On Fri, Feb 7, 2025 at 1:55 PM David Benjamin <david...@chromium.org> wrote:
> Accepting both labels gets super messy because then we have to make a > bunch of decisions like whether you output both labels on the logging side. > > But we can just do a bit of research here: > - In IETF land, EARLY_EXPORTER_MASTER_SECRET dates to the start of the > I-D, but... > - The shorter EXPORTER_SECRET name for the non-early secret dates to the > earliest proposals for TLS 1.3 here: > https://bugzilla.mozilla.org/show_bug.cgi?id=1287711 > - BoringSSL does not output this label > - OpenSSL does not output this label > Correction: OpenSSL outputs this label but uses EARLY_EXPORTER_SECRET. Had the wrong grep. :-) > - NSS outputs this label but uses EARLY_EXPORTER_SECRET > - Wireshark consumes this label but uses EARLY_EXPORTER_SECRET > > So I think EARLY_EXPORTER_MASTER_SECRET was just a typo and should always > have been EARLY_EXPORTER_SECRET. Unless there's any evidence that someone > actually relies on the EARLY_EXPORTER_MASTER_SECRET label (very, very > unlikely given both the history of early exporters and the history of this > SSLKEYLOGFILE integration), I think the answer is clear: No, we should not > accept both labels. We should simply fix it to say EARLY_EXPORTER_SECRET > and move on. > > David > > On Fri, Feb 7, 2025 at 1:33 PM Salz, Rich <rs...@akamai.com> wrote: > >> The question is really "should we accept both names?" >> >>
_______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
