[TLS]Re: [⚠️] Re: The TLS WG has placed draft-rosomakho-tls-ech-keylogfile in state "Call For Adoption By WG Issued"
Yaroslav Rosomakho <yrosomakho@zscaler.com> Thu, 25 July 2024 17:16 UTC
Return-Path: <yrosomakho@zscaler.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1E72DC14F71B for <tls@ietfa.amsl.com>; Thu, 25 Jul 2024 10:16:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=zscaler.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Xx58SHe2b2l0 for <tls@ietfa.amsl.com>; Thu, 25 Jul 2024 10:16:21 -0700 (PDT)
Received: from mail-lf1-x12d.google.com (mail-lf1-x12d.google.com [IPv6:2a00:1450:4864:20::12d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 54117C1D4A7B for <tls@ietf.org>; Thu, 25 Jul 2024 10:16:21 -0700 (PDT)
Received: by mail-lf1-x12d.google.com with SMTP id 2adb3069b0e04-52f0277daa5so665979e87.0 for <tls@ietf.org>; Thu, 25 Jul 2024 10:16:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zscaler.com; s=google; t=1721927779; x=1722532579; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=TKnsI9UBeLUB5ROM9lvWtl3Idm3dCXNUk88eT6GPXVw=; b=dIg7ZvggeqCAK1OdCAPlmPDfW+TGUlPwfoSRcs80AdlFfBqk0yCDw6yEPx2rWyj1hX e/rrcxb/VodkPQGU61IzWo9iaUpX5hdYCclCvfWGHGmn8C4voTuu8LrEmZxUrufkAB7f etCFel5qkhK+sEbssab/pFlfJ2CzXY2Qb8WlA=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1721927779; x=1722532579; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=TKnsI9UBeLUB5ROM9lvWtl3Idm3dCXNUk88eT6GPXVw=; b=wbLDY2Ig9xhvuJAgEMeYcBci3KcrzDlLtXCH/YB5qZROzAs9o3Sg8eDdy18SMoIm8r U9efQas/aWia+72f5EmVjxzXcJOKnn948abDCt+6NQUKXt7KwefSmZ3tZwYsh6xvzoeF fwJwUOx9BNr/rxp2HvaKg8/P+tkk4tp44QVH7sr8OHR+AfYaIZ2/3bAiNBww5WbdnADK M5SMqztDr0KAa0gEC2Shl3jDX8DT6iE2UaZrSmNdMta2ACdBTJoei8IFaLYqXZqS9Pux 06W1nJLNsGShluIxgL73gFqgE8yMaO/2uejvPOlIwV4BAjfRh30nXObtT3lRyWEf06qx 0PJQ==
X-Gm-Message-State: AOJu0YyS/068H5YP9IMQwz3WyP9q5TKFj67TtiOcdRmBooCDF96wqMDV 7qtFgJCAEkdtSeq56DQTLpBh009VzARiMrh0it9SQnEf29xCIU3FZ9HsI3L/u2gXfF47B2U1hIo K/7Keo9cw+EF4ypGvJX8ldVn3INz9PJgKFEHMZG22wluX94I/cHs2bQ==
X-Google-Smtp-Source: AGHT+IGD+kByuNvuk5+EyJ5h9FYUlSuxX0pjlNp1OlDIlcUifMelJIb55MaBSYP7LcHliqgo98vAGq0nQFVZ0zrPMuI=
X-Received: by 2002:a05:6512:230d:b0:52e:fa14:cc96 with SMTP id 2adb3069b0e04-52fd6038879mr2044672e87.34.1721927778443; Thu, 25 Jul 2024 10:16:18 -0700 (PDT)
MIME-Version: 1.0
References: <172192415569.1065771.15879732596740295064@dt-datatracker-659f84ff76-9wqgv> <D40647C6-479E-404A-A4C4-0F562A852B83@akamai.com>
In-Reply-To: <D40647C6-479E-404A-A4C4-0F562A852B83@akamai.com>
From: Yaroslav Rosomakho <yrosomakho@zscaler.com>
Date: Thu, 25 Jul 2024 10:16:07 -0700
Message-ID: <CAMtubr0j+rpnchCt4dNVGH1cx6RjgEH1msjUezGuj5kNwvSLRg@mail.gmail.com>
To: "Salz, Rich" <rsalz=40akamai.com@dmarc.ietf.org>
Content-Type: multipart/alternative; boundary="00000000000090425c061e158d87"
Message-ID-Hash: RCAQSBFI2LVX4MV2BQ2SK4LU6LYFJEEC
X-Message-ID-Hash: RCAQSBFI2LVX4MV2BQ2SK4LU6LYFJEEC
X-MailFrom: yrosomakho@zscaler.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "tls@ietf.org" <tls@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [TLS]Re: [⚠️] Re: The TLS WG has placed draft-rosomakho-tls-ech-keylogfile in state "Call For Adoption By WG Issued"
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/4L5WTglkqOX6B0B6xIVU2iJrNnM>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>
Thank you, Rich. That's a great idea. I personally believe that the current practice adopted by many pieces of _production_ software to take an environment variable and silently dump sslkeylog in a clear text file is rather reckless and should be strongly discouraged. This functionality must really be available only in development builds and have stronger safeguards than just an environment variable. Best Regards, Yaroslav On Thu, Jul 25, 2024 at 9:37 AM Salz, Rich <rsalz= 40akamai.com@dmarc.ietf.org> wrote: > I support adoption. I want the security considerations to recommend that > this SHOULD be controlled by compile-time options, if possible, and > definitely not enabled in general production use. > > Andrei's suggestion of informational is a good idea. > > _______________________________________________ > TLS mailing list -- tls@ietf.org > To unsubscribe send an email to tls-leave@ietf.org >
- [TLS]The TLS WG has placed draft-rosomakho-tls-ec… IETF Secretariat
- [TLS]Re: The TLS WG has placed draft-rosomakho-tl… Salz, Rich
- [TLS]Re: [⚠️] Re: The TLS WG has placed draft-ros… Yaroslav Rosomakho
- [TLS]Re: The TLS WG has placed draft-rosomakho-tl… Sean Turner
- [TLS]Re: The TLS WG has placed draft-rosomakho-tl… Martin Thomson