Uploaded https://github.com/tlswg/sslkeylogfile/pull/22 to fix the typo.
On Fri, Feb 7, 2025 at 1:56 PM David Benjamin <david...@chromium.org> wrote: > On Fri, Feb 7, 2025 at 1:55 PM David Benjamin <david...@chromium.org> > wrote: > >> Accepting both labels gets super messy because then we have to make a >> bunch of decisions like whether you output both labels on the logging side. >> >> But we can just do a bit of research here: >> - In IETF land, EARLY_EXPORTER_MASTER_SECRET dates to the start of the >> I-D, but... >> - The shorter EXPORTER_SECRET name for the non-early secret dates to the >> earliest proposals for TLS 1.3 here: >> https://bugzilla.mozilla.org/show_bug.cgi?id=1287711 >> - BoringSSL does not output this label >> - OpenSSL does not output this label >> > > Correction: OpenSSL outputs this label but uses EARLY_EXPORTER_SECRET. Had > the wrong grep. :-) > > >> - NSS outputs this label but uses EARLY_EXPORTER_SECRET >> - Wireshark consumes this label but uses EARLY_EXPORTER_SECRET >> >> So I think EARLY_EXPORTER_MASTER_SECRET was just a typo and should always >> have been EARLY_EXPORTER_SECRET. Unless there's any evidence that someone >> actually relies on the EARLY_EXPORTER_MASTER_SECRET label (very, very >> unlikely given both the history of early exporters and the history of this >> SSLKEYLOGFILE integration), I think the answer is clear: No, we should not >> accept both labels. We should simply fix it to say EARLY_EXPORTER_SECRET >> and move on. >> >> David >> >> On Fri, Feb 7, 2025 at 1:33 PM Salz, Rich <rs...@akamai.com> wrote: >> >>> The question is really "should we accept both names?" >>> >>>
_______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
