[TLS]Re: [⚠️] Re: [EXTERNAL] Adoption call for SSLKEYLOG Extension file for ECH

Yaroslav Rosomakho <yrosomakho@zscaler.com> Thu, 25 July 2024 17:12 UTC

Return-Path: <yrosomakho@zscaler.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2DE28C180B53 for <tls@ietfa.amsl.com>; Thu, 25 Jul 2024 10:12:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=zscaler.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s2_TRCN5GN1O for <tls@ietfa.amsl.com>; Thu, 25 Jul 2024 10:12:25 -0700 (PDT)
Received: from mail-lf1-x12f.google.com (mail-lf1-x12f.google.com [IPv6:2a00:1450:4864:20::12f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1F57AC180B65 for <tls@ietf.org>; Thu, 25 Jul 2024 10:12:25 -0700 (PDT)
Received: by mail-lf1-x12f.google.com with SMTP id 2adb3069b0e04-52f042c15e3so358554e87.0 for <tls@ietf.org>; Thu, 25 Jul 2024 10:12:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zscaler.com; s=google; t=1721927543; x=1722532343; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=MXrh5R4fTWX6io5dx+YwegqJhgHygQvCClL3pYxUGzU=; b=Sjjk7wUkf0+OzCjbQ8RBiqXjZD/gFnIQPk6U2tHnYnk55BItrDq256zAxVr6Q13HTe GVlfY3x7Z/nvnq+FOnxFCSobsRzQ++ekSFEZbwAqAew1a1iz+0SRT1SJosreMG4PXlQ+ jm6qadOYnExe3+mMGFosbKS2D2/F9nJ84hhrU=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1721927543; x=1722532343; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=MXrh5R4fTWX6io5dx+YwegqJhgHygQvCClL3pYxUGzU=; b=XpOpgTJr7GN6wDaxeGzcIkRB2hmp5jtIxDy0ZOhXUh5A/lSVWggrmHciYce9KevKlK V1IjE+nn9dARnke9xXczFE00sNfmiMDltBIZlvI77wGIRnFrwmNEnq+yTmsj7yLNybyV atHR35gHb7qP1R5crKmqkVzsVQmi+2DufDlqRAThLm9AlGoXwa/FlDrIMW8DpMtxYdnB nZ3/z9r9iRf+THdMqHr8nhg7O2Jshr2cLkX0GON5QO8DeJXb/M0C/KyboYI8a0EzH42v gvolCzs03abhL8pN75CUEHMZvqrylgvqm5dZScip+vkOxP8EV/Y5tOntOweb2RBPt9I6 kXdg==
X-Gm-Message-State: AOJu0Yx5ec4u3y1vLNpDexykEcqYn7pUe0F8ztH3dkO7/9iHIN24PQ+H 0jQpHzY2ldPdIqoigdn9R02JMClSAMuCSmhkgxNf+nFeg2gPb8VvFuiVsG3qYiL42PjrqKkuHM1 GeWnP17ai83xvW1Z9k+PUwYEQDW66OSgCANlvjnbVuVXiR3ZQq3oyF32F
X-Google-Smtp-Source: AGHT+IEN4o/vA+nPQHJH3t+u85vugUY6guTvlk2Lf04HMU5Y5Z5xa8GaAR38iNZrct4C4QOkav4vTWYiC530kmD2PpQ=
X-Received: by 2002:a05:6512:3086:b0:52e:a737:2958 with SMTP id 2adb3069b0e04-52fcf9439b6mr1681839e87.28.1721927542359; Thu, 25 Jul 2024 10:12:22 -0700 (PDT)
MIME-Version: 1.0
References: <7CC88431-A71A-455B-A7A7-BA4AD3C8502C@sn3rd.com> <MN0PR21MB3147C2C3EE7B9115F339ADDE8CAB2@MN0PR21MB3147.namprd21.prod.outlook.com>
In-Reply-To: <MN0PR21MB3147C2C3EE7B9115F339ADDE8CAB2@MN0PR21MB3147.namprd21.prod.outlook.com>
From: Yaroslav Rosomakho <yrosomakho@zscaler.com>
Date: Thu, 25 Jul 2024 10:12:10 -0700
Message-ID: <CAMtubr19E_faBnx47OhXsGZSJ1iiJjkOjRjdfOqiv9OB2ng+UA@mail.gmail.com>
To: Andrei Popov <Andrei.Popov=40microsoft.com@dmarc.ietf.org>
Content-Type: multipart/alternative; boundary="0000000000007ddd81061e157fd2"
Message-ID-Hash: EBQR7FTQ2GANGSLGQ62YVXTH5CWQASMM
X-Message-ID-Hash: EBQR7FTQ2GANGSLGQ62YVXTH5CWQASMM
X-MailFrom: yrosomakho@zscaler.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: TLS List <tls@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [TLS]Re: [⚠️] Re: [EXTERNAL] Adoption call for SSLKEYLOG Extension file for ECH
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/4VXLdlUijozRQIGfU6HwBbeMNQ0>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

Thank you for the feedback, Andrei.

Yes, it is intended to stay on the informational track as an extension
to draft-ietf-tls-keylogfile-02. We tried to keep wording in line with the
keylogfile draft - for instance in the applicability statement it is worded
that "this mechanism MUST NOT be used in a production system". Happy to add
stronger wording if that helps.

The ultimate goal is to simplify adoption of ECH for both developers of TLS
software and implementers. Without a standard approach to troubleshooting
every developer has to build an individual set of bespoke troubleshooting
tools. Ability to inspect ECH negotiation in off the shelf tools such as
Wireshark during development or tests would significantly help adoption.


Best Regards,
Yaroslav

On Thu, Jul 25, 2024 at 9:31 AM Andrei Popov <Andrei.Popov=
40microsoft.com@dmarc.ietf.org> wrote:

> I do not support adoption, because I believe the IETF should not
> standardize tools and techniques for decrypting TLS-protected data.
> It is harder for a TLS implementer to reject requests for IETF-blessed
> functionality.
>
> (As long as this remains on the Informational track, I believe it's
> somewhat less harmful.)
>
> Cheers,
>
> Andrei
>
> -----Original Message-----
> From: Sean Turner <sean@sn3rd.com>
> Sent: Thursday, July 25, 2024 9:16 AM
> To: TLS List <tls@ietf.org>
> Subject: [EXTERNAL] [TLS]Adoption call for SSLKEYLOG Extension file for ECH
>
> At the IETF 120 TLS session there was interest in adopting the SSLKEYLOG
> Extension file for ECH I-D (
> https://datatracker.ietf.org/doc/draft-rosomakho-tls-ech-keylogfile/)
> This message starts a two-weekl call for adoption. If you support adoption
> and are willing to review and contribute text, please send a message to the
> list. If you do not support adoption of this I-D, please send a message to
> the list and indicate why. This call will close on 8 August 2024.
>
> Thanks,
> Sean
> _______________________________________________
> TLS mailing list -- tls@ietf.org
> To unsubscribe send an email to tls-leave@ietf.org
>
> _______________________________________________
> TLS mailing list -- tls@ietf.org
> To unsubscribe send an email to tls-leave@ietf.org
>