[TLS]Re: [⚠] Re: [EXTERNAL] Adoption call for SSLKEYLOG Extension file for ECH
Christian Huitema <huitema@huitema.net> Sat, 03 August 2024 00:10 UTC
Return-Path: <huitema@huitema.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BA510C180B55; Fri, 2 Aug 2024 17:10:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.906
X-Spam-Level:
X-Spam-Status: No, score=-1.906 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mwi_JNNq0nAi; Fri, 2 Aug 2024 17:10:48 -0700 (PDT)
Received: from semfq03.mfg.siteprotect.com (semfq03.mfg.siteprotect.com [64.26.60.184]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5BFFDC19ECB6; Fri, 2 Aug 2024 17:10:48 -0700 (PDT)
Received: from smtpauth02.mfg.siteprotect.com ([64.26.60.151]) by se03.mfg.siteprotect.com with esmtp (Exim 4.92) (envelope-from <huitema@huitema.net>) id 1sa2M9-005Grj-6T; Fri, 02 Aug 2024 20:10:46 -0400
Received: from [192.168.1.104] (unknown [172.56.168.245]) (Authenticated sender: huitema@huitema.net) by smtpauth02.mfg.siteprotect.com (Postfix) with ESMTPSA id 4WbNQC0zg9z2YQR6G; Fri, 2 Aug 2024 20:10:42 -0400 (EDT)
Message-ID: <803947e8-782e-4142-a802-14a9e38dcce8@huitema.net>
Date: Fri, 02 Aug 2024 17:10:42 -0700
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: Andrei Popov <Andrei.Popov=40microsoft.com@dmarc.ietf.org>, Yaroslav Rosomakho <yrosomakho=40zscaler.com@dmarc.ietf.org>
References: <7CC88431-A71A-455B-A7A7-BA4AD3C8502C@sn3rd.com> <MN0PR21MB3147C2C3EE7B9115F339ADDE8CAB2@MN0PR21MB3147.namprd21.prod.outlook.com> <CAMtubr19E_faBnx47OhXsGZSJ1iiJjkOjRjdfOqiv9OB2ng+UA@mail.gmail.com> <MN0PR21MB3147D2FE3787D3FE5375FB188CAB2@MN0PR21MB3147.namprd21.prod.outlook.com>
Content-Language: en-US
From: Christian Huitema <huitema@huitema.net>
Autocrypt: addr=huitema@huitema.net; keydata= xjMEXtavGxYJKwYBBAHaRw8BAQdA1ou9A5MHTP9N3jfsWzlDZ+jPnQkusmc7sfLmWVz1RmvN J0NocmlzdGlhbiBIdWl0ZW1hIDxodWl0ZW1hQGh1aXRlbWEubmV0PsKWBBMWCAA+FiEEw3G4 Nwi4QEpAAXUUELAmqKBYtJQFAl7WrxsCGwMFCQlmAYAFCwkIBwIGFQoJCAsCBBYCAwECHgEC F4AACgkQELAmqKBYtJQbMwD/ebj/qnSbthC/5kD5DxZ/Ip0CGJw5QBz/+fJp3R8iAlsBAMjK r2tmyWyJz0CUkVG24WaR5EAJDvgwDv8h22U6QVkAzjgEXtavGxIKKwYBBAGXVQEFAQEHQJoM 6MUAIqpoqdCIiACiEynZf7nlJg2Eu0pXIhbUGONdAwEIB8J+BBgWCAAmFiEEw3G4Nwi4QEpA AXUUELAmqKBYtJQFAl7WrxsCGwwFCQlmAYAACgkQELAmqKBYtJRm2wD7BzeK5gEXSmBcBf0j BYdSaJcXNzx4yPLbP4GnUMAyl2cBAJzcsR4RkwO4dCRqM9CHpVJCwHtbUDJaa55//E0kp+gH
In-Reply-To: <MN0PR21MB3147D2FE3787D3FE5375FB188CAB2@MN0PR21MB3147.namprd21.prod.outlook.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Authentication-Results: mfg.siteprotect.com; auth=pass smtp.auth=huitema@huitema.net
X-Originating-IP: 64.26.60.151
X-SpamExperts-Domain: mfg.outbound
X-SpamExperts-Username: 64.26.60.150/31
Authentication-Results: mfg.siteprotect.com; auth=pass smtp.auth=64.26.60.150/31@mfg.outbound
X-SpamExperts-Outgoing-Class: ham
X-SpamExperts-Outgoing-Evidence: Combined (0.10)
X-Recommended-Action: accept
X-Filter-ID: Pt3MvcO5N4iKaDQ5O6lkdGlMVN6RH8bjRMzItlySaT8Fb+U2uGuqkQPRc1SbdDXqPUtbdvnXkggZ 3YnVId/Y5jcf0yeVQAvfjHznO7+bT5zBAzwSIZR2Os4N+s/lrMMMEU/zYEDVP22whYY8WpoGHSp3 cwQrbFTrcmiDymUFLpEGsEMNBvam7smVmt07op7bYjd5zmDI+g6elkVOm761Whv0vdxTnYXU9CNa j2S1UXERu69+1sJcnLY6koiG+Rk358fMnqZUTt7CyKlJUh+zhu7219qll5oteuQznMH+UrvloW5O 8nKi+aEgzCvYcGcNn17NKh9p/w7qzG8kYg5zcSBdmcsqSvM8aD2DlRGiCU+hCY5kibdqrmaokLEK d9w0KQZ4+heI8yYpwJ5ywMSnY3a5b1gnzWyileWS/MxhS9IY4L7u6QJ/jXXAPItovk04WCvmn1IS DvxBA68tSDRfJFvEkjU2IZs0qHcxreE84qWzFtXV8maz/1DxiEQsBT9b8p8NyvSkRHwTwTx9G1M5 EMvdGlnEQJMn5KuObFLxmLretxRp8RUXQ0zG3NTd7kg13WOGcz8xu9rZctX8sgTNonUlO58lzbID FnBI582KCIFDFxQeM5hKKDqHvwRqP46o31/E3ahF5MMcDI7KdpjQKQq00y8ef45tB3j6HRlrmdMi /N8uQ6NBdVvWgbLvK6Z3IO3fJ9DGWEJopzxygkVT7yk4xAm9D8KTeKJT7gNACPfxVynFIF3Xrs2K JHQMxL9PL44/hrSNUBLj7yl7ZdLauIw2HNAQHBPEUF9IEWosJVHsyQGaIHzHRldnuNh5co/AL6bG EU6TniS3OCnwVLTjkDzThqzFcMy7pHH9jcXXfxEj2d/xmizmqI+HnJWmDMLdQKcof8wqZrg1Xj+B VtcbX6nwr91lZN8JVcydBRphcAJK0fY/3gADQdrr7U0COoeGQd0kE+MbxRJ6df8DL1v6UxHGZr3b uysFs9dT83WQEMCjnbd12sivfR+zB2rVm30mUV8ShebT8U8Xw9HTDfreWeBFm9pNPUFDsiQcrCGS 6D1M8jeeJSytG/Wf88r2kBubK6391sxAqxbtq1CC1/LZwU9EUDwTCfbSvjFHgHqV660RNHZCFIG/ 9wYQQJyxC1I28DgKIfeVhSVdRinC5q1VkADk5nWIiIcthdTaotkIarQOjBgXlf3YbVfG6+cIUAg4 nWJ8xr0PBByl/sG5xgFyG2Z8WHz3Dshc1OOGUXnRskw=
X-Report-Abuse-To: spam@se02.mfg.siteprotect.com
Message-ID-Hash: L2ZR22WAETPSIOCHY7DTRYH4ZCAXNQYJ
X-Message-ID-Hash: L2ZR22WAETPSIOCHY7DTRYH4ZCAXNQYJ
X-MailFrom: huitema@huitema.net
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: TLS List <tls@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [TLS]Re: [⚠] Re: [EXTERNAL] Adoption call for SSLKEYLOG Extension file for ECH
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/ZZcivAUeaF8LGzsYN1Z0vbDnAM4>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>
I agree with Andrei. SSLKEYLOG is an extremely dangerous feature. I think the draft should only be adopted if it clearly state that the feature MUST NOT be deployed in production software. Using an environment variable may be a fine way to specify on which file copies of keys have to be written, but it is a terrible way to specify whether these keys should be. Environment variables can be installed by scripts, etc., and I can think of many ways of doing that without user awareness. I think that this functionality should be only compiled into builds that are specifically designated as "debug only", and that it should be turned on explicitly by some kind of user interaction. But really, I support Andrei's statement that there are many less intrusive ways to do debugging, such as using QLOG files in the case of QUIC. Enabling key export is a kind of nuclear option, and it should be hard to use, by design. -- Christian Huitema On 7/25/2024 11:01 AM, Andrei Popov wrote: > * The ultimate goal is to simplify adoption of ECH for both developers > of TLS software and implementers > > Understood; I do not question the goals of the authors. > > * Without a standard approach to troubleshooting every developer has > to build an individual set of bespoke troubleshooting tools. > > The troubleshooting approach used in this I-D is more invasive than it > needs to be. Troubleshooting can be accomplished in a number of ways, > including logs/traces that do not disclose all TLS-protected data. > > * We tried to keep wording in line with the keylogfile draft - for > instance in the applicability statement it is worded that "this > mechanism MUST NOT be used in a production system". > > That’s nice, but in practice this does not prevent abuse of the feature. > I would rather SSLKEYLOGFILE was documented by the SW vendors who choose > to implement it, in a repository outside of the IETF. I understand I’m > in the rough on this. > > Cheers, > > Andrei > > *From:*Yaroslav Rosomakho <yrosomakho=40zscaler.com@dmarc.ietf.org> > *Sent:* Thursday, July 25, 2024 10:12 AM > *To:* Andrei Popov <Andrei.Popov@microsoft.com> > *Cc:* TLS List <tls@ietf.org> > *Subject:* Re: [⚠️] [TLS]Re: [EXTERNAL] Adoption call for SSLKEYLOG > Extension file for ECH > > > > You don't often get email from yrosomakho=40zscaler.com@dmarc.ietf.org > <mailto:yrosomakho=40zscaler.com@dmarc.ietf.org>. Learn why this is > important <https://aka.ms/LearnAboutSenderIdentification> > > > > Thank you for the feedback, Andrei. > > Yes, it is intended to stay on the informational track as an extension > to draft-ietf-tls-keylogfile-02. We tried to keep wording in line with > the keylogfile draft - for instance in the applicability statement it is > worded that "this mechanism MUST NOT be used in a production system". > Happy to add stronger wording if that helps. > > The ultimate goal is to simplify adoption of ECH for both developers of > TLS software and implementers. Without a standard approach to > troubleshooting every developer has to build an individual set of > bespoke troubleshooting tools. Ability to inspect ECH negotiation in off > the shelf tools such as Wireshark during development or tests would > significantly help adoption. > > Best Regards, > > Yaroslav > > On Thu, Jul 25, 2024 at 9:31 AM Andrei Popov > <Andrei.Popov=40microsoft.com@dmarc.ietf.org > <mailto:40microsoft.com@dmarc.ietf.org>> wrote: > > I do not support adoption, because I believe the IETF should not > standardize tools and techniques for decrypting TLS-protected data. > It is harder for a TLS implementer to reject requests for > IETF-blessed functionality. > > (As long as this remains on the Informational track, I believe it's > somewhat less harmful.) > > Cheers, > > Andrei > > -----Original Message----- > From: Sean Turner <sean@sn3rd.com <mailto:sean@sn3rd.com>> > Sent: Thursday, July 25, 2024 9:16 AM > To: TLS List <tls@ietf.org <mailto:tls@ietf.org>> > Subject: [EXTERNAL] [TLS]Adoption call for SSLKEYLOG Extension file > for ECH > > At the IETF 120 TLS session there was interest in adopting the > SSLKEYLOG Extension file for ECH I-D > (https://datatracker.ietf.org/doc/draft-rosomakho-tls-ech-keylogfile/ <https://datatracker.ietf.org/doc/draft-rosomakho-tls-ech-keylogfile/>). This message starts a two-weekl call for adoption. If you support adoption and are willing to review and contribute text, please send a message to the list. If you do not support adoption of this I-D, please send a message to the list and indicate why. This call will close on 8 August 2024. > > Thanks, > Sean > _______________________________________________ > TLS mailing list -- tls@ietf.org <mailto:tls@ietf.org> > To unsubscribe send an email to tls-leave@ietf.org > <mailto:tls-leave@ietf.org> > > _______________________________________________ > TLS mailing list -- tls@ietf.org <mailto:tls@ietf.org> > To unsubscribe send an email to tls-leave@ietf.org > <mailto:tls-leave@ietf.org> > > > _______________________________________________ > TLS mailing list -- tls@ietf.org > To unsubscribe send an email to tls-leave@ietf.org
- [TLS]Adoption call for SSLKEYLOG Extension file f… Sean Turner
- [TLS]Re: [EXTERNAL] Adoption call for SSLKEYLOG E… Andrei Popov
- [TLS]Re: [⚠️] Re: [EXTERNAL] Adoption call for SS… Yaroslav Rosomakho
- [TLS]Re: [⚠️] Re: [EXTERNAL] Adoption call for SS… Bob Beck
- [TLS]Re: [⚠️] Re: [EXTERNAL] Adoption call for SS… Salz, Rich
- [TLS]Re: [⚠️] Re: [EXTERNAL] Adoption call for SS… Steven Valdez
- [TLS]Re: [EXTERNAL] Adoption call for SSLKEYLOG E… Stephen Farrell
- [TLS]Re: [⚠️] Re: [EXTERNAL] Adoption call for SS… Andrei Popov
- [TLS]Re: Adoption call for SSLKEYLOG Extension fi… Christopher Patton
- [TLS]Re: [⚠] Re: [EXTERNAL] Adoption call for SSL… Christian Huitema
- [TLS]Re: [⚠] Re: [EXTERNAL] Adoption call for SSL… Amir Omidi
- [TLS]Re: [⚠] Re: [EXTERNAL] Adoption call for SSL… Salz, Rich
- [TLS]Re: [EXTERNAL] Adoption call for SSLKEYLOG E… hannes.tschofenig
- [TLS]Re: [EXTERNAL] Adoption call for SSLKEYLOG E… Tim Bray
- [TLS]Re: [EXTERNAL] Adoption call for SSLKEYLOG E… Eric Rescorla
- [TLS]Re: [EXTERNAL] Adoption call for SSLKEYLOG E… Stephen Farrell
- [TLS]Re: [EXTERNAL] Adoption call for SSLKEYLOG E… Christian Huitema
- [TLS]Re: [EXTERNAL] Adoption call for SSLKEYLOG E… Ilari Liusvaara
- [TLS]Re: [EXTERNAL] Adoption call for SSLKEYLOG E… Amir Omidi
- [TLS]Re: [EXTERNAL] Adoption call for SSLKEYLOG E… Andrei Popov
- [TLS]Re: Adoption call for SSLKEYLOG Extension fi… Kyle Nekritz
- [TLS]Re: [EXTERNAL] Adoption call for SSLKEYLOG E… Mike Shaver