Re: [TLS] Working Group Last Call for SSLKEYLOG File
Dennis Jackson <ietf@dennis-jackson.uk> Thu, 14 March 2024 11:51 UTC
Return-Path: <ietf@dennis-jackson.uk>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C818CC14F6A3 for <tls@ietfa.amsl.com>; Thu, 14 Mar 2024 04:51:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.803
X-Spam-Level:
X-Spam-Status: No, score=-2.803 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=dennis-jackson.uk
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mjFtQ79O-NkW for <tls@ietfa.amsl.com>; Thu, 14 Mar 2024 04:51:18 -0700 (PDT)
Received: from mout-p-202.mailbox.org (mout-p-202.mailbox.org [80.241.56.172]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A9531C14F68B for <tls@ietf.org>; Thu, 14 Mar 2024 04:51:17 -0700 (PDT)
Received: from smtp202.mailbox.org (smtp202.mailbox.org [10.196.197.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-p-202.mailbox.org (Postfix) with ESMTPS id 4TwQh130kNz9sPy for <tls@ietf.org>; Thu, 14 Mar 2024 12:51:13 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dennis-jackson.uk; s=MBO0001; t=1710417073; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=+EXT4bXP4AFF67Wdk1uGjHCsExcrhIi2BldcFemWwNI=; b=qd5Nlmb6Rc6YQjeD4OIV/scNuustj+Yk90lIkgiSfe70V1aOgKOedoZ+p7UktZMVwkX/kX O8GufXs+3aLS1HSKKlZORHL/ySySlbmVev7MdEwDGmlIL08K+YCS9946bGbVspXjwM8CBJ w6C0Lk3lP3UjmKdyXlA97hLJdnbq0rtymw61fzloCAmS+iwLkNT+yV6uiI4dgPftwAeFcp qwDlKmaxQhqCIVE/wHpotwT0aV734dqi6rsSGUBp+mr5izVmZKAJEdbV0qN3sTDE1tzhcO FXR4qVXCRxngyZXaBNqQfSN6uySDkRXcD/BKVz6iAR6hrVig4slZ8W7nrlJi3w==
Content-Type: multipart/alternative; boundary="------------W3IUmiIRjzZ0Ave5FRGcDxpL"
Message-ID: <23c2f7a9-d4bb-4ad0-9eca-cc4b1600ea60@dennis-jackson.uk>
Date: Thu, 14 Mar 2024 11:51:12 +0000
MIME-Version: 1.0
Content-Language: en-US
To: tls@ietf.org
References: <01AF00B4-F9A5-4A25-A6CB-E1D84CF8D11F@sn3rd.com> <cb4d17c5-b2ce-458c-b14f-9882951d2528@cs.tcd.ie> <5027880d-bf70-42e4-8974-7c148db5d737@betaapp.fastmail.com> <f1f0cce1-7d10-442e-b27e-235912b2a4af@cs.tcd.ie> <CABcZeBNjEZP1E5mVtcby500_vDBP=omzoeVgDoXcrY_JMYadsg@mail.gmail.com>
From: Dennis Jackson <ietf@dennis-jackson.uk>
In-Reply-To: <CABcZeBNjEZP1E5mVtcby500_vDBP=omzoeVgDoXcrY_JMYadsg@mail.gmail.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/nx0dbtRoDPLs22mp_tXIVkKHyPo>
Subject: Re: [TLS] Working Group Last Call for SSLKEYLOG File
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Mar 2024 11:51:22 -0000
I have a suggestion which keeps things technical but hopefully addresses Stephen's concern: In Security Considerations: "TLS1.3 requires the use of forward secret key exchanges (RFC 8446, 1.2, E.1). Using SSLKEYLOGFILE breaks this security property as it records the used session key and so invalidates many of the security claims made in RFC 8446. If SSLKEYLOGFILE is in use, the transferred data does not benefit from the security protections offered by RFC 8446 and systems using SSLKEYLOGFILE cannot be considered compliant with RFC 8446 or offering similar security to the protocol outlined in that draft." I don't think the wording there is quite right, but I do think the Security Considerations should clearly call out the impact on forward secrecy and RFC 8446 in general and so dissuade use. Best, Dennis On 12/03/2024 23:07, Eric Rescorla wrote: > > > On Tue, Mar 12, 2024 at 4:04 PM Stephen Farrell > <stephen.farrell@cs.tcd.ie> wrote: > > > I'll argue just a little more then shut up... > > On 12/03/2024 22:55, Martin Thomson wrote: > > > >> Sorry also for a late suggestion, but how'd we feel about adding > >> some text like this to 1.1? > >> > >> "An implementation, esp. a server, emitting a log file such as this > >> in a production environment where the TLS clients are unaware that > >> logging is happening, could fall afoul of regulatory requirements > >> to protect client data using state-of-the-art mechanisms." > > > I agree with Ekr. That risk is not appreciably changed by the > > existence of a definition for a file format. > I totally do consider our documenting this format increases > the risk that production systems have such logging enabled, > despite our saying "MUST NOT." So if there's a way to further > disincentivise doing that, by even obliquely referring to > potential negative consequences of doing so, then I'd be for > doing that. > > > Aside from this particular case, I don't think technical specifications > should "obliquely" refer to things. Technical specifications should be > clear. > > -Ekr > > Hence my suggestion. > > S. > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls > > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls
- [TLS] Working Group Last Call for SSLKEYLOG File Sean Turner
- Re: [TLS] Working Group Last Call for SSLKEYLOG F… Stephen Farrell
- Re: [TLS] Working Group Last Call for SSLKEYLOG F… Yaakov Stein
- Re: [TLS] Working Group Last Call for SSLKEYLOG F… Salz, Rich
- Re: [TLS] Working Group Last Call for SSLKEYLOG F… John Mattsson
- Re: [TLS] Working Group Last Call for SSLKEYLOG F… Eric Rescorla
- Re: [TLS] Working Group Last Call for SSLKEYLOG F… Stephen Farrell
- Re: [TLS] Working Group Last Call for SSLKEYLOG F… Eric Rescorla
- Re: [TLS] Working Group Last Call for SSLKEYLOG F… Martin Thomson
- Re: [TLS] Working Group Last Call for SSLKEYLOG F… Benjamin Kaduk
- Re: [TLS] Working Group Last Call for SSLKEYLOG F… Stephen Farrell
- Re: [TLS] Working Group Last Call for SSLKEYLOG F… Eric Rescorla
- Re: [TLS] Working Group Last Call for SSLKEYLOG F… Dennis Jackson
- Re: [TLS] Working Group Last Call for SSLKEYLOG F… Watson Ladd
- Re: [TLS] Working Group Last Call for SSLKEYLOG F… Martin Thomson
- Re: [TLS] Working Group Last Call for SSLKEYLOG F… Stephen Farrell
- Re: [TLS] Working Group Last Call for SSLKEYLOG F… Sean Turner
- Re: [TLS] Working Group Last Call for SSLKEYLOG F… Sean Turner
- Re: [TLS] Working Group Last Call for SSLKEYLOG F… Sean Turner
- Re: [TLS] Working Group Last Call for SSLKEYLOG F… Stephen Farrell
- Re: [TLS] Working Group Last Call for SSLKEYLOG F… Sean Turner