This works for me on KeepassXC / Keepass2Android, and it looks like Yubico has instructions for original Keepass.
But when Youtube shares the key with me/my client the first time, is that also encrypted?
Here’s an explanation of what happens during the initial TLS handshake.
…if ISP automated the process of gathering keys and decrypting web traffic for a certain site with them for all users, would that work for them?
Not sure this is exactly what you’re asking, but there’s the concept of forward secrecy for defending recorded encrypted traffic from future key compromises.
in·se·cure (ĭn′sĭ-kyo͝or′) adj.
- Inadequately guarded or protected; unsafe: A shortage of military police made the air base insecure.
https://www.thefreedictionary.com/insecure
Unsecure
a. 1. Insecure.
FWIW, I remember having this image on my computer in like 2008. So you’re not far off.
By Grabthar’s Hammer, what an asshole