Re: [TLS] Working Group Last Call for SSLKEYLOG File

Tue, 02 Apr 2024 17:30:53 -0700 


Hiya,

This is basically for the record and not an objection to proceeding.

On 02/04/2024 17:34, Sean Turner wrote:

This WGLC has concluded.  There is consensus to move this document forward.

The material change was to add a security consideration about forward secrecy 
guarantees being negated if the key material is leaked:
https://github.com/tlswg/sslkeylogfile/pull/7/files

We will not be asking the formal analysis folks to weigh in on this I-D; we all 
know the file’s content are the keys to the kingdom.

Martin: If you can spin a new version, I can get the Shepherd write-up drafted.


I like the addition in -01 but would still have preferred if we
weren't so awfully oblique about the consequences of running a
production system with this logging enabled.

Were it up to me (and it's not) I'd suggest an additional addition
along the lines of:

"Systems that enable logging as described here are (while logging
is enabled) unlikely to be consistent with requirements to make use
of state-of-the-art protections, as e.g. is called-for by GDPR
article 32 [1]"

I suppose one could also re-do the above suggested text to refer
to RFC6919, section 3:-) [2]

Again, I'm not objecting to proceeding, just bemoaning what I see
as us being so oddly timid in calling out real issues.

Cheers,
S.

[1] https://gdpr-info.eu/art-32-gdpr/
[2] https://datatracker.ietf.org/doc/html/rfc6919#section-3



spt


On Mar 28, 2024, at 09:24, Sean Turner <s...@sn3rd.com> wrote:

Just a reminder that this WGLC ends soon!

spt


On Mar 12, 2024, at 10:57, Sean Turner <s...@sn3rd.com> wrote:

This is the working group last call for the SSLKEYLOGFILE Format for TLS 
Internet-Draft [1]. Please indicate if you think the I-D is ready to progress 
to the IESG and send any comments to the list by 31 March 2024.

The GH repo for the I-D can be found at [2].

Thanks,

Joe, Deirdre, and Sean

[1] https://datatracker.ietf.org/doc/draft-ietf-tls-keylogfile/
[2] https://github.com/tlswg/sslkeylogfile




_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

Attachment: OpenPGP_0xE4D8E9F997A833DD.asc
Description: OpenPGP public key

Attachment: OpenPGP_signature.asc
Description: OpenPGP digital signature

_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

Reply via email to