> So it is an openbsd decision although it is not clear to me if it is a > security > design decision or rather a standards adherence decision, since it seems to > me > that the software that implements this feature does it outside the > standards.
It's a debugging tool amounting to a complete compromise of the most important guarantees provided by TLS. It is not formally standardized yet but that's just a matter of time at this point: https://datatracker.ietf.org/doc/draft-ietf-tls-keylogfile/ If the security considerations are about as long as the description of the thing you specify...
