[TLS]ECH and SSLKEYLOGFILE
Yaroslav Rosomakho <yrosomakho@zscaler.com> Sun, 07 July 2024 16:07 UTC
Return-Path: <yrosomakho@zscaler.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3D5E8C14F60E for <tls@ietfa.amsl.com>; Sun, 7 Jul 2024 09:07:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.105
X-Spam-Level:
X-Spam-Status: No, score=-7.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=zscaler.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id spT4wUgfgTy3 for <tls@ietfa.amsl.com>; Sun, 7 Jul 2024 09:07:41 -0700 (PDT)
Received: from mail-lj1-x22f.google.com (mail-lj1-x22f.google.com [IPv6:2a00:1450:4864:20::22f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2D0BCC14F60D for <tls@ietf.org>; Sun, 7 Jul 2024 09:07:41 -0700 (PDT)
Received: by mail-lj1-x22f.google.com with SMTP id 38308e7fff4ca-2eabd22d3f4so33473581fa.1 for <tls@ietf.org>; Sun, 07 Jul 2024 09:07:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zscaler.com; s=google; t=1720368459; x=1720973259; darn=ietf.org; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=Qu4VZlzK/jnkwlsl4vQKCmZlx/zQUCvWf39OHzIWxIU=; b=FUeaoZJMWeEov51hmYWq8ZZ4LXFCWnPj+jC8hMXnxEJnLUCae9wL7PIZ+WjgT3p0Od pXHSCvhE9F9m2pa3mTGzCtjdu6kPVdIxVd/PAa2WagaExclHB8n/SNjpEE3M3HlWDncz iGh3+nMM+gzQTy+LSNUaiLaduCmbOLx8Lzr8U=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1720368459; x=1720973259; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=Qu4VZlzK/jnkwlsl4vQKCmZlx/zQUCvWf39OHzIWxIU=; b=n2qRdQ9zJo4zd0GF7LLie8wFncdz8CY9cPYZtEjcC+S3nuTblYHBKt4SbsZ3s0bN9i 4H7Qi5p/GUZeX8kE+MhFY196cR6fKhPU53rbUq3HmB/r/C3EI5SM/qJH9PVsZ0gW6hay iCztarJmAMG9jYaVb2Pd9T6mxSIwB/tsSyB0FwoOfj0hyOJHhe5c+ldoOGsL5zYJEGiX UksaEgwqW0Eao2VUkZ6JP0z7vxEqeY1MATnY5jHFXEVy5dJMC32A5MChZQgD5fKI5K3J SvnSi/z2kiygJttKju2ASWAQO27aISOZnlpqT0enuTDOj2682hRLXGxfll1rj03Pqdb1 oweg==
X-Gm-Message-State: AOJu0YzM7DnX9QfehR1klGLmqCP8cOHLfGTAF1+k3im9bbYZucnjIcXl 38EVoaKQZtCCPo3v1nLtZopEye346K0HrSmfrxkJhklH+IejQj42JG3h4T0BWq++vS3aUqzaY78 S6XfS1tRS5ITg0bvncy7C5Hzh7hRc4wt2VqhSUfYZ+vHA4+DR0jM=
X-Google-Smtp-Source: AGHT+IHXkiB3iYRjwzrGzxlTLr/ubgWdIR+IRy8BNlCVgev30frvHqHjHHypf/+myK9ldJzXXuYmYnOgrWjIIRL8vcc=
X-Received: by 2002:a19:3858:0:b0:52c:e0bc:ca3a with SMTP id 2adb3069b0e04-52ea0712a36mr6640368e87.64.1720368458604; Sun, 07 Jul 2024 09:07:38 -0700 (PDT)
MIME-Version: 1.0
References: <172030464389.87855.2152021730474124224@dt-datatracker-5f88556585-j5r2h>
In-Reply-To: <172030464389.87855.2152021730474124224@dt-datatracker-5f88556585-j5r2h>
From: Yaroslav Rosomakho <yrosomakho@zscaler.com>
Date: Sun, 07 Jul 2024 17:07:27 +0100
Message-ID: <CAMtubr2jOC9F+kWo0CJpGekk72uhVc8t-LY8=RD54iM4=sHpaA@mail.gmail.com>
To: tls@ietf.org
Content-Type: multipart/alternative; boundary="000000000000dbc31a061caa7eb1"
Message-ID-Hash: OIL44DUUTK5XH46RXA2ESVZDO65MV3RF
X-Message-ID-Hash: OIL44DUUTK5XH46RXA2ESVZDO65MV3RF
X-MailFrom: yrosomakho@zscaler.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [TLS]ECH and SSLKEYLOGFILE
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/EI6Gx1KPFdEflWfaKKt-XiAO08g>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>
Hi all, SSLKEYLOGFILE is immensely valuable capability for diagnostics and troubleshooting. Ability to use tools such as Wireshark to look into decrypted packets is very powerful for accessing "the ground truth" of what is happening on the wire to troubleshoot issues in modern complex protocol stacks. Successfully negotiated Encrypted Client Hello adds new requirements for diagnostic tools to get visibility into the resulting ClientHello as well as the subsequent TLS flow. We submitted a very short draft to introduce two new fields into SSLKEYLOGFILE to address these requirements: ECH_SECRET (shared secret from ECH HPKE key schedule) and ECH_CONFIG (EchConfig that was used for construction of the ECH). To demonstrate viability of the proposal we have prepared three prototypes implementing it in popular tools: - BoringSSL (https://github.com/yaroslavros/boringssl-echkeylog) - NSS (https://github.com/yaroslavros/nss-echkeylog) - Wireshark (https://github.com/yaroslavros/wireshark-echkeylog) Sample PCAPs (accepted, rejected, with and without HRR) and corresponding SSLKEYLOGFILE is available at https://github.com/yaroslavros/ech-keylog-pcaps Would be great to get any feedback from the group on this challenge and the proposed solution. Best Regards, Yaroslav ---------- Forwarded message --------- From: <internet-drafts@ietf.org> Date: Sat, Jul 6, 2024 at 11:24 PM Subject: New Version Notification for draft-rosomakho-tls-ech-keylogfile-00.txt To: Hannes Tschofenig <Hannes.Tschofenig@gmx.net>, Yaroslav Rosomakho < yrosomakho@zscaler.com> A new version of Internet-Draft draft-rosomakho-tls-ech-keylogfile-00.txt has been successfully submitted by Yaroslav Rosomakho and posted to the IETF repository. Name: draft-rosomakho-tls-ech-keylogfile Revision: 00 Title: SSLKEYLOGFILE Extension for Encrypted Client Hello (ECH) Date: 2024-07-06 Group: Individual Submission Pages: 6 URL: https://www.ietf.org/archive/id/draft-rosomakho-tls-ech-keylogfile-00.txt Status: https://datatracker.ietf.org/doc/draft-rosomakho-tls-ech-keylogfile/ HTML: https://www.ietf.org/archive/id/draft-rosomakho-tls-ech-keylogfile-00.html HTMLized: https://datatracker.ietf.org/doc/html/draft-rosomakho-tls-ech-keylogfile Abstract: This document specifies an extension to the SSLKEYLOGFILE format to support the logging of information about Encrypted Client Hello (ECH) related secrets. Two new labels are introduced, namely ECH_SECRET and ECH_CONFIG, which log the Hybrid Public Key Encryption (HPKE)- derived shared secret and the ECHConfig used for the ECH, respectively. This extension aims to facilitate debugging of TLS connections employing ECH. The IETF Secretariat
- [TLS]ECH and SSLKEYLOGFILE Yaroslav Rosomakho