IETF Logo Mail Archive

[TLS] Re: 2nd Working Group Last Call for The SSLKEYLOGFILE Formatfor TLS

S Moonesamy <sm+ietf@elandsys.com> Sat, 22 February 2025 00:30 UTC

Return-Path: <sm@elandsys.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C1E77C18870B for <tls@ietfa.amsl.com>; Fri, 21 Feb 2025 16:30:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.707
X-Spam-Level:
X-Spam-Status: No, score=-1.707 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=elandsys.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id v9ci31KRRqJa for <tls@ietfa.amsl.com>; Fri, 21 Feb 2025 16:30:33 -0800 (PST)
Received: from mx.ipv6.elandsys.com (mx.ipv6.elandsys.com [IPv6:2001:470:f329:1::1]) by ietfa.amsl.com (Postfix) with ESMTP id AF4BDC151532 for <tls@ietf.org>; Fri, 21 Feb 2025 16:30:33 -0800 (PST)
Received: from DESKTOP-K6V9C2L.elandsys.com ([102.117.47.103]) (authenticated bits=0) by mx.elandsys.com (8.15.2/8.14.5) with ESMTPSA id 51LNqGg4009259 (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 21 Feb 2025 15:53:11 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=elandsys.com; s=mail; t=1740182041; x=1740268441; i=@elandsys.com; bh=W+x/sHnoWxAL4MXMq1O38Wl6+MEM/4fhBtumkbgxpMQ=; h=Date:To:From:Subject:Cc:In-Reply-To:References; b=P6/hfcEzaeKpdE/sNy75EKJ9OdmMQzi1EQryE8OGWoaXFosEPa93mF9+2zrP8tfw+ 3e8mHCCiKxRS7qxxiOLxw+dISLKwaXaxXnrAFCRNpRFyyVrHWLpTD2YvFrd2XyGPwV bfneEhyHuBFT/sAjw/DjK+YNH5ZdJqnuxnUmbNLk=
Message-Id: <6.2.5.6.2.20250221153108.0aa00af0@elandnews.com>
X-Mailer: QUALCOMM Windows Eudora Version 6.2.5.6
To: Andrei Popov <Andrei.Popov@microsoft.com>
From: S Moonesamy <sm+ietf@elandsys.com>
In-Reply-To: <CH3PR21MB464574181B64CBD38D74855E8CC72@CH3PR21MB4645.nampr d21.prod.outlook.com>
References: <6a27cae41645539b3fa90b5f83a8973c73cdd6a0.camel@aisec.fraunhofer.de> <CA+_8xu1nDDHuqRbh2OvRVkvxPyLcJS==rumo3sxPC56NsWLCMw@mail.gmail.com> <93eb1e78c7348459fc92ff874c7e691baf4a0bf0.camel@aisec.fraunhofer.de> <ee908b7b-da13-4840-b70a-84dd66d4bc1f@redhat.com> <68995b4c-4cd9-4153-9fff-004c3dbdeb01@cs.tcd.ie> <3588D603-9153-4D42-9FF2-7F0FCE5E5EBD@akamai.com> <063eca4c661f36c4b90f80c38681363e0c5cdaa0.camel@aisec.fraunhofer.de> <CH3PR21MB464574181B64CBD38D74855E8CC72@CH3PR21MB4645.namprd21.prod.outlook.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
X-MailFrom: sm@elandsys.com
X-Mailman-Rule-Hits: implicit-dest
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
Message-ID-Hash: T4DDVIU5LHY7BGQD6EKYG2EPAN5BCD4K
X-Message-ID-Hash: T4DDVIU5LHY7BGQD6EKYG2EPAN5BCD4K
X-Mailman-Approved-At: Sun, 23 Feb 2025 18:00:45 -0800
CC: Yaroslav Rosomakho <yrosomakho@zscaler.com>, Hannes Tschofenig <Hannes.Tschofenig@gmx.net>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: 2nd Working Group Last Call for The SSLKEYLOGFILE Formatfor TLS
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/L_MsTPFemKBCC7VXoPVm6DbbFfo>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>
Date: Sat, 22 Feb 2025 00:30:38 -0000
X-Original-Date: Fri, 21 Feb 2025 15:51:57 -0800

Hi Thomas, Andrei,
At 06:43 AM 21-02-2025, Andrei Popov wrote:
>I agree with Stephen and Tomas on this one. Additionally, in  my 
>opinion, this WG should not have published any SSLKEYLOGFILE 
>documents, because they effectively standardize a backdoor.
>It is understood that there is a need for debugging, and it is 
>understood that certain SW vendors want to agree on a common log 
>data format and publish this format.
>
>However:
>- Debugging can (and should) be accomplished without a complete 
>compromise of the security protocol (arguably, with less ease/convenience).
>- Backdoor specifications can be agreed upon outside the IETF 
>process and published as part of the respective SW vendor's 
>documentation, without involving the IETF.

I agree with the comments which Thomas and you sent in regards to 
SSLKEYLOGFILE.  I also agree with the authors on the point that 
debugging or analyzing protocols can be challenging when TLS is 
used.  There was an extensive discussion about that during the 
discussion on the perpass and ietf mailing lists.  It ended with the 
publication of RFC 7258.

Regards,
S. Moonesamy

v2.43.4 | Report a Bug | By Email | System Status