IETF Logo Mail Archive

Re: [TLS] Working Group Last Call for SSLKEYLOG File

Martin Thomson <mt@lowentropy.net> Fri, 15 March 2024 03:44 UTC

Return-Path: <mt@lowentropy.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BE7C4C14F60B for <tls@ietfa.amsl.com>; Thu, 14 Mar 2024 20:44:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.806
X-Spam-Level:
X-Spam-Status: No, score=-2.806 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b="SXxLUQYq"; dkim=pass (2048-bit key) header.d=messagingengine.com header.b="ReQIdrqw"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FiL8PSc7KRDN for <tls@ietfa.amsl.com>; Thu, 14 Mar 2024 20:44:34 -0700 (PDT)
Received: from fhigh4-smtp.messagingengine.com (fhigh4-smtp.messagingengine.com [103.168.172.155]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5794CC14F5FB for <tls@ietf.org>; Thu, 14 Mar 2024 20:44:34 -0700 (PDT)
Received: from compute6.internal (compute6.nyi.internal [10.202.2.47]) by mailfhigh.nyi.internal (Postfix) with ESMTP id 452BC11400D0 for <tls@ietf.org>; Thu, 14 Mar 2024 23:44:33 -0400 (EDT)
Received: from imap41 ([10.202.2.91]) by compute6.internal (MEProxy); Thu, 14 Mar 2024 23:44:33 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=cc:content-transfer-encoding:content-type:content-type:date :date:from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to; s=fm2; t=1710474273; x=1710560673; bh=x5dqMvsDNXPiawu1bDLrjob+BuHFQZRyrZlsadyYeSs=; b= SXxLUQYqCRSesrkY7gLGmWijnSXXoHCFz5kcgQ3YVVCLC6CGLQb9a1+LrQzRyCno kyxZECG4PvKF7D7J1al60r8/s1yolYtaPBS9ObliG/L+n+wHityMBKTvgCnk7OkM f8ED7K28+Ls4uKRnNel1TQK5tuwnQde69IerbQDEu7Yl+trZJely6UjJC6th/pOf kgfhXxTuBaeNCj3h1Y6N5/Q8CW7PPW0KTpoNEvqy4utFKC5QkSwv7+3BUbxlOgsp OYDvtiL1OGsCGb//l7AYct6pLk5pL2qF5CnBV4Et9UJxBCibvjEM+1+wgFtAS2U9 uvJkYmFhqMZ6R7OKodX5Kw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :content-type:date:date:feedback-id:feedback-id:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm1; t=1710474273; x= 1710560673; bh=x5dqMvsDNXPiawu1bDLrjob+BuHFQZRyrZlsadyYeSs=; b=R eQIdrqwdVEHPCYYxa8uPxQHPC34KoEUmlvHxOOPCLRt2igFZ+9kgyz5xdmAP4YcL 5J13fSS3Y0SyGCEmJt299gMAM+VqfOFCKaXPTqXzx9Wib2Yyflpii/gB7kIHT0uI RT5TK0w6HnvnG9HnYKY09JOdlZNtVzNm58YPXFfjt89KPiZGtXH7z6hp5MzeG3hG d6eGUez+zHq+F9qrBoYY6UU6bOsqUzPGSTcEc6Lg1rYafIQZ9LxurNEtqnGLDtI7 1u8TbUjn2k7UcN5OUOa1jI4vJLddWRxAAPp64sqBAphQZtxJoq6xcHO9DLOEy19x DjIL8OMTuduEV56eSXGoQ==
X-ME-Sender: <xms:IcTzZY36Ej3J0sWCLBCjwQIKEeU6_1a0f-nAPS5M3p-ovRk1f50OHQ> <xme:IcTzZTF4IZZDJ6lRmEgZMHUWNScDiybdnsqlHBDdjpWh7NTl_PXoMvMLv98rvGlrn nRmVAHkYTL3oJv7Q-w>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvledrjeekgdeitdcutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhepofgfggfkjghffffhvffutgfgsehtqh ertderreejnecuhfhrohhmpedfofgrrhhtihhnucfvhhhomhhsohhnfdcuoehmtheslhho figvnhhtrhhophihrdhnvghtqeenucggtffrrghtthgvrhhnpeehhedvhfehvefggeejtd egjeduveetleejvdekjeejhfekieekudelffdvudefffenucffohhmrghinhepghhithhh uhgsrdgtohhmpdhivghtfhdrohhrghenucevlhhushhtvghrufhiiigvpedtnecurfgrrh grmhepmhgrihhlfhhrohhmpehmtheslhhofigvnhhtrhhophihrdhnvght
X-ME-Proxy: <xmx:IcTzZQ6LyEDc7S-mfHL_q__Ai0TJa2BgVZwLrZmEXJKxiVLG9PssDQ> <xmx:IcTzZR01HVwp9CKi_HGlF97NZs0kuOlK4mfbvvQq57eujLGH-338IQ> <xmx:IcTzZbFvJ88v10IKliMuc_AqHy3yJ0XDleh3zDKq87CWfimQJClIwg> <xmx:IcTzZa8wNph7jkYO6QhZ-SCsaSobmhB-nsS753jgA-QmHMOCqGQDHQ> <xmx:IcTzZRPnSM9sQIOSq-erzYRPB2Le117MfRNlbQhId3dKcIQYsADvsA>
Feedback-ID: ic129442d:Fastmail
Received: by mailuser.nyi.internal (Postfix, from userid 501) id E52CA2340080; Thu, 14 Mar 2024 23:44:32 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.11.0-alpha0-287-gcf6d0d8ecf-fm-20240312.001-gcf6d0d8e
MIME-Version: 1.0
Message-Id: <31053fbc-36e7-4ac3-9efa-5d5aaf9a18bc@app.fastmail.com>
In-Reply-To: <23c2f7a9-d4bb-4ad0-9eca-cc4b1600ea60@dennis-jackson.uk>
References: <01AF00B4-F9A5-4A25-A6CB-E1D84CF8D11F@sn3rd.com> <cb4d17c5-b2ce-458c-b14f-9882951d2528@cs.tcd.ie> <5027880d-bf70-42e4-8974-7c148db5d737@betaapp.fastmail.com> <f1f0cce1-7d10-442e-b27e-235912b2a4af@cs.tcd.ie> <CABcZeBNjEZP1E5mVtcby500_vDBP=omzoeVgDoXcrY_JMYadsg@mail.gmail.com> <23c2f7a9-d4bb-4ad0-9eca-cc4b1600ea60@dennis-jackson.uk>
Date: Fri, 15 Mar 2024 14:43:55 +1100
From: Martin Thomson <mt@lowentropy.net>
To: tls@ietf.org
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/6GCKTEDsdmQv6iWETyiHq4SuHtY>
Subject: Re: [TLS] Working Group Last Call for SSLKEYLOG File
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Mar 2024 03:44:38 -0000

Reasonable statement.  It's a variation on what we already have, but the focus on forward secrecy is worth a small paragraph:

How about this: https://github.com/tlswg/sslkeylogfile/pull/7/files

On Thu, Mar 14, 2024, at 22:51, Dennis Jackson wrote:
> I have a suggestion which keeps things technical but hopefully 
> addresses Stephen's concern:
>
> In Security Considerations: 
>
> "TLS1.3 requires the use of forward secret key exchanges (RFC 8446, 
> 1.2, E.1). Using SSLKEYLOGFILE breaks this security property as it 
> records the used session key and so invalidates many of the security 
> claims made in RFC 8446. If SSLKEYLOGFILE is in use, the transferred 
> data does not benefit from the security protections offered by RFC 8446 
> and systems using SSLKEYLOGFILE cannot be considered compliant with RFC 
> 8446 or offering similar security to the protocol outlined in that 
> draft." 
>
> I don't think the wording there is quite right, but I do think the 
> Security Considerations should clearly call out the impact on forward 
> secrecy and RFC 8446 in general and so dissuade use. 
>
> Best,
> Dennis
>
> On 12/03/2024 23:07, Eric Rescorla wrote:
>> 
>> 
>> On Tue, Mar 12, 2024 at 4:04 PM Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote:
>>> 
>>> I'll argue just a little more then shut up...
>>> 
>>> On 12/03/2024 22:55, Martin Thomson wrote:
>>> > 
>>> >> Sorry also for a late suggestion, but how'd we feel about adding 
>>> >> some text like this to 1.1?
>>> >> 
>>> >> "An implementation, esp. a server, emitting a log file such as this
>>> >> in a production environment where the TLS clients are unaware that
>>> >> logging is happening, could fall afoul of regulatory requirements
>>> >> to protect client data using state-of-the-art mechanisms."
>>> 
>>> > I agree with Ekr.  That risk is not appreciably changed by the
>>> > existence of a definition for a file format.
>>> I totally do consider our documenting this format increases
>>> the risk that production systems have such logging enabled,
>>> despite our saying "MUST NOT." So if there's a way to further
>>> disincentivise doing that, by even obliquely referring to
>>> potential negative consequences of doing so, then I'd be for
>>> doing that. 
>> 
>> Aside from this particular case, I don't think technical specifications
>> should "obliquely" refer to things. Technical specifications should be
>> clear.
>> 
>> -Ekr
>> 
>>> Hence my suggestion.
>>> 
>>> S.
>>> _______________________________________________
>>> TLS mailing list
>>> TLS@ietf.org
>>> https://www.ietf.org/mailman/listinfo/tls
>> 
>> _______________________________________________
>> TLS mailing list
>> TLS@ietf.org
>> https://www.ietf.org/mailman/listinfo/tls
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls

v2.23.0 | Report a Bug | By Email