Hey, I disagree with this because if an attacker could write to the environment variable used by the program or is able to side-load a library and capture outbound packets, it is very likely that they already have privileged access to the machine.
However, I acknowledge that allowing an attacker to easily access these functions is not desirable. In this specific case, environment variables are secure enough. Romain Le jeu. 20 févr. 2025, 10:15, Bellebaum, Thomas < thomas.belleb...@aisec.fraunhofer.de> a écrit : > Hello, > > I have just become aware of this draft and I believe there might be a good > cautionary addition I would like to propose: > > Specifically, I am worried that with further encouragement to standardize > this format, it will become a convenient way to surveil unsuspecting end > users. All this requires is "some" access to the system, for many > implementations this includes setting an environment variable. What an > attacker gains is then something more reliable, machine-readable (and in > many cases useful) than a simple keylogger. > > The problem here (in my opinion) is the word "unsuspecting". I would like > to see an addition to the draft along the following lines: > > > A TLS application interacting with an end-user (e.g. a browser) MUST > clearly communicate any requests to log TLS secrets to the user and MUST > NOT indicate a secure connection. > > Otherwise, this draft looks fine to me. > Thanks for your efforts, > > Thomas > > -- > > ``` > M.Sc. Thomas Bellebaum > Applied Privacy Technologies > Fraunhofer Institute for Applied and Integrated Security AISEC > > Lichtenbergstraße 11, 85748 Garching near Munich (Germany) > Tel. +49 89 32299 86 1039 > thomas.belleb...@aisec.fraunhofer.de > https://www.aisec.fraunhofer.de > > ``` > _______________________________________________ > TLS mailing list -- tls@ietf.org > To unsubscribe send an email to tls-le...@ietf.org >
_______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
