IETF Logo Mail Archive

Re: [TLS] Working Group Last Call for SSLKEYLOG File

Stephen Farrell <stephen.farrell@cs.tcd.ie> Tue, 12 March 2024 23:03 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C131EC14F6B5 for <tls@ietfa.amsl.com>; Tue, 12 Mar 2024 16:03:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.008
X-Spam-Level:
X-Spam-Status: No, score=-2.008 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cWXWGXEWXcTn for <tls@ietfa.amsl.com>; Tue, 12 Mar 2024 16:03:55 -0700 (PDT)
Received: from EUR02-VI1-obe.outbound.protection.outlook.com (mail-vi1eur02on2103.outbound.protection.outlook.com [40.107.241.103]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 59102C14F600 for <tls@ietf.org>; Tue, 12 Mar 2024 16:03:54 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=TgVnu+WxJPoDQdaWzEWXZxD3Pwk8hnSGjuiZoT/Qlk1uoV66NsUE3fhdS/W62W87mNR4EvY8MlQRY2GmwhVIvp0aUL8RLy6UTHeBuxrTy+FwDJUL5n+cJo1HkM0YjymQ92fgqqAm6RjtPKZdu7yanah4TU9AspNj9dbMjwljddaqmBfKpqFbpio1LB0oF3J8mvupIcFzvkuhUExuP6mSoB5MY9HbRyn9ZQ7MtA+bUBIX4XufmLgdGG6gCWcwMxfRtw1q26EdMY+eQQj+FjJEY2dN67Rx/tBw3++hktVXU6wj2El+TrL4N3g87Fg1u3j/Yq7pOTZ/QPWgNzhLXxg6dw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=1J4j/XqAYhcmlm4CVyU5XKDQOihiJ/Q9aTNSWl6AiZ0=; b=RuEW9Kf4bgWrBanmCiVq6bt5IxLND31QIlaXAaUKH+CyvhuNm076NnzTGY4mwr6SMJNW0hAukQQKMQTz3vt6vxMEaJTN3tWsJSTe8v5uOJoETqDZxJQ1rmNC7Ikofr4kzc2zsDYoLssZHhhNIYAEHCj8gpdkQ6T0PvGmcELYt6LTM31+4jjADOao4mioZcsmy9M5HrcncG9thum8RW/33VGogKAvpff3ogfwHZg1WT+aXXkRfWpLEx7XaTCltSaY2IEW9VmMsb439w5Owfmsd3Gt485/R39yZvG1pKhl9ZN9BLxhiTrDCsvbkxQNHaNAIz7rtfolFLkPExbqEOG8sg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cs.tcd.ie; dmarc=pass action=none header.from=cs.tcd.ie; dkim=pass header.d=cs.tcd.ie; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cs.tcd.ie; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=1J4j/XqAYhcmlm4CVyU5XKDQOihiJ/Q9aTNSWl6AiZ0=; b=T8bLw46KKDbs9kPG8Nsafb8qjT6TQ26v77S9DnKoXMRJ7raZ4ElvbAR3/V60Bkuzm+kWItek3dBMrCW/RtHPYj9mSMOEO6QoHrNTqofvrMqQKNMpKDXBuJJJPf3TXa1NgkZa0rKV8ItAQSSWNeXD+n+E6kDDH5V5M5KWYV8Hf3yOcIBnBYrzejD58tW7rhpZZfF+uL1EuCEoiE0jowI41UfdcIQwBTdkwpqiC//2Q5QEnb1UdeyT1pYzrCiZLRtyz3ckQ/EDmCryVTfXcp/ip6NebZIOBxhT5WObJg2Up6/6wQKz7xVv+v8bFKjFM7De0FKTJLEtjLBtxA7EtphqFw==
Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cs.tcd.ie;
Received: from DB7PR02MB5113.eurprd02.prod.outlook.com (2603:10a6:10:77::15) by DB3PR0202MB9302.eurprd02.prod.outlook.com (2603:10a6:10:42b::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7362.35; Tue, 12 Mar 2024 23:03:51 +0000
Received: from DB7PR02MB5113.eurprd02.prod.outlook.com ([fe80::29da:8147:6e33:c2b7]) by DB7PR02MB5113.eurprd02.prod.outlook.com ([fe80::29da:8147:6e33:c2b7%4]) with mapi id 15.20.7362.035; Tue, 12 Mar 2024 23:03:51 +0000
Message-ID: <f1f0cce1-7d10-442e-b27e-235912b2a4af@cs.tcd.ie>
Date: Tue, 12 Mar 2024 23:03:49 +0000
User-Agent: Mozilla Thunderbird
Content-Language: en-US
To: Martin Thomson <mt@lowentropy.net>, Sean Turner <sean@sn3rd.com>, TLS List <tls@ietf.org>
References: <01AF00B4-F9A5-4A25-A6CB-E1D84CF8D11F@sn3rd.com> <cb4d17c5-b2ce-458c-b14f-9882951d2528@cs.tcd.ie> <5027880d-bf70-42e4-8974-7c148db5d737@betaapp.fastmail.com>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Autocrypt: addr=stephen.farrell@cs.tcd.ie; keydata= xjMEY9GzphYJKwYBBAHaRw8BAQdAo6JvjmSbxHdQWPZdvciQYsHhM1NxQBU398Mmimoy4p7N M1N0ZXBoZW4gRmFycmVsbCAoMjU1MTkpIDxzdGVwaGVuLmZhcnJlbGxAY3MudGNkLmllPsKQ BBMWCAA4FiEEMG54R8tZDyZFrDOn5Njp+ZeoM90FAmPRs6YCGwMFCwkIBwIGFQoJCAsCBBYC AwECHgECF4AACgkQ5Njp+ZeoM93bogEA25ElRyX0wwg+kGEN1AoL60MoZfvQZ/VtmXY6IC5j +csBAIBpkL5ySuzJK2zLNZn9qQGht8IaUcA7cvDcLvS2uHUEzjgEY9GzphIKKwYBBAGXVQEF AQEHQILCPWOwW36e8D3pY8GmvvtItIT+A5uV80ist+WokVsQAwEIB8J4BBgWCAAgFiEEMG54 R8tZDyZFrDOn5Njp+ZeoM90FAmPRs6YCGwwACgkQ5Njp+ZeoM92bcAEA8R+8cpqRUIS+SoAN iO05xE6O/wEx8/e88BqzAYki3SoBAOQdwiPX+MQrAxkWD8xxOsdMOAtxYKpkD1n8aPJUw6QJ
In-Reply-To: <5027880d-bf70-42e4-8974-7c148db5d737@betaapp.fastmail.com>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="------------rXhgRrqMmF7jYA68BS3AMSto"
X-ClientProxiedBy: DB9PR05CA0019.eurprd05.prod.outlook.com (2603:10a6:10:1da::24) To DB7PR02MB5113.eurprd02.prod.outlook.com (2603:10a6:10:77::15)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: DB7PR02MB5113:EE_|DB3PR0202MB9302:EE_
X-MS-Office365-Filtering-Correlation-Id: 95797723-f315-41cd-5fb1-08dc42e8aed1
X-MS-Exchange-SharedMailbox-RoutingAgent-Processed: True
X-TCD-Routed-via-EOP: Routed via EOP
X-TCD-ROUTED: Passed-Transport-Routing-Rules
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 1CWTr18mXFF8zNBr+/6nBLv7cuLkFK1RyKteIqz7zbER1n8RS2hAJYEHiUPkixE1GtNfvNZHpLGcvdUEvV5aG3oULAyUiZPubBUT/5VcNV5XVMBJ4TbFamdysacoTvnSef1RgsPbR+1jaXnsLyOh71w/fH5bg7KWNKTeW7Fw1RsUw8hzb53kAAkxjywADb6hYMCuzroZ2z5HUc4odJZYn2ftZVGHxTjmhbI2h4CmqbqbO3u5NzEiqxktfk/iYIFtIvzYe8mo0mGZI7SGyETAYSZW1MOGJrQiFxKU9ZSX3afA2/1oo3ti4BoJ19LYu2yWUwzHHJFWV1mFntz/6i9uKUfzkptpIuPPWxVtDfEXct9dQTCVQ+vJC1BmRxKBIJbTuhFTvIrQnNsfctiCLLe+tMt5O519queMMyEGluHcBzvsvp2JPc6iYyWWk/YiuXeVhANNwsZfrSq5pwiu837cz50tCBr1WnRhtnpGxi9ZBUs8Aesfa1OJwUUqQ3pWHkiuPRJpsdxLXyjDVaeYmab0Wmoc9aeGeaEhYoSOLGFbxnuZOzO6LTTiTF9wrbUS/pwcsaHCxgyoed6palm5MDkIRkxSEME8vg6RWyR+BJu5wzOFOldsmgI1F2hTVN9M4rnPHSZaunIiCb73XvxI9BtYYZCLbwUGFmT6rTcuzC2H4Xc=
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB7PR02MB5113.eurprd02.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(1800799015)(376005); DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: ytVyRPzg0SBJxiQz6f0s+NmyFLHZUvo22EhRmbtjHiaFx0bN3Mw71wF/PQU3keo0o077AkCM+loXqbBFyGs7eGOfREzeh0nlWf0RU8yN0/gWilDyfdF3TqoskHuxNfhJdK6bWMBVa/yKpHT+77Psftt7MdCrKHXIngOyMch0oRkHVOS4PYEXUEC38YRJhyyawsSGiEVSKxG8RHX7pA7QCblzpwcE66hesAZ5PcfUyJ1AJHq1P+cC44tBIBRjMpBNbZIFIsCFahOgQfDZyHbOZM6yQvOCk1MmJWOCaIR5JJO9rhpRcWCR8yD9h2IaKwAkxnNXrlcsRn7qOFmqb98BmiTxJEix35zZTKiJc+/l1w5vEMCbjLf+sDPI8LJxHoOpK7aiMqNiTffI7yZlkA8qrQ9YjEmWTlzB4jyRTd9PP3swoIHJDGAiJTIWiYJw9u9QU12Y0LFqvxx3BTooXmGEfUdgZDaZF0dkw2qISqSwh4PqXInYH0QH5PN/TWibwQd6T6EPYyfkkEztcqTPp6x0lM6wNXcmykqAk4Zt9TDrNdE8OBhBy1q0Ew/d7wkWgX0SmuZO2cxZBW3flDOedHnhYUtf2kKEEVG+3Qgb18tLQsufKdUgJIROyYtrxV7jvtfffFhXDLS9vHZRMh2DKUXlbLp+7ZCXvQCQDxQK7QgvhTaPZmRpA6CcNyE96WYqjK//CHD+GPf+GdJTCBVrt+LYCTL+iPjAhBj08ozq6C9y01NiKLYfZ8rkGmx47G9gMZJf0c6QCxj13nZJ5URbSzdrbOLGzNhED0s71/STa9s5gV3Z4Bdw4OIbkBH02+dMQEUF7NTlq1FeqyddXSicxmasLIZlQ60TDfTQpNNLQRmbnTmjto1iTErGYTPPN2WHyW+Tdigsj0WYXlRtIeyZdtV0ao1tH9WudN/Rja2Z2AeZzcI7vkG5C/cqzvesbpVhnUOyijhTYsOb5tI6gLpKc2fpZJ7snc5kM21SFyLczJ/uYoaRzNEMu2Sat4YS4tCDGDPzrerzrQHIQrkY8CGzKuJ4LCVRSUKiHWM5SZ76grXAXIgaV2aK/el//DHztRMKUuJcgjP2FVrw55RRLXlwyJpshyDU8gIfu1Y0gZjp27mzOnzgVmAVGafo0uzX80Zm1EFXmRtw024AkqnEVKG9xF42ssJI6sGeLnhSiMBLMo0vMSMlqlRDmgGWVaCKreMBUc9oQhKMaL2rWD/eC3uDQChUh3RPC/bRWJLERCV6FVewxlhUdrwBnIfA0+EnSjFKZaw43B3C/zk6ziA4H5fKwvbhK76N6HtFA7KgBwh7Oms5fPRdtvQLlhaFo0wMjGz3z9zoG6BvmZKoBEsdTAOFTGTral86sEykPTxR71yUPEYCIPe1K2eJUINmqVE9BW+3Z0ZzqhkShc0ld8a0lqaAWxlSFVbApbCamqGlJNaNH0u+WY2K0PboPB8v11+IcCU1L6qPUfmYJtava1vIWmQb2PWMPAK85GwET78CECDzUQkszxTzfkF/owzngSW08KcOOSnWAvHLwqDoMTp0DaBSn+E8tXGxGp3MpPxaOfZFivTBZInzw9cmmAewujtdSWCOTzxn/Reue4B5EFvqwptfOMxz9wm0O18+cPd6mlictjKRMA0XKroJUkvcaYxR0GLQ47yk
X-OriginatorOrg: cs.tcd.ie
X-MS-Exchange-CrossTenant-Network-Message-Id: 95797723-f315-41cd-5fb1-08dc42e8aed1
X-MS-Exchange-CrossTenant-AuthSource: DB7PR02MB5113.eurprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Mar 2024 23:03:51.5402 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: d595be8d-b306-45f4-8064-9e5b82fbe52b
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: A5N42irhZwD6LuCOElXjYRK1Vag0jS0Hy72kF/Y+sVjPDNx26VYyfzxZFPVh6C0p
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB3PR0202MB9302
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/LVpFGZ1rHp5WS9OqXyr2WcrW8PY>
Subject: Re: [TLS] Working Group Last Call for SSLKEYLOG File
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Mar 2024 23:03:59 -0000

I'll argue just a little more then shut up...

On 12/03/2024 22:55, Martin Thomson wrote:
> 
>> Sorry also for a late suggestion, but how'd we feel about adding 
>> some text like this to 1.1?
>> 
>> "An implementation, esp. a server, emitting a log file such as this
>> in a production environment where the TLS clients are unaware that
>> logging is happening, could fall afoul of regulatory requirements
>> to protect client data using state-of-the-art mechanisms."

> I agree with Ekr.  That risk is not appreciably changed by the
> existence of a definition for a file format.
I totally do consider our documenting this format increases
the risk that production systems have such logging enabled,
despite our saying "MUST NOT." So if there's a way to further
disincentivise doing that, by even obliquely referring to
potential negative consequences of doing so, then I'd be for
doing that. Hence my suggestion.

S.

v2.23.0 | Report a Bug | By Email