IETF Logo Mail Archive

[TLS] Re: Additional uses for SSLKEYLOGFILE entries

John Mattsson <john.mattsson@ericsson.com> Fri, 28 February 2025 10:47 UTC

Return-Path: <john.mattsson@ericsson.com>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id B01D139853B for <tls@mail2.ietf.org>; Fri, 28 Feb 2025 02:47:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.537
X-Spam-Level:
X-Spam-Status: No, score=-2.537 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.442, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=ericsson.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SFEvRhGkfuas for <tls@mail2.ietf.org>; Fri, 28 Feb 2025 02:47:49 -0800 (PST)
Received: from EUR02-DB5-obe.outbound.protection.outlook.com (mail-db5eur02on2057.outbound.protection.outlook.com [40.107.249.57]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 8E511398534 for <tls@ietf.org>; Fri, 28 Feb 2025 02:47:49 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=Louw0+Y6MNbQw/gZWUSLCl/dObJdqYp5A3pERAfLp1CMBrp/3jPbsba+xdL8YYLTslM0iZKzevqOdavJxPizdLgET8pVxHNOftBuGGEuhp6qpJba6zwUcr6GtXwkLhYCbCuMcWr/UJQGX3R+UqyrPVDdlzLRCjFcPP+gxailWvCPi1d5/E6qE49rTApiORfB9zQpFKFlplvctv2RP4Ujop5ZBJoGCgoWIQFY/FMpfwOMH3aJAIhOd9cTK/IThlpXyElWepOsmECCbwItc7zKGQd5YQpeK2BgA3D9gXLQkUOHEN+62F2clSruusdBqK2pczJEJGSKku0csxrSJHscZw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=bqfmE0E+VGDCp9NYokcwRe7zXaytxXJ9J3gnVi19b6o=; b=BuC7GVjEf3rhD7//mgd6nOe7L4tVs3WzeVeW+x8jVGxyUj0iCPSiOSW3f52BlJq2P9UBb0U2/0BMSs7Nyz9f0oSbB2GHAdQAyZSAL2m/RnOt3+k1KUoPX6FqoVkX2hJLOHGLUcrBhCdap3vX0jAmjgIjxYp3nfaBRyBC0g7Eqrfp1kcM1wl9Hn9CNH7w2VCCHEbdKAtIHT0PsM/iiVV/zlPKc3cGu8rKqGTVrt2pHOdxddTeq8RFYnpvh/J9L/twvvG5aO+eXnWxWCgpm8MkutkOZgAgmx7OqP2N8K+xJbukJJoW0mRZjsVoOo5i4BCs462rVEl1SInjHnFh5l1Qhw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=bqfmE0E+VGDCp9NYokcwRe7zXaytxXJ9J3gnVi19b6o=; b=hBR3GD/zjnom+r0D4Z5xw6G4zOtRAVXUTjvieTiRYNwUz14KU/poBY9v+aUBfQR/8M57W4wWGSsWxu9BMLgtIGFFGjdkZIZOi7KpY2tQRjGM6uuMSJTb2VfqbMFc4bHcMORQIbt44KWbhNtUyGEGeXnjzPhnLYf3L/TJAW6EZ60sBmfZRuVbetwWZUl4l7ztUdD9c+DWp8UXJzdTlrKUIfq7CT7/ebUs6MKn1EfWb4xc+r8r73zw4cw2+G9yu2agvBVn6dOEjNioGRXCFO5hDiFxEfKiPoyPwU9UTdRdmzo0AnJFxKG8f/W51GiYMNvXZoNw/Vd6d28z3mQjzidIcA==
Received: from GVXPR07MB9678.eurprd07.prod.outlook.com (2603:10a6:150:114::10) by DBAPR07MB6504.eurprd07.prod.outlook.com (2603:10a6:10:186::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8489.19; Fri, 28 Feb 2025 10:47:47 +0000
Received: from GVXPR07MB9678.eurprd07.prod.outlook.com ([fe80::bcf3:3f45:888e:a4b8]) by GVXPR07MB9678.eurprd07.prod.outlook.com ([fe80::bcf3:3f45:888e:a4b8%6]) with mapi id 15.20.8489.021; Fri, 28 Feb 2025 10:47:46 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: "Sipos, Brian J." <Brian.Sipos@jhuapl.edu>, "tls@ietf.org" <tls@ietf.org>
Thread-Topic: Additional uses for SSLKEYLOGFILE entries
Thread-Index: AduJHVQByiiXrJMRSxGUZqkzqP6lMwAr3Da+
Date: Fri, 28 Feb 2025 10:47:46 +0000
Message-ID: <GVXPR07MB96783855B32715D29B01FAD989CC2@GVXPR07MB9678.eurprd07.prod.outlook.com>
References: <f49006e2f9d24cf8ba855b29d7bea925@jhuapl.edu>
In-Reply-To: <f49006e2f9d24cf8ba855b29d7bea925@jhuapl.edu>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-reactions: allow
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: GVXPR07MB9678:EE_|DBAPR07MB6504:EE_
x-ms-office365-filtering-correlation-id: 46c2192e-c3b4-466a-81cd-08dd57e5569e
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|376014|1800799024|366016|7053199007|8096899003|13003099007|38070700018;
x-microsoft-antispam-message-info: gOZHr36spt8vrgh11LNyKzr3SR/Id1foPZqw6FT8FkEWG1crhY1E60BTfrR8tzaFtQNBidfGrP8onMdlXXoqhpnFnI1y8/o1Ytpcll0BJ4d+XyPBPauhF8VKIrxEJi0Od8L16N58izDiWnQd/S8w26aIYoT/PrhBF9hn+Ps/WHtWWPfah3EpSudRzhY/0a2hAYqQILnunRfk3tWIZ+dYybLFHCLALq6XHBZJqW/eybCJg7WTsaH2eXrYX7eUjQj5xbLhTPSyclgV08QA8IWNBCGldiuesEBifI0ebFvCSlK3kqSsG01a/8eW3Ks1Lm342ZY8AZfDh7+CY+SwnZjcg1RTpTnnsZaw3GgolZWcDxXRypNWunZ8DtPzmyPLHuLWbEL4GL7Kd9OCi7NaeUIXoH1D8ouJ/2AkwRuRWTG7xJfR6JUeUIPYJKuVa2ptYI23WrYSEeCFwv2qNXB0yJQPtwq6mTUqLkujI+1m9J9EWiQKO3r4C1gO+XETUy1XDf6of8hgiBWGhUfTA7C3LZ2voXBWTY++tw0QbrxEy1LUCz26DOmXyH2PytoAsHIUcNNweuGcP1u1QB8oCcc6Sz+Vns+HvA5ADyFwuqdnB25FgPVhlNdR4oppAw3ccDiUIEnQP0jLWkxiuvhCrgKy3Prp8lbcMtxOIgwh8kXeBOp6XGq7iKPwiA7euXyFlmWMB4lq0eXJk1TPlhjkSp+JDpW6Xy4sAI/AS3JF3EKbUB+Jui+Y2tadViQK/Jqium3tzpOSafXtpO+RioqcDm9b6fDQ/GVeD+UfvN0SkUPI8ke3bgH0lFcCYTq0GK0+xSkrv9xLzdpSg1fZ9cjqi5iqLd+GyQP76d5crQMmJWMtV3gCZJXmlwY/gwTRffqUvQlZOJ8OMU2eqhfINQoG4KsLGlWQ7zpTjdRkR/yAitiOd01yINCUM6EwGkiaykTbROUtefEz2IHGhOgDA+vCR5B4rdfTtiB/7/gCaAhed+rdIZDuXHLK4rnvM4ZLmDxrgyQEO1ywmS/FUAXrw4YPnTmBSJ9eZf4D2IN3OrpfcFSy9cD0VxyDnwkxzbjEbmFHNZ8nlK2Yt/vAhZ1SNqNnU1GyAnugy57dm6K/95PUcCc7+SUqKWROtohu5kolh5GbGcPdBgh3qR2HW5zNANTeN6dRwoYfjOUeXlqGcv1BEeFM0LJXhmLrxtj9CF8zYdVAu0xINRhmf8HhFMahEBf0NHvvamAXQjnv1IEng+qIi4qlKl2DF+YdVfHVVXVJ+7VbEIWT3iZljRuJPCPFXUoPSDNlPVPB24ykWr/BTeP66UeUphZJTdWoSIFVi7RPFrcWSeoBpjvhInWYMVsYYs02+B85cDnDB4Yd80Vea1YNcPHolB6IcauGBL8gsPSZx9eSb5WGpLJfCZvHzI21Zk0mvuKSKefwEA==
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:GVXPR07MB9678.eurprd07.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(376014)(1800799024)(366016)(7053199007)(8096899003)(13003099007)(38070700018);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: YmngLHhD1R/+UUGW64yKNNG5fAOwstu3U8uoxdlsjZlxKQkm2S8tK7sd4bMfzG+oKaU571pv2wEWnlECrhQOG3bkcj5SS1R3TYXxYVZrOXVYLlPajiIlbrMOCofPcJSZvA6vrwibWsczU6iP6V+LpUmNEQepP6mkobX8S18V3wKoTjaUqPjYLBvwXL+VH7A1bGksHn6CDvd3/kkxtJCdAKtQdVF11b4+QnPTHZPnhaVlLQdLuUe5AZMEHsBcX0ou/0xNPh8Y0O5doICuo4SokAsNPgSt9MikvtNkVR2ZbKS91jsvf5LPuSvHaSPuSpWBqcHPIovqnH1+mXoG4P+s8173iujzwN2oKNyS8MYOAcWo1QTT7woeOjMX17OMVVPnDf68AYFZ5U7SgG0f6sAB7AJdKYDLWQYqdOVX5namkrERl/JUr0waMEH/LH04YkjetzoP6h8u1q39AqT6OAHOzTa9jz+FxnVhUtjs8dM9dDQHpPUP0sO142MjXlxKb3WGkayxujaHsxEkqlykyDACFjdmBRBvI8eZhgpUnecyOnNIsbWBkVcG3DzP7tE60T6an7EAj6CbmZioycI4fuTKRGIsUJQVOKdTLT4Y7ce5nIG5sKfFLDW3HLglCe+wBxnqECPXpD9m9kWKiXfkfNiiB8P4Q9XRnOlTl1/s3NufkVDHvw8M2gdpQYNErgKRT7Arh3ou/pljSEY7aYd0poQ8Yq7N6gu1hWdjWPODd4SiP5FXTQpf0WvlEaQeS9CgYbhebcCy/HJ36kkuxDDmU+qPDjocY3KUvxGvJuO0dd54hiPRUyFlF8gnKA8ynkOOn2h4WBc8ylX9Hwxi34MyNljm9dVGbX/HTZEksVSP2lPRLSSVB38OJLy+g5xGvcGeNVRvHRqDPwCddJXVI5JhgRvCAM8HVsas1Kmn3dveCArVsYoic94quK1ZMi6fP/CjFv4anE+e8onY46UivsDgih60/wF07Ba/qEXAKMWQPrrcJRxG5ZOUvOebjY7CzjjpbWocGDN/Rwe/Ruvyd6fBZNZGZ9ui7fS4hNkZCf0p1sIAqpuTYkhPoS4QwujmCQbg8ZASaTNaIXIz24sMu2RJOOjIwYU7OC2xonbiyxjiW6YTsUft9kys6E7YYJoQQOTl6bgfmIPBfq/kzpG3ZdN8/IkskCNucmO7NsbyifNE9D33F25reAZPoKsr9AkRKHZJDZ6oMrO1hv1Xn5moq8SSYf6ppP8UirLeOOeBUraFHpN3CKmpDp6rxbjw/KRS/OYx2475rpMSumvY6zONstUJSbZHWXF8V0ETrsJ+GRZLsbYvB/TdhpftHet5Ua1DU+5DAXVEJgHgF9CFXHxfCR8UFxINpxpzqsVIpf9KjsiXoA8r4u3nksyrY+chbIubrYXY4bpD7oLw1I7SwdQsIRYLkgEAiKyj5o6hUghr6SXQPRLiYqC9chSx0IyI4euxCdrL6Th2qATT5oi8RRWC+5WP0ddHsI7xHIPw1ES8zqGSKkojEi5ygMTX1G056RruqVjFvvXAR7rtM3ok4JGEWMGGC3XZEBzKcUJqHu1mSCh7YG7UC23oIg8oL8wSRY/pfbCoi1Z/Q5B9lyaiarMaHoQrIzrzzv2TSJjeWRPIGEk8/Os9df4=
Content-Type: multipart/alternative; boundary="_000_GVXPR07MB96783855B32715D29B01FAD989CC2GVXPR07MB9678eurp_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: GVXPR07MB9678.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 46c2192e-c3b4-466a-81cd-08dd57e5569e
X-MS-Exchange-CrossTenant-originalarrivaltime: 28 Feb 2025 10:47:46.8563 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 77hgxGpQg6miNpcTUaF678fKW1T19TVDvtOaoVJnQOJCRsa5dxE9HIcpGz9UFv8WBIpVbDWIaAC8/oAlCc52oldb2mEQ3fZreP3KOmKdoLE=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DBAPR07MB6504
Message-ID-Hash: ZRP3QJZLFET6SD4RRWED3Q37BHELGHUT
X-Message-ID-Hash: ZRP3QJZLFET6SD4RRWED3Q37BHELGHUT
X-MailFrom: john.mattsson@ericsson.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: Additional uses for SSLKEYLOGFILE entries
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/dTkbP-y4738NvvMz1jDWmg4gqpI>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

I think it is an interesting idea to use the KEYLOG format to help debugging of other security protocols. I think easy debugging helps deployment of security protocols.

I think each protocol should have its own registry. The registries could be listed under the same IANS KEYLOGFILE name space.

The file should have some info on which protocol it contains keys for.

John


Sent from Outlook for iOS<https://aka.ms/o0ukef>
________________________________
From: Sipos, Brian J. <Brian.Sipos@jhuapl.edu>
Sent: Thursday, February 27, 2025 3:12 PM
To: tls@ietf.org <tls@ietf.org>
Subject: [TLS] Additional uses for SSLKEYLOGFILE entries

TLS WG,
I’ve been looking into a mechanism to inspect and diagnose behaviors of the EDHOC protocol (RFC 9528) in a way that doesn’t require human-in-the-loop between the entities-under-test and the diagnostic tools (e.g. live Wireshark capture). The existing TLS/DTLS dissectors make use of the almost-standard [1] SSLKEYLOGFILE mechanism and I think this is a good path for EDHOC use without needing to reinvent concepts and workflows.

Is there any fundamental objection to eventually allocating labels specifically for EDHOC use? For non-EDHOC-aware users these would just function as reserved names which are ignored for TLS/DTLS uses.

Otherwise, the EDHOC derived secrets listed in [2] are the basis from which some could be included in a keylog file. There was some mailing list discussion [3] about reviewer recommendations for not including secrets from which others can be directly derived. To me this would steer the EDHOC use to include PRK_2e, TH_2, K_3, IV_3, K_4, IV_4, and PRK_exporter but these details can be discussed in the LAKE WG.

Thanks for feedback,
Brian S.

[1] https://datatracker.ietf.org/doc/draft-ietf-tls-keylogfile/
[2] https://www.rfc-editor.org/rfc/rfc9528.html#figure-6
[3] https://mailarchive.ietf.org/arch/msg/tls/VCCmjU6py0-nbf7fJf0kUK4SPDk/

v2.31.3 | Report a Bug | By Email | System Status