Hi, On Mon 24. Feb 2025 at 14:57, Alicja Kario <hka...@redhat.com> wrote:
> On Friday, 21 February 2025 22:15:06 CET, Muhammad Usama Sardar wrote: > > On 20.02.25 13:36, Alicja Kario wrote: > > > >> if you can't trust the system you're running an application on, you > >> *definitely* can't trust any network connections from it > > It depends on how you define "system" here. If it is the > > hardware, sure you need to trust it in any case. If it is some > > parts of software too, then there is a whole field of > > "Confidential Computing" which claims that adversary (e.g., > > cloud provider) has complete access to several layers of > > software stack. > > You need to have at least partial trust for everything running below > the application that will be affected by SSLKEYLOGFILE; be it the kernel, > container environment, VM, or CPU (actual hardware). To be clear; I agree with that in principle but have the feeling that the discussion around an applicable threat model misses the issue of what should be in IETF and what should be in development docs, debugging tools etc entirely. I'm not currently working on maintaining a crypto lib as many of you are but you can't honestly tell me it's not possible to work on your end without IETF guidance on debug specifics that allow encrypted traffic detail export -- which you already have in place for debug and dev anyway. Aaron > If you can't be sure that the attacker didn't mess with your environment > variables then you don't have a trustworthy system. > > >> sorry, but the threat model you're talking about is not realistic > > > > I disagree with this. The threat model is realistic. See [1-2] > > and our new draft in progress [3] trying to tackle this threat > > model. > > > > Usama > > > > [1] https://ieeexplore.ieee.org/document/10752524 > > > > [2] > > > https://www.ietf.org/archive/id/draft-fossati-tls-attestation-08.html#section-9.1 > > > > [3] > > > https://hannestschofenig.github.io/exported-attestation/draft-fossati-rats-exported-attestation.html > > > > > > > > -- > Regards, > Alicja Kario > Principal Quality Engineer, RHEL Crypto team > Web: www.cz.redhat.com > Red Hat Czech s.r.o., Purkyňova 115, 612 00, Brno, Czech Republic > > _______________________________________________ > TLS mailing list -- tls@ietf.org > To unsubscribe send an email to tls-le...@ietf.org >
_______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
