IETF Logo Mail Archive

Re: [TLS] Call for adoption of draft-thomson-tls-keylogfile

Andrei Popov <Andrei.Popov@microsoft.com> Thu, 06 April 2023 18:07 UTC

Return-Path: <Andrei.Popov@microsoft.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EFD3EC152A27 for <tls@ietfa.amsl.com>; Thu, 6 Apr 2023 11:07:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OTAp9ZKyKkwy for <tls@ietfa.amsl.com>; Thu, 6 Apr 2023 11:07:24 -0700 (PDT)
Received: from BN3PR00CU001.outbound.protection.outlook.com (mail-eastus2azlp170100001.outbound.protection.outlook.com [IPv6:2a01:111:f403:c110::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 64DDBC152A26 for <tls@ietf.org>; Thu, 6 Apr 2023 11:07:24 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ilQ5wrZzPPWVRntjyXn61InFwT6WXX2Roj3hQqVQJcN++lkHFa+vdsldgTDalh355cNM6ui7SVwcN58rb9kq0p1XFGwd1O2w95NWOJO/nhQFMGwgE1oLqq0o7tYhUGFYN/hIsQmJ7TPDvIar+4cdSppvbiHndINiIgbx8S4+dXmNP7HgEaJ5eaVjv5byQT7rjiIrZnlPng4Q4lGPeMEzvgbEbCIWb/UC1860J8dIgW4rKvq4tdY8q8cSKoHnKRS36HfOBeOJCWccGsFG7HHBH+7cRvf/Fiw/IPCd/913KI/6eR//NU6k/xwZFI+vHda9P8Xl0CARVOa9qlvXH+Nm2g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=HOQsuV9I13Y1BPZCbq2c2WPjOpwAKKKwx8dsCKhxiSs=; b=WHO0/GyV2k3C8MMi4IIIryRzKubCi6CG1BpsPf28wleIRxsqZe0AJzBauFxby1k++Kd1ZaJjdDj1BK9ZJ9FRHkEdCaY+fBG3bCSGpsAWwronO78Hbw95DyecZBOF392pORfQrs+HvExplloiHGJX6UfyqZyE/JG2ZCpq60z858ZvguCXagkKI/r87hDbipJ4cYDhiX6n+UAphLYVyA6aSnJT2KLt0XqcuQZYJMiteEeAo+Zko8PeRZejRh1m8oQJge0kRtvv94sT62GkT/8ut3hsXryRj9xSCyRAYQqo63uQW1Z5NKOKWg/bN7VYkqm4IbQc4LsjdwuHRbqNCs87zA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=HOQsuV9I13Y1BPZCbq2c2WPjOpwAKKKwx8dsCKhxiSs=; b=CNQlm/Fq/ylm28lkLgt1IIVFHjr++UDvBfNAvn+7utRxmSHOu2OdKvIDbs2lDf1ftNZFfPE071Zy9fNKLiwSTAxoGVmW7XGCYSxLM+9Yg4eoaNP46HuVW6w6EloZGp1dS4qIq566aJhdHnzgTaZOE1MGkN0QpMRrsb8iPDQNrNQ=
Received: from DM6PR00MB0683.namprd00.prod.outlook.com (2603:10b6:5:21c::7) by CH2PR00MB0843.namprd00.prod.outlook.com (2603:10b6:610:6f::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6318.0; Thu, 6 Apr 2023 18:07:19 +0000
Received: from DM6PR00MB0683.namprd00.prod.outlook.com ([fe80::bf02:fb97:cb53:4d5a]) by DM6PR00MB0683.namprd00.prod.outlook.com ([fe80::bf02:fb97:cb53:4d5a%6]) with mapi id 15.20.6319.000; Thu, 6 Apr 2023 18:07:19 +0000
From: Andrei Popov <Andrei.Popov@microsoft.com>
To: John Mattsson <john.mattsson=40ericsson.com@dmarc.ietf.org>, Christopher Wood <caw@heapingbits.net>, Sean Turner <sean@sn3rd.com>
CC: "TLS@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] Call for adoption of draft-thomson-tls-keylogfile
Thread-Index: AQHZaJXpx9i6yPpGC0SDRxV8QKEZ5K8ekp4A
Date: Thu, 06 Apr 2023 18:07:18 +0000
Message-ID: <DM6PR00MB0683D688396F1948A445DB0C8C919@DM6PR00MB0683.namprd00.prod.outlook.com>
References: <15D5BB25-508F-42E3-B843-BCB81B668355@sn3rd.com> <24A48A16-1CAD-4D88-9376-2B51EE4955CA@heapingbits.net> <GVXPR07MB967855D220977DF03CFD984B89919@GVXPR07MB9678.eurprd07.prod.outlook.com>
In-Reply-To: <GVXPR07MB967855D220977DF03CFD984B89919@GVXPR07MB9678.eurprd07.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=82651ef1-8f28-4a55-acaf-7463756c4779; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=true; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=Internal; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2023-04-06T18:02:04Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47;
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=microsoft.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: DM6PR00MB0683:EE_|CH2PR00MB0843:EE_
x-ms-office365-filtering-correlation-id: bf538cea-6baf-496d-bbf6-08db36c9c2e7
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: /ZoVFfDDYR3PMnrB3gRXg9fMHfAkyPWddNsisgH/jIa3fs86uwogslRIIXuaEOT2/G97R7SsmuKympRjCVv/1KbqKeeAtG1340pNEfSniZHmY4qdxPCMgKgzYuP2Cq3MpuatwWY8rZiRRevW0qYKywt08Vn7igUnJ4y6L+5uj4Vr5kObCjoEcCbih6jXlA+xCBBHnYp+8RrdIQXMLiw1N0pWzZnWGbojxb8Uv8d9u+qK8bnz8oxL2+X70Z6xSkJ3QsU4gXFjECySfDYPn6YpPp0DfoCtrHZFh3u6P3D7OA7BoYxCp6o18NyXJ/QHTLiBPJSxKkxyrwRs/hh3iFOhCASN01OBfTOxUOrr8U09ZGcIOjZkUEIM+pW9HLW+1d0Nto0vkNNbhalWraiQCFxqaxcDSl4Y0D0M2Ht2zQH/kxdQSzm6bc7QQfgkDO1vxvDN5rQM5QibrDWF3CyAatQgi5N6sVMp3iUKFQrH05RmZwh9PxAQg9axajtO+iQwfxgK4DCkkddZ+mxouiPRXXUpZDmsIDVACJ9Gg3WzupCuFTIQe3ImPGVTmmSTFJJqAc2Jf5YLQmhazEXnJ9gQ6dNb8iDn6foahryW4Er5pCIsiyX792l+DIGBwJ8Io2zl8uMX3f0Z0T1oeVV5EnlG9PTiiQ==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM6PR00MB0683.namprd00.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230028)(4636009)(39860400002)(366004)(136003)(346002)(376002)(396003)(451199021)(8936002)(83380400001)(966005)(71200400001)(10290500003)(478600001)(316002)(786003)(7696005)(6506007)(26005)(186003)(9686003)(53546011)(8990500004)(110136005)(82950400001)(2906002)(4326008)(5660300002)(21615005)(33656002)(38100700002)(64756008)(66476007)(66446008)(122000001)(8676002)(166002)(66946007)(82960400001)(66556008)(86362001)(76116006)(41300700001)(52536014)(38070700005)(55016003); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: H45EtR04yyFNOVkd2d2VokILb/pMrd1D72UoREPsPNPZ1OI+8fxKeRkibrO+nFTl6E2qORcnjbcwi1fOOXlEGM49meBLwKvOoRQOqb4PTvXElOCjAJtwl2fM4TI2ulVeBtnxFHBQ3T52OclbljYH4EMEcvJi3qEX7zvjGgIT+1vmNJrpN6d/2K/123Eu4IYBZOnulJgat6t+F6anRN6d0JhJiULJt3RNj76kj6LEks6kX+AO+/emwVHHMt0mrbGXlwfN/21p8kwqawF8EnMAeVCfcnnWERyIYPMgMiKzH8bREw01iqs/9wlq3QaNdsNtbWxO4H8R19EECSTkdeVt6TXbmy4Hu5v4IIPMTee0LKVOZmTkzkaR07TNm4ouBfVTsEzl8oIA+UeZt7RkIw/xLEFMmvnEbYX96IYZv6xetAjUsnCoHrEEk8W88GiSjr7hn2OZBNf2trNGXeuVLre1O0kuZ1zBzBxsGRp1P00PKZ5KvoG01PUTMRNJG1/EL+eoCJlmhHDIdclJyVlAN1OML0xnU/yfmBzgA9UfQsU4g0GxMgmvNlkWPbby5/UCxBt6atyQR/rgfpz21/l1FqWkkR8MHIe9gGnh5SkYa8VdpdPR2ygMcL6hQhlvxLMAD9+UiP8hhxjeMb2Wp082grBiiHzj1q/tlkEaGJYpc14zj2REGPmhuygQPOXPjzjfzJO1W2ZnBa0T3bHcYqouHxbs+B1xtTGr8YrO5Wngt0224orjw9FwDsw2eZekvjph9bvooqU9hV6mu72xfV39j1MQ5ME6B7RkGA86a4eOzoNJJK59fDsXQYyTyM4Rsy+ZJ6SHpjhcVTuhgA7VsijVOoStU2uQPtojQ/BEQKECFBEd4GA6+o4gwgjyqvQE11qwrjvOlwPEyDBTiUazZBtc/QER8GKZUI/7ibi0nPQtu2NqEhhvnj7l0WepEMpzZTI5K3wz8DiOIVstuLn1cp9Pt4gwLK+gOAZmovhoLV+ULhjMOkMnDG7hiHklIYcRLz63923AVZObyCZXE/Gqg13NT1WoUuFPfbTKyWEDP6firMMyQbxm5LQ2oN2ZVYB7kpV6+XQsYQOViRttJ8D+RTwo/yWd9F0s3HDrU6yakLZ+Yz3tYvbPeAYsRNzqtXc+5gdaGCHDdKJsN2Uo9Ef/X1z28CL+8f+9RozOx1nVI/AUNTgctvyTPco8a+LhY8qf93t4OQI51WCXS9bY48dz/fZIbpEqKrM7ypJmolOc1jaGNA1AV5x52JMXE/JWjSC5sOyW2tRZqH5SPJjs8yYoqq3H2YgG1cGf/+o62k7jrulNP0SL61JqXUMTVJBciwKTiK6T0VP/ILVd+AzAcsAWNMz8dGEdQtFOgKusLV6LwrBGrKQ4P1erbMh8NCNjcnrDN5VgNFqWOQ3iWNqrw6ltbQ0YszfqvC9EJiJtvxXjWbRJ/gJOcU6Scetl6hglYR3k6HNaGzkJ3hvGdYE/r6Y1WSrNLmL7wsmVvi0x6WH2Ll7EZlowu4Yllm1v+uFI/VZUCRdoFeOx4RgOsY1MFxAwFz9ncSospqTRc9Iuiiyd8mtJNeVSQ2+NQSOEQF1BEEggF9fjIjW8
Content-Type: multipart/alternative; boundary="_000_DM6PR00MB0683D688396F1948A445DB0C8C919DM6PR00MB0683namp_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM6PR00MB0683.namprd00.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: bf538cea-6baf-496d-bbf6-08db36c9c2e7
X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Apr 2023 18:07:18.8995 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 0iHV64JN0BSL23Bv5bQxlXE0LCEQtMcBmtv+v75wcYlfc74VaL483uzGD2yXAmNylRtGx3gMWAaXJyjNp1+vbg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH2PR00MB0843
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/ghxDlHw3eN9vDj3I8cB8YqTjUwU>
Subject: Re: [TLS] Call for adoption of draft-thomson-tls-keylogfile
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Apr 2023 18:07:29 -0000

  *   Maybe IETF (e.g., UTA) could say what organizations should definitely not do (like NULL encryption).
This is already done. UTA BCPs prohibit NULL encryption and static DH: https://www.rfc-editor.org/rfc/rfc9325.html
"Implementations MUST NOT negotiate the cipher suites with NULL encryption."
"Implementations SHOULD NOT negotiate cipher suites based on non-ephemeral (static) finite-field Diffie-Hellman (DH) key agreement."

Cheers,

Andrei

From: TLS <tls-bounces@ietf.org> On Behalf Of John Mattsson
Sent: Thursday, April 6, 2023 7:41 AM
To: Christopher Wood <caw@heapingbits.net>; Sean Turner <sean@sn3rd.com>
Cc: TLS@ietf.org
Subject: [EXTERNAL] Re: [TLS] Call for adoption of draft-thomson-tls-keylogfile

Hi,

So, what should people do regarding visibility? There are obviously organizations that think they need visibility. I see the topic popping up frequently in a lot of different places. Both in IETF and outside.

I see four ways to achieve visibility.

  1. Do things in the endpoints.
  2. Use NULL encryption
  3. Use a static DH key instead of ephemeral. Share static DH key.
  4. Export session keys to intermediate node.

I don't see 2 and 3 are not viable solutions at all, ever.

Regarding 2. it violates several of the TLS security properties. NIST states as the first basic assumption for network connectivity for any organization that utilizes zero trust is that:

    "The entire enterprise private network is not considered an implicit trust zone. Assets should always act as if an attacker is present on the enterprise network, and communication should be done in the most secure manner available. This entails actions such as authenticating all connections and encrypting all traffic."

Regarding 3. it violates one of the fundamental TLS 1.3 security properties namely "Forward secret with respect to long-term keys". It also violates zero trust principles. Two essential zero trust principles according to NIST and NSA are to assume that breach is inevitable or has likely already occurred and to minimize the impact when breach occur. One type of breach is key compromise. Using PFS is a must to limit the impact of key compromise and therefore to follow zero trust principles.

The only viable solutions I see are therefore 1 or 4:

1. do things in the endpoints

4. export sessions keys to the intermediary and making sure that the intermediary does not store the keys long term. Storing the session keys long term violates the TLS security properties and the zero trust principles described above.

Regarding 4. there are many different solutions.

- SSLKEYLOGFILE is a de facto standard for exporting TLS key material.

- ETSI CYBER has standardized Middlebox Security Protocol.
https://www.etsi.org/deliver/etsi_ts/103500_103599/10352303/01.01.01_60/ts_10352303v010101p.pdf

- Proprietary solutions such as
https://www.nubeva.com/pillar/get-session-keys

If IETF cannot say that anything is recommended. Maybe IETF (e.g., UTA) could say what organizations should definitely not do (like NULL encryption). Seems like a lot of organizations are deploying different kinds of solutions right now. They will likely do less secure things than necessary...

Cheers,
John

From: TLS <tls-bounces@ietf.org<mailto:tls-bounces@ietf.org>> on behalf of Christopher Wood <caw@heapingbits.net<mailto:caw@heapingbits.net>>
Date: Thursday, 19 January 2023 at 15:57
To: Sean Turner <sean@sn3rd.com<mailto:sean@sn3rd.com>>
Cc: TLS@ietf.org<mailto:TLS@ietf.org> <tls@ietf.org<mailto:tls@ietf.org>>
Subject: Re: [TLS] Call for adoption of draft-thomson-tls-keylogfile
Hi folks,

Apologies for the delay in concluding this adoption call. To close the loop here, it doesn't look like we have sufficient support to adopt the document as a WG item.

The chairs would like to recommend AD sponsorship as a viable path forward for this document. This should achieve the desired end goal of moving change control from the fine folks maintaining NSS to the IETF while also nailing down the now widely supported format used in production.

Best,
Chris, for the chairs

> On Nov 28, 2022, at 1:41 PM, Sean Turner <sean@sn3rd.com<mailto:sean@sn3rd.com>> wrote:
>
> Hi!
>
> At TLS@IETF115, the sense of the room was that there was WG support to adopt draft-thomson-tls-keylogfile [1].  This message is to judge consensus on whether the WG should adopt draft-thomson-tls-keylogfile. Please indicate whether you do or do not support adoption of this I-D by 2359UTC on 12 December 2022. If do not support adoption, please indicate why.
>
> Cheers,
> Chris, Joe, and Sean
>
> [1] https://datatracker.ietf.org/doc/draft-thomson-tls-keylogfile/
> _______________________________________________
> TLS mailing list
> TLS@ietf.org<mailto:TLS@ietf.org>
> https://www.ietf.org/mailman/listinfo/tls

_______________________________________________
TLS mailing list
TLS@ietf.org<mailto:TLS@ietf.org>
https://www.ietf.org/mailman/listinfo/tls

v2.23.0 | Report a Bug | By Email