[TLS]Re: [EXTERNAL] Adoption call for SSLKEYLOG Extension file for ECH
Mike Shaver <mike.shaver@gmail.com> Thu, 15 August 2024 12:54 UTC
Return-Path: <mike.shaver@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 25DA0C151075 for <tls@ietfa.amsl.com>; Thu, 15 Aug 2024 05:54:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.104
X-Spam-Level:
X-Spam-Status: No, score=-2.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5ZZTGlYeDoQU for <tls@ietfa.amsl.com>; Thu, 15 Aug 2024 05:53:58 -0700 (PDT)
Received: from mail-oi1-x230.google.com (mail-oi1-x230.google.com [IPv6:2607:f8b0:4864:20::230]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4C193C14F6F3 for <tls@ietf.org>; Thu, 15 Aug 2024 05:53:58 -0700 (PDT)
Received: by mail-oi1-x230.google.com with SMTP id 5614622812f47-3db23a608eeso553196b6e.1 for <tls@ietf.org>; Thu, 15 Aug 2024 05:53:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1723726437; x=1724331237; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=MrODUzlx8D223T5I5xldCA74mdFfPGPvOFvivpAwAAM=; b=iuuX3Zbi8VAJMIfNnw/XgsO1J6zzW6F6k7+uuyJzk9T5jJPRDKKL9cYhFIiRknMcu5 gj2JKW3x/ppWOTYXu6GH4xVyBKVU7eoCKTPEP92Tj3xpp7GP/eGkfG7jFmF+2dZW9+JC svmcTyEA6MVjIb30gAFOHKMWb43PI5gn6iTMLf1Fr7Rj2qCsJ40PkbYtFnJw5Udt6UHs VNOw5bwvejEd42OCRFTAQVfjxzNdJZmetMpD5kAhJsRbsxdLDrzyyB+opZxcw3c+KPwu tHJ8vfTdhcsHndS24dXCwqR3umZwJmkWTaNMLMI5lswboNGO7nDv3L5FTXgSC8TEStpK nO8Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1723726437; x=1724331237; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=MrODUzlx8D223T5I5xldCA74mdFfPGPvOFvivpAwAAM=; b=oLm2LrQ3xn+NdPQ4uMBKQuQe9khxJbvw8Mq+h3W8pwf3hLkS691EOYPsvVV9qNfydB +u42f44TXApLzjroQN2T1yumwB9LO+m5L/WlVztCN9CmYjfft08wuMkTgoyYmaythbKw bSn5LrB/9j6maAx+1jb/2ZDbKttyKzJtF65a4pfnbliWFPVltbnCtbOaOS92MirGsTBg dme8tfn+2ypr756dYxX96EsQ+lWdldAfA3xgrt/nH0v/aDgEjjVud4JZUYG2P/mRI+bI 65C/KaLwTbyoG062yIsncYirWi5JitpF9VXI+T4x0yqhAxJXuBpcfiljBWtJYCuX+hsy 82fQ==
X-Forwarded-Encrypted: i=1; AJvYcCUZ5uDnhqkVb12WdEqeTjoqmQZcBq40MPunFyBvv7eXG69P/qAYvgW9dOQGNvuDwFDKRSOJMsCgtQd5JdA=
X-Gm-Message-State: AOJu0YwIdpSmANEolTKMoPRYhtlZefRhAamcBtBsk6C5PlzV6ivh3PUV 1dS+aESI5jcUT7DCOvngWDxdf2XBmbg30NHjGqEw8Gapcnn5mLhxIvcJIqpYw9fhL/LxkIqE0ze 1/Vj73NRIEUILgNu2xeYTG2w0aN0=
X-Google-Smtp-Source: AGHT+IFqtRvJ6ZXhnXnA60gJGIUiZ9ryKQiFA8vESryAWmsxNNn1abfcPu/zdMmWx+qURh1LCfBx1YpIXOZNzUS3xyE=
X-Received: by 2002:a05:6870:5693:b0:260:a77a:f86b with SMTP id 586e51a60fabf-26fe5aa96c7mr7127345fac.23.1723726437239; Thu, 15 Aug 2024 05:53:57 -0700 (PDT)
MIME-Version: 1.0
References: <7CC88431-A71A-455B-A7A7-BA4AD3C8502C@sn3rd.com> <MN0PR21MB3147C2C3EE7B9115F339ADDE8CAB2@MN0PR21MB3147.namprd21.prod.outlook.com> <029901dae5c3$437addc0$ca709940$@gmx.net> <CAHBU6isbShx6XJLtUC1U+kPwABBTmGEueG2JhaEtVCgG7OdCbg@mail.gmail.com> <CABcZeBPUG0N0rZZ1ZCs2jzXxMiEP37R+reFQQj3PJkBwXSRSyQ@mail.gmail.com> <c24048cf-798f-4702-9000-114b6d173f05@huitema.net> <Zq9fMFjKIORoMHSG@LK-Perkele-VII2.locald> <CAOG=JU+h2WO0kjz_n0MzhaPtLBLQf7vhVBBMKHrtmCaZwRvF+Q@mail.gmail.com>
In-Reply-To: <CAOG=JU+h2WO0kjz_n0MzhaPtLBLQf7vhVBBMKHrtmCaZwRvF+Q@mail.gmail.com>
From: Mike Shaver <mike.shaver@gmail.com>
Date: Thu, 15 Aug 2024 08:53:46 -0400
Message-ID: <CADQzZqshVhsKa=o=8OayV8h_HP-ZHP9o64a2icr4M9KP623ieg@mail.gmail.com>
To: Amir Omidi <amir=40aaomidi.com@dmarc.ietf.org>
Content-Type: multipart/alternative; boundary="000000000000fb5f82061fb855e6"
Message-ID-Hash: GTFRV4Y3IJHS7NUU3EZKXPR2XNCXAHWN
X-Message-ID-Hash: GTFRV4Y3IJHS7NUU3EZKXPR2XNCXAHWN
X-MailFrom: mike.shaver@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: TLS List <tls@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [TLS]Re: [EXTERNAL] Adoption call for SSLKEYLOG Extension file for ECH
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/7N_1iTbtj-6hpadt2X_l08bxAB4>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>
Yeah, I think we will see more inadvertent logging than malicious, just as we have seen passwords mistakenly deposited in logs for approximately as long as we have had both logs and passwords. One challenge with SSLKEYLOG is that there’s no way without very system-specific inspection to detect whether it’s on or off (as compared to “supposed to be on or off, as we intended to deploy”). It would certainly be a bigger specification, but I think it would be nice if there were some marker in the TLS handshake that indicated that SSLKEYLOG was in effect. It would be even nicer if that marker were visible to observers who don’t have the keys, so that packet-inspection sorts of rules could detect and alert on it, but TLS is generally moving in the other direction in terms of having things outside the encryption envelope. Mike On Sun, Aug 4, 2024 at 10:41 AM Amir Omidi <amir= 40aaomidi.com@dmarc.ietf.org> wrote: > It doesn’t necessarily need to be malicious. With how much of software > deployment being massive YAML files with tons of environment variables, > mistakenly including this won’t be that difficult. > > On Sun, Aug 4, 2024 at 07:00 Ilari Liusvaara <ilariliusvaara@welho.com> > wrote: > >> On Sat, Aug 03, 2024 at 02:38:29PM -0700, Christian Huitema wrote: >> > >> > The security considerations of >> > https://datatracker.ietf.org/doc/draft-ietf-tls-keylogfile/ are pretty >> > clear, but the discussion pointed out that environment variables can be >> > installed without knowledge of most users. More protection is needed. >> > Examples are explicit run time options, such as asking the user to set a >> > special configuration flag to enable the feature, and compile time >> > protections, which would only enable that configuration flag in special >> > versions of the application. >> >> Any attacker that can tamper with environment variables is in position >> to do way way worse things than enabling SSLKEYLOG. Possibly even worse >> than an attacker capable of replacing the whole application with a >> troijan! >> >> >> >> >> -Ilari >> >> _______________________________________________ >> TLS mailing list -- tls@ietf.org >> To unsubscribe send an email to tls-leave@ietf.org >> > _______________________________________________ > TLS mailing list -- tls@ietf.org > To unsubscribe send an email to tls-leave@ietf.org >
- [TLS]Adoption call for SSLKEYLOG Extension file f… Sean Turner
- [TLS]Re: [EXTERNAL] Adoption call for SSLKEYLOG E… Andrei Popov
- [TLS]Re: [⚠️] Re: [EXTERNAL] Adoption call for SS… Yaroslav Rosomakho
- [TLS]Re: [⚠️] Re: [EXTERNAL] Adoption call for SS… Bob Beck
- [TLS]Re: [⚠️] Re: [EXTERNAL] Adoption call for SS… Salz, Rich
- [TLS]Re: [⚠️] Re: [EXTERNAL] Adoption call for SS… Steven Valdez
- [TLS]Re: [EXTERNAL] Adoption call for SSLKEYLOG E… Stephen Farrell
- [TLS]Re: [⚠️] Re: [EXTERNAL] Adoption call for SS… Andrei Popov
- [TLS]Re: Adoption call for SSLKEYLOG Extension fi… Christopher Patton
- [TLS]Re: [⚠] Re: [EXTERNAL] Adoption call for SSL… Christian Huitema
- [TLS]Re: [⚠] Re: [EXTERNAL] Adoption call for SSL… Amir Omidi
- [TLS]Re: [⚠] Re: [EXTERNAL] Adoption call for SSL… Salz, Rich
- [TLS]Re: [EXTERNAL] Adoption call for SSLKEYLOG E… hannes.tschofenig
- [TLS]Re: [EXTERNAL] Adoption call for SSLKEYLOG E… Tim Bray
- [TLS]Re: [EXTERNAL] Adoption call for SSLKEYLOG E… Eric Rescorla
- [TLS]Re: [EXTERNAL] Adoption call for SSLKEYLOG E… Stephen Farrell
- [TLS]Re: [EXTERNAL] Adoption call for SSLKEYLOG E… Christian Huitema
- [TLS]Re: [EXTERNAL] Adoption call for SSLKEYLOG E… Ilari Liusvaara
- [TLS]Re: [EXTERNAL] Adoption call for SSLKEYLOG E… Amir Omidi
- [TLS]Re: [EXTERNAL] Adoption call for SSLKEYLOG E… Andrei Popov
- [TLS]Re: Adoption call for SSLKEYLOG Extension fi… Kyle Nekritz
- [TLS]Re: [EXTERNAL] Adoption call for SSLKEYLOG E… Mike Shaver
- [TLS] Re: Adoption call for SSLKEYLOG Extension f… Sean Turner