[Last-Call] Re: draft-ietf-tls-keylogfile-04 ietf last call Opsdir review
Martin Thomson <mt@lowentropy.net> Mon, 19 May 2025 23:43 UTC
Return-Path: <mt@lowentropy.net>
X-Original-To: last-call@mail2.ietf.org
Delivered-To: last-call@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 997692A771A1; Mon, 19 May 2025 16:43:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.797
X-Spam-Level:
X-Spam-Status: No, score=-2.797 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b="AEtFqc/o"; dkim=pass (2048-bit key) header.d=messagingengine.com header.b="rQv65sZj"
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kufYrYDhMc4P; Mon, 19 May 2025 16:43:41 -0700 (PDT)
Received: from fhigh-a1-smtp.messagingengine.com (fhigh-a1-smtp.messagingengine.com [103.168.172.152]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id EE4832A7719B; Mon, 19 May 2025 16:43:38 -0700 (PDT)
Received: from phl-compute-06.internal (phl-compute-06.phl.internal [10.202.2.46]) by mailfhigh.phl.internal (Postfix) with ESMTP id CD60511400B5; Mon, 19 May 2025 19:43:38 -0400 (EDT)
Received: from phl-imap-15 ([10.202.2.104]) by phl-compute-06.internal (MEProxy); Mon, 19 May 2025 19:43:38 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=cc:cc:content-transfer-encoding:content-type:content-type :date:date:from:from:in-reply-to:in-reply-to:message-id :mime-version:references:reply-to:subject:subject:to:to; s=fm1; t=1747698218; x=1747784618; bh=lhyaPV6zfQ9e76iycTB+PB1ZBKqiP82O gosA/Fmutg0=; b=AEtFqc/o2gH2Lh8AFyRKeVq94Vw34yrg/zzU+ZUM26WauCXf s33Ot/QomlDkKHErIwHUCul6r8krcFfxf7xkKrkm6cudvQLs+Yw+Uj+SlqNAiQfA HqGdTcoYGFBeAi38WWfY5qdXFnLvhi+QSJYr2y3t1upzM6QRqapd2GSDXfeo+23I q+V1XFAI0MVlOPk5laTX3DUwh1WdohAO6AWShOi1AuPlPvMSQ2ttZX2lrsmygs2c iLGgFWnQgAIM6eiKYIOof5AjgWTak6h3bZ2KOOa4OIab1sXxToXbnolxpIEpAJ9J bW1BqCHvVwwOnwVugbP8125E1Lmb6Af02YFm6Q==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:content-type:date:date:feedback-id:feedback-id :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm3; t=1747698218; x= 1747784618; bh=lhyaPV6zfQ9e76iycTB+PB1ZBKqiP82OgosA/Fmutg0=; b=r Qv65sZjG4DsYL15CLLRJcd+kHIo/5pXYk98JooyXxo7AfMY43TvtXln3N/KoF+Pd wNnO/AzfsfmnB7pK6FyK7z6R967xNQ+D1OHMuFFGf2QzExdlT1XSpZ5nv10VtAve dVUi9H0qUg2RWohqCL6MKw5xz8gPwNHGj40wjuHOhZZv6hvOj1BWcduhJy5I0jhu OjpGrCgmVKJ6Jf6uX3xQofji4twlad/sVX3bDL/LyPt+wLaJyxHZSNiDZx9sAJQm CuKOB6y2eOL6FVGe20uZwjxmSX1be/L6sv18xrP3PmSQsfyfzI+wCnObwz6J1q6E l1u/DhOh21ImFIa7MVAGw==
X-ME-Sender: <xms:KsIraIre3ldSlv-CraSjpVVshAS50iZ5zEKh3G-1JwsDMDhumWNkyQ> <xme:KsIraOrYAsGh2Jwila1QLqJPl1_cbZcn40m1xFT5zG66eN6W7dfm1J18GXapz-LCO v0nUmCNJt8LscZfZOw>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeefvddrtddtgdefvddvjeefucetufdoteggodetrf dotffvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdggtfgfnhhsuhgsshgtrhhisggv pdfurfetoffkrfgpnffqhgenuceurghilhhouhhtmecufedttdenucesvcftvggtihhpih gvnhhtshculddquddttddmnecujfgurhepofggfffhvfevkfgjfhfutgfgsehtqhertder tdejnecuhfhrohhmpedfofgrrhhtihhnucfvhhhomhhsohhnfdcuoehmtheslhhofigvnh htrhhophihrdhnvghtqeenucggtffrrghtthgvrhhnpeduheduhfdugeehgfeiueejvdev ueefieevjeffffegudeivdeftedvgeeiffffkeenucevlhhushhtvghrufhiiigvpedtne curfgrrhgrmhepmhgrihhlfhhrohhmpehmtheslhhofigvnhhtrhhophihrdhnvghtpdhn sggprhgtphhtthhopeehpdhmohguvgepshhmthhpohhuthdprhgtphhtthhopehjvggrnh hmihgthhgvlhdrtghomhgsvghssehgmhgrihhlrdgtohhmpdhrtghpthhtohepughrrghf thdqihgvthhfqdhtlhhsqdhkvgihlhhoghhfihhlvgdrrghllhesihgvthhfrdhorhhgpd hrtghpthhtoheplhgrshhtqdgtrghllhesihgvthhfrdhorhhgpdhrtghpthhtohepohhp shdqughirhesihgvthhfrdhorhhgpdhrtghpthhtohepthhlshesihgvthhfrdhorhhg
X-ME-Proxy: <xmx:KsIraNPvMJiYwLikG7z-pyZNKIhoHN3VKLZl4t_gyDkwx53brWZvQw> <xmx:KsIraP4atRkdjJDRPc2vTJr5EzQgHUIP1PgORBcKx59SQyWg5rHrAA> <xmx:KsIraH52yAq0-zJX0iZZt5URqXiErWb_h56O2QDS6UEPMIvab07wwg> <xmx:KsIraPhD3rLPqstpbyLz2g0KIrN_J7uD3rvsjHVAwfp_Uxup9bFvGg> <xmx:KsIraPUMvur7McLVqyVlJ9t-TmqFLzYU88mjIzOwnNA8IhZDQXvZPIIs>
Feedback-ID: ic129442d:Fastmail
Received: by mailuser.phl.internal (Postfix, from userid 501) id 8898078006C; Mon, 19 May 2025 19:43:38 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
MIME-Version: 1.0
X-ThreadId: T4e0c8dbbd5a73f0c
Date: Tue, 20 May 2025 09:43:18 +1000
From: Martin Thomson <mt@lowentropy.net>
To: Jean-Michel Combes <jeanmichel.combes@gmail.com>, ops-dir@ietf.org
Message-Id: <a11bc391-9f0c-4efa-a290-d853ff01d223@betaapp.fastmail.com>
In-Reply-To: <174654656075.678918.2290707879730922068@dt-datatracker-58d4498dbd-6gzjf>
References: <174654656075.678918.2290707879730922068@dt-datatracker-58d4498dbd-6gzjf>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: KWP6YD7XWKBUNOQDHSFQGMSV6JTNO2AP
X-Message-ID-Hash: KWP6YD7XWKBUNOQDHSFQGMSV6JTNO2AP
X-MailFrom: mt@lowentropy.net
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: draft-ietf-tls-keylogfile.all@ietf.org, last-call@ietf.org, tls@ietf.org
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [Last-Call] Re: draft-ietf-tls-keylogfile-04 ietf last call Opsdir review
List-Id: IETF Last Calls <last-call.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/last-call/WQ220gqFAyqTF5T8iVdFuTcP_l8>
List-Archive: <https://mailarchive.ietf.org/arch/browse/last-call>
List-Help: <mailto:last-call-request@ietf.org?subject=help>
List-Owner: <mailto:last-call-owner@ietf.org>
List-Post: <mailto:last-call@ietf.org>
List-Subscribe: <mailto:last-call-join@ietf.org>
List-Unsubscribe: <mailto:last-call-leave@ietf.org>
Prompted by Med's comment, I found this email (which I'd missed earlier). A few points on the substance. On Wed, May 7, 2025, at 01:49, Jean-Michel Combes via Datatracker wrote: > Regarding the substance, IMHO, it looks like the promotion of a nightmare for > any operational security guy :) My main fear is to see the use of such feature > in a “production system” because (1) the border between “test system” and > “production system” is not always as clear as expected (2) forgetting to switch > off such a feature when pushing the system into production may become an easy > mistake. Now, IMHO and except if I missed something, it should be less complex > from an operational security point of view (i.e., rights management) to > debug/analyze protocols in configuring TLS with “NULL ENCRYPTION” (i.e., > configuration rights) than logging/storing secrets (i.e., write rights, read > rights, export rights). There's a bunch of stuff in the draft that is aimed at preventing the operational nightmare. Or at least better manage the risks. As you say, this is what people are often most concerned about with this sort of capability. If it is enabled, then the logs are a significant risk to operational security. This is fundamentally different than "NULL" encryption, because disabling encryption makes everything visible to everyone. At least with a key log, you have the hope that the logged keys are kept away from random strangers on the internet. Recall that you need both the key log AND access to the TLS connection itself. That needs to be in real-time if you are mounting an attack that involves modifying stuff; or packet captures if you just want to look at the content (like with Wireshark). If you are concerned about this feature, constraints can be placed that ensure it is never accidentally enabled. Compiling the feature out is most common. Then there is the method of enabling, which in many cases requires the ability to set environment variables when launching a process. That is access at a level similar to LD_PRELOAD, which is a far more damaging capability, opsec-wise. There are various rules that can be put in place to prevent accidents, like code that checks for environment variables and crashes, with separate controls than the conditional compilation, requiring multiple failures to occur for bad code to reach active use in production. For example, in a lot of deployments, the filesystem of a host is not readily accessible. Far better protected than the stuff it sends to others. Obviously, your web server could be modified to put the files somewhere it is going to serve from, but that requires special effort to enable (something I've seen done deliberately, FWIW). Nothing perfect here, obviously, but there are tricks. Either way, I can't see how NULL encryption is ever better.
- [Last-Call] draft-ietf-tls-keylogfile-04 ietf las… Jean-Michel Combes via Datatracker
- [Last-Call] Re: draft-ietf-tls-keylogfile-04 ietf… Martin Thomson
- [Last-Call] Re: [TLS] Re: draft-ietf-tls-keylogfi… Salz, Rich