Re: [TLS] Working Group Last Call for SSLKEYLOG File
Sean Turner <sean@sn3rd.com> Thu, 04 April 2024 04:36 UTC
Return-Path: <sean@sn3rd.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EDB67C14F680 for <tls@ietfa.amsl.com>; Wed, 3 Apr 2024 21:36:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sn3rd.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R-pYyZnL5h2W for <tls@ietfa.amsl.com>; Wed, 3 Apr 2024 21:36:08 -0700 (PDT)
Received: from mail-qt1-x835.google.com (mail-qt1-x835.google.com [IPv6:2607:f8b0:4864:20::835]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9DDE5C14F696 for <tls@ietf.org>; Wed, 3 Apr 2024 21:36:08 -0700 (PDT)
Received: by mail-qt1-x835.google.com with SMTP id d75a77b69052e-430a25ed4e7so3459031cf.0 for <tls@ietf.org>; Wed, 03 Apr 2024 21:36:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sn3rd.com; s=google; t=1712205367; x=1712810167; darn=ietf.org; h=to:references:message-id:content-transfer-encoding:cc:date :in-reply-to:from:subject:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=6eY7eEKwF2VeWcq8GZRmIp5kgCJmrscu7dVxggal7GU=; b=MrLTWOD52Q7o3iPbv4Q+9W0onwY4bg9hjigxdl+MfcHZeAH5mZ4BqsnfhMxl3JhQwj Hy3hsSVe1t+mzzSAGk5fqlqf6cG8kW6bModbwdBxHwVUuCxZYAZjySBSF9V3Kbqo9K99 xYdJJz48Le1L/hHv3j/65OpAACriy3kTQMqqA=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712205367; x=1712810167; h=to:references:message-id:content-transfer-encoding:cc:date :in-reply-to:from:subject:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=6eY7eEKwF2VeWcq8GZRmIp5kgCJmrscu7dVxggal7GU=; b=PRTPheP2Rykq0tHTN0dNxdXHvUH6uhjGH6lXs9l8uWgrojvBjmyEGGCVW4F2MUs3Sq IX/9lFLuOBbtYzuyaozeklXjYtkz6n4EFyRMI/iZXEjHjePlqz5o+ZfrQitKgz/ANL92 wl7OwdSXuI0NNqmymI5S5uRcBh7yIrLjRFl3IuL3redtYTaQglCoxPGdlW5vQ5lvuLcD qr8KNquoA0ok1u33Jd755s5/0Rmk+DEIOBABu5Zrgfe18sJYeLIxmVg8xY48Ka7OuM+Q YTum0DIUuUFy9OsmNe6ai+rss5n/6pMScUW7OQTJUl0Dy0nnV1o/65f7yibbpCkURYLE XU/g==
X-Forwarded-Encrypted: i=1; AJvYcCW6SPYlNZQe1jwKRy1k+jQ6uSxELloWTMY9v0ILGogCVJCd+3Y3wWdOWR781rmJYWWmDyqX+nfhVJ/3hxw=
X-Gm-Message-State: AOJu0YzVrgE2bUbo8yY/aT4ifsAsXWyTYyCMUdG2hV1yBd7iUaLIqq6x zHzs0u8faZSj3Pv5JSJT23VCobCh5yNqrNjS/TLdfecF/Qt+Bw19SIIAKXXHcBY4CADFKVq18td t
X-Google-Smtp-Source: AGHT+IFZd/dVJv1NNcOiaPv8FqxjR6GnSvr9seCoKuZJztPbUsqxytAY/T4WMw4a+j0/KXQ34raJ8w==
X-Received: by 2002:a05:622a:290:b0:434:345d:2613 with SMTP id z16-20020a05622a029000b00434345d2613mr1591413qtw.68.1712205367609; Wed, 03 Apr 2024 21:36:07 -0700 (PDT)
Received: from smtpclient.apple (pool-68-238-162-47.washdc.fios.verizon.net. [68.238.162.47]) by smtp.gmail.com with ESMTPSA id i7-20020a05622a08c700b0043453ba4de7sm16844qte.10.2024.04.03.21.36.06 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 03 Apr 2024 21:36:07 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.120.0.1.15\))
From: Sean Turner <sean@sn3rd.com>
In-Reply-To: <b66264ba-6a7e-4303-a929-7b678177828f@cs.tcd.ie>
Date: Thu, 04 Apr 2024 00:36:06 -0400
Cc: Martin Thomson <mt@lowentropy.net>, TLS List <tls@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <BF29AC3E-BBF3-4C7F-A146-10EF1AE146B7@sn3rd.com>
References: <01AF00B4-F9A5-4A25-A6CB-E1D84CF8D11F@sn3rd.com> <9D9F69D3-C1B8-47AD-BBF9-89E0FBECC629@sn3rd.com> <385CD19F-EA1E-4B47-B118-C4FA78B1B317@sn3rd.com> <b66264ba-6a7e-4303-a929-7b678177828f@cs.tcd.ie>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
X-Mailer: Apple Mail (2.3654.120.0.1.15)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/bgcZ80fK-U8RPIZwts39et96oWM>
Subject: Re: [TLS] Working Group Last Call for SSLKEYLOG File
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Apr 2024 04:36:13 -0000
Noted in the Shepherd write-up. spt > On Apr 2, 2024, at 20:30, Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote: > > > Hiya, > > This is basically for the record and not an objection to proceeding. > > On 02/04/2024 17:34, Sean Turner wrote: >> This WGLC has concluded. There is consensus to move this document forward. >> The material change was to add a security consideration about forward secrecy guarantees being negated if the key material is leaked: >> https://github.com/tlswg/sslkeylogfile/pull/7/files >> We will not be asking the formal analysis folks to weigh in on this I-D; we all know the file’s content are the keys to the kingdom. >> Martin: If you can spin a new version, I can get the Shepherd write-up drafted. > > I like the addition in -01 but would still have preferred if we > weren't so awfully oblique about the consequences of running a > production system with this logging enabled. > > Were it up to me (and it's not) I'd suggest an additional addition > along the lines of: > > "Systems that enable logging as described here are (while logging > is enabled) unlikely to be consistent with requirements to make use > of state-of-the-art protections, as e.g. is called-for by GDPR > article 32 [1]" > > I suppose one could also re-do the above suggested text to refer > to RFC6919, section 3:-) [2] > > Again, I'm not objecting to proceeding, just bemoaning what I see > as us being so oddly timid in calling out real issues. > > Cheers, > S. > > [1] https://gdpr-info.eu/art-32-gdpr/ > [2] https://datatracker.ietf.org/doc/html/rfc6919#section-3 > >> spt >>> On Mar 28, 2024, at 09:24, Sean Turner <sean@sn3rd.com> wrote: >>> >>> Just a reminder that this WGLC ends soon! >>> >>> spt >>> >>>> On Mar 12, 2024, at 10:57, Sean Turner <sean@sn3rd.com> wrote: >>>> >>>> This is the working group last call for the SSLKEYLOGFILE Format for TLS Internet-Draft [1]. Please indicate if you think the I-D is ready to progress to the IESG and send any comments to the list by 31 March 2024. >>>> >>>> The GH repo for the I-D can be found at [2]. >>>> >>>> Thanks, >>>> >>>> Joe, Deirdre, and Sean >>>> >>>> [1] https://datatracker.ietf.org/doc/draft-ietf-tls-keylogfile/ >>>> [2] https://github.com/tlswg/sslkeylogfile >>> >> _______________________________________________ >> TLS mailing list >> TLS@ietf.org >> https://www.ietf.org/mailman/listinfo/tls > <OpenPGP_0xE4D8E9F997A833DD.asc>
- [TLS] Working Group Last Call for SSLKEYLOG File Sean Turner
- Re: [TLS] Working Group Last Call for SSLKEYLOG F… Stephen Farrell
- Re: [TLS] Working Group Last Call for SSLKEYLOG F… Yaakov Stein
- Re: [TLS] Working Group Last Call for SSLKEYLOG F… Salz, Rich
- Re: [TLS] Working Group Last Call for SSLKEYLOG F… John Mattsson
- Re: [TLS] Working Group Last Call for SSLKEYLOG F… Eric Rescorla
- Re: [TLS] Working Group Last Call for SSLKEYLOG F… Stephen Farrell
- Re: [TLS] Working Group Last Call for SSLKEYLOG F… Eric Rescorla
- Re: [TLS] Working Group Last Call for SSLKEYLOG F… Martin Thomson
- Re: [TLS] Working Group Last Call for SSLKEYLOG F… Benjamin Kaduk
- Re: [TLS] Working Group Last Call for SSLKEYLOG F… Stephen Farrell
- Re: [TLS] Working Group Last Call for SSLKEYLOG F… Eric Rescorla
- Re: [TLS] Working Group Last Call for SSLKEYLOG F… Dennis Jackson
- Re: [TLS] Working Group Last Call for SSLKEYLOG F… Watson Ladd
- Re: [TLS] Working Group Last Call for SSLKEYLOG F… Martin Thomson
- Re: [TLS] Working Group Last Call for SSLKEYLOG F… Stephen Farrell
- Re: [TLS] Working Group Last Call for SSLKEYLOG F… Sean Turner
- Re: [TLS] Working Group Last Call for SSLKEYLOG F… Sean Turner
- Re: [TLS] Working Group Last Call for SSLKEYLOG F… Sean Turner
- Re: [TLS] Working Group Last Call for SSLKEYLOG F… Stephen Farrell
- Re: [TLS] Working Group Last Call for SSLKEYLOG F… Sean Turner