[TLS] draft-ietf-tls-keylogfile-04 ietf last call Opsdir review
Jean-Michel Combes via Datatracker <noreply@ietf.org> Tue, 06 May 2025 15:49 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: tls@ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from [10.244.8.181] (unknown [104.131.183.230]) by mail2.ietf.org (Postfix) with ESMTP id E17AD2579DF9; Tue, 6 May 2025 08:49:20 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Jean-Michel Combes via Datatracker <noreply@ietf.org>
To: ops-dir@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 12.39.2
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <174654656075.678918.2290707879730922068@dt-datatracker-58d4498dbd-6gzjf>
Date: Tue, 06 May 2025 08:49:20 -0700
Message-ID-Hash: ZVGUPV6CIPYPC7N4ZPQ55R5OO4D5AV2V
X-Message-ID-Hash: ZVGUPV6CIPYPC7N4ZPQ55R5OO4D5AV2V
X-MailFrom: noreply@ietf.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: draft-ietf-tls-keylogfile.all@ietf.org, last-call@ietf.org, tls@ietf.org
X-Mailman-Version: 3.3.9rc6
Reply-To: Jean-Michel Combes <jeanmichel.combes@gmail.com>
Subject: [TLS] draft-ietf-tls-keylogfile-04 ietf last call Opsdir review
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/T8ag4za2DuVLhdQLWqmeWY_DS5k>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>
Document: draft-ietf-tls-keylogfile Title: The SSLKEYLOGFILE Format for TLS Reviewer: Jean-Michel Combes Review result: Ready Hi, I have reviewed this document as part of the Ops area directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the Ops area directors. Document editors and WG chairs should treat these comments just like any other last-call comments. Disclaimer: I am not a TLS expert. Regarding the form, this document is well written, especially regarding the security considerations. Regarding the substance, IMHO, it looks like the promotion of a nightmare for any operational security guy :) My main fear is to see the use of such feature in a “production system” because (1) the border between “test system” and “production system” is not always as clear as expected (2) forgetting to switch off such a feature when pushing the system into production may become an easy mistake. Now, IMHO and except if I missed something, it should be less complex from an operational security point of view (i.e., rights management) to debug/analyze protocols in configuring TLS with “NULL ENCRYPTION” (i.e., configuration rights) than logging/storing secrets (i.e., write rights, read rights, export rights). Now, as the intended status is Informational, it works for me. Hope that helps. Best regards, JMC.
- [TLS] draft-ietf-tls-keylogfile-04 ietf last call… Jean-Michel Combes via Datatracker
- [TLS] Re: draft-ietf-tls-keylogfile-04 ietf last … Martin Thomson
- [TLS] Re: draft-ietf-tls-keylogfile-04 ietf last … Salz, Rich