19Mar
Would there be any utility for multiple clients sharing the same TLS session key?
I was wondering if there is any utility for multiple hosts sharing the same TLS session key. I have come across proxies and the way they intercept TLS connections is to make the client accept its certificate and then act as client to the end server. This can be problematic with applications that do certificate pinning. If the proxy and the client shared the same session key (a secure key distribution happening post-handshake) then the client could share the session keys to all the hosts it trusts and that way the proxy/proxies could decrypt the intercepted messages. Is this a bad idea?
