Hiya,
On 03/08/2024 19:03, Eric Rescorla wrote:
I'd like to make sure we're all on the same page about this draft. The IESG has already approved the original TLS document on SSLKEYLOGFILE [0], which contains the keying material necessary to decrypt the connection. It's currently in the RFC Editor Queue.
Like Andrei, I opposed adopting that work, but was willing to hold my nose as it was something already deployed for a number of years, etc.. So I was in the rough. The proposition to the WG when the SSLKEYLOG work was adopted was *not* that we'd be doing the same for every new feature of TLS. It was that we should take this over due to SSLKEYLOG being documented in a haphazard manner. I think we're now seeing the downside of adopting SSLKEYLOG. I'd be happy should we revisit that and ask that the current SSLKEYLOG not be published as an RFC after all. (THat is: I'd be happy, but quite surprised;-) But I re-iterate my opposition to adopting this extension of that bad plan, both because I don't think it's needed (I also did not need this when implementing ECH) and because it'd be further embedding a really bad precedent for the WG. Cheers, S.
OpenPGP_signature.asc
Description: OpenPGP digital signature
_______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
