IETF Logo Mail Archive

[TLS] Re: 2nd Working Group Last Call for The SSLKEYLOGFILE Formatfor TLS

Aaron Zauner <azet@azet.org> Mon, 24 February 2025 19:56 UTC

Return-Path: <azet@azet.org>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id F25249022E for <tls@mail2.ietf.org>; Mon, 24 Feb 2025 11:56:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -1.799
X-Spam-Level:
X-Spam-Status: No, score=-1.799 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_SBL_A=0.1] autolearn=no autolearn_force=no
Authentication-Results: mail2.ietfa.org (amavisd-new); dkim=pass (2048-bit key) header.d=azet-org.20230601.gappssmtp.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietfa.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OHFsfu_luHV3 for <tls@mail2.ietf.org>; Mon, 24 Feb 2025 11:56:55 -0800 (PST)
Received: from mail-yw1-x112b.google.com (mail-yw1-x112b.google.com [IPv6:2607:f8b0:4864:20::112b]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id DE41F90214 for <tls@ietf.org>; Mon, 24 Feb 2025 11:56:55 -0800 (PST)
Received: by mail-yw1-x112b.google.com with SMTP id 00721157ae682-6fba8e84d3cso38482457b3.0 for <tls@ietf.org>; Mon, 24 Feb 2025 11:56:55 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=azet-org.20230601.gappssmtp.com; s=20230601; t=1740427015; x=1741031815; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=XD7ntZWQ/rJ0VcP1oOIP+uLDxhQ/ZC5RbBQp579KSx8=; b=w9AvFbDPKQDUKqCH3GKAISNikijqSc645lcc3dmCtpsRv3LydSWDbxx+nJnC6J/r1l aqzAvGBIFqZ3kpnzFa9yCsb+sPlGdPmMjSeROw3niC7GUq1TdkmYwoPwLDhgkR0DcNeS x3+DB/1nkKxtsy9TgYO0knwVOqWhqWEgIXQBjnf2/v/b9y8VLbNUEI36C7w8szQ9p/0j ybEbJuOrgu87mnCSCmGF+VJIbwFgDSKRH7HsMTWYm0GOh9yga7fXMFogn+Oe954c7gXK MH0SCdxc3s2QoVpeleQDHuOO/R65Q9e0zcyhI+9wKBUS8cd84qHLTfrm0/cNTbb28H1W 0egQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740427015; x=1741031815; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=XD7ntZWQ/rJ0VcP1oOIP+uLDxhQ/ZC5RbBQp579KSx8=; b=sPYTCHC0Hlta2kPAcF1s9PWA99ay1yQfcOuwG6rZ9OYJ3LE1ljudooMYPjkKQhGatZ FSZh6pi77MG15isp1Q2Et0XMHyYbOwQiUk0iulRi8AtxubooFjDN+hunp2XKq9pgX8rp iPBVzmMiQ1G4Wo8UEwl6KBgaQp51V33Y2Aysj9pXxYqDO3vyDJfEuJatd5saAovqjxky MhHZorXFl9rFjMZqBzSBIBGWdupwDkNypivURaNyeJB2TfRe9PAZ3sRwNisVeFtuFmKI yJBcMBP4m8dFJlV2vQNcA9bg/dccu5U3aXyklKmDiqAoNllD+99Uh7ZvE2tH6Lv9mshf pi3A==
X-Forwarded-Encrypted: i=1; AJvYcCVGLESjlansIBDBgM6BF+d7bXAXcnVrq5adhcjXZDTR+Pw3GUtJwR6FoEMlg99CK8nI4VE=@ietf.org
X-Gm-Message-State: AOJu0Ywp8SWFd7B1XizxTMbzfRAcQsZR2PDyxUJFrXjfvLnOvJAb0LDH 0ngwbNx1TJJB7m1lgI2aYwJoa8lmNroZh8F6rZeiSTaZPYo5Bc8eScctFsBLBIumtlLfUYHOwME RIwMHR6ELhcjZE5IIg99QavQMig3N/zVGIi9O
X-Gm-Gg: ASbGncuRmIfgtCzEt9+x+uEIxPPVOuDmfEG0rdxmhPEnGjfR4cZuxPzhZzAbxDWjT4Z QLaRFODaJ5KQ9Gwf+iF0WkTBLpwUC28nfgAqu3k/nx2vSHe748D595vvVHJ7g2e5GJ9nF3aOKnb 3wjmZ1HeY6atK8vy0VzABiPULzUzIYk2I4FnY=
X-Google-Smtp-Source: AGHT+IHdHYgCPhcfONJZsxBJOKrM6rPYNU5jGrVA25fdOuyEwfTD3gWbwB+A5y3yG1t3S1bPkVAEbTBvHiPw7FOv3Ns=
X-Received: by 2002:a05:690c:4447:b0:6f9:97f7:a5c3 with SMTP id 00721157ae682-6fd10a17e6cmr3339877b3.18.1740427015353; Mon, 24 Feb 2025 11:56:55 -0800 (PST)
MIME-Version: 1.0
References: <6a27cae41645539b3fa90b5f83a8973c73cdd6a0.camel@aisec.fraunhofer.de> <CA+_8xu1nDDHuqRbh2OvRVkvxPyLcJS==rumo3sxPC56NsWLCMw@mail.gmail.com> <93eb1e78c7348459fc92ff874c7e691baf4a0bf0.camel@aisec.fraunhofer.de> <ee908b7b-da13-4840-b70a-84dd66d4bc1f@redhat.com> <2e57a347-cbfc-487c-8b3e-7ee240913ed2@tu-dresden.de> <8fb60e2e-5103-4511-9c97-6b59bae1c5dc@redhat.com>
In-Reply-To: <8fb60e2e-5103-4511-9c97-6b59bae1c5dc@redhat.com>
From: Aaron Zauner <azet@azet.org>
Date: Mon, 24 Feb 2025 20:56:43 +0100
X-Gm-Features: AWEUYZnATitqn383LKR3tk-_sf3QG_th4ZPKASa3GHMhjD8lLRKQXqdmyuf7pbw
Message-ID: <CAN8NK9HvfsoePrW9ft_krVtiAV7aYrf4suD52=pQUmG543W-0Q@mail.gmail.com>
To: Alicja Kario <hkario@redhat.com>
Content-Type: multipart/alternative; boundary="0000000000000218dd062ee8be85"
Message-ID-Hash: F4GLGKCUYG6RQCZSQPCSVSJWSWLYE4JU
X-Message-ID-Hash: F4GLGKCUYG6RQCZSQPCSVSJWSWLYE4JU
X-MailFrom: azet@azet.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "Bellebaum, Thomas" <thomas.bellebaum@aisec.fraunhofer.de>, tls@ietf.org
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: 2nd Working Group Last Call for The SSLKEYLOGFILE Formatfor TLS
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/F5cswIYsz88vw9XdywnLoEs51NM>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

Hi,

On Mon 24. Feb 2025 at 14:57, Alicja Kario <hkario@redhat.com> wrote:

> On Friday, 21 February 2025 22:15:06 CET, Muhammad Usama Sardar wrote:
> > On 20.02.25 13:36, Alicja Kario wrote:
> >
> >> if you can't trust the system you're running an application on, you
> >> *definitely* can't trust any network connections from it
> > It depends on how you define "system" here. If it is the
> > hardware, sure you need to trust it in any case. If it is some
> > parts of software too, then there is a whole field of
> > "Confidential Computing" which claims that adversary (e.g.,
> > cloud provider) has complete access to several layers of
> > software stack.
>
> You need to have at least partial trust for everything running below
> the application that will be affected by SSLKEYLOGFILE; be it the kernel,
> container environment, VM, or CPU (actual hardware).



To be clear; I agree with that in principle but have the feeling that the
discussion around an applicable threat model misses the issue of what
should be in IETF and what should be in development docs, debugging tools
etc entirely. I'm not currently working on maintaining a crypto lib as many
of you are but you can't honestly tell me it's not possible to work on your
end without IETF guidance on debug specifics that allow encrypted traffic
detail export -- which you already have in place for debug and dev anyway.

Aaron



> If you can't be sure that the attacker didn't mess with your environment
> variables then you don't have a trustworthy system.
>
> >> sorry, but the threat model you're talking about is not realistic
> >
> > I disagree with this. The threat model is realistic. See [1-2]
> > and our new draft in progress [3] trying to tackle this threat
> > model.
> >
> > Usama
> >
> > [1] https://ieeexplore.ieee.org/document/10752524
> >
> > [2]
> >
> https://www.ietf.org/archive/id/draft-fossati-tls-attestation-08.html#section-9.1
> >
> > [3]
> >
> https://hannestschofenig.github.io/exported-attestation/draft-fossati-rats-exported-attestation.html
> >
> >
> >
>
> --
> Regards,
> Alicja Kario
> Principal Quality Engineer, RHEL Crypto team
> Web: www.cz.redhat.com
> Red Hat Czech s.r.o., Purkyňova 115, 612 00, Brno, Czech Republic
>
> _______________________________________________
> TLS mailing list -- tls@ietf.org
> To unsubscribe send an email to tls-leave@ietf.org
>

v2.46.0 | Report a Bug | By Email | System Status