[TLS]Re: [EXTERNAL] Adoption call for SSLKEYLOG Extension file for ECH
Tim Bray <tbray@textuality.com> Sat, 03 August 2024 17:35 UTC
Return-Path: <tbray@textuality.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E84ACC151084 for <tls@ietfa.amsl.com>; Sat, 3 Aug 2024 10:35:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=textuality.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vcagbZXVgHCt for <tls@ietfa.amsl.com>; Sat, 3 Aug 2024 10:35:26 -0700 (PDT)
Received: from mail-pl1-x632.google.com (mail-pl1-x632.google.com [IPv6:2607:f8b0:4864:20::632]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C8183C14F68C for <tls@ietf.org>; Sat, 3 Aug 2024 10:35:26 -0700 (PDT)
Received: by mail-pl1-x632.google.com with SMTP id d9443c01a7336-1fd70ba6a15so71614435ad.0 for <tls@ietf.org>; Sat, 03 Aug 2024 10:35:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=textuality.com; s=google; t=1722706526; x=1723311326; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=cPeQufl4XBN47nTDTawtdY/EsbolZ4ZjTRUeabJXnTM=; b=WwtTVaGfdrdilUsHIcdbeQ8V4bmXIRFHSjy5uUlSdPJyvpyZQ6OIfKafKeQNBAUCFw v4dNdbzApxCQFOzurxJHa1Jdaf4aaVIYULYqPOnSDAgN63sIpI41n4tKkMKIgqQmNNl9 Q4XFLRKzFaskO245ooiRG0uOiup/FR82I+8jY=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722706526; x=1723311326; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=cPeQufl4XBN47nTDTawtdY/EsbolZ4ZjTRUeabJXnTM=; b=wFSzcGsVypfoHaMOt1biScd1AuqMiUDC5gtG3zVpn3o07U+BxHZD3e1bCNZC5aA7/A oZme28m1NKPJBqjtNrkzx7px6R81kexoUW2Mc4JLktMQL3F2dSQU6vF+00/teUdvrS9e gTmGN/iL+yZMSlqKMV+Myr6KXG457pJzqp80nzNd87eNhFPYA5yuj8mVtu0FNcaIZm8j jFayhBGhV45tOCZGMkRjHX3k8YgzhhAK+ph0qeo7l0Z6gC62U8c+2pxnUUg0kHePlkwD Ilk51h4ClJwo2M8M+f9HRRJG1yHZttxEe3KwNbIktVEOvPKpDaO2VLVV5olWoAgyRvk9 6AcQ==
X-Forwarded-Encrypted: i=1; AJvYcCVh/NQSdxC4d/m74PBuGOVjP9lFiskljUasIa/NROi6yVnR9O8r7BlR//QAdvoHAWvtMLSGMKyFpE0zIC8=
X-Gm-Message-State: AOJu0YxKIDvlNeVYyMyqiKdxmLqGy8NZEKei/P8+SM2wyO8bIdwVQhxl ErlWmcTb4xamrmJ0rn8Q67dFSbdk0uY23XmMV/6JG/MCnXXYKUbUAo1oZSIDPlArC+F06/WoqSe wqS0KCGbUdwxU0TR1xylJAQTMQwSCh3asMKWoO7RpQ2hp6O4h
X-Google-Smtp-Source: AGHT+IErsNk1BwYGnlGMJOJOQdeSihBr8LmVyE5hbyG4PZX01r8JA3uxSf5G4s4NwpXhCmXDDOqQwcZXhmax7sT3j8w=
X-Received: by 2002:a17:90b:3b82:b0:2c9:81d3:65d5 with SMTP id 98e67ed59e1d1-2cff945afb9mr8184230a91.24.1722706526023; Sat, 03 Aug 2024 10:35:26 -0700 (PDT)
Received: from 1064022179695 named unknown by gmailapi.google.com with HTTPREST; Sat, 3 Aug 2024 12:35:24 -0500
Received: from 1064022179695 named unknown by gmailapi.google.com with HTTPREST; Sat, 3 Aug 2024 12:35:20 -0500
MIME-Version: 1.0 (Mimestream 1.3.7)
References: <7CC88431-A71A-455B-A7A7-BA4AD3C8502C@sn3rd.com> <MN0PR21MB3147C2C3EE7B9115F339ADDE8CAB2@MN0PR21MB3147.namprd21.prod.outlook.com> <029901dae5c3$437addc0$ca709940$@gmx.net>
In-Reply-To: <029901dae5c3$437addc0$ca709940$@gmx.net>
From: Tim Bray <tbray@textuality.com>
Date: Sat, 03 Aug 2024 12:35:24 -0500
Message-ID: <CAHBU6isbShx6XJLtUC1U+kPwABBTmGEueG2JhaEtVCgG7OdCbg@mail.gmail.com>
To: hannes.tschofenig=40gmx.net@dmarc.ietf.org
Content-Type: multipart/alternative; boundary="000000000000896a3a061ecadef3"
Message-ID-Hash: 3USCSTFBDIO4VQAMRM4BV6T5WAYOBF5O
X-Message-ID-Hash: 3USCSTFBDIO4VQAMRM4BV6T5WAYOBF5O
X-MailFrom: tbray@textuality.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Andrei Popov <Andrei.Popov=40microsoft.com@dmarc.ietf.org>, TLS List <tls@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [TLS]Re: [EXTERNAL] Adoption call for SSLKEYLOG Extension file for ECH
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/iCRNBHGBkdcXCXaPIIxiLfHNkCc>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>
I’m not a TLS insider but I’ve been watching this discussion, and… On Aug 3, 2024 at 9:36:16 AM, hannes.tschofenig=40gmx.net@dmarc.ietf.org wrote: > Hence, this is not a mechanism that allows a third party in the middle of > the network communication to somehow decrypt traffic. It is a tool for a > developer and must be enabled by the developer on one of the involved end > points to work. > If this is correct (some previous emails made me think it might not be) I think it would be a good idea for a strong consensus statement to this effect to appear in the WG product. Because if it is perceived that the IETF is providing and blessing MITM mechanisms, that will be… um, controversial. PS: I wonder what “in the middle of the network means”, exactly.
- [TLS]Adoption call for SSLKEYLOG Extension file f… Sean Turner
- [TLS]Re: [EXTERNAL] Adoption call for SSLKEYLOG E… Andrei Popov
- [TLS]Re: [⚠️] Re: [EXTERNAL] Adoption call for SS… Yaroslav Rosomakho
- [TLS]Re: [⚠️] Re: [EXTERNAL] Adoption call for SS… Bob Beck
- [TLS]Re: [⚠️] Re: [EXTERNAL] Adoption call for SS… Salz, Rich
- [TLS]Re: [⚠️] Re: [EXTERNAL] Adoption call for SS… Steven Valdez
- [TLS]Re: [EXTERNAL] Adoption call for SSLKEYLOG E… Stephen Farrell
- [TLS]Re: [⚠️] Re: [EXTERNAL] Adoption call for SS… Andrei Popov
- [TLS]Re: Adoption call for SSLKEYLOG Extension fi… Christopher Patton
- [TLS]Re: [⚠] Re: [EXTERNAL] Adoption call for SSL… Christian Huitema
- [TLS]Re: [⚠] Re: [EXTERNAL] Adoption call for SSL… Amir Omidi
- [TLS]Re: [⚠] Re: [EXTERNAL] Adoption call for SSL… Salz, Rich
- [TLS]Re: [EXTERNAL] Adoption call for SSLKEYLOG E… hannes.tschofenig
- [TLS]Re: [EXTERNAL] Adoption call for SSLKEYLOG E… Tim Bray
- [TLS]Re: [EXTERNAL] Adoption call for SSLKEYLOG E… Eric Rescorla
- [TLS]Re: [EXTERNAL] Adoption call for SSLKEYLOG E… Stephen Farrell
- [TLS]Re: [EXTERNAL] Adoption call for SSLKEYLOG E… Christian Huitema
- [TLS]Re: [EXTERNAL] Adoption call for SSLKEYLOG E… Ilari Liusvaara
- [TLS]Re: [EXTERNAL] Adoption call for SSLKEYLOG E… Amir Omidi
- [TLS]Re: [EXTERNAL] Adoption call for SSLKEYLOG E… Andrei Popov
- [TLS]Re: Adoption call for SSLKEYLOG Extension fi… Kyle Nekritz
- [TLS]Re: [EXTERNAL] Adoption call for SSLKEYLOG E… Mike Shaver