IETF Logo Mail Archive

[TLS] Re: 2nd Working Group Last Call for The SSLKEYLOGFILE Formatfor TLS

Arnaud Taddei <arnaud.taddei@broadcom.com> Tue, 25 February 2025 09:23 UTC

Return-Path: <arnaud.taddei@broadcom.com>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id AECE8DE8C0 for <tls@mail2.ietf.org>; Tue, 25 Feb 2025 01:23:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.539
X-Spam-Level:
X-Spam-Status: No, score=-2.539 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.442, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietfa.org (amavisd-new); dkim=pass (1024-bit key) header.d=broadcom.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietfa.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id slufbJm5JY96 for <tls@mail2.ietf.org>; Tue, 25 Feb 2025 01:23:40 -0800 (PST)
Received: from mail-yb1-xb2c.google.com (mail-yb1-xb2c.google.com [IPv6:2607:f8b0:4864:20::b2c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 458ECDE89A for <tls@ietf.org>; Tue, 25 Feb 2025 01:23:40 -0800 (PST)
Received: by mail-yb1-xb2c.google.com with SMTP id 3f1490d57ef6-e5dc299deb4so4801648276.1 for <tls@ietf.org>; Tue, 25 Feb 2025 01:23:40 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=broadcom.com; s=google; t=1740475420; x=1741080220; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=w7mLa3YS1FovTwf2Ky/Tf/b3YzbuXpM3M9cwKQwiML0=; b=aWqlr+sP9oNsI0h5gne2m3iEuVzFz2VwxX3p4hNDy0+aJuezesVTbaxO+afLIorlpQ 2QAiF45Tws87oP6qKx7j4eoG8LFfG0BCWm3tLaMiUfYEejMlLYrkOh/Dj2n+O5OAex1V 8LNIwti/I2uQM7033Keq6LWUdurYIyTB4baQU=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740475420; x=1741080220; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=w7mLa3YS1FovTwf2Ky/Tf/b3YzbuXpM3M9cwKQwiML0=; b=kKuDU4pLdC5T6P0EqICiKfHGG85Edr08aoPAaFVXvKmuKq3IdVUfX6JdOl6lMBcLlU 5uO2Tq9Kvea384zfaHlYBZ1t+2ZrYDK3bukJIUW5Cy+XaeRc574e7BqgyXM1eItd8JBk 400HnQ+9NGLR7FR3H9NI9sResJsmL1OEN47YwZJKUeCGrCop1qFB7BLwNuBC4vqIrtfe VJ2zle8AQ/GMApS/Zl68M9FgT59Whxb0C354BgQZAE1e5kkN1Gi1m7GhSOJnSZEWo4dm BzjvCniwIrXh3s3rHp1XPrKarO66TcmmTX41siKxXcK0IbkUJbe+H/3eEmB79aDJpp2w FCpQ==
X-Forwarded-Encrypted: i=1; AJvYcCV6xtSYgwHg73DArExSqiRX2gh65UBqDSojG2ijz1IoYM5qI9TQWfpWxwTTs5TBbgFF3EY=@ietf.org
X-Gm-Message-State: AOJu0YxaryOMr6lDU88aDbM6K+UidZME+7Ok/7ltfUu9mSYVa5Xaf2uf ZkuVetvwWsiNk0HRdEK970/Wo3PJnvvsgch7lFM4gnHE6hajKAr3Yg4t8+swde9S/wMmB7MKKRZ 0LqAILcKbpyN/3HlW2fqyC5yVgv/mAQzR6sslQqMi0zoLxqxRGhbvac71LduiQJhr8wpt3j+tJ9 8A6ZEr
X-Gm-Gg: ASbGnct6x4VYBdYEAQ2S+HuJQXfh+LieAtZ9XW6WOEGxjJXyZzg+feRWGBw8ob+Yoy/ kkqifFZQOZklID5A9NTxDSFaQHfj5veoxozUhQIatG4Jy0OmDZPS6vQ8y14yerRZKi8sXvGpt+8 IKOO+W764=
X-Google-Smtp-Source: AGHT+IEbXgc66bOo+CS3TdB6yXZVZTr8Hk821maEegug5DDcGBHWmUz/Fw4ahbF0NWCzGgDBV0BJ9/mV3MIKxOZyCz0=
X-Received: by 2002:a05:6902:1546:b0:e5d:cdc6:7acf with SMTP id 3f1490d57ef6-e5e246719ebmr11600135276.31.1740475419721; Tue, 25 Feb 2025 01:23:39 -0800 (PST)
MIME-Version: 1.0
References: <6a27cae41645539b3fa90b5f83a8973c73cdd6a0.camel@aisec.fraunhofer.de> <CA+_8xu1nDDHuqRbh2OvRVkvxPyLcJS==rumo3sxPC56NsWLCMw@mail.gmail.com> <93eb1e78c7348459fc92ff874c7e691baf4a0bf0.camel@aisec.fraunhofer.de> <ee908b7b-da13-4840-b70a-84dd66d4bc1f@redhat.com> <2e57a347-cbfc-487c-8b3e-7ee240913ed2@tu-dresden.de> <8fb60e2e-5103-4511-9c97-6b59bae1c5dc@redhat.com> <CAN8NK9HvfsoePrW9ft_krVtiAV7aYrf4suD52=pQUmG543W-0Q@mail.gmail.com> <e2b73144-8ccb-4ff8-a32c-2c7aefefc7d1@betaapp.fastmail.com> <CAN8NK9GhzyfjE3-pEJfTqDMDvo98v9EcW3ZZKea_YZVid-RJow@mail.gmail.com>
In-Reply-To: <CAN8NK9GhzyfjE3-pEJfTqDMDvo98v9EcW3ZZKea_YZVid-RJow@mail.gmail.com>
From: Arnaud Taddei <arnaud.taddei@broadcom.com>
Date: Tue, 25 Feb 2025 10:23:28 +0100
X-Gm-Features: AWEUYZl2096IJGZdtE8NUZeOjksYWfvkDO0nALL2-GnkJ9zeJCsb_l2Pa-OtCOc
Message-ID: <CAMTNNNed3Cccx+hmVdkp7=b6Qf0awDkj2=SSqbFBiy4FO7X0Wg@mail.gmail.com>
To: Aaron Zauner <azet=40azet.org@dmarc.ietf.org>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="000000000000266832062ef40359"
Message-ID-Hash: D4DJ2Z27NHC6GWGLUY7ITPRJAZWQJVVO
X-Message-ID-Hash: D4DJ2Z27NHC6GWGLUY7ITPRJAZWQJVVO
X-MailFrom: arnaud.taddei@broadcom.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "Bellebaum, Thomas" <thomas.bellebaum@aisec.fraunhofer.de>, tls@ietf.org
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: 2nd Working Group Last Call for The SSLKEYLOGFILE Formatfor TLS
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/c-evcvcN0JvRlEkFywbxoOMZUyg>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

sorry, open source != standardisation and vice versa

Arnaud Taddei

Global Security Strategist | Enterprise Security Group | ITU-T SG17 chair

mobile: +41 79 506 1129

Geneva, Switzerland

arnaud.taddei@broadcom.com | broadcom.com


On Mon, Feb 24, 2025 at 11:30 PM Aaron Zauner <azet=
40azet.org@dmarc.ietf.org> wrote:

> Hey,
>
> On Mon 24. Feb 2025 at 22:54, Martin Thomson <mt@lowentropy.net> wrote:
>
>> On Tue, Feb 25, 2025, at 06:56, Aaron Zauner wrote:
>> > To be clear; I agree with that in principle but have the feeling that
>> > the discussion around an applicable threat model misses the issue of
>> > what should be in IETF and what should be in development docs,
>> > debugging tools etc entirely. I'm not currently working on maintaining
>> > a crypto lib as many of you are but you can't honestly tell me it's not
>> > possible to work on your end without IETF guidance on debug specifics
>> > that allow encrypted traffic detail export -- which you already have in
>> > place for debug and dev anyway.
>>
>> This also misses the point.  The existence of this format (it will exist
>> whether the IETF publishes a document or not) has enabled interoperation
>> between a number of tools.  The point of moving this work to the IETF was
>> to transfer governance from what was ad hoc to something recognized and
>> respected by the community of people who build the interoperating tools.
>>
>> Some people view interoperable standards as somehow changing the demand
>> and availability of the thing they document.  Maybe that's true in some
>> markets, but my experience is that the demand is what causes the creation
>> of standards, not the other way around.  Also, if there were not already
>> interoperation and you were concerned that interoperation would cause
>> problems, this might be problematic, but this is a case where that
>> interoperation already exists
>
>
> I understand your point and just like config formats I see why you'd want
> to have a published document. But just like with configs it's part of the
> local tool chain and not a wire format. Open source projects have been able
> to work with them and use them without involving IETF. I'm just not sure
> this is the right place for the document. You've done the work and
> documentation anyway already, and you're interoperable. What do you really
> gain by having this in IETF? It's also a fringe topic; With that I mean in
> this case that it's debug specific to a few projects related to TLS and
> while this is the TLS WG it's still a tooling issue in my estimate. I'm
> really not sure what the big upside is of having it published here. A lot
> of chrome, openssl and other tool chain specifics are likewise only
> documented in the relevant project documents and it works fine for everyone
> involved; Is there any precedent that showed we need this in IETF - ie.
> where interop and debugging didn't work out because you couldn't already
> agree on a format and document it? Because it seems to me the community has
> already achieved all of this due to your and other people's contribution
> without adding it as an IETF doc.
>
> Thanks,
> Aaron
>
>
>
>> _______________________________________________
> TLS mailing list -- tls@ietf.org
> To unsubscribe send an email to tls-leave@ietf.org
>

-- 
This electronic communication and the information and any files transmitted 
with it, or attached to it, are confidential and are intended solely for 
the use of the individual or entity to whom it is addressed and may contain 
information that is confidential, legally privileged, protected by privacy 
laws, or otherwise restricted from disclosure to anyone else. If you are 
not the intended recipient or the person responsible for delivering the 
e-mail to the intended recipient, you are hereby notified that any use, 
copying, distributing, dissemination, forwarding, printing, or copying of 
this e-mail is strictly prohibited. If you received this e-mail in error, 
please return the e-mail to the sender, delete it from your computer, and 
destroy any printed copy of it.

v2.46.0 | Report a Bug | By Email | System Status