Hi Thomas, Andrei,
At 06:43 AM 21-02-2025, Andrei Popov wrote:
I agree with Stephen and Tomas on this one. Additionally, in my
opinion, this WG should not have published any SSLKEYLOGFILE
documents, because they effectively standardize a backdoor.
It is understood that there is a need for debugging, and it is
understood that certain SW vendors want to agree on a common log
data format and publish this format.
However:
- Debugging can (and should) be accomplished without a complete
compromise of the security protocol (arguably, with less ease/convenience).
- Backdoor specifications can be agreed upon outside the IETF
process and published as part of the respective SW vendor's
documentation, without involving the IETF.
I agree with the comments which Thomas and you sent in regards to
SSLKEYLOGFILE. I also agree with the authors on the point that
debugging or analyzing protocols can be challenging when TLS is
used. There was an extensive discussion about that during the
discussion on the perpass and ietf mailing lists. It ended with the
publication of RFC 7258.
Regards,
S. Moonesamy
_______________________________________________
TLS mailing list -- tls@ietf.org
To unsubscribe send an email to tls-le...@ietf.org
