IETF Logo Mail Archive

Re: [TLS] [EXTERNAL] Re: Call for adoption of draft-thomson-tls-keylogfile

Martin Thomson <mt@lowentropy.net> Tue, 29 November 2022 00:30 UTC

Return-Path: <mt@lowentropy.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 057EDC15259F for <tls@ietfa.amsl.com>; Mon, 28 Nov 2022 16:30:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.797
X-Spam-Level:
X-Spam-Status: No, score=-2.797 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b=crNaJAqU; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=TzVnVdov
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id H85qMLsDdQKz for <tls@ietfa.amsl.com>; Mon, 28 Nov 2022 16:30:30 -0800 (PST)
Received: from out5-smtp.messagingengine.com (out5-smtp.messagingengine.com [66.111.4.29]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 60C7CC1524A3 for <tls@ietf.org>; Mon, 28 Nov 2022 16:30:30 -0800 (PST)
Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.nyi.internal (Postfix) with ESMTP id 52DF95C0161 for <tls@ietf.org>; Mon, 28 Nov 2022 19:30:29 -0500 (EST)
Received: from imap41 ([10.202.2.91]) by compute3.internal (MEProxy); Mon, 28 Nov 2022 19:30:29 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=cc:content-type:date:date:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:sender:subject :subject:to:to; s=fm2; t=1669681829; x=1669768229; bh=zZdBy3ETVz q+OqQOZcpu+tdEXjqWhGK08+ktDN0yPjA=; b=crNaJAqU1/ZhBvn+kjjoXZLlqs 6tFQ2iyULu6jCfWJkDLgXvnbg4EZ5oom3X7w4amtFK7RXR3VJhQyNy1xDocf6URR 8FjQn9ZO14xQSgkN8Bcg8RESMWhtt4C5Q9B48gFpgYz+yVWuvlCSQytjcH5uoSm6 BxKlteCkl/Ft9gkttHqgx3hdA41YAt+6AA7pAtfe8xieHMT9iqeTCJn/8U4vdcFo 17K2LID6xsCwpN95p16okQp69yKpbfJsvrnUHf8XbPVt/haszDlSYtnkIyU3Okcz 7CTZaY0uhNjFLOjsBu6XrFIDOJtiiB3QpIOhm0+y/IXtnwSusZBWgb0Owr1Q==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:date:feedback-id :feedback-id:from:from:in-reply-to:in-reply-to:message-id :mime-version:references:reply-to:sender:subject:subject:to:to :x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm1; t=1669681829; x=1669768229; bh=zZdBy3ETVzq+OqQOZcpu+tdEXjqW hGK08+ktDN0yPjA=; b=TzVnVdovoHv6nCAz7Wk7gyikOylpf58VVmKDcUaT/SsN +oCDewryDzynVfk0k9zcs6p2B/Tvg90hrUSXR23JapdE0tOua3JgcGutpBzrC7B6 Jk4tkbBMrj/g8Y5T/dvyMqUPCs7QrKYsoAfRRpdRgiC6try1WdOCl2dIFdubCffu 5FINJoLYnTXkOWP84u7LVgyxBcVsoFK/dzjbbqPKG0jliM1z8AiKcilr4VnFiQ5k 9/sqz4MLz6M+a5sXSde4bg83ZtrPS7PfD/4UH7QGHQYyOHCVUJn7cqgO1GuRVrau JcqRRhyrSpxgW29kPGUvHPxK4GtESD8W76T4DR5Iyg==
X-ME-Sender: <xms:pVKFY3LD4ejxKqf1v3kKDqYe9zOKtz0zc58ME7viOO6a46EoNJo80A> <xme:pVKFY7K_xk41jOTrtOyN2EIILT9X82eUtSacmfLgdonnnzDau0BWSUa-THv2oJjZ0 Ooh96w5UNkQNSBUgy0>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvgedrjeefgddvgecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhepofgfggfkjghffffhvffutgesthdtre dtreertdenucfhrhhomhepfdforghrthhinhcuvfhhohhmshhonhdfuceomhhtsehlohif vghnthhrohhphidrnhgvtheqnecuggftrfgrthhtvghrnhepleekffffleefffeuuedvge ehvdegudejjefhiefgveduhfelteevtdejueffheeinecuffhomhgrihhnpehgihhthhhu sgdrtghomhdpohhuthhlohhokhdrtghomhdpihgvthhfrdhorhhgnecuvehluhhsthgvrh fuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomhepmhhtsehlohifvghnthhrohhp hidrnhgvth
X-ME-Proxy: <xmx:pVKFY_viUSYKpHquEqymUf-GGKNrRNTRWaxwSfoDU3hlZFVtONkovQ> <xmx:pVKFYwaTEhHQa8bxleqYx75Lr8xZRGt4Mjdgayz4TRzgLAZ5nAcf2w> <xmx:pVKFY-bBy-4g54iab3XHU3bYOR5vxwGssnihM72NHbpYt-SYe3k2bA> <xmx:pVKFY3lqSNfx4I7oihiINK9K1tJxWVZ7j2RabYNbJobBeWpIjor5og>
Feedback-ID: ic129442d:Fastmail
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 1196D234007B; Mon, 28 Nov 2022 19:30:29 -0500 (EST)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.7.0-alpha0-1115-g8b801eadce-fm-20221102.001-g8b801ead
Mime-Version: 1.0
Message-Id: <cd61bf3c-98e7-4a2d-b780-22ed4ba89e03@app.fastmail.com>
In-Reply-To: <BY5PR00MB06759886B62D1FDEFADC64288C139@BY5PR00MB0675.namprd00.prod.outlook.com>
References: <15D5BB25-508F-42E3-B843-BCB81B668355@sn3rd.com> <9FB98E17-8580-4B23-AA1D-D29739E924AD@akamai.com> <BY5PR00MB067585D07C38C2A3739F848B8C139@BY5PR00MB0675.namprd00.prod.outlook.com> <BY5PR00MB06758713E06DFE8167B2FF5F8C139@BY5PR00MB0675.namprd00.prod.outlook.com> <Y4UHw43/wHoLjy2t@LK-Perkele-VII2.locald> <BY5PR00MB06759886B62D1FDEFADC64288C139@BY5PR00MB0675.namprd00.prod.outlook.com>
Date: Tue, 29 Nov 2022 08:30:07 +0800
From: Martin Thomson <mt@lowentropy.net>
To: tls@ietf.org
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/KX8W_cbsWVejKAbnMM0tdubOFck>
Subject: Re: [TLS] [EXTERNAL] Re: Call for adoption of draft-thomson-tls-keylogfile
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Nov 2022 00:30:35 -0000

I personally have no intention of making this PS (or to otherwise water down recommendations against it).

I do have some interest in doing what can be done to make this less of a hazard.  You will see that I took John's suggest to more directly proscribe its use: https://github.com/martinthomson/sslkeylogfile/pull/1

One benefit of moving this under IETF change control is that we can have those conversations about how to manage this better.  To Stephen's point, the idea that you might negotiate an extension when this is enabled is an interesting one.  I don't think that it needs to be large in order to have the intended effect (if the intended effect is punitive in nature, then that creates certain disincentives around compliance).  There are many cases where I think it would be beneficial to have the presence of this known to both entities.  The challenge of course is that this is primarily of benefit to the client only - the server cannot unilaterally signal that it has this machinery engaged.

(Another thing to note is that the qlog work in the QUIC working group has lesser, but broadly similar properties.  It would be good to share what we learn from this exercise.)

On Tue, Nov 29, 2022, at 03:22, Andrei Popov wrote:
> Does an Informational draft require WG adoption? If the goal isn't to 
> switch to the Standards track, I have no concerns.
>
> Cheers,
>
> Andrei
>
> -----Original Message-----
> From: TLS <tls-bounces@ietf.org> On Behalf Of Ilari Liusvaara
> Sent: Monday, November 28, 2022 11:11 AM
> To: TLS List <tls@ietf.org>
> Subject: [EXTERNAL] Re: [TLS] Call for adoption of draft-thomson-tls-keylogfile
>
> On Mon, Nov 28, 2022 at 07:02:20PM +0000, Andrei Popov wrote:
>> 
>> I oppose adoption of draft-thomson-tls-keylogfile. The stated goal was 
>> to find a permanent, discoverable location for this document, other 
>> than NSS project's repository. Perhaps it's fine to create an RFC for 
>> this purpose, but then I'd argue that it should be an Informational 
>> RFC.
>
> The I-D has: "Intended status: Informational" (for some reason the 
> datatracker is unable to determine this).
>
>
>
> -Ilari
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Ftls&data=05%7C01%7CAndrei.Popov%40microsoft.com%7C4d4695c5433c4186eed608dad17465a9%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638052595136932049%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=0WqfX2eGL7cXMwCbYEOegEEnpRNXtdyFcDC3QBjMOe8%3D&reserved=0
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls

v2.23.0 | Report a Bug | By Email