylogfile.md index 7d92655..434c5ba 100644 --- a/draft-ietf-tls-keylogfile.md +++ b/draft-ietf-tls-keylogfile.md @@ -252,6 +252,7 @@ E.1 of ?RFC8446}}) and some modes of TLS 1.2 (such as those in {{Sections 2.2 and 2.4 of ?RFC4492}}) do not hold if key material is recorded. Access to key material allows an attacker to decrypt data exchanged in any logged TLS connections. + Logging the TLS 1.2 "master" secret provides the recipient of that secret far greater access to an active connection than TLS 1.3 secrets. In addition to reading and altering protected messages, the TLS 1.2 "master" secret confers the