Re: [Gen-art] Genart last call review of draft-ietf-tls-keylogfile-01
Martin Thomson <mt@lowentropy.net> Sun, 14 April 2024 10:22 UTC
Return-Path: <mt@lowentropy.net>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2CA0CC14F601; Sun, 14 Apr 2024 03:22:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.797
X-Spam-Level:
X-Spam-Status: No, score=-2.797 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b="OcpOUcjm"; dkim=pass (2048-bit key) header.d=messagingengine.com header.b="qp4ymaSa"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JLIBbBZ1VKqM; Sun, 14 Apr 2024 03:22:50 -0700 (PDT)
Received: from wfhigh4-smtp.messagingengine.com (wfhigh4-smtp.messagingengine.com [64.147.123.155]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7DC71C14F60D; Sun, 14 Apr 2024 03:22:47 -0700 (PDT)
Received: from compute6.internal (compute6.nyi.internal [10.202.2.47]) by mailfhigh.west.internal (Postfix) with ESMTP id 28C2018000D2; Sun, 14 Apr 2024 06:22:46 -0400 (EDT)
Received: from imap41 ([10.202.2.91]) by compute6.internal (MEProxy); Sun, 14 Apr 2024 06:22:46 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=cc:cc:content-type:content-type:date:date:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:subject:subject:to:to; s=fm3; t=1713090165; x= 1713176565; bh=TEJrUv3AXpJhRFwd8JTfVuFDUSIMVBEVeo88NMZTReI=; b=O cpOUcjmHeR3M/ncxUcvPUmwaLoIJkvXIkVZ/+TOScE+Jivi64dlbb0p3VrCtpift GnLnQ+2oQIandmJPocg4r63WMMRlFJbe4p/Dy9yogU6AYUphM9LpAnwa+rb5A9RF ZlQNuxXSeEA0Xi4JFAYBuuiG0xTsC/LY7DHgbCjEld0EmKZq4mKo7VdVGbta8qA8 NYnhtDMDVnJxkxeoSjEajSdbdOGoGTbEFVnQzbz1wNMlcAmDtoinEyQuldXYz7yZ mKzdK+4onOe+XCV1k8ryPBYXE5gEfD+Es5QazKKJ/AoFrpGPuTH67iOxmiQX43DD k8WasOER2i5NFa0O3EAEw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:subject:subject:to :to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm2; t=1713090165; x=1713176565; bh=TEJrUv3AXpJhRFwd8JTfVuFDUSIM VBEVeo88NMZTReI=; b=qp4ymaSaYgXQ99TlfpAQauozJVpwMpJihuxZrPnnP0yb xr54I9Nd7PT1aKVBhvs6J7E0l+F0p6AfzkTr9eT+mFAABP2fi0orfXqgNh0MIbOp UzWf1dtb8VvEpbDpNc3dzY+fkOyvBUoDcUfu+qyBJpEU+wgyXapFc4GJanJPBORZ hxP5KkmkMqPC/QGi02T0Kijvjluy/oNQ+88QVWSCkZTQ3IkCXD6OH0AHfd5C7vVy +k8hESu8kCMhSB5f4dFsg17Qm8pcXIW2GyY+2vHak8QfnGln2wYGCzU6oyQqykln bDBL5Dt0gMcoYnzkuhhXcCRkVXZHOpc2Ee7//y9STg==
X-ME-Sender: <xms:da4bZooWctTgUuCxsDRzZW1sDUyshDeISkiIr5bRjYmHySn55amscg> <xme:da4bZuqwAbDu2s9boICjk3yGkks1bqZ4TVBdnG2_yxv0DYXoR0VvoxTKMoFouN0cz SNYaEwGymhUocniLbM>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvledrudeiledgvdekucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepofgfggfkjghffffhvfevufgtsehttdertderredtnecuhfhrohhmpedfofgr rhhtihhnucfvhhhomhhsohhnfdcuoehmtheslhhofigvnhhtrhhophihrdhnvghtqeenuc ggtffrrghtthgvrhhnpeefgeeiveevhedtjeefieefueffudduuddtveekvedvieeuvdej hefhveetheefieenucffohhmrghinhepghhithhhuhgsrdgtohhmpdhivghtfhdrohhrgh enucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehmthes lhhofigvnhhtrhhophihrdhnvght
X-ME-Proxy: <xmx:da4bZtPnwnD9sMlDBV_UWO_YuETNmukG1PlwS2fP-nKgJWII8_si9g> <xmx:da4bZv6yqxTwcjgoJLBPr3udKYVxQjtTSXLHRIeeRpNinGvYWPqmEw> <xmx:da4bZn4uV5LqycJ5pMpFDVmlyYXtmEfJv5E1kfgUc6qICR9Zg9QGTA> <xmx:da4bZvib8kNAFFvaG_xr_qYMA1xZqyefkgXPIlZtR6qsOGvilw03LQ> <xmx:da4bZq0-1KdypRxuqZnpwvAxMn0awZhTXVCUXoTWwCgE3r_qUn5nPoqb>
Feedback-ID: ic129442d:Fastmail
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 4D9472340080; Sun, 14 Apr 2024 06:22:45 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.11.0-alpha0-379-gabd37849b7-fm-20240408.001-gabd37849
MIME-Version: 1.0
Message-Id: <bf9d2025-2925-4092-a85f-2a7c4014c08d@app.fastmail.com>
In-Reply-To: <171294664943.62605.7873105311521971417@ietfa.amsl.com>
References: <171294664943.62605.7873105311521971417@ietfa.amsl.com>
Date: Sun, 14 Apr 2024 06:22:23 -0400
From: Martin Thomson <mt@lowentropy.net>
To: Russ Housley <housley@vigilsec.com>, gen-art@ietf.org
Cc: draft-ietf-tls-keylogfile.all@ietf.org, last-call@ietf.org, tls@ietf.org
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/gen-art/BLiax91p5144VvPX1wJXwZnTtGc>
Subject: Re: [Gen-art] Genart last call review of draft-ietf-tls-keylogfile-01
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 14 Apr 2024 10:22:55 -0000
Thanks Russ, https://github.com/tlswg/sslkeylogfile/pull/11 and https://mailarchive.ietf.org/arch/msg/media-types/5IW3tN6mJkqZMyuYWLwoOMNVhgM/ should address those issues. Cheers, Martin On Fri, Apr 12, 2024, at 14:30, Russ Housley via Datatracker wrote: > Reviewer: Russ Housley > Review result: Ready > > I am the assigned Gen-ART reviewer for this draft. The General Area > Review Team (Gen-ART) reviews all IETF documents being processed > by the IESG for the IETF Chair. Please wait for direction from your > document shepherd or AD before posting a new version of the draft. > > For more information, please see the FAQ at > <http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>. > > Document: draft-ietf-tls-keylogfile-01 > Reviewer: Russ Housley > Review Date: 2024-04-12 > IETF LC End Date: 2024-04-18 > IESG Telechat date: unknown > > Summary: Ready > > > Major Concerns: > > None > > > Minor Concerns: > > Section 3: The text says: "Access to the content of a file in > SSLKEYLOGFILE format allows an attacker to break the > confidentiality protection on any TLS connections that are > included in the file." This is clearly true. However, the > attacker this access to the keys can also break the integrity > protections. > > Section 4: The registration of the new application/sslkeylogfile > media-type for all IETF registrations in the standards tree > requires a posting to the media-types@iana.org mail list. A search > of the mail archive id not uncover "sslkeylogfile". To avoid delay, > that mail list discussion should probably get started now. > > > Nits: > > Section 1: s/file format that logging/file format for logging/
- [Gen-art] Genart last call review of draft-ietf-t… Russ Housley via Datatracker
- Re: [Gen-art] Genart last call review of draft-ie… Martin Thomson
- Re: [Gen-art] [Last-Call] Genart last call review… Russ Housley