IETF Logo Mail Archive

[TLS] Re: 2nd Working Group Last Call for The SSLKEYLOGFILE Format for TLS

Ben Smyth <research@bensmyth.com> Thu, 20 February 2025 21:23 UTC

Return-Path: <research@bensmyth.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D525BC15152B for <tls@ietfa.amsl.com>; Thu, 20 Feb 2025 13:23:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.104
X-Spam-Level:
X-Spam-Status: No, score=-2.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=bensmyth.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hme3ytSKB_kl for <tls@ietfa.amsl.com>; Thu, 20 Feb 2025 13:23:26 -0800 (PST)
Received: from 99.smtp.34sp.com (99.smtp.34sp.com [46.183.8.116]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E26DFC169429 for <tls@ietf.org>; Thu, 20 Feb 2025 13:23:25 -0800 (PST)
X-34spcom-MailScanner-From: research@bensmyth.com
X-34spcom-MailScanner-SpamCheck: not spam, SpamAssassin (score=-1.995, required 6.5, autolearn=not spam, BAYES_00 -1.90, DKIM_SIGNED 0.10, DKIM_VALID -0.10, DKIM_VALID_AU -0.10, HTML_MESSAGE 0.00, RCVD_IN_VALIDITY_RPBL_BLOCKED 0.00, RCVD_IN_VALIDITY_SAFE_BLOCKED 0.00, SPF_HELO_NONE 0.00, URIBL_BLOCKED 0.00)
X-34spcom-MailScanner: Found to be clean
X-34spcom-MailScanner-ID: D9EEA5D05.A0184
X-34spcom-MailScanner-Information: Please contact the ISP for more information
Received: from smtpauth5.mailarray.34sp.com (lvs5.34sp.com [46.183.13.73]) by 99.smtp.34sp.com (Postfix) with ESMTPS id D9EEA5D05 for <tls@ietf.org>; Thu, 20 Feb 2025 21:23:15 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 99.smtp.34sp.com D9EEA5D05
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bensmyth.com; s=dkim; t=1740086595; bh=u/dwyOsBTV69wMC3woee9FXjY5CxTdNaCVvRZpsHXOU=; h=References:In-Reply-To:Reply-To:From:Date:Subject:To:Cc:From; b=c1OeaFRcROHOY9icSC2n1OsGyDd1EtFjuU1xEJT6FMcUIINB9VE7NfJsdrPvYMPKn fiYbMVCiC7H7ZLxz3HgWZuqqKkdLLL+pTU9ck9QKv4WdoYifhfrHKSLeYuFLDQO/qK Y3gzGOiR0ikWzsqFgf/K07qnpjDAXT1ZMR7MswxQ=
Received: from mail-pj1-f46.google.com ([209.85.216.46]:33029) by smtpauth5.mailarray.34sp.com with esmtpsa (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.92) (envelope-from <research@bensmyth.com>) id 1tlE0p-0006NW-Mk for tls@ietf.org; Thu, 20 Feb 2025 21:23:15 +0000
Received: by mail-pj1-f46.google.com with SMTP id 98e67ed59e1d1-2fbf77b2b64so2904330a91.2 for <tls@ietf.org>; Thu, 20 Feb 2025 13:23:15 -0800 (PST)
X-Forwarded-Encrypted: i=1; AJvYcCXuflBI5Fw7e07/4aRSiZiDulFdQtYnXVwSH2EtLrHNxAfFK1jATdsbTrxVTGfmG/IVb48=@ietf.org
X-Gm-Message-State: AOJu0YwWYoiZfUYl6cc+v0bJNU1EWDm2IemHOFkKXq9lrUKY8sFWG/kR 758dukrJTMSO5kk+XlM+vR+BF7mh0K+cbRU9ky6H5/1ouh1fPFjXa1mol14HtutVr0ZrhB8l47+ hGvhpe6tQkTSGLz4q5vhm9gFSBb4=
X-Google-Smtp-Source: AGHT+IEXO8Gke+n9GQQOIsbez6eXz7LXTFdXjnMHqKN0MJ5oMvuEG+XWh4Sl15A0ZZciPskQJGT8yPWi4cr6Ib8zXtM=
X-Received: by 2002:a17:90b:2688:b0:2ee:f687:6adb with SMTP id 98e67ed59e1d1-2fce77a0195mr1096473a91.3.1740086593833; Thu, 20 Feb 2025 13:23:13 -0800 (PST)
MIME-Version: 1.0
References: <6a27cae41645539b3fa90b5f83a8973c73cdd6a0.camel@aisec.fraunhofer.de> <CAMW8nPuFWacYKRvbm54P0w4oMbL8u_EAvPRsfwCWM4uq6LGBZg@mail.gmail.com>
In-Reply-To: <CAMW8nPuFWacYKRvbm54P0w4oMbL8u_EAvPRsfwCWM4uq6LGBZg@mail.gmail.com>
From: Ben Smyth <research@bensmyth.com>
Date: Thu, 20 Feb 2025 22:23:03 +0100
X-Gmail-Original-Message-ID: <CA+_8xu1ijPPsVR8V=pTnc_v6HN5Uq2SChrjhaNyEQbf1PpcgsQ@mail.gmail.com>
X-Gm-Features: AWEUYZkJBVwon6nOmbXsSc-PWG1Q8XS7Tsq5mrChS--mX5E7p6uRN2CybKFMESI
Message-ID: <CA+_8xu1ijPPsVR8V=pTnc_v6HN5Uq2SChrjhaNyEQbf1PpcgsQ@mail.gmail.com>
To: _ _ <robainloynet@gmail.com>
Content-Type: multipart/alternative; boundary="0000000000004ddfcb062e997b9b"
X-Authenticated-As: f594447444afb5e8e542d6cd3ee989c5ad593da02deb40a8d61181d2a2c508bd
X-OriginalSMTPIP: 209.85.216.46
Message-ID-Hash: IMROZPSF3JVSLVMRIARO2FDO4EVSEAJS
X-Message-ID-Hash: IMROZPSF3JVSLVMRIARO2FDO4EVSEAJS
X-MailFrom: research@bensmyth.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "Bellebaum, Thomas" <thomas.bellebaum@aisec.fraunhofer.de>, "<tls@ietf.org>" <tls@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Reply-To: research@bensmyth.com
Subject: [TLS] Re: 2nd Working Group Last Call for The SSLKEYLOGFILE Format for TLS
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/ZwFKb4mLNjsOZ1lAJXAcEfWO0Qs>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

Standard file formats seem fine, non?

On Thu, 20 Feb 2025, 21:20 _ _, <robainloynet@gmail.com> wrote:

> Hey,
>
> I disagree with this because if an attacker could write to the environment
> variable used by the program or is able to side-load a library and capture
> outbound packets, it is very likely that they already have privileged
> access to the machine.
>
> However, I acknowledge that allowing an attacker to easily access these
> functions is not desirable.
>
> In this specific case, environment variables are secure enough.
>
> Romain
>
>
> Le jeu. 20 févr. 2025, 10:15, Bellebaum, Thomas <
> thomas.bellebaum@aisec.fraunhofer.de> a écrit :
>
>> Hello,
>>
>> I have just become aware of this draft and I believe there might be a
>> good cautionary addition I would like to propose:
>>
>> Specifically, I am worried that with further encouragement to standardize
>> this format, it will become a convenient way to surveil unsuspecting end
>> users. All this requires is "some" access to the system, for many
>> implementations this includes setting an environment variable. What an
>> attacker gains is then something more reliable, machine-readable (and in
>> many cases useful) than a simple keylogger.
>>
>> The problem here (in my opinion) is the word "unsuspecting". I would like
>> to see an addition to the draft along the following lines:
>>
>> > A TLS application interacting with an end-user (e.g. a browser) MUST
>> clearly communicate any requests to log TLS secrets to the user and MUST
>> NOT indicate a secure connection.
>>
>> Otherwise, this draft looks fine to me.
>> Thanks for your efforts,
>>
>> Thomas
>>
>> --
>>
>> ```
>> M.Sc. Thomas Bellebaum
>> Applied Privacy Technologies
>> Fraunhofer Institute for Applied and Integrated Security AISEC
>>
>> Lichtenbergstraße 11, 85748 Garching
>> <https://www.google.com/maps/search/Lichtenbergstra%C3%9Fe+11,+85748+Garching?entry=gmail&source=g>
>> near Munich (Germany)
>> Tel. +49 89 32299 86 1039
>> thomas.bellebaum@aisec.fraunhofer.de
>> https://www.aisec.fraunhofer.de
>>
>> ```
>> _______________________________________________
>> TLS mailing list -- tls@ietf.org
>> To unsubscribe send an email to tls-leave@ietf.org
>>
> _______________________________________________
> TLS mailing list -- tls@ietf.org
> To unsubscribe send an email to tls-leave@ietf.org
>

v2.46.0 | Report a Bug | By Email | System Status