From 0d5a81ccdea3d84b140ab836f6ab83ce6a549199 Mon Sep 17 00:00:00 2001 From: Martin Thomson Date: Fri, 15 Mar 2024 14:37:25 +1100 Subject: [PATCH 1/6] Riffing on Dennis' idea --- draft-ietf-tls-keylogfile.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/draft-ietf-tls-keylogfile.md b/draft-ietf-tls-keylogfile.md index 08ea5af..ac2743e 100644 --- a/draft-ietf-tls-keylogfile.md +++ b/draft-ietf-tls-keylogfile.md @@ -247,6 +247,12 @@ consumption by other programs. In both cases, applications might require special authorization or they might rely on system-level access control to limit access to these capabilities. +Forward secrecy guarantees provided in TLS 1.3 (see {{Section 1.2 and Appendix +E.1 of ?RFC8446}}) and some modes of TLS 1.2 (such as those in {{Sections 2.2 +and 2.4 of ?RFC4492}}) are not provided if keys are saved. Logged keys +therefore risk the authenticity, confidentiality, and integrity of any data that +is exchanged. + Logging the TLS 1.2 "master" secret provides the recipient of that secret far greater access to an active connection than TLS 1.3 secrets. In addition to reading and altering protected messages, the TLS 1.2 "master" secret confers the From 94b2d9186a70890058b5f68f8be6fee449506a59 Mon Sep 17 00:00:00 2001 From: Martin Thomson Date: Fri, 15 Mar 2024 14:39:59 +1100 Subject: [PATCH 2/6] working tweak --- draft-ietf-tls-keylogfile.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/draft-ietf-tls-keylogfile.md b/draft-ietf-tls-keylogfile.md index ac2743e..35be4bc 100644 --- a/draft-ietf-tls-keylogfile.md +++ b/draft-ietf-tls-keylogfile.md @@ -249,7 +249,7 @@ access to these capabilities. Forward secrecy guarantees provided in TLS 1.3 (see {{Section 1.2 and Appendix E.1 of ?RFC8446}}) and some modes of TLS 1.2 (such as those in {{Sections 2.2 -and 2.4 of ?RFC4492}}) are not provided if keys are saved. Logged keys +and 2.4 of ?RFC4492}}) do not hold if keys are saved. Logged keys therefore risk the authenticity, confidentiality, and integrity of any data that is exchanged. From a8d36833c835a902d64b555359a904e7c500b83c Mon Sep 17 00:00:00 2001 From: Martin Thomson Date: Fri, 15 Mar 2024 14:42:51 +1100 Subject: [PATCH 3/6] Tweak focus --- draft-ietf-tls-keylogfile.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/draft-ietf-tls-keylogfile.md b/draft-ietf-tls-keylogfile.md index 35be4bc..b81e07b 100644 --- a/draft-ietf-tls-keylogfile.md +++ b/draft-ietf-tls-keylogfile.md @@ -249,9 +249,9 @@ access to these capabilities. Forward secrecy guarantees provided in TLS 1.3 (see {{Section 1.2 and Appendix E.1 of ?RFC8446}}) and some modes of TLS 1.2 (such as those in {{Sections 2.2 -and 2.4 of ?RFC4492}}) do not hold if keys are saved. Logged keys -therefore risk the authenticity, confidentiality, and integrity of any data that -is exchanged. +and 2.4 of ?RFC4492}}) do not hold if keys are saved. Access to logged keys +affects the authenticity, confidentiality, and integrity of any data that is +exchanged for longer period than if an authentication key is compromised. Logging the TLS 1.2 "master" secret provides the recipient of that secret far greater access to an active connection than TLS 1.3 secrets. In addition to From 9f8b4046b72018d21172a1643b1bff7876661371 Mon Sep 17 00:00:00 2001 From: Martin Thomson Date: Sat, 16 Mar 2024 10:08:47 +1100 Subject: [PATCH 4/6] Revise, shorten --- draft-ietf-tls-keylogfile.md | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/draft-ietf-tls-keylogfile.md b/draft-ietf-tls-keylogfile.md index b81e07b..7d92655 100644 --- a/draft-ietf-tls-keylogfile.md +++ b/draft-ietf-tls-keylogfile.md @@ -249,10 +249,9 @@ access to these capabilities. Forward secrecy guarantees provided in TLS 1.3 (see {{Section 1.2 and Appendix E.1 of ?RFC8446}}) and some modes of TLS 1.2 (such as those in {{Sections 2.2 -and 2.4 of ?RFC4492}}) do not hold if keys are saved. Access to logged keys -affects the authenticity, confidentiality, and integrity of any data that is -exchanged for longer period than if an authentication key is compromised. - +and 2.4 of ?RFC4492}}) do not hold if key material is recorded. Access to key +material allows an attacker to decrypt data exchanged in any logged TLS +connections. Logging the TLS 1.2 "master" secret provides the recipient of that secret far greater access to an active connection than TLS 1.3 secrets. In addition to reading and altering protected messages, the TLS 1.2 "master" secret confers the From 44a27e075d50c29459624613994c21cbacce9644 Mon Sep 17 00:00:00 2001 From: Martin Thomson Date: Sat, 16 Mar 2024 12:39:28 +1100 Subject: [PATCH 5/6] gap --- draft-ietf-tls-keylogfile.md | 1 + 1 file changed, 1 insertion(+) diff --git a/draft-ietf-tls-keylogfile.md b/draft-ietf-tls-keylogfile.md index 7d92655..434c5ba 100644 --- a/draft-ietf-tls-keylogfile.md +++ b/draft-ietf-tls-keylogfile.md @@ -252,6 +252,7 @@ E.1 of ?RFC8446}}) and some modes of TLS 1.2 (such as those in {{Sections 2.2 and 2.4 of ?RFC4492}}) do not hold if key material is recorded. Access to key material allows an attacker to decrypt data exchanged in any logged TLS connections. + Logging the TLS 1.2 "master" secret provides the recipient of that secret far greater access to an active connection than TLS 1.3 secrets. In addition to reading and altering protected messages, the TLS 1.2 "master" secret confers the From 0466d2946bd55d4fd7dad0caab47b8f89d294b97 Mon Sep 17 00:00:00 2001 From: Martin Thomson Date: Sat, 16 Mar 2024 14:14:18 +1100 Subject: [PATCH 6/6] in der past --- draft-ietf-tls-keylogfile.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/draft-ietf-tls-keylogfile.md b/draft-ietf-tls-keylogfile.md index 434c5ba..eea09d9 100644 --- a/draft-ietf-tls-keylogfile.md +++ b/draft-ietf-tls-keylogfile.md @@ -250,7 +250,7 @@ access to these capabilities. Forward secrecy guarantees provided in TLS 1.3 (see {{Section 1.2 and Appendix E.1 of ?RFC8446}}) and some modes of TLS 1.2 (such as those in {{Sections 2.2 and 2.4 of ?RFC4492}}) do not hold if key material is recorded. Access to key -material allows an attacker to decrypt data exchanged in any logged TLS +material allows an attacker to decrypt data exchanged in any previously logged TLS connections. Logging the TLS 1.2 "master" secret provides the recipient of that secret far