Accepting both labels gets super messy because then we have to make a bunch of decisions like whether you output both labels on the logging side.
But we can just do a bit of research here: - In IETF land, EARLY_EXPORTER_MASTER_SECRET dates to the start of the I-D, but... - The shorter EXPORTER_SECRET name for the non-early secret dates to the earliest proposals for TLS 1.3 here: https://bugzilla.mozilla.org/show_bug.cgi?id=1287711 - BoringSSL does not output this label - OpenSSL does not output this label - NSS outputs this label but uses EARLY_EXPORTER_SECRET - Wireshark consumes this label but uses EARLY_EXPORTER_SECRET So I think EARLY_EXPORTER_MASTER_SECRET was just a typo and should always have been EARLY_EXPORTER_SECRET. Unless there's any evidence that someone actually relies on the EARLY_EXPORTER_MASTER_SECRET label (very, very unlikely given both the history of early exporters and the history of this SSLKEYLOGFILE integration), I think the answer is clear: No, we should not accept both labels. We should simply fix it to say EARLY_EXPORTER_SECRET and move on. David On Fri, Feb 7, 2025 at 1:33 PM Salz, Rich <rs...@akamai.com> wrote: > The question is really "should we accept both names?" > >
_______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
