IETF Logo Mail Archive

Re: [TLS] sslkeylogfile

Martin Thomson <mt@lowentropy.net> Fri, 25 November 2022 07:21 UTC

Return-Path: <mt@lowentropy.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7612BC14F693 for <tls@ietfa.amsl.com>; Thu, 24 Nov 2022 23:21:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.797
X-Spam-Level:
X-Spam-Status: No, score=-2.797 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b=uGlpw9mt; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=DBgZTGov
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PX-8GCYvpfPq for <tls@ietfa.amsl.com>; Thu, 24 Nov 2022 23:21:00 -0800 (PST)
Received: from wout4-smtp.messagingengine.com (wout4-smtp.messagingengine.com [64.147.123.20]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A6522C14F72A for <tls@ietf.org>; Thu, 24 Nov 2022 23:21:00 -0800 (PST)
Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.west.internal (Postfix) with ESMTP id 7FD223200657; Fri, 25 Nov 2022 02:20:59 -0500 (EST)
Received: from imap41 ([10.202.2.91]) by compute3.internal (MEProxy); Fri, 25 Nov 2022 02:20:59 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=cc:content-type:date:date:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:sender:subject :subject:to:to; s=fm2; t=1669360859; x=1669447259; bh=eVRHdFGa5o phI+wT0kaAU0dD7VYZ+8NxNzqoS4nd53E=; b=uGlpw9mtNkQhXdkHBn/vkjYtah Ptb7Mvif9jHty4GraD5nQkBBuqTEjg1q/fOaafHPxk63vEKgbwtflzdwKOOHn0mr wS5C63mX5rWBpHmIG4272CqVAQv2BcWKnFQnVNymNha7zowxv0+U3eg4MEzvDntq eE9KyotJjGAb8rY4WgLnjSu/7BED3lG5ySwnwt1p0G40jcZTDWM91Pv/4QQVImjf uJxNZ1GtWsomn6lGPYhKgncqs6wyB0BGneF9ekgCUQACb+3acYYSybL4OxXRFTQK ZQ8KZU8aL8cuyVc16EIspQ7Xqic0v8FznLJCTiJNi+WUKxreO0/dKvLZ0ihg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:date:feedback-id :feedback-id:from:from:in-reply-to:in-reply-to:message-id :mime-version:references:reply-to:sender:subject:subject:to:to :x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm1; t=1669360859; x=1669447259; bh=eVRHdFGa5ophI+wT0kaAU0dD7VYZ +8NxNzqoS4nd53E=; b=DBgZTGovlslztOmiq/JX89HBIC0+/feOFCzYLrGWR5mB bGxO1sYOcVwpq3M51/hcmwgEzL6iDWdfnnsT878I/2DzX2m/Vt6HsLt1g+2yKzrK Sw+5JauIHKMKskLz94lJsD0MTGerUPeaKhvw+G+9O6b/svQWaDA8s0vb05w9V04f +DH8RgnTPNR1FrpRMPRjBJbDnedhvHZ+qhrYWVCVUv1/198a/R7EyDXnIbjdo98j nvzVgRoBfNbMFkWWN9wIapTWUzWUHS2S+EbNc9d5zRqMp+Zn7e/Kz0Z/FCd7U58X MFIaS2EOGf33GE4txldsJFE7BzzBdyjqeRh3u+nmHg==
X-ME-Sender: <xms:2myAY0hGl2aIEvhjt7t0zeS5Rl6mSMSOVSTp9D8Xggwc5G0KDrVE5Q> <xme:2myAY9C44xkKw_SE9GPJeWgzmo8-BvE_Nodo3FC4tnvjIrKk18_gtt0ggh7zMYdhx BBzd-nH0dNrDYcKzLA>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvgedrieeggddutdeiucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepofgfggfkjghffffhvffutgesthdtredtreertdenucfhrhhomhepfdforghr thhinhcuvfhhohhmshhonhdfuceomhhtsehlohifvghnthhrohhphidrnhgvtheqnecugg ftrfgrthhtvghrnheptdeghfekgeffhfetfeejkeevfeetheehleegheehveelfeetfeei keefgfejvdegnecuffhomhgrihhnpehgihhthhhusgdrtghomhenucevlhhushhtvghruf hiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehmtheslhhofigvnhhtrhhophih rdhnvght
X-ME-Proxy: <xmx:2myAY8HoIFU9KsgAOvdIxZ3Lj0awK_yKUFlM6ty6VsB5dJ1dLsFhXg> <xmx:2myAY1Ts7wQmK1MAPnSh6Jt3uNZ5vPTLyMkX5B9UWm-77PqRiO3aTg> <xmx:2myAYxzcLprVejQKDb7xYQISdIA9oEtpeuUtgSqwnRXb6Qi0P6o1cQ> <xmx:22yAY_b8_xQ_lDlrWkyQnuSaRbNPHqAJsO4wUTUMrhFV16kGhLLlvQ>
Feedback-ID: ic129442d:Fastmail
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 28FEA234007B; Fri, 25 Nov 2022 02:20:58 -0500 (EST)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.7.0-alpha0-1115-g8b801eadce-fm-20221102.001-g8b801ead
Mime-Version: 1.0
Message-Id: <92024718-5288-4689-9b94-72f872306221@betaapp.fastmail.com>
In-Reply-To: <HE1PR0701MB305095B3BF1E2A523C0D9BD9890F9@HE1PR0701MB3050.eurprd07.prod.outlook.com>
References: <b06377d9-1b08-484b-9dcb-f78a88b702b3@betaapp.fastmail.com> <SY4PR01MB625160910AEE576116655556EE319@SY4PR01MB6251.ausprd01.prod.outlook.com> <53106303-fbd6-42eb-b6eb-1c0a1b3b2f51@betaapp.fastmail.com> <SY4PR01MB6251422A1C6B20AA38160BF9EE319@SY4PR01MB6251.ausprd01.prod.outlook.com> <8c5dfa96-dbb9-4896-98c7-6a4424f7b60a@betaapp.fastmail.com> <SY4PR01MB6251B7363193F1BEA854819CEE319@SY4PR01MB6251.ausprd01.prod.outlook.com> <e3bb55a3-c071-4eb9-96f9-fe52ab38a8c3@betaapp.fastmail.com> <HE1PR0701MB305095B3BF1E2A523C0D9BD9890F9@HE1PR0701MB3050.eurprd07.prod.outlook.com>
Date: Fri, 25 Nov 2022 18:20:36 +1100
From: Martin Thomson <mt@lowentropy.net>
To: John Mattsson <john.mattsson@ericsson.com>, Peter Gutmann <pgut001@cs.auckland.ac.nz>, "tls@ietf.org" <tls@ietf.org>
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/asF5iraGm1B41LZTS8-mpcHSaSA>
Subject: Re: [TLS] sslkeylogfile
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Nov 2022 07:21:05 -0000

Thanks for the input John,

I agree on both points, the minor one and the substantive one.

https://github.com/martinthomson/sslkeylogfile/pull/1  is my attempt to put something stronger about usage/applicability up front.  Do you think that is sufficient?

On Thu, Nov 24, 2022, at 21:37, John Mattsson wrote:
> Hi,
> 
> Two high level comments:
>
>
> - OLD: "though use of earlier versions is strongly discouraged [RFC8996]"
> 
> That is not what RFC 8996 says. RFC 8996 says
> 
> - "TLS 1.1 MUST NOT be used."
> - "TLS 1.1 MUST NOT be used."
> 
> Please change to something that aligns with RFC 8996 such as
> 
> NEW: "though use of earlier versions is forbidden [RFC8996]"
> 
> 
> -  "Access to the content of a file in SSLKEYLOGFILE allows an attacker
>    to break the confidentiality protection on any TLS connections that
>    are included in the file."
> 
> This is true but does not at all reflect the implications of the 
> existence of a file for long-term storage of keys like this. Storing 
> any of the keying material like this completely breaks the stated 
> forward secrecy property of TLS 1.3 as it creates new long-term keys. 
> It does not matter how well the file is protected i.e.,
> 
>    "Ensuring adequate access control on these files therefore becomes
>    very important."
> 
> is not enough. The theoretical security properties are still broken 
> badly. I think this draft is problematic, but I can understand the need 
> to standardize this existing format. I think the fact that 
> SSLKEYLOGFILE breaks the security properties of TLS 1.3 needs to very 
> clearly described. As a consequence, I think the only allowed use case 
> standardized by TLS WG should be limited to non-production debugging. 
> If governments and companies wanting visibility do other things, that 
> would be outside of IETFs control.

v2.23.0 | Report a Bug | By Email