[TLS]Re: [EXTERNAL] Adoption call for SSLKEYLOG Extension file for ECH

Stephen Farrell <stephen.farrell@cs.tcd.ie> Sat, 03 August 2024 21:32 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8AF88C14F5F4 for <tls@ietfa.amsl.com>; Sat, 3 Aug 2024 14:32:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.008
X-Spam-Level:
X-Spam-Status: No, score=-2.008 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oTQRBo0j4Cme for <tls@ietfa.amsl.com>; Sat, 3 Aug 2024 14:32:20 -0700 (PDT)
Received: from DUZPR83CU001.outbound.protection.outlook.com (mail-northeuropeazon11023101.outbound.protection.outlook.com [52.101.67.101]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C22D2C14F5F5 for <tls@ietf.org>; Sat, 3 Aug 2024 14:32:19 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=atAKyKKlfhdwwxBbj5PEg6hu/zfQ/ERZicY6eUdu2ft46Tt8fRNlEoZi4hN4zynVCKMn/V9YJYT+OkyEOt5gqmy1bos2MVgWszE2n9JtWNFc2yGiD9gTzxz8alcZP2Xl/ydXhDi7nafREkh9cxyXq6bh8oo/QIGd55T93ZASqbLEyyOM2wjTz3Hx5axxG3Dz7NpY4v5qAXCvmHSqvFnL+t0WlnmTBYI9VoB4KfJ7LC9+ky2ffCYUQeIHoN43k8UCHbEB3JCnD5u4h21gIxsroyBY/Hl2KKq8WDTS0bATo/TbOEx89JIvjtYrUix58UGS5myldtaaZK4wXtnQevfTYQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=eme3KyOZlTTmK1gayWOPuZlEp3yzmp6GT75ZdXA4KpA=; b=l8lrva+driGUIZsP+r+71whFMnFY8QFVAlJ6pbTDA51XiKx7gP4sRCKOznm83mE06+DZxJk3BsoZhJJRnau7UNH6QbOQAEj4IKu/CLOgUE/AIIefI657uews0XCJodXuJzONCRxA/AKmAF5SuFPhRlqs8bZfBlmGeCVWmPQHbpUP1snrwyv5TwjSvT+krKmkUM/eQEfmynpVSTUt3BGH9C86LqOQU3rsOdT5PsUHUb6ATXoDNaG9cM6vkybUA1sy0Z2n06P401Gk015enkZqnxZPISxH9X51nnkFFNxSgdpCsMsO6WihYl1XRP9M+UwScTri4SIxlCEHy5o7DKAZuQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cs.tcd.ie; dmarc=pass action=none header.from=cs.tcd.ie; dkim=pass header.d=cs.tcd.ie; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cs.tcd.ie; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=eme3KyOZlTTmK1gayWOPuZlEp3yzmp6GT75ZdXA4KpA=; b=UGserbs2axIPThZmiTTR1UEBSM0iF4HEQafbDYSQXcmNdMXeXUHWGrjLyOouW6oEacyRVN1OQzzNlLI9ZAt5S3x9szMjJ9XtnMK4XWrSyc3oEUK166Rslf3tgIroMvVI11FT4TNGlTZBRBYIbpvBbBB5JkXQnN1HDbP29o/Yu6/giOnoQY9U0ONHmE09Hz4YqTr24NVGPox5xoi5yx7lkfwMJ8MBXyu3IcY6yGwy3A/Dbfxyyj9YlEwGiBDfMxgUezrVzBCx1ny8pJjhK80PHyTIRBOqhwKrKVUEZO39ZsJRsTpDn3PdxGw6LpeNZ2RiL6VWdNbp8yYvuNp1Or/EaA==
Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cs.tcd.ie;
Received: from DB8PR02MB5946.eurprd02.prod.outlook.com (2603:10a6:10:11c::16) by AS4PR02MB8261.eurprd02.prod.outlook.com (2603:10a6:20b:504::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7828.24; Sat, 3 Aug 2024 21:32:15 +0000
Received: from DB8PR02MB5946.eurprd02.prod.outlook.com ([fe80::e0d3:772e:a68d:d54a]) by DB8PR02MB5946.eurprd02.prod.outlook.com ([fe80::e0d3:772e:a68d:d54a%6]) with mapi id 15.20.7828.023; Sat, 3 Aug 2024 21:32:15 +0000
Message-ID: <01da7309-45c4-4457-8ac4-b46f829db881@cs.tcd.ie>
Date: Sat, 03 Aug 2024 22:32:13 +0100
User-Agent: Mozilla Thunderbird
To: Eric Rescorla <ekr@rtfm.com>, Tim Bray <tbray@textuality.com>
References: <7CC88431-A71A-455B-A7A7-BA4AD3C8502C@sn3rd.com> <MN0PR21MB3147C2C3EE7B9115F339ADDE8CAB2@MN0PR21MB3147.namprd21.prod.outlook.com> <029901dae5c3$437addc0$ca709940$@gmx.net> <CAHBU6isbShx6XJLtUC1U+kPwABBTmGEueG2JhaEtVCgG7OdCbg@mail.gmail.com> <CABcZeBPUG0N0rZZ1ZCs2jzXxMiEP37R+reFQQj3PJkBwXSRSyQ@mail.gmail.com>
Content-Language: en-US
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Autocrypt: addr=stephen.farrell@cs.tcd.ie; keydata= xjMEY9GzphYJKwYBBAHaRw8BAQdAo6JvjmSbxHdQWPZdvciQYsHhM1NxQBU398Mmimoy4p7N M1N0ZXBoZW4gRmFycmVsbCAoMjU1MTkpIDxzdGVwaGVuLmZhcnJlbGxAY3MudGNkLmllPsKQ BBMWCAA4FiEEMG54R8tZDyZFrDOn5Njp+ZeoM90FAmPRs6YCGwMFCwkIBwIGFQoJCAsCBBYC AwECHgECF4AACgkQ5Njp+ZeoM93bogEA25ElRyX0wwg+kGEN1AoL60MoZfvQZ/VtmXY6IC5j +csBAIBpkL5ySuzJK2zLNZn9qQGht8IaUcA7cvDcLvS2uHUEzjgEY9GzphIKKwYBBAGXVQEF AQEHQILCPWOwW36e8D3pY8GmvvtItIT+A5uV80ist+WokVsQAwEIB8J4BBgWCAAgFiEEMG54 R8tZDyZFrDOn5Njp+ZeoM90FAmPRs6YCGwwACgkQ5Njp+ZeoM92bcAEA8R+8cpqRUIS+SoAN iO05xE6O/wEx8/e88BqzAYki3SoBAOQdwiPX+MQrAxkWD8xxOsdMOAtxYKpkD1n8aPJUw6QJ
In-Reply-To: <CABcZeBPUG0N0rZZ1ZCs2jzXxMiEP37R+reFQQj3PJkBwXSRSyQ@mail.gmail.com>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="------------fBAFsss3so2A3UC4l3dPaiXm"
X-ClientProxiedBy: LO4P123CA0281.GBRP123.PROD.OUTLOOK.COM (2603:10a6:600:195::16) To DB8PR02MB5946.eurprd02.prod.outlook.com (2603:10a6:10:11c::16)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: DB8PR02MB5946:EE_|AS4PR02MB8261:EE_
X-MS-Office365-Filtering-Correlation-Id: 59825c34-59a3-4800-7f5a-08dcb403be48
X-MS-Exchange-SharedMailbox-RoutingAgent-Processed: True
X-TCD-Routed-via-EOP: Routed via EOP
X-TCD-ROUTED: Passed-Transport-Routing-Rules
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;ARA:13230040|366016|1800799024|376014;
X-Microsoft-Antispam-Message-Info: VAiLffToyZsdfb4ZqfL4CnKGQVC0Vgif67WkBVwxM+JztN+1YyKFijvYratIl0JctEiJZ69a6+nzNTWFkY0AGYXhFvAcy1vGI4P7sbr1lpSMf9L1R8LjqQoFDS4O7pf3jelhU1xG0+awSYVjdxAId5/rHGsLdONThzJONNMuHICAF5hP6PigApoCqdMph6kcwi9/d2diiVHpgV3bbEK49CrhWnQgSqJxILDaA5hLMxeBphVJjOEhTvWrSUMBYqKt2/l/i4iy+Hy6licrPLCYYkP4d5i3kdwcnPImjIzX2Jf27sY7vACk26e5ZtYJblH5uqSxoXZprXcVuaq7P80hc7kZLxDsczUyyAEPwL8tTGnIF+TyZURu4oo079sa9WTTHIOJwckmP7j3YPbjNlU64lLRAmYZFwAon9VCvdX0VzDJwMzcZElNR0Xm32T7CZzPZ06ucfyYYSfHVgoDOlakOip7u8s8wlHkllHl0QhmHpFkb4QU5NIe9yzOjg48KwgTtK3h1DpHbfH9uhzBV2byzNMw2bN/XxjPQcf2G1eDcS4dGbhmQ9SozLl9cv2tp45yKnaS0fIh9j/XikxNDGp4HEdFOXCKlKJjCW/zMUT6Of+x9b8AtD1/hgUOcDxP9RQn3ciwcM6LQFEVTDclCaIGnaxapeIUn6qlVrQ+GMV30CQ9dGAdxHjT0nyIhydwPJE8IuIh3PjXIvc9Zwc3aZa2rvc49k5JkEUH5ScymiMZiJJMdb7l4WH1BHU8PM3BeEB/JpwOoT5R+10p/x+sLrflpKt3crgBXzne/TuUgnM0xWPTCZovGnqMNU7xwi1mmNyeOyBNq5fR86yaEQ/SnHtCnYniLlCDR6xYJn7IrmJyMzuBC7qVm9DMMSFU+ZCFBKcD0D8RhUyCI0cHUkgD9xD/rBwgSgEt9pQrU+K81hJIIndUZSoqm3Cd8iErTA7CdN51yiqH6GNnnhn9+hrNrlrfS79Qg5KOecZDQfqMjzrc6soSPzJZ0IVEf6PetTFEQQ5FHLuR5zaPKjFJhcSO6GhkGiaqjiyJvOdihVsu16dFh0pHHMt+5dEWUSD+Va2ECistAmI5TspVbyAQef8dXnzz/oThlum6eRGT1QPjm/aIlvyr4BI0TXZkcybccU/vP6Vp94WVv+LzSP2xJhdgYnAy/Ni8a5Z7n4JAzPiKBY3KVoqRHiRj8uFTzkeyhunbpbSt7o+TbwO3kERu54rRSrFNcJ4Va+K5THoXUeZwlBjD25wiO9eqUUgrbzzNREeAiCmY6GGh7ZfMxOOjLfbPnMEgsKnipm0IUh5dExHM7uidSOf/9z+C6lfgrmTuXNoSYeQ3z/TVHlBqTuo2fPICEgJMoA==
X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DB8PR02MB5946.eurprd02.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(366016)(1800799024)(376014);DIR:OUT;SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: zDg/6ix+hjNO6Y/x52/XWT9dL7blz5XwyVwMHJWwzARiE9yhxGXyx6yP1erbsjqFupZPlpy2m/lz+TRffrxCJcc70MoU9y0I+aVDaTpjeJR5WfY3KpVaNi6VL/S82AB8z2MO+WeiPjc9axcP7M0JE/bwkRg5uWTMvK3tETCcRrawp4Jg02/RH8Pk0pFMSeLolU90xWrZJeGNEkFdIDekx9B8QlM9/gVjoG4dA2nXW3xc274dVjOaMKAHIbpX6uD8BHjgjoCnJnG35PboJNN7t6SEI8PpuDl7fRPtelzPUKBJDuJgA4+O/Kf4YNI0bDh8cOAlHdeRD6Hljy+IZuKXIxZDi8c3alJCDUtIi4N/mUNVEOlD2ey7VdMZZcscMi+uDL0Gji+Rdyj4wvyhhzqbOG3RSyQRF2Xa9XoMX4bYUltRbPZ56+a7RIcEd9tWBIriiSjQhVUNf9pKIuvbJdjrTrHBGVgfwY2kYp5g8YEvN2teNy8watuBpHwGvLSviDLcR6FNh3ZjY1CQmVfn7bFM7ShwgBGHiyvpJ4kCEo2eBXW0L9MPlkBy+z1M9UAshKh1QS5vsOIZ+vIBIsZOczoVBa75KeM44dKJFfRvOeMud7dbCsiyXkHE8g56gAx3nQm3ie0z7X4w6Jcb/V13If3hsS+WBBrCnvPj7owd1Z6aDU0WIIYPgqZIN8HQjgLzJAeyYctJKr2VxeWeH8CsxisSQvfsTZReh91ZLFZ0k3EN1OPdaIgIIkU1DIihHvwszKAWoaK80UI+tG+Y33W3uoAiOiLDN1bKNYv0GT03SQ3nBEkYPPJEy62OvdKjNF65UDtFhylN57gQ7lf9O1lrOHl+B+gt2v3p2tSyTSN4j8Id5v4y99vswf21Y39csXmBjjsob3e59C+uVO2sp0QoG/5GoorvQUNh9FR/FJUDXtRlcqfgO/G0PQwBGCvYcauPc48FtNVBwHatNFF3DO+KcRtmVosn5Hyv4LunmdAs6pLoaobl+hmVsbt4cpDYhpFsVjuWopIKZqDs5LgMD1uXBYy/C2mHyiRWLkImNOGWMFRQcrW8So9i8o1hBxKbDv9rTwvWxIPH4W2mz0Hme3A3RDgtRmHMHbpoLjVpcR7dpT4FnEycU+6yuMMLbJnNBPQjNwZcuhQYeSsdgjsoJX6dFUEsO3kkc5Il3QsWF1sD23nTWPYPvn0vlCkkPGa0meWJDMAiKaHeLuiAvG8oA/Pl+1mJT/av41jWfB4hw0q30BvcCpRH/k2xuanKkaC3DXQ6E+fzUbLYvfZs+aLcg9VA0Ray4xbfGcDhpeon2OO8DHB+rkBmUxBaOQUAxbUS1OUUtr/lDrK6UgmZ2skVwgxJqXQmHdUbeXBVYZ8fVs7nyMop79DUA3EicKltIYQ6tFQss121JkDfuc6+23GjMq/PK+ADyUG7l9W0cmTSsjapgLKyFK1nqO0O8p0aQB08lakHqW9CTu9R5lRmG5Yrrv0YPtpXuOwTv3Hg5C6OnEDgQK2yqN80Rr6WF/2CrnN7xM7oJd2JFgxyd0FlONPwf306mTmK7q7EwWQZu+IXRnNl2sx48AGCXF7yQYpkGZUfllFl0KlkniJF+cL3G+ReZbB1C63YUXIeU6rZFLMcyd2cmcm7ZbwtaudWzHTTHd9iwmLROVkC
X-OriginatorOrg: cs.tcd.ie
X-MS-Exchange-CrossTenant-Network-Message-Id: 59825c34-59a3-4800-7f5a-08dcb403be48
X-MS-Exchange-CrossTenant-AuthSource: DB8PR02MB5946.eurprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 03 Aug 2024 21:32:15.5461 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: d595be8d-b306-45f4-8064-9e5b82fbe52b
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: upB22yomGuQvv4ogzgThIt5EcSTCwUxHUPODASG675I5+raIVoajHAUhnXxOe1IH
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS4PR02MB8261
Message-ID-Hash: UBRE3TPFUILW6DBQBC7UUKER7EQWNCOK
X-Message-ID-Hash: UBRE3TPFUILW6DBQBC7UUKER7EQWNCOK
X-MailFrom: stephen.farrell@cs.tcd.ie
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: hannes.tschofenig=40gmx.net@dmarc.ietf.org, Andrei Popov <Andrei.Popov=40microsoft.com@dmarc.ietf.org>, TLS List <tls@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [TLS]Re: [EXTERNAL] Adoption call for SSLKEYLOG Extension file for ECH
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/4ndbczCwn2PEWXMQeprucmof0Ow>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

Hiya,

On 03/08/2024 19:03, Eric Rescorla wrote:
> I'd like to make sure we're all on the same page about this draft.
> The IESG has already approved the original TLS document on
> SSLKEYLOGFILE [0], which contains the keying material necessary to
> decrypt the connection. It's currently in the RFC Editor Queue.

Like Andrei, I opposed adopting that work, but was willing
to hold my nose as it was something already deployed for a
number of years, etc.. So I was in the rough.

The proposition to the WG when the SSLKEYLOG work was adopted
was *not* that we'd be doing the same for every new feature
of TLS. It was that we should take this over due to SSLKEYLOG
being documented in a haphazard manner.

I think we're now seeing the downside of adopting SSLKEYLOG.
I'd be happy should we revisit that and ask that the current
SSLKEYLOG not be published as an RFC after all. (THat is: I'd
be happy, but quite surprised;-)

But I re-iterate my opposition to adopting this extension of
that bad plan, both because I don't think it's needed (I also
did not need this when implementing ECH) and because it'd be
further embedding a really bad precedent for the WG.

Cheers,
S.