> Hi! At IETF 122, the chairs took a sense of the room about whether to > progress draft-ietf-tls-keylogfile. There was consensus to do so [0]. We need > to confirm that on-list. If you disagree with the consensus please let us > know, and why. We close this call at 1159 UTC on 29 April 2025.
I disagree with the consensus for reasons I have laid out in [1] and [2]. TL;DR: I agree that a standardized debugging interface for TLS is useful. However, even with the addition of -04, the way we distribute software -- as binaries -- even to developers dictates that many will (and do) see these features in user-facing production software. To prevent misuse against unsuspecting targets (in lawful interception, abusive relationships, etc.), the security considerations should *strongly* suggest that active debugging be made visible to the user. -- TBB [1] https://mailarchive.ietf.org/arch/msg/tls/nnqmXWtuBUD7W5NOkB57BYk723c/ [2] https://mailarchive.ietf.org/arch/msg/tls/dN09iEO9Zt9aOLoFw72pjFoLgKw/
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
