[TLS]Re: [EXTERNAL] Adoption call for SSLKEYLOG Extension file for ECH

Tim Bray <tbray@textuality.com> Sat, 03 August 2024 17:35 UTC

Return-Path: <tbray@textuality.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E84ACC151084 for <tls@ietfa.amsl.com>; Sat, 3 Aug 2024 10:35:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=textuality.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vcagbZXVgHCt for <tls@ietfa.amsl.com>; Sat, 3 Aug 2024 10:35:26 -0700 (PDT)
Received: from mail-pl1-x632.google.com (mail-pl1-x632.google.com [IPv6:2607:f8b0:4864:20::632]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C8183C14F68C for <tls@ietf.org>; Sat, 3 Aug 2024 10:35:26 -0700 (PDT)
Received: by mail-pl1-x632.google.com with SMTP id d9443c01a7336-1fd70ba6a15so71614435ad.0 for <tls@ietf.org>; Sat, 03 Aug 2024 10:35:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=textuality.com; s=google; t=1722706526; x=1723311326; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=cPeQufl4XBN47nTDTawtdY/EsbolZ4ZjTRUeabJXnTM=; b=WwtTVaGfdrdilUsHIcdbeQ8V4bmXIRFHSjy5uUlSdPJyvpyZQ6OIfKafKeQNBAUCFw v4dNdbzApxCQFOzurxJHa1Jdaf4aaVIYULYqPOnSDAgN63sIpI41n4tKkMKIgqQmNNl9 Q4XFLRKzFaskO245ooiRG0uOiup/FR82I+8jY=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722706526; x=1723311326; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=cPeQufl4XBN47nTDTawtdY/EsbolZ4ZjTRUeabJXnTM=; b=wFSzcGsVypfoHaMOt1biScd1AuqMiUDC5gtG3zVpn3o07U+BxHZD3e1bCNZC5aA7/A oZme28m1NKPJBqjtNrkzx7px6R81kexoUW2Mc4JLktMQL3F2dSQU6vF+00/teUdvrS9e gTmGN/iL+yZMSlqKMV+Myr6KXG457pJzqp80nzNd87eNhFPYA5yuj8mVtu0FNcaIZm8j jFayhBGhV45tOCZGMkRjHX3k8YgzhhAK+ph0qeo7l0Z6gC62U8c+2pxnUUg0kHePlkwD Ilk51h4ClJwo2M8M+f9HRRJG1yHZttxEe3KwNbIktVEOvPKpDaO2VLVV5olWoAgyRvk9 6AcQ==
X-Forwarded-Encrypted: i=1; AJvYcCVh/NQSdxC4d/m74PBuGOVjP9lFiskljUasIa/NROi6yVnR9O8r7BlR//QAdvoHAWvtMLSGMKyFpE0zIC8=
X-Gm-Message-State: AOJu0YxKIDvlNeVYyMyqiKdxmLqGy8NZEKei/P8+SM2wyO8bIdwVQhxl ErlWmcTb4xamrmJ0rn8Q67dFSbdk0uY23XmMV/6JG/MCnXXYKUbUAo1oZSIDPlArC+F06/WoqSe wqS0KCGbUdwxU0TR1xylJAQTMQwSCh3asMKWoO7RpQ2hp6O4h
X-Google-Smtp-Source: AGHT+IErsNk1BwYGnlGMJOJOQdeSihBr8LmVyE5hbyG4PZX01r8JA3uxSf5G4s4NwpXhCmXDDOqQwcZXhmax7sT3j8w=
X-Received: by 2002:a17:90b:3b82:b0:2c9:81d3:65d5 with SMTP id 98e67ed59e1d1-2cff945afb9mr8184230a91.24.1722706526023; Sat, 03 Aug 2024 10:35:26 -0700 (PDT)
Received: from 1064022179695 named unknown by gmailapi.google.com with HTTPREST; Sat, 3 Aug 2024 12:35:24 -0500
Received: from 1064022179695 named unknown by gmailapi.google.com with HTTPREST; Sat, 3 Aug 2024 12:35:20 -0500
MIME-Version: 1.0 (Mimestream 1.3.7)
References: <7CC88431-A71A-455B-A7A7-BA4AD3C8502C@sn3rd.com> <MN0PR21MB3147C2C3EE7B9115F339ADDE8CAB2@MN0PR21MB3147.namprd21.prod.outlook.com> <029901dae5c3$437addc0$ca709940$@gmx.net>
In-Reply-To: <029901dae5c3$437addc0$ca709940$@gmx.net>
From: Tim Bray <tbray@textuality.com>
Date: Sat, 03 Aug 2024 12:35:24 -0500
Message-ID: <CAHBU6isbShx6XJLtUC1U+kPwABBTmGEueG2JhaEtVCgG7OdCbg@mail.gmail.com>
To: hannes.tschofenig=40gmx.net@dmarc.ietf.org
Content-Type: multipart/alternative; boundary="000000000000896a3a061ecadef3"
Message-ID-Hash: 3USCSTFBDIO4VQAMRM4BV6T5WAYOBF5O
X-Message-ID-Hash: 3USCSTFBDIO4VQAMRM4BV6T5WAYOBF5O
X-MailFrom: tbray@textuality.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Andrei Popov <Andrei.Popov=40microsoft.com@dmarc.ietf.org>, TLS List <tls@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [TLS]Re: [EXTERNAL] Adoption call for SSLKEYLOG Extension file for ECH
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/iCRNBHGBkdcXCXaPIIxiLfHNkCc>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

 I’m not a TLS insider but I’ve been watching this discussion, and…

On Aug 3, 2024 at 9:36:16 AM, hannes.tschofenig=40gmx.net@dmarc.ietf.org
wrote:

> Hence, this is not a mechanism that allows a third party in the middle of
> the network communication to somehow decrypt traffic. It is a tool for a
> developer and must be enabled by the developer on one of the involved end
> points to work.
>

If this is correct (some previous emails made me think it might not be) I
think it would be a good idea for a strong consensus statement to this
effect to appear in the WG product.  Because if it is perceived that the
IETF is providing and blessing MITM mechanisms, that will be… um,
controversial.

PS: I wonder what “in the middle of the network means”, exactly.