[TLS]Re: [EXTERNAL] Adoption call for SSLKEYLOG Extension file for ECH

Mike Shaver <mike.shaver@gmail.com> Thu, 15 August 2024 12:54 UTC

Return-Path: <mike.shaver@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 25DA0C151075 for <tls@ietfa.amsl.com>; Thu, 15 Aug 2024 05:54:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.104
X-Spam-Level:
X-Spam-Status: No, score=-2.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5ZZTGlYeDoQU for <tls@ietfa.amsl.com>; Thu, 15 Aug 2024 05:53:58 -0700 (PDT)
Received: from mail-oi1-x230.google.com (mail-oi1-x230.google.com [IPv6:2607:f8b0:4864:20::230]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4C193C14F6F3 for <tls@ietf.org>; Thu, 15 Aug 2024 05:53:58 -0700 (PDT)
Received: by mail-oi1-x230.google.com with SMTP id 5614622812f47-3db23a608eeso553196b6e.1 for <tls@ietf.org>; Thu, 15 Aug 2024 05:53:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1723726437; x=1724331237; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=MrODUzlx8D223T5I5xldCA74mdFfPGPvOFvivpAwAAM=; b=iuuX3Zbi8VAJMIfNnw/XgsO1J6zzW6F6k7+uuyJzk9T5jJPRDKKL9cYhFIiRknMcu5 gj2JKW3x/ppWOTYXu6GH4xVyBKVU7eoCKTPEP92Tj3xpp7GP/eGkfG7jFmF+2dZW9+JC svmcTyEA6MVjIb30gAFOHKMWb43PI5gn6iTMLf1Fr7Rj2qCsJ40PkbYtFnJw5Udt6UHs VNOw5bwvejEd42OCRFTAQVfjxzNdJZmetMpD5kAhJsRbsxdLDrzyyB+opZxcw3c+KPwu tHJ8vfTdhcsHndS24dXCwqR3umZwJmkWTaNMLMI5lswboNGO7nDv3L5FTXgSC8TEStpK nO8Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1723726437; x=1724331237; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=MrODUzlx8D223T5I5xldCA74mdFfPGPvOFvivpAwAAM=; b=oLm2LrQ3xn+NdPQ4uMBKQuQe9khxJbvw8Mq+h3W8pwf3hLkS691EOYPsvVV9qNfydB +u42f44TXApLzjroQN2T1yumwB9LO+m5L/WlVztCN9CmYjfft08wuMkTgoyYmaythbKw bSn5LrB/9j6maAx+1jb/2ZDbKttyKzJtF65a4pfnbliWFPVltbnCtbOaOS92MirGsTBg dme8tfn+2ypr756dYxX96EsQ+lWdldAfA3xgrt/nH0v/aDgEjjVud4JZUYG2P/mRI+bI 65C/KaLwTbyoG062yIsncYirWi5JitpF9VXI+T4x0yqhAxJXuBpcfiljBWtJYCuX+hsy 82fQ==
X-Forwarded-Encrypted: i=1; AJvYcCUZ5uDnhqkVb12WdEqeTjoqmQZcBq40MPunFyBvv7eXG69P/qAYvgW9dOQGNvuDwFDKRSOJMsCgtQd5JdA=
X-Gm-Message-State: AOJu0YwIdpSmANEolTKMoPRYhtlZefRhAamcBtBsk6C5PlzV6ivh3PUV 1dS+aESI5jcUT7DCOvngWDxdf2XBmbg30NHjGqEw8Gapcnn5mLhxIvcJIqpYw9fhL/LxkIqE0ze 1/Vj73NRIEUILgNu2xeYTG2w0aN0=
X-Google-Smtp-Source: AGHT+IFqtRvJ6ZXhnXnA60gJGIUiZ9ryKQiFA8vESryAWmsxNNn1abfcPu/zdMmWx+qURh1LCfBx1YpIXOZNzUS3xyE=
X-Received: by 2002:a05:6870:5693:b0:260:a77a:f86b with SMTP id 586e51a60fabf-26fe5aa96c7mr7127345fac.23.1723726437239; Thu, 15 Aug 2024 05:53:57 -0700 (PDT)
MIME-Version: 1.0
References: <7CC88431-A71A-455B-A7A7-BA4AD3C8502C@sn3rd.com> <MN0PR21MB3147C2C3EE7B9115F339ADDE8CAB2@MN0PR21MB3147.namprd21.prod.outlook.com> <029901dae5c3$437addc0$ca709940$@gmx.net> <CAHBU6isbShx6XJLtUC1U+kPwABBTmGEueG2JhaEtVCgG7OdCbg@mail.gmail.com> <CABcZeBPUG0N0rZZ1ZCs2jzXxMiEP37R+reFQQj3PJkBwXSRSyQ@mail.gmail.com> <c24048cf-798f-4702-9000-114b6d173f05@huitema.net> <Zq9fMFjKIORoMHSG@LK-Perkele-VII2.locald> <CAOG=JU+h2WO0kjz_n0MzhaPtLBLQf7vhVBBMKHrtmCaZwRvF+Q@mail.gmail.com>
In-Reply-To: <CAOG=JU+h2WO0kjz_n0MzhaPtLBLQf7vhVBBMKHrtmCaZwRvF+Q@mail.gmail.com>
From: Mike Shaver <mike.shaver@gmail.com>
Date: Thu, 15 Aug 2024 08:53:46 -0400
Message-ID: <CADQzZqshVhsKa=o=8OayV8h_HP-ZHP9o64a2icr4M9KP623ieg@mail.gmail.com>
To: Amir Omidi <amir=40aaomidi.com@dmarc.ietf.org>
Content-Type: multipart/alternative; boundary="000000000000fb5f82061fb855e6"
Message-ID-Hash: GTFRV4Y3IJHS7NUU3EZKXPR2XNCXAHWN
X-Message-ID-Hash: GTFRV4Y3IJHS7NUU3EZKXPR2XNCXAHWN
X-MailFrom: mike.shaver@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: TLS List <tls@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [TLS]Re: [EXTERNAL] Adoption call for SSLKEYLOG Extension file for ECH
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/7N_1iTbtj-6hpadt2X_l08bxAB4>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

Yeah, I think we will see more inadvertent logging than malicious, just as
we have seen passwords mistakenly deposited in logs for approximately as
long as we have had both logs and passwords.

One challenge with SSLKEYLOG is that there’s no way without very
system-specific inspection to detect whether it’s on or off (as compared to
“supposed to be on or off, as we intended to deploy”). It would certainly
be a bigger specification, but I think it would be nice if there were some
marker in the TLS handshake that indicated that SSLKEYLOG was in effect. It
would be even nicer if that marker were visible to observers who don’t have
the keys, so that packet-inspection sorts of rules could detect and alert
on it, but TLS is generally moving in the other direction in terms of
having things outside the encryption envelope.

Mike

On Sun, Aug 4, 2024 at 10:41 AM Amir Omidi <amir=
40aaomidi.com@dmarc.ietf.org> wrote:

> It doesn’t necessarily need to be malicious. With how much of software
> deployment being massive YAML files with tons of environment variables,
> mistakenly including this won’t be that difficult.
>
> On Sun, Aug 4, 2024 at 07:00 Ilari Liusvaara <ilariliusvaara@welho.com>
> wrote:
>
>> On Sat, Aug 03, 2024 at 02:38:29PM -0700, Christian Huitema wrote:
>> >
>> > The security considerations of
>> > https://datatracker.ietf.org/doc/draft-ietf-tls-keylogfile/ are pretty
>> > clear, but the discussion pointed out that environment variables can be
>> > installed without knowledge of most users. More protection is needed.
>> > Examples are explicit run time options, such as asking the user to set a
>> > special configuration flag to enable the feature, and compile time
>> > protections, which would only enable that configuration flag in special
>> > versions of the application.
>>
>> Any attacker that can tamper with environment variables is in position
>> to do way way worse things than enabling SSLKEYLOG. Possibly even worse
>> than an attacker capable of replacing the whole application with a
>> troijan!
>>
>>
>>
>>
>> -Ilari
>>
>> _______________________________________________
>> TLS mailing list -- tls@ietf.org
>> To unsubscribe send an email to tls-leave@ietf.org
>>
> _______________________________________________
> TLS mailing list -- tls@ietf.org
> To unsubscribe send an email to tls-leave@ietf.org
>