The SSLKEYLOGFILE Format for TLS
draft-ietf-tls-keylogfile-05

[Ballot comment]
Thanks for the work to document this widely used de facto standard. My only comments are minor, and mostly nits.

In Section 2, "Including this field allows..." sounds like an argument for including it, but it's not an optional field. Consider a more declarative phrasing, such as "This field is used to correlate..."

===NITS FOLLOW===

Abstract, "supports the logging information" => "supports logging information" or "supports the logging of information"
Section 2.2, "An implementation ... use" => "An implementation ... uses" or "Implementations ... use"
Section 4.2, "in depth" => "in-depth"

[Ballot comment]
Thanks to the authors and the WG for this useful document. It is going to be helpful in troubleshooting.

I have only one comment/suggestions.

In Section 2.2. - note that draft-ietf-tls-rfc8446bis changed "master" to "main" - perhaps it would be good if this document were to drop using that term and instead use "main" with a reference to section 1.4 of rfc8446bis?

[Ballot comment]

While I'm normally not a fan of storing keys in log files, if the use is restricted to test systems, and there is tight access control to access the files, it can provide a valuable diagnostic tool.  I certainly like it MUCH better than using NULL encryption.

[Ballot comment]
Thanks for the work done in this document.

To be honest, at first sight, my eyebrows raised when reading the title of this document, but sections 1 and 1.1 are carefully written to address my surprise.

Out of curiosity and if the TLS WG or the authors know, is there similar work for MLS ?

[Ballot comment]
Hi Martin, Yaroslav, and Hannes,

Thanks for the effort put into this specification to document SSLKEYLOGFILE format. The document is well-written with a clear applicability scope. The format is useful and should be used with special care, obviously.

Special thanks to S. Turner for the comprehensive write-up.

Thanks to Jean-Michel Combes for the OPSDIR review (his first review of the team, btw). Although Jean-Michel indicated that the document is Ready, his review includes two aspects for which I hoped a follow-up from the authors:

1. Position this work vs the use of NULL encryption
2. Implications on operations to prevent misuses

In reference to the first point, I’d like to remind that BCP 195 includes the following:

      Nevertheless, this
      document does not discourage software from implementing NULL
      cipher suites, since they can be useful for testing and debugging.

There are cases where the use of SSLKEYLOGFILE may be superior than use of NULL encryption or fallback to non-TLS. I understand that we are not making any recommendation about the use of SSLKEYLOGFILE, but it would be helpful to call out how it is different vs. the other choices.

Please find below some additional few comments:

# Insist on the intended use in the abstract as well

OLD:
  A format that supports the logging information about the secrets used
  in a TLS connection is described.

NEW:
  A format that supports the logging information about the secrets used
  in a TLS connection is described.  This format is intended for use in
  systems where TLS only protects test data. 

# Other misuse guards

CURRENT:
  For software that is compiled, use
  of conditional compilation is the best way to ensure that deployed
  binaries cannot be configured to enable key logging.

Can we mention other guards such as those mentioned in the OPSDIR review (e.g., right managements)?

# Add RFC8792 to the references list as this is required to unfold the examples.

Cheers,
Med

[Ballot comment]
# Internet AD comments for draft-ietf-tls-keylogfile-04
CC @ekline

* comment syntax:
  - https://github.com/mnot/ietf-comments/blob/main/format.md

* "Handling Ballot Positions":
  - https://ietf.org/about/groups/iesg/statements/handling-ballot-positions/

## Nits

### S1

* "format that logging" -> "format for logging"?

# Document Shepherd Write-Up for Group Documents

*This version is dated 4 July 2022.*

Thank you for your service as a document shepherd. Among the responsibilities is
answering the questions in this write-up to give helpful context to Last Call
and Internet Engineering Steering Group ([IESG][1]) reviewers, and your
diligence in completing it is appreciated. The full role of the shepherd is
further described in [RFC 4858][2]. You will need the cooperation of the authors
and editors to complete these checks.

Note that some numbered items contain multiple related questions; please be sure
to answer all of them.

## Document History

1. Does the working group (WG) consensus represent the strong concurrence of a
  few individuals, with others being silent, or did it reach broad agreement?

There was agreement to publish the I-D as an RFC.  At first, there was
some consternation that the TLS WG would even consider publishing this as an
I-D, but this file format is the defacto standard, e.g., it is supported by
Firefox, Chrome, Wireshark, openssl, libcurl, etc.

Also, we know SSL is dead. We as a WG killed it. Please do not ask us to
rename sslkeylogfile to tlskeylogfile ;) There is some text in the I-D
about why the name is what it is.

2. Was there controversy about particular points, or were there decisions where
  the consensus was particularly rough?

One of the controversy was how big of a warning to put in the I-D that
there be big, crazy, scary, and dangerous dragons if you expose the key
in the file.  Since the I-D was adopted by the WG, an applicability
statement was added explaining that this file is for test systems. The
security considerations also highlight the dragon(s), but at least one
vocal person thinks that the text is a little too oblique.

During WGLC for draft-ietf-tls-ech-keylogfile, there was consensus to merge
that document with this document. The -03 is the merge. For the -03 WGLC,
there is an objection to progressing to merged I-D on grounds that now
there is a registry that allows for expansion: "now extensible (via IANA
specification required) which is a problem as that means anyone can likely
define new ways to exfiltrate secrets from TLS implementations without any
WG overview." So, we are in a bit of a catch 22 now.

At IETF 122, the following question was posed to the WG:

Do you object to moving forward with the publication of the
SSLKEYLOG draft?

The results were as follows:

yes: 4
no: 21

Also note, there were some process glitches: pushed pubreq before the minutes got up,
didn't close out the WGLC.  That's been done and I provided a summary of the issues:
https://mailarchive.ietf.org/arch/msg/tls/GXE38LHQVJk219HPq5goi_HO81M/

The AD also added another to weeks to the IETF LC and sent a reminder out to give
the WG more time after the additional WGLC confirmation on the list. No new people
stepped forward with objections.

3. Has anyone threatened an appeal or otherwise indicated extreme discontent? If
  so, please summarize the areas of conflict in separate email messages to the
  responsible Area Director. (It should be in a separate email because this
  questionnaire is publicly available.)

There was no threat of appeal before the merge. The people who do not want this
I-D to progress might continue to suggest less oblique language for the security
considerations, but (in the past) they have stated that they are not objecting to
the I-D proceeding as it was. Now, it is not so clear.

There will no doubt be continued objection to progressing this I-D because it now
includes a IANA registry. And, that is it Specification Required.

4. For protocol documents, are there existing implementations of the contents of
  the document? Have a significant number of potential implementers indicated
  plans to implement? Are any existing implementations reported somewhere,
  either in the document itself (as [RFC 7942][3] recommends) or elsewhere
  (where)?

Loads of implementations; see Q1.

## Additional Reviews

5. Do the contents of this document closely interact with technologies in other
  IETF working groups or external organizations, and would it therefore benefit
  from their review? Have those reviews occurred? If yes, describe which
  reviews took place.

No.

6. Describe how the document meets any required formal expert review criteria,
  such as the MIB Doctor, YANG Doctor, media type, and URI type reviews.

N/A

7. If the document contains a YANG module, has the final version of the module
  been checked with any of the [recommended validation tools][4] for syntax and
  formatting validation? If there are any resulting errors or warnings, what is
  the justification for not fixing them at this time? Does the YANG module
  comply with the Network Management Datastore Architecture (NMDA) as specified
  in [RFC 8342][5]?

N/A

8. Describe reviews and automated checks performed to validate sections of the
  final version of the document written in a formal language, such as XML code,
  BNF rules, MIB definitions, CBOR's CDDL, etc.

N/A

## Document Shepherd Checks

9. Based on the shepherd's review of the document, is it their opinion that this
  document is needed, clearly written, complete, correctly designed, and ready
  to be handed off to the responsible Area Director?

Yes this I-D is well baked.

10. Several IETF Areas have assembled [lists of common issues that their
reviewers encounter][6]. For which areas have such issues been identified
and addressed? For which does this still need to happen in subsequent
reviews?

ART -> Media Types: Looks good to me (also Martin is not new to ART)
INT N/A
OPS N/A
RTG N/A
SEC -> Always worth another set of eyes!
TSV N/A

11. What type of RFC publication is being requested on the IETF stream ([Best
Current Practice][12], [Proposed Standard, Internet Standard][13],
[Informational, Experimental or Historic][14])? Why is this the proper type
of RFC? Do all Datatracker state attributes correctly reflect this intent?

The Informational track was chosen as this I-D isn’t really about the TLS protocol.
Martin noted during discussions at
IETF 105 (https://datatracker.ietf.org/doc/minutes-115-tls-202211100930/) that
standards track is a possibility as the file format is exchanged and it would help
a test system “work”.  Nobody in the WG really seems to care much whether
Informational or Standards track is appropriate.  However, if the IESG would
prefer to see this on the Standards track, that might sharpen concerns about
the degree to which the IETF is endorsing this practice and cause the presently
mild objections to be more forcefully presented.

12. Have reasonable efforts been made to remind all authors of the intellectual
property rights (IPR) disclosure obligations described in [BCP 79][7]? To
the best of your knowledge, have all required disclosures been filed? If
not, explain why. If yes, summarize any relevant discussion, including links
to publicly-available messages when applicable.

The Shepherd has confirmed the author has made all the necessary disclosures.

As noted in the Acknowledgements Section, this format originated in the NSS
project.  The author has provided explicit change control the IETF; see [18].

13. Has each author, editor, and contributor shown their willingness to be
listed as such? If the total number of authors and editors on the front page
is greater than five, please provide a justification.

The authors have acknowledged their willingness to be listed as the author.

14. Document any remaining I-D nits in this document. Simply running the [idnits
tool][8] is not enough; please review the ["Content Guidelines" on
authors.ietf.org][15]. (Also note that the current idnits tool generates
some incorrect warnings; a rewrite is underway.)

The two obsolete references are intentional.

There is one duplicate reference and I submitted a PR (now merged):
https://github.com/tlswg/sslkeylogfile/pull/24

15. Should any informative references be normative or vice-versa? See the [IESG
Statement on Normative and Informative References][16].

No.

16. List any normative references that are not freely available to anyone. Did
the community have sufficient access to review any such normative
references?

N/A

17. Are there any normative downward references (see [RFC 3967][9] and [BCP
97][10]) that are not already listed in the [DOWNREF registry][17]? If so,
list them.

N/A

18. Are there normative references to documents that are not ready to be
submitted to the IESG for publication or are otherwise in an unclear state?
If so, what is the plan for their completion?

We are creating a cluster behind draft-ietf-tls-rfc8446bis, but work on that
I-D is nearing completion.

19. Will publication of this document change the status of any existing RFCs? If
so, does the Datatracker metadata correctly reflect this and are those RFCs
listed on the title page, in the abstract, and discussed in the
introduction? If not, explain why and point to the part of the document
where the relationship of this document to these other RFCs is discussed.

No.

20. Describe the document shepherd's review of the IANA considerations section,
especially with regard to its consistency with the body of the document.
Confirm that all aspects of the document requiring IANA assignments are
associated with the appropriate reservations in IANA registries. Confirm
that any referenced IANA registries have been clearly identified. Confirm
that each newly created IANA registry specifies its initial contents,
allocations procedures, and a reasonable name (see [RFC 8126][11]).

The IANA Considerations section contains a media type registration. It uses
the template provided in RFC 6838 s5.6. As this I-D will be coming through
the IETF stream, the registration is reviewed and approved by the IESG (and
thanks for that).

21. List any new IANA registries that require Designated Expert Review for
future allocations. Are the instructions to the Designated Expert clear?
Please include suggestions of designated experts, if appropriate.

"SSLKEYLOGFILE Labels Registry" is a new registry. It points to RFC 8447(bis) for the
DE instructions.

[1]: https://www.ietf.org/about/groups/iesg/
[2]: https://www.rfc-editor.org/rfc/rfc4858.html
[3]: https://www.rfc-editor.org/rfc/rfc7942.html
[4]: https://wiki.ietf.org/group/ops/yang-review-tools
[5]: https://www.rfc-editor.org/rfc/rfc8342.html
[6]: https://wiki.ietf.org/group/iesg/ExpertTopics
[7]: https://www.rfc-editor.org/info/bcp79
[8]: https://www.ietf.org/tools/idnits/
[9]: https://www.rfc-editor.org/rfc/rfc3967.html
[10]: https://www.rfc-editor.org/info/bcp97
[11]: https://www.rfc-editor.org/rfc/rfc8126.html
[12]: https://www.rfc-editor.org/rfc/rfc2026.html#section-5
[13]: https://www.rfc-editor.org/rfc/rfc2026.html#section-4.1
[14]: https://www.rfc-editor.org/rfc/rfc2026.html#section-4.2
[15]: https://authors.ietf.org/en/content-guidelines-overview
[16]: https://www.ietf.org/about/groups/iesg/statements/normative-informative-references/
[17]: https://datatracker.ietf.org/doc/downref/
[18]: https://mailarchive.ietf.org/arch/msg/tls/lFYr128JIamDh1NBYbphHH8Mw8Q/

IESG/Authors/WG Chairs:

IANA has completed its review of draft-ietf-tls-keylogfile-04. If any part of this review is inaccurate, please let us know.

IANA understands that, upon approval of this document, there are two actions which we must complete.

First, in the application namespace of the Media Types registry located at:

https://www.iana.org/assignments/media-types/

a single new registration will be made as follows:

Name: sslkeylogfile
Template: [ TBD-at-Registration ]
Reference: [ RFC-to-be ]

Second, a new registry is to be created called the SSLKEYLOGFILE Labels registry. The new registry will be added to the Transport Layer Security (TLS) Parameters registry group located at:

https://www.iana.org/assignments/tls-parameters/

The new registry will be managed via Specification Required as defined by [RFC8126]. There are initial registrations in the new registry as follows:

Value Description Reference
-----+-----------+-----------
CLIENT_RANDOM Master secret in TLS 1.2 and earlier [ RFC-to-be ]
CLIENT_EARLY_TRAFFIC_SECRET Secret for client early data records [ RFC-to-be ]
EARLY_EXPORTER_SECRET Early exporters secret [ RFC-to-be ]
CLIENT_HANDSHAKE_TRAFFIC_SECRET Secret protecting client handshake [ RFC-to-be ]
SERVER_HANDSHAKE_TRAFFIC_SECRET Secret protecting server handshake [ RFC-to-be ]
CLIENT_TRAFFIC_SECRET_0 Secret protecting client records post handshake [ RFC-to-be ]
SERVER_TRAFFIC_SECRET_0 Secret protecting server records post handshake [ RFC-to-be ]
EXPORTER_SECRET Exporter secret after handshake [ RFC-to-be ]
ECH_SECRET HPKE KEM shared secret used in the ECH [ RFC-to-be ]
ECH_CONFIG ECHConfig used for construction of the ECH [ RFC-to-be ]

We understand that these are the only actions required to be completed upon approval of this document.

NOTE: The actions requested in this document will not be completed until the document has been approved for publication as an RFC. This message is meant only to confirm the list of actions that will be performed.

For definitions of IANA review states, please see:

https://datatracker.ietf.org/help/state/draft/iana-review

Thank you,

David Dong
IANA Services Sr. Specialist

The following Last Call announcement was sent out (ends 2025-05-07):

From: The IESG
To: IETF-Announce
CC: draft-ietf-tls-keylogfile@ietf.org, paul.wouters@aiven.io, sean@sn3rd.com, tls-chairs@ietf.org, tls@ietf.org
Reply-To: last-call@ietf.org
Sender:
Subject: Extended Last Call:  (The SSLKEYLOGFILE Format for TLS) to Informational RFC


The IESG has received a request from the Transport Layer Security WG (tls) to
consider the following document: - 'The SSLKEYLOGFILE Format for TLS'
  as Informational RFC

The IESG plans to make a decision in the next few weeks, and solicits final
comments on this action. Please send substantive comments to the
last-call@ietf.org mailing lists by 2025-05-07. Exceptionally, comments may
be sent to iesg@ietf.org instead. In either case, please retain the beginning
of the Subject line to allow automated sorting.

Abstract


  A format that supports the logging information about the secrets used
  in a TLS connection is described.  Recording secrets to a file in
  SSLKEYLOGFILE format allows diagnostic and logging tools that use
  this file to decrypt messages exchanged by TLS endpoints.




The file can be obtained via
https://datatracker.ietf.org/doc/draft-ietf-tls-keylogfile/



No IPR declarations have been submitted directly on this I-D.

# Document Shepherd Write-Up for Group Documents

*This version is dated 4 July 2022.*

Thank you for your service as a document shepherd. Among the responsibilities is
answering the questions in this write-up to give helpful context to Last Call
and Internet Engineering Steering Group ([IESG][1]) reviewers, and your
diligence in completing it is appreciated. The full role of the shepherd is
further described in [RFC 4858][2]. You will need the cooperation of the authors
and editors to complete these checks.

Note that some numbered items contain multiple related questions; please be sure
to answer all of them.

## Document History

1. Does the working group (WG) consensus represent the strong concurrence of a
  few individuals, with others being silent, or did it reach broad agreement?

There was agreement to publish the I-D as an RFC.  At first, there was
some consternation that the TLS WG would even consider publishing this as an
I-D, but this file format is the defacto standard, e.g., it is supported by
Firefox, Chrome, Wireshark, openssl, libcurl, etc.

Also, we know SSL is dead. We as a WG killed it. Please do not ask us to
rename sslkeylogfile to tlskeylogfile ;) There is some text in the I-D
about why the name is what it is.

2. Was there controversy about particular points, or were there decisions where
  the consensus was particularly rough?

One of the controversy was how big of a warning to put in the I-D that
there be big, crazy, scary, and dangerous dragons if you expose the key
in the file.  Since the I-D was adopted by the WG, an applicability
statement was added explaining that this file is for test systems. The
security considerations also highlight the dragon(s), but at least one
vocal person thinks that the text is a little too oblique.

During WGLC for draft-ietf-tls-ech-keylogfile, there was consensus to merge
that document with this document. The -03 is the merge. For the -03 WGLC,
there is an objection to progressing to merged I-D on grounds that now
there is a registry that allows for expansion: "now extensible (via IANA
specification required) which is a problem as that means anyone can likely
define new ways to exfiltrate secrets from TLS implementations without any
WG overview." So, we are in a bit of a catch 22 now.

At IETF 122, the following question was posed to the WG:

Do you object to moving forward with the publication of the
SSLKEYLOG draft?

The results were as follows:

yes: 4
no: 21

Also note, there were some process glitches: pushed pubreq before the minutes got up,
didn't close out the WGLC.  That's been done and I provided a summary of the issues:
https://mailarchive.ietf.org/arch/msg/tls/GXE38LHQVJk219HPq5goi_HO81M/

3. Has anyone threatened an appeal or otherwise indicated extreme discontent? If
  so, please summarize the areas of conflict in separate email messages to the
  responsible Area Director. (It should be in a separate email because this
  questionnaire is publicly available.)

There was no threat of appeal before the merge. The people who do not want this
I-D to progress might continue to suggest less oblique language for the security
considerations, but (in the past) they have stated that they are not objecting to
the I-D proceeding as it was. Now, it is not so clear.

There will no doubt be continued objection to progressing this I-D because it now
includes a IANA registry. And, that is it Specification Required.

4. For protocol documents, are there existing implementations of the contents of
  the document? Have a significant number of potential implementers indicated
  plans to implement? Are any existing implementations reported somewhere,
  either in the document itself (as [RFC 7942][3] recommends) or elsewhere
  (where)?

Loads of implementations; see Q1.

## Additional Reviews

5. Do the contents of this document closely interact with technologies in other
  IETF working groups or external organizations, and would it therefore benefit
  from their review? Have those reviews occurred? If yes, describe which
  reviews took place.

No.

6. Describe how the document meets any required formal expert review criteria,
  such as the MIB Doctor, YANG Doctor, media type, and URI type reviews.

N/A

7. If the document contains a YANG module, has the final version of the module
  been checked with any of the [recommended validation tools][4] for syntax and
  formatting validation? If there are any resulting errors or warnings, what is
  the justification for not fixing them at this time? Does the YANG module
  comply with the Network Management Datastore Architecture (NMDA) as specified
  in [RFC 8342][5]?

N/A

8. Describe reviews and automated checks performed to validate sections of the
  final version of the document written in a formal language, such as XML code,
  BNF rules, MIB definitions, CBOR's CDDL, etc.

N/A

## Document Shepherd Checks

9. Based on the shepherd's review of the document, is it their opinion that this
  document is needed, clearly written, complete, correctly designed, and ready
  to be handed off to the responsible Area Director?

Yes this I-D is well baked.

10. Several IETF Areas have assembled [lists of common issues that their
reviewers encounter][6]. For which areas have such issues been identified
and addressed? For which does this still need to happen in subsequent
reviews?

ART -> Media Types: Looks good to me (also Martin is not new to ART)
INT N/A
OPS N/A
RTG N/A
SEC -> Always worth another set of eyes!
TSV N/A

11. What type of RFC publication is being requested on the IETF stream ([Best
Current Practice][12], [Proposed Standard, Internet Standard][13],
[Informational, Experimental or Historic][14])? Why is this the proper type
of RFC? Do all Datatracker state attributes correctly reflect this intent?

The Informational track was chosen as this I-D isn’t really about the TLS protocol.
Martin noted during discussions at
IETF 105 (https://datatracker.ietf.org/doc/minutes-115-tls-202211100930/) that
standards track is a possibility as the file format is exchanged and it would help
a test system “work”.  Nobody in the WG really seems to care much whether
Informational or Standards track is appropriate.  However, if the IESG would
prefer to see this on the Standards track, that might sharpen concerns about
the degree to which the IETF is endorsing this practice and cause the presently
mild objections to be more forcefully presented.

12. Have reasonable efforts been made to remind all authors of the intellectual
property rights (IPR) disclosure obligations described in [BCP 79][7]? To
the best of your knowledge, have all required disclosures been filed? If
not, explain why. If yes, summarize any relevant discussion, including links
to publicly-available messages when applicable.

The Shepherd has confirmed the author has made all the necessary disclosures.

As noted in the Acknowledgements Section, this format originated in the NSS
project.  The author has provided explicit change control the IETF; see [18].

13. Has each author, editor, and contributor shown their willingness to be
listed as such? If the total number of authors and editors on the front page
is greater than five, please provide a justification.

The authors have acknowledged their willingness to be listed as the author.

14. Document any remaining I-D nits in this document. Simply running the [idnits
tool][8] is not enough; please review the ["Content Guidelines" on
authors.ietf.org][15]. (Also note that the current idnits tool generates
some incorrect warnings; a rewrite is underway.)

The two obsolete references are intentional.

There is one duplicate reference and I submitted a PR (now merged):
https://github.com/tlswg/sslkeylogfile/pull/24

15. Should any informative references be normative or vice-versa? See the [IESG
Statement on Normative and Informative References][16].

No.

16. List any normative references that are not freely available to anyone. Did
the community have sufficient access to review any such normative
references?

N/A

17. Are there any normative downward references (see [RFC 3967][9] and [BCP
97][10]) that are not already listed in the [DOWNREF registry][17]? If so,
list them.

N/A

18. Are there normative references to documents that are not ready to be
submitted to the IESG for publication or are otherwise in an unclear state?
If so, what is the plan for their completion?

We are creating a cluster behind draft-ietf-tls-rfc8446bis, but work on that
I-D is nearing completion.

19. Will publication of this document change the status of any existing RFCs? If
so, does the Datatracker metadata correctly reflect this and are those RFCs
listed on the title page, in the abstract, and discussed in the
introduction? If not, explain why and point to the part of the document
where the relationship of this document to these other RFCs is discussed.

No.

20. Describe the document shepherd's review of the IANA considerations section,
especially with regard to its consistency with the body of the document.
Confirm that all aspects of the document requiring IANA assignments are
associated with the appropriate reservations in IANA registries. Confirm
that any referenced IANA registries have been clearly identified. Confirm
that each newly created IANA registry specifies its initial contents,
allocations procedures, and a reasonable name (see [RFC 8126][11]).

The IANA Considerations section contains a media type registration. It uses
the template provided in RFC 6838 s5.6. As this I-D will be coming through
the IETF stream, the registration is reviewed and approved by the IESG (and
thanks for that).

21. List any new IANA registries that require Designated Expert Review for
future allocations. Are the instructions to the Designated Expert clear?
Please include suggestions of designated experts, if appropriate.

"SSLKEYLOGFILE Labels Registry" is a new registry. It points to RFC 8447(bis) for the
DE instructions.

[1]: https://www.ietf.org/about/groups/iesg/
[2]: https://www.rfc-editor.org/rfc/rfc4858.html
[3]: https://www.rfc-editor.org/rfc/rfc7942.html
[4]: https://wiki.ietf.org/group/ops/yang-review-tools
[5]: https://www.rfc-editor.org/rfc/rfc8342.html
[6]: https://wiki.ietf.org/group/iesg/ExpertTopics
[7]: https://www.rfc-editor.org/info/bcp79
[8]: https://www.ietf.org/tools/idnits/
[9]: https://www.rfc-editor.org/rfc/rfc3967.html
[10]: https://www.rfc-editor.org/info/bcp97
[11]: https://www.rfc-editor.org/rfc/rfc8126.html
[12]: https://www.rfc-editor.org/rfc/rfc2026.html#section-5
[13]: https://www.rfc-editor.org/rfc/rfc2026.html#section-4.1
[14]: https://www.rfc-editor.org/rfc/rfc2026.html#section-4.2
[15]: https://authors.ietf.org/en/content-guidelines-overview
[16]: https://www.ietf.org/about/groups/iesg/statements/normative-informative-references/
[17]: https://datatracker.ietf.org/doc/downref/
[18]: https://mailarchive.ietf.org/arch/msg/tls/lFYr128JIamDh1NBYbphHH8Mw8Q/

The following Last Call announcement was sent out (ends 2025-04-23):

From: The IESG
To: IETF-Announce
CC: draft-ietf-tls-keylogfile@ietf.org, paul.wouters@aiven.io, sean@sn3rd.com, tls-chairs@ietf.org, tls@ietf.org
Reply-To: last-call@ietf.org
Sender:
Subject: Last Call:  (The SSLKEYLOGFILE Format for TLS) to Informational RFC


The IESG has received a request from the Transport Layer Security WG (tls) to
consider the following document: - 'The SSLKEYLOGFILE Format for TLS'
  as Informational RFC

The IESG plans to make a decision in the next few weeks, and solicits final
comments on this action. Please send substantive comments to the
last-call@ietf.org mailing lists by 2025-04-23. Exceptionally, comments may
be sent to iesg@ietf.org instead. In either case, please retain the beginning
of the Subject line to allow automated sorting.

Abstract


  A format that supports the logging information about the secrets used
  in a TLS connection is described.  Recording secrets to a file in
  SSLKEYLOGFILE format allows diagnostic and logging tools that use
  this file to decrypt messages exchanged by TLS endpoints.




The file can be obtained via
https://datatracker.ietf.org/doc/draft-ietf-tls-keylogfile/



No IPR declarations have been submitted directly on this I-D.

# Document Shepherd Write-Up for Group Documents

*This version is dated 4 July 2022.*

Thank you for your service as a document shepherd. Among the responsibilities is
answering the questions in this write-up to give helpful context to Last Call
and Internet Engineering Steering Group ([IESG][1]) reviewers, and your
diligence in completing it is appreciated. The full role of the shepherd is
further described in [RFC 4858][2]. You will need the cooperation of the authors
and editors to complete these checks.

Note that some numbered items contain multiple related questions; please be sure
to answer all of them.

## Document History

1. Does the working group (WG) consensus represent the strong concurrence of a
  few individuals, with others being silent, or did it reach broad agreement?

There was agreement to publish the I-D as an RFC.  At first, there was
some consternation that the TLS WG would even consider publishing this as an
I-D, but this file format is the defacto standard, e.g., it is supported by
Firefox, Chrome, Wireshark, openssl, libcurl, etc.

Also, we know SSL is dead. We as a WG killed it. Please do not ask us to
rename sslkeylogfile to tlskeylogfile ;) There is some text in the I-D
about why the name is what it is.

2. Was there controversy about particular points, or were there decisions where
  the consensus was particularly rough?

One of the controversy was how big of a warning to put in the I-D that
there be big, crazy, scary, and dangerous dragons if you expose the key
in the file.  Since the I-D was adopted by the WG, an applicability
statement was added explaining that this file is for test systems. The
security considerations also highlight the dragon(s), but at least one
vocal person thinks that the text is a little too oblique.

During WGLC for draft-ietf-tls-ech-keylogfile, there was consensus to merge
that document with this document. The -03 is the merge. For the -03 WGLC,
there is an objection to progressing to merged I-D on grounds that now
there is a registry that allows for expansion: "now extensible (via IANA
specification required) which is a problem as that means anyone can likely
define new ways to exfiltrate secrets from TLS implementations without any
WG overview." So, we are in a bit of a catch 22 now.

At IETF 122, the following question was posed to the WG:

Do you object to moving forward with the publication of the
SSLKEYLOG draft?

The results were as follows:

yes: 4
no: 21

3. Has anyone threatened an appeal or otherwise indicated extreme discontent? If
  so, please summarize the areas of conflict in separate email messages to the
  responsible Area Director. (It should be in a separate email because this
  questionnaire is publicly available.)

There was no threat of appeal before the merge. The people who do not want this
I-D to progress might continue to suggest less oblique language for the security
considerations, but (in the past) they have stated that they are not objecting to
the I-D proceeding as it was. Now, it is not so clear.

There will no doubt be continued objection to progressing this I-D because it now
includes a IANA registry.

4. For protocol documents, are there existing implementations of the contents of
  the document? Have a significant number of potential implementers indicated
  plans to implement? Are any existing implementations reported somewhere,
  either in the document itself (as [RFC 7942][3] recommends) or elsewhere
  (where)?

Loads of implementations; see Q1.

## Additional Reviews

5. Do the contents of this document closely interact with technologies in other
  IETF working groups or external organizations, and would it therefore benefit
  from their review? Have those reviews occurred? If yes, describe which
  reviews took place.

No.

6. Describe how the document meets any required formal expert review criteria,
  such as the MIB Doctor, YANG Doctor, media type, and URI type reviews.

N/A

7. If the document contains a YANG module, has the final version of the module
  been checked with any of the [recommended validation tools][4] for syntax and
  formatting validation? If there are any resulting errors or warnings, what is
  the justification for not fixing them at this time? Does the YANG module
  comply with the Network Management Datastore Architecture (NMDA) as specified
  in [RFC 8342][5]?

N/A

8. Describe reviews and automated checks performed to validate sections of the
  final version of the document written in a formal language, such as XML code,
  BNF rules, MIB definitions, CBOR's CDDL, etc.

N/A

## Document Shepherd Checks

9. Based on the shepherd's review of the document, is it their opinion that this
  document is needed, clearly written, complete, correctly designed, and ready
  to be handed off to the responsible Area Director?

Yes this I-D is well baked.

10. Several IETF Areas have assembled [lists of common issues that their
reviewers encounter][6]. For which areas have such issues been identified
and addressed? For which does this still need to happen in subsequent
reviews?

ART -> Media Types: Looks good to me (also Martin is not new to ART)
INT N/A
OPS N/A
RTG N/A
SEC -> Always worth another set of eyes!
TSV N/A

11. What type of RFC publication is being requested on the IETF stream ([Best
Current Practice][12], [Proposed Standard, Internet Standard][13],
[Informational, Experimental or Historic][14])? Why is this the proper type
of RFC? Do all Datatracker state attributes correctly reflect this intent?

The Informational track was chosen as this I-D isn’t really about the TLS protocol.
Martin noted during discussions at
IETF 105 (https://datatracker.ietf.org/doc/minutes-115-tls-202211100930/) that
standards track is a possibility as the file format is exchanged and it would help
a test system “work”.  Nobody in the WG really seems to care much whether
Informational or Standards track is appropriate.  However, if the IESG would
prefer to see this on the Standards track, that might sharpen concerns about
the degree to which the IETF is endorsing this practice and cause the presently
mild objections to be more forcefully presented.

12. Have reasonable efforts been made to remind all authors of the intellectual
property rights (IPR) disclosure obligations described in [BCP 79][7]? To
the best of your knowledge, have all required disclosures been filed? If
not, explain why. If yes, summarize any relevant discussion, including links
to publicly-available messages when applicable.

The Shepherd has confirmed the author has made all the necessary disclosures.

As noted in the Acknowledgements Section, this format originated in the NSS
project.  The author has provided explicit change control the IETF; see [18].

13. Has each author, editor, and contributor shown their willingness to be
listed as such? If the total number of authors and editors on the front page
is greater than five, please provide a justification.

The authors have acknowledged their willingness to be listed as the author.

14. Document any remaining I-D nits in this document. Simply running the [idnits
tool][8] is not enough; please review the ["Content Guidelines" on
authors.ietf.org][15]. (Also note that the current idnits tool generates
some incorrect warnings; a rewrite is underway.)

The two obsolete references are intentional.

There is one duplicate reference and I submitted a PR (now merged):
https://github.com/tlswg/sslkeylogfile/pull/24

15. Should any informative references be normative or vice-versa? See the [IESG
Statement on Normative and Informative References][16].

No.

16. List any normative references that are not freely available to anyone. Did
the community have sufficient access to review any such normative
references?

N/A

17. Are there any normative downward references (see [RFC 3967][9] and [BCP
97][10]) that are not already listed in the [DOWNREF registry][17]? If so,
list them.

N/A

18. Are there normative references to documents that are not ready to be
submitted to the IESG for publication or are otherwise in an unclear state?
If so, what is the plan for their completion?

We are creating a cluster behind draft-ietf-tls-rfc8446bis, but work on that
I-D is nearing completion.

19. Will publication of this document change the status of any existing RFCs? If
so, does the Datatracker metadata correctly reflect this and are those RFCs
listed on the title page, in the abstract, and discussed in the
introduction? If not, explain why and point to the part of the document
where the relationship of this document to these other RFCs is discussed.

No.

20. Describe the document shepherd's review of the IANA considerations section,
especially with regard to its consistency with the body of the document.
Confirm that all aspects of the document requiring IANA assignments are
associated with the appropriate reservations in IANA registries. Confirm
that any referenced IANA registries have been clearly identified. Confirm
that each newly created IANA registry specifies its initial contents,
allocations procedures, and a reasonable name (see [RFC 8126][11]).

The IANA Considerations section contains a media type registration. It uses
the template provided in RFC 6838 s5.6. As this I-D will be coming through
the IETF stream, the registration is reviewed and approved by the IESG (and
thanks for that).

21. List any new IANA registries that require Designated Expert Review for
future allocations. Are the instructions to the Designated Expert clear?
Please include suggestions of designated experts, if appropriate.

"SSLKEYLOGFILE Labels Registry" is a new registry. It points to RFC 8447(bis) for the
DE instructions.

[1]: https://www.ietf.org/about/groups/iesg/
[2]: https://www.rfc-editor.org/rfc/rfc4858.html
[3]: https://www.rfc-editor.org/rfc/rfc7942.html
[4]: https://wiki.ietf.org/group/ops/yang-review-tools
[5]: https://www.rfc-editor.org/rfc/rfc8342.html
[6]: https://wiki.ietf.org/group/iesg/ExpertTopics
[7]: https://www.rfc-editor.org/info/bcp79
[8]: https://www.ietf.org/tools/idnits/
[9]: https://www.rfc-editor.org/rfc/rfc3967.html
[10]: https://www.rfc-editor.org/info/bcp97
[11]: https://www.rfc-editor.org/rfc/rfc8126.html
[12]: https://www.rfc-editor.org/rfc/rfc2026.html#section-5
[13]: https://www.rfc-editor.org/rfc/rfc2026.html#section-4.1
[14]: https://www.rfc-editor.org/rfc/rfc2026.html#section-4.2
[15]: https://authors.ietf.org/en/content-guidelines-overview
[16]: https://www.ietf.org/about/groups/iesg/statements/normative-informative-references/
[17]: https://datatracker.ietf.org/doc/downref/
[18]: https://mailarchive.ietf.org/arch/msg/tls/lFYr128JIamDh1NBYbphHH8Mw8Q/

# Document Shepherd Write-Up for Group Documents

*This version is dated 4 July 2022.*

Thank you for your service as a document shepherd. Among the responsibilities is
answering the questions in this write-up to give helpful context to Last Call
and Internet Engineering Steering Group ([IESG][1]) reviewers, and your
diligence in completing it is appreciated. The full role of the shepherd is
further described in [RFC 4858][2]. You will need the cooperation of the authors
and editors to complete these checks.

Note that some numbered items contain multiple related questions; please be sure
to answer all of them.

## Document History

1. Does the working group (WG) consensus represent the strong concurrence of a
  few individuals, with others being silent, or did it reach broad agreement?

There was agreement to publish the I-D as an RFC.  At first, there was
some consternation that the TLS WG would even consider publishing this as an
I-D, but this file format is the defacto standard, e.g., it is supported by
Firefox, Chrome, Wireshark, openssl, libcurl, etc.

Also, we know SSL is dead. We as a WG killed it. Please do not ask us to
rename sslkeylogfile to tlskeylogfile ;) There is some text in the I-D
about why the name is what it is.

2. Was there controversy about particular points, or were there decisions where
  the consensus was particularly rough?

One of the controversy was how big of a warning to put in the I-D that
there be big, crazy, scary, and dangerous dragons if you expose the key
in the file.  Since the I-D was adopted by the WG, an applicability
statement was added explaining that this file is for test systems. The
security considerations also highlight the dragon(s), but at least one
vocal person thinks that the text is a little too oblique.

During WGLC for draft-ietf-tls-ech-keylogfile, there was consensus to merge
that document with this document. The -03 is the merge. For the -03 WGLC,
there is an objection to progressing to merged I-D on grounds that now
there is a registry that allows for expansion: "now extensible (via IANA
specification required) which is a problem as that means anyone can likely
define new ways to exfiltrate secrets from TLS implementations without any
WG overview." So, we are in a bit of a catch 22 now.

At IETF 122, the following question was posed to the WG:

Do you object to moving forward with the publication of the
SSLKEYLOG draft?

The results were as follows:

yes: 4
no: 21

3. Has anyone threatened an appeal or otherwise indicated extreme discontent? If
  so, please summarize the areas of conflict in separate email messages to the
  responsible Area Director. (It should be in a separate email because this
  questionnaire is publicly available.)

There was no threat of appeal before the merge. The people who do not want this
I-D to progress might continue to suggest less oblique language for the security
considerations, but (in the past) they have stated that they are not objecting to
the I-D proceeding as it was. Now, it is not so clear.

There will no doubt be continued objection to progressing this I-D because it now
includes a IANA registry.

4. For protocol documents, are there existing implementations of the contents of
  the document? Have a significant number of potential implementers indicated
  plans to implement? Are any existing implementations reported somewhere,
  either in the document itself (as [RFC 7942][3] recommends) or elsewhere
  (where)?

Loads of implementations; see Q1.

## Additional Reviews

5. Do the contents of this document closely interact with technologies in other
  IETF working groups or external organizations, and would it therefore benefit
  from their review? Have those reviews occurred? If yes, describe which
  reviews took place.

No.

6. Describe how the document meets any required formal expert review criteria,
  such as the MIB Doctor, YANG Doctor, media type, and URI type reviews.

N/A

7. If the document contains a YANG module, has the final version of the module
  been checked with any of the [recommended validation tools][4] for syntax and
  formatting validation? If there are any resulting errors or warnings, what is
  the justification for not fixing them at this time? Does the YANG module
  comply with the Network Management Datastore Architecture (NMDA) as specified
  in [RFC 8342][5]?

N/A

8. Describe reviews and automated checks performed to validate sections of the
  final version of the document written in a formal language, such as XML code,
  BNF rules, MIB definitions, CBOR's CDDL, etc.

N/A

## Document Shepherd Checks

9. Based on the shepherd's review of the document, is it their opinion that this
  document is needed, clearly written, complete, correctly designed, and ready
  to be handed off to the responsible Area Director?

Yes this I-D is well baked.

10. Several IETF Areas have assembled [lists of common issues that their
reviewers encounter][6]. For which areas have such issues been identified
and addressed? For which does this still need to happen in subsequent
reviews?

ART -> Media Types: Looks good to me (also Martin is not new to ART)
INT N/A
OPS N/A
RTG N/A
SEC -> Always worth another set of eyes!
TSV N/A

11. What type of RFC publication is being requested on the IETF stream ([Best
Current Practice][12], [Proposed Standard, Internet Standard][13],
[Informational, Experimental or Historic][14])? Why is this the proper type
of RFC? Do all Datatracker state attributes correctly reflect this intent?

The Informational track was chosen as this I-D isn’t really about the TLS protocol.
Martin noted during discussions at
IETF 105 (https://datatracker.ietf.org/doc/minutes-115-tls-202211100930/) that
standards track is a possibility as the file format is exchanged and it would help
a test system “work”.  Nobody in the WG really seems to care much whether
Informational or Standards track is appropriate.  However, if the IESG would
prefer to see this on the Standards track, that might sharpen concerns about
the degree to which the IETF is endorsing this practice and cause the presently
mild objections to be more forcefully presented.

12. Have reasonable efforts been made to remind all authors of the intellectual
property rights (IPR) disclosure obligations described in [BCP 79][7]? To
the best of your knowledge, have all required disclosures been filed? If
not, explain why. If yes, summarize any relevant discussion, including links
to publicly-available messages when applicable.

The Shepherd has confirmed the author has made all the necessary disclosures.

As noted in the Acknowledgements Section, this format originated in the NSS
project.  The author has provided explicit change control the IETF; see [18].

13. Has each author, editor, and contributor shown their willingness to be
listed as such? If the total number of authors and editors on the front page
is greater than five, please provide a justification.

The authors have acknowledged their willingness to be listed as the author.

14. Document any remaining I-D nits in this document. Simply running the [idnits
tool][8] is not enough; please review the ["Content Guidelines" on
authors.ietf.org][15]. (Also note that the current idnits tool generates
some incorrect warnings; a rewrite is underway.)

The two obsolete references are intentional.

There is one duplicate reference and I submitted a PR (now merged):
https://github.com/tlswg/sslkeylogfile/pull/24

15. Should any informative references be normative or vice-versa? See the [IESG
Statement on Normative and Informative References][16].

No.

16. List any normative references that are not freely available to anyone. Did
the community have sufficient access to review any such normative
references?

N/A

17. Are there any normative downward references (see [RFC 3967][9] and [BCP
97][10]) that are not already listed in the [DOWNREF registry][17]? If so,
list them.

N/A

18. Are there normative references to documents that are not ready to be
submitted to the IESG for publication or are otherwise in an unclear state?
If so, what is the plan for their completion?

We are creating a cluster behind draft-ietf-tls-rfc8446bis, but work on that
I-D is nearing completion.

19. Will publication of this document change the status of any existing RFCs? If
so, does the Datatracker metadata correctly reflect this and are those RFCs
listed on the title page, in the abstract, and discussed in the
introduction? If not, explain why and point to the part of the document
where the relationship of this document to these other RFCs is discussed.

No.

20. Describe the document shepherd's review of the IANA considerations section,
especially with regard to its consistency with the body of the document.
Confirm that all aspects of the document requiring IANA assignments are
associated with the appropriate reservations in IANA registries. Confirm
that any referenced IANA registries have been clearly identified. Confirm
that each newly created IANA registry specifies its initial contents,
allocations procedures, and a reasonable name (see [RFC 8126][11]).

The IANA Considerations section contains a media type registration. It uses
the template provided in RFC 6838 s5.6. As this I-D will be coming through
the IETF stream, the registration is reviewed and approved by the IESG (and
thanks for that).

21. List any new IANA registries that require Designated Expert Review for
future allocations. Are the instructions to the Designated Expert clear?
Please include suggestions of designated experts, if appropriate.

"SSLKEYLOGFILE Labels Registry" is a new registry. It points to RFC 8447(bis) for the
DE instructions.

[1]: https://www.ietf.org/about/groups/iesg/
[2]: https://www.rfc-editor.org/rfc/rfc4858.html
[3]: https://www.rfc-editor.org/rfc/rfc7942.html
[4]: https://wiki.ietf.org/group/ops/yang-review-tools
[5]: https://www.rfc-editor.org/rfc/rfc8342.html
[6]: https://wiki.ietf.org/group/iesg/ExpertTopics
[7]: https://www.rfc-editor.org/info/bcp79
[8]: https://www.ietf.org/tools/idnits/
[9]: https://www.rfc-editor.org/rfc/rfc3967.html
[10]: https://www.rfc-editor.org/info/bcp97
[11]: https://www.rfc-editor.org/rfc/rfc8126.html
[12]: https://www.rfc-editor.org/rfc/rfc2026.html#section-5
[13]: https://www.rfc-editor.org/rfc/rfc2026.html#section-4.1
[14]: https://www.rfc-editor.org/rfc/rfc2026.html#section-4.2
[15]: https://authors.ietf.org/en/content-guidelines-overview
[16]: https://www.ietf.org/about/groups/iesg/statements/normative-informative-references/
[17]: https://datatracker.ietf.org/doc/downref/
[18]: https://mailarchive.ietf.org/arch/msg/tls/lFYr128JIamDh1NBYbphHH8Mw8Q/

# Document Shepherd Write-Up for Group Documents

*This version is dated 4 July 2022.*

Thank you for your service as a document shepherd. Among the responsibilities is
answering the questions in this write-up to give helpful context to Last Call
and Internet Engineering Steering Group ([IESG][1]) reviewers, and your
diligence in completing it is appreciated. The full role of the shepherd is
further described in [RFC 4858][2]. You will need the cooperation of the authors
and editors to complete these checks.

Note that some numbered items contain multiple related questions; please be sure
to answer all of them.

## Document History

1. Does the working group (WG) consensus represent the strong concurrence of a
  few individuals, with others being silent, or did it reach broad agreement?

There was broad agreement to publish the I-D as an RFC.  At first, there was
some consternation that the TLS WG would even consider publishing this as an
I-D, but this file format is the defacto standard, e.g., it is supported by
Firefox, Chrome, Wireshark, openssl, libcurl, etc.

Also, we know SSL is dead. We as a WG killed it. Please do not ask us to
rename sslkeylogfile to tlskeylogfile ;) There is some text in the I-D
about why the name is what it is.

2. Was there controversy about particular points, or were there decisions where
  the consensus was particularly rough?

The biggest point of controversy, if you want to call it that, is how big of
a warning to put in the I-D that there be big, crazy, scary, and dangerous
dragons if you expose the key in the file.  Since the I-D was adopted by the
WG, an applicability statement was added explaining that this file is for test
systems. The security considerations also highlight the dragon(s), but at
least one vocal person thinks that maybe the text is a little too oblique.

During WGLC for draft-ietf-tls-ech-keylogfile, there was consensus to merge
that document with this document. Now, there is an objector to that merge
on grounds that now there is a registry "now extensible (via IANA specification
required) which is a problem as that means anyone can likely define new ways
to exfiltrate secrets from TLS implementations without any WG
overview."

3. Has anyone threatened an appeal or otherwise indicated extreme discontent? If
  so, please summarize the areas of conflict in separate email messages to the
  responsible Area Director. (It should be in a separate email because this
  questionnaire is publicly available.)

There was no threat of appeal before the merge. The aforementioned person might
continue to suggest less oblique language for the security considerations, but
they have stated that they are not objecting to the I-D proceeding as it was. Now,
it is not so clear.

4. For protocol documents, are there existing implementations of the contents of
  the document? Have a significant number of potential implementers indicated
  plans to implement? Are any existing implementations reported somewhere,
  either in the document itself (as [RFC 7942][3] recommends) or elsewhere
  (where)?

Loads of implementations; see Q1.

## Additional Reviews

5. Do the contents of this document closely interact with technologies in other
  IETF working groups or external organizations, and would it therefore benefit
  from their review? Have those reviews occurred? If yes, describe which
  reviews took place.

No.

6. Describe how the document meets any required formal expert review criteria,
  such as the MIB Doctor, YANG Doctor, media type, and URI type reviews.

N/A

7. If the document contains a YANG module, has the final version of the module
  been checked with any of the [recommended validation tools][4] for syntax and
  formatting validation? If there are any resulting errors or warnings, what is
  the justification for not fixing them at this time? Does the YANG module
  comply with the Network Management Datastore Architecture (NMDA) as specified
  in [RFC 8342][5]?

N/A

8. Describe reviews and automated checks performed to validate sections of the
  final version of the document written in a formal language, such as XML code,
  BNF rules, MIB definitions, CBOR's CDDL, etc.

N/A

## Document Shepherd Checks

9. Based on the shepherd's review of the document, is it their opinion that this
  document is needed, clearly written, complete, correctly designed, and ready
  to be handed off to the responsible Area Director?

Yes this I-D is well baked.

10. Several IETF Areas have assembled [lists of common issues that their
reviewers encounter][6]. For which areas have such issues been identified
and addressed? For which does this still need to happen in subsequent
reviews?

ART -> Media Types: Looks good to me (also Martin is not new to ART)
INT N/A
OPS N/A
RTG N/A
SEC -> Always worth another set of eyes!
TSV N/A

11. What type of RFC publication is being requested on the IETF stream ([Best
Current Practice][12], [Proposed Standard, Internet Standard][13],
[Informational, Experimental or Historic][14])? Why is this the proper type
of RFC? Do all Datatracker state attributes correctly reflect this intent?

The Informational track was chosen as this I-D isn’t really about the TLS protocol.
Martin noted during discussions at
IETF 105 (https://datatracker.ietf.org/doc/minutes-115-tls-202211100930/) that
standards track is a possibility as the file format is exchanged and it would help
a test system “work”.  Nobody in the WG really seems to care much whether
Informational or Standards track is appropriate.  However, if the IESG would
prefer to see this on the Standards track, that might sharpen concerns about
the degree to which the IETF is endorsing this practice and cause the presently
mild objections to be more forcefully presented.

12. Have reasonable efforts been made to remind all authors of the intellectual
property rights (IPR) disclosure obligations described in [BCP 79][7]? To
the best of your knowledge, have all required disclosures been filed? If
not, explain why. If yes, summarize any relevant discussion, including links
to publicly-available messages when applicable.

The Shepherd has confirmed the author has made all the necessary disclosures.

As noted in the Acknowledgements Section, this format originated in the NSS
project.  The author has provided explicit change control the IETF; see [18].

13. Has each author, editor, and contributor shown their willingness to be
listed as such? If the total number of authors and editors on the front page
is greater than five, please provide a justification.

The authors have acknowledged their willingness to be listed as the author.

14. Document any remaining I-D nits in this document. Simply running the [idnits
tool][8] is not enough; please review the ["Content Guidelines" on
authors.ietf.org][15]. (Also note that the current idnits tool generates
some incorrect warnings; a rewrite is underway.)

The two obsolete references are intentional.

There is one duplicate reference and I submitted a PR:
https://github.com/tlswg/sslkeylogfile/pull/24

15. Should any informative references be normative or vice-versa? See the [IESG
Statement on Normative and Informative References][16].

No.

16. List any normative references that are not freely available to anyone. Did
the community have sufficient access to review any such normative
references?

N/A

17. Are there any normative downward references (see [RFC 3967][9] and [BCP
97][10]) that are not already listed in the [DOWNREF registry][17]? If so,
list them.

N/A

18. Are there normative references to documents that are not ready to be
submitted to the IESG for publication or are otherwise in an unclear state?
If so, what is the plan for their completion?

We are creating a cluster behind draft-ietf-tls-rfc8446bis, but work on that
I-D is nearing completion.

19. Will publication of this document change the status of any existing RFCs? If
so, does the Datatracker metadata correctly reflect this and are those RFCs
listed on the title page, in the abstract, and discussed in the
introduction? If not, explain why and point to the part of the document
where the relationship of this document to these other RFCs is discussed.

No.

20. Describe the document shepherd's review of the IANA considerations section,
especially with regard to its consistency with the body of the document.
Confirm that all aspects of the document requiring IANA assignments are
associated with the appropriate reservations in IANA registries. Confirm
that any referenced IANA registries have been clearly identified. Confirm
that each newly created IANA registry specifies its initial contents,
allocations procedures, and a reasonable name (see [RFC 8126][11]).

The IANA Considerations section contains a media type registration. It uses
the template provided in RFC 6838 s5.6. As this I-D will be coming through
the IETF stream, the registration is reviewed and approved by the IESG (and
thanks for that).

21. List any new IANA registries that require Designated Expert Review for
future allocations. Are the instructions to the Designated Expert clear?
Please include suggestions of designated experts, if appropriate.

"SSLKEYLOGFILE Labels Registry" is a new registry. It points to RFC 8447 for the
DE instructions.

[1]: https://www.ietf.org/about/groups/iesg/
[2]: https://www.rfc-editor.org/rfc/rfc4858.html
[3]: https://www.rfc-editor.org/rfc/rfc7942.html
[4]: https://wiki.ietf.org/group/ops/yang-review-tools
[5]: https://www.rfc-editor.org/rfc/rfc8342.html
[6]: https://wiki.ietf.org/group/iesg/ExpertTopics
[7]: https://www.rfc-editor.org/info/bcp79
[8]: https://www.ietf.org/tools/idnits/
[9]: https://www.rfc-editor.org/rfc/rfc3967.html
[10]: https://www.rfc-editor.org/info/bcp97
[11]: https://www.rfc-editor.org/rfc/rfc8126.html
[12]: https://www.rfc-editor.org/rfc/rfc2026.html#section-5
[13]: https://www.rfc-editor.org/rfc/rfc2026.html#section-4.1
[14]: https://www.rfc-editor.org/rfc/rfc2026.html#section-4.2
[15]: https://authors.ietf.org/en/content-guidelines-overview
[16]: https://www.ietf.org/about/groups/iesg/statements/normative-informative-references/
[17]: https://datatracker.ietf.org/doc/downref/
[18]: https://mailarchive.ietf.org/arch/msg/tls/lFYr128JIamDh1NBYbphHH8Mw8Q/

[Ballot comment]
# Internet AD comments for draft-ietf-tls-keylogfile-02
CC @ekline

* comment syntax:
  - https://github.com/mnot/ietf-comments/blob/main/format.md

* "Handling Ballot Positions":
  - https://ietf.org/about/groups/iesg/statements/handling-ballot-positions/

## Nits

### S1

* "file format that logging the secret values" ->
  "file format for logging the secret values", I suspect

(Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs:

IANA has completed its review of draft-ietf-tls-keylogfile-01. If any part of this review is inaccurate, please let us know.

IANA understands that, upon approval of this document, there is a single action which we must complete.

in the application namespace of the Media Types registry located at:

https://www.iana.org/assignments/media-types/

a single new media type will be registered as follows:

Name: sslkeylogfile
Template: [ TBD-at-Registration ]
Reference: [ RFC-to-be ]

We understand that this is the only action required to be completed upon approval of this document.

NOTE: The action requested in this document will not be completed until the document has been approved for publication as an RFC. This message is meant only to confirm the action that will be performed.

For definitions of IANA review states, please see:

https://datatracker.ietf.org/help/state/draft/iana-review

Thank you,

David Dong
IANA Services Sr. Specialist

The following Last Call announcement was sent out (ends 2024-04-18):

From: The IESG
To: IETF-Announce
CC: draft-ietf-tls-keylogfile@ietf.org, paul.wouters@aiven.io, sean@sn3rd.com, tls-chairs@ietf.org, tls@ietf.org
Reply-To: last-call@ietf.org
Sender:
Subject: Last Call:  (The SSLKEYLOGFILE Format for TLS) to Informational RFC


The IESG has received a request from the Transport Layer Security WG (tls) to
consider the following document: - 'The SSLKEYLOGFILE Format for TLS'
  as Informational RFC

The IESG plans to make a decision in the next few weeks, and solicits final
comments on this action. Please send substantive comments to the
last-call@ietf.org mailing lists by 2024-04-18. Exceptionally, comments may
be sent to iesg@ietf.org instead. In either case, please retain the beginning
of the Subject line to allow automated sorting.

Abstract


  A format that supports the logging information about the secrets used
  in a TLS connection is described.  Recording secrets to a file in
  SSLKEYLOGFILE format allows diagnostic and logging tools that use
  this file to decrypt messages exchanged by TLS endpoints.




The file can be obtained via
https://datatracker.ietf.org/doc/draft-ietf-tls-keylogfile/



No IPR declarations have been submitted directly on this I-D.

# Document Shepherd Write-Up for Group Documents

*This version is dated 4 July 2022.*

Thank you for your service as a document shepherd. Among the responsibilities is
answering the questions in this write-up to give helpful context to Last Call
and Internet Engineering Steering Group ([IESG][1]) reviewers, and your
diligence in completing it is appreciated. The full role of the shepherd is
further described in [RFC 4858][2]. You will need the cooperation of the authors
and editors to complete these checks.

Note that some numbered items contain multiple related questions; please be sure
to answer all of them.

## Document History

1. Does the working group (WG) consensus represent the strong concurrence of a
  few individuals, with others being silent, or did it reach broad agreement?

There was broad agreement to publish the I-D as an RFC.  At first, there was
some consternation that the TLS WG would even consider publishing this as an
I-D, but this file format is the defacto standard, e.g., it is supported by
Firefox, Chrome, Wireshark, openssl, libcurl, etc.

Also, we know SSL is dead. We as WG killed it. Please do not ask us to
rename sslkeylogfile to tlskeylogfile ;) There is some text in the I-D
about why the name is what it is.

2. Was there controversy about particular points, or were there decisions where
  the consensus was particularly rough?

The biggest point of controversy, if you want to call it that, is how big of
a warning to put in the I-D that there be big, crazy, scary, and dangerous
dragons if you expose the key in the file.  Since the I-D was adopted by the
WG, an applicability statement was added explaining that this file is for test
systems. The security considerations also highlight the dragon(s), but at
least one vocal person thinks that maybe the text is a little too oblique.

3. Has anyone threatened an appeal or otherwise indicated extreme discontent? If
  so, please summarize the areas of conflict in separate email messages to the
  responsible Area Director. (It should be in a separate email because this
  questionnaire is publicly available.)

There has been no threat of appeal. The aforementioned person might continue to
suggest less oblique language for the security considerations, but they have
stated that they are not objecting to the I-D proceeding as is.

4. For protocol documents, are there existing implementations of the contents of
  the document? Have a significant number of potential implementers indicated
  plans to implement? Are any existing implementations reported somewhere,
  either in the document itself (as [RFC 7942][3] recommends) or elsewhere
  (where)?

Loads of implementations; see Q1.

## Additional Reviews

5. Do the contents of this document closely interact with technologies in other
  IETF working groups or external organizations, and would it therefore benefit
  from their review? Have those reviews occurred? If yes, describe which
  reviews took place.

No.

6. Describe how the document meets any required formal expert review criteria,
  such as the MIB Doctor, YANG Doctor, media type, and URI type reviews.

N/A

7. If the document contains a YANG module, has the final version of the module
  been checked with any of the [recommended validation tools][4] for syntax and
  formatting validation? If there are any resulting errors or warnings, what is
  the justification for not fixing them at this time? Does the YANG module
  comply with the Network Management Datastore Architecture (NMDA) as specified
  in [RFC 8342][5]?

N/A

8. Describe reviews and automated checks performed to validate sections of the
  final version of the document written in a formal language, such as XML code,
  BNF rules, MIB definitions, CBOR's CDDL, etc.

N/A

## Document Shepherd Checks

9. Based on the shepherd's review of the document, is it their opinion that this
  document is needed, clearly written, complete, correctly designed, and ready
  to be handed off to the responsible Area Director?

Yes this I-D is well baked.

10. Several IETF Areas have assembled [lists of common issues that their
reviewers encounter][6]. For which areas have such issues been identified
and addressed? For which does this still need to happen in subsequent
reviews?

ART -> Media Types: Looks good to me (also Martin is not new to ART)
INT N/A
OPS N/A
RTG N/A
SEC -> Always worth another set of eyes!
TSV N/A

11. What type of RFC publication is being requested on the IETF stream ([Best
Current Practice][12], [Proposed Standard, Internet Standard][13],
[Informational, Experimental or Historic][14])? Why is this the proper type
of RFC? Do all Datatracker state attributes correctly reflect this intent?

The Informational track was chosen as this I-D isn’t really about the TLS protocol.
Martin noted during discussions at
IETF 105 (https://datatracker.ietf.org/doc/minutes-115-tls-202211100930/) that
standards track is a possibility as the file format is exchanged and it would help
a test system “work”.  Nobody in the WG really seems to care much whether
Informational or Standards track is appropriate.  However, if the IESG would
prefer to see this on the Standards track, that might sharpen concerns about
the degree to which the IETF is endorsing this practice and cause the presently
mild objections to be more forcefully presented.

12. Have reasonable efforts been made to remind all authors of the intellectual
property rights (IPR) disclosure obligations described in [BCP 79][7]? To
the best of your knowledge, have all required disclosures been filed? If
not, explain why. If yes, summarize any relevant discussion, including links
to publicly-available messages when applicable.

The Shepherd has confirmed the author has made all the necessary disclosures.

As noted in the Acknowledgements Section, this format originated in the NSS
project.  The author has provided explicit change control the IETF; see [18].

13. Has each author, editor, and contributor shown their willingness to be
listed as such? If the total number of authors and editors on the front page
is greater than five, please provide a justification.

The author has acknowledged their willingness to be listed as the author.

14. Document any remaining I-D nits in this document. Simply running the [idnits
tool][8] is not enough; please review the ["Content Guidelines" on
authors.ietf.org][15]. (Also note that the current idnits tool generates
some incorrect warnings; a rewrite is underway.)

The two obsolete references are intentional.

15. Should any informative references be normative or vice-versa? See the [IESG
Statement on Normative and Informative References][16].

No.

16. List any normative references that are not freely available to anyone. Did
the community have sufficient access to review any such normative
references?

N/A

17. Are there any normative downward references (see [RFC 3967][9] and [BCP
97][10]) that are not already listed in the [DOWNREF registry][17]? If so,
list them.

N/A

18. Are there normative references to documents that are not ready to be
submitted to the IESG for publication or are otherwise in an unclear state?
If so, what is the plan for their completion?

We are creating a cluster behind draft-ietf-tls-rfc8446bis, but work on that
I-D is nearing completion.

19. Will publication of this document change the status of any existing RFCs? If
so, does the Datatracker metadata correctly reflect this and are those RFCs
listed on the title page, in the abstract, and discussed in the
introduction? If not, explain why and point to the part of the document
where the relationship of this document to these other RFCs is discussed.

No.

20. Describe the document shepherd's review of the IANA considerations section,
especially with regard to its consistency with the body of the document.
Confirm that all aspects of the document requiring IANA assignments are
associated with the appropriate reservations in IANA registries. Confirm
that any referenced IANA registries have been clearly identified. Confirm
that each newly created IANA registry specifies its initial contents,
allocations procedures, and a reasonable name (see [RFC 8126][11]).

The IANA Considerations section contains a media type registration. It uses
the template provided in RFC 6838 s5.6. As this I-D will be coming through
the IETF stream, the registration is reviewed and approved by the IESG (and
thanks for that).

21. List any new IANA registries that require Designated Expert Review for
future allocations. Are the instructions to the Designated Expert clear?
Please include suggestions of designated experts, if appropriate.

N/A

[1]: https://www.ietf.org/about/groups/iesg/
[2]: https://www.rfc-editor.org/rfc/rfc4858.html
[3]: https://www.rfc-editor.org/rfc/rfc7942.html
[4]: https://wiki.ietf.org/group/ops/yang-review-tools
[5]: https://www.rfc-editor.org/rfc/rfc8342.html
[6]: https://wiki.ietf.org/group/iesg/ExpertTopics
[7]: https://www.rfc-editor.org/info/bcp79
[8]: https://www.ietf.org/tools/idnits/
[9]: https://www.rfc-editor.org/rfc/rfc3967.html
[10]: https://www.rfc-editor.org/info/bcp97
[11]: https://www.rfc-editor.org/rfc/rfc8126.html
[12]: https://www.rfc-editor.org/rfc/rfc2026.html#section-5
[13]: https://www.rfc-editor.org/rfc/rfc2026.html#section-4.1
[14]: https://www.rfc-editor.org/rfc/rfc2026.html#section-4.2
[15]: https://authors.ietf.org/en/content-guidelines-overview
[16]: https://www.ietf.org/about/groups/iesg/statements/normative-informative-references/
[17]: https://datatracker.ietf.org/doc/downref/
[18]: https://mailarchive.ietf.org/arch/msg/tls/lFYr128JIamDh1NBYbphHH8Mw8Q/

# Document Shepherd Write-Up for Group Documents

*This version is dated 4 July 2022.*

Thank you for your service as a document shepherd. Among the responsibilities is
answering the questions in this write-up to give helpful context to Last Call
and Internet Engineering Steering Group ([IESG][1]) reviewers, and your
diligence in completing it is appreciated. The full role of the shepherd is
further described in [RFC 4858][2]. You will need the cooperation of the authors
and editors to complete these checks.

Note that some numbered items contain multiple related questions; please be sure
to answer all of them.

## Document History

1. Does the working group (WG) consensus represent the strong concurrence of a
  few individuals, with others being silent, or did it reach broad agreement?

There was broad agreement to publish the I-D as an RFC.  At first, there was
some consternation that the TLS WG would even consider publishing this as an
I-D, but this file format is the defacto standard, e.g., it is supported by
Firefox, Chrome, Wireshark, openssl, libcurl, etc.

Also, we know SSL is dead. We as WG killed it. Please do not ask us to
rename sslkeylogfile to tlskeylogfile ;) There is some text in the I-D
about why the name is what it is.

2. Was there controversy about particular points, or were there decisions where
  the consensus was particularly rough?

The biggest point of controversy, if you want to call it that, is how big of
a warning to put in the I-D that there be big, crazy, scary, and dangerous
dragons if you expose the key in the file.  Since the I-D was adopted by the
WG, an applicability statement was added explaining that this file is for test
systems. The security considerations also highlight the dragon(s), but at
least one vocal person thinks that maybe the text is a little too oblique.

3. Has anyone threatened an appeal or otherwise indicated extreme discontent? If
  so, please summarize the areas of conflict in separate email messages to the
  responsible Area Director. (It should be in a separate email because this
  questionnaire is publicly available.)

There has been no threat of appeal. The aforementioned person might continue to
suggest less oblique language for the security considerations, but they have
stated that they are not objecting to the I-D proceeding as is.

4. For protocol documents, are there existing implementations of the contents of
  the document? Have a significant number of potential implementers indicated
  plans to implement? Are any existing implementations reported somewhere,
  either in the document itself (as [RFC 7942][3] recommends) or elsewhere
  (where)?

Loads of implementations; see Q1.

## Additional Reviews

5. Do the contents of this document closely interact with technologies in other
  IETF working groups or external organizations, and would it therefore benefit
  from their review? Have those reviews occurred? If yes, describe which
  reviews took place.

No.

6. Describe how the document meets any required formal expert review criteria,
  such as the MIB Doctor, YANG Doctor, media type, and URI type reviews.

N/A

7. If the document contains a YANG module, has the final version of the module
  been checked with any of the [recommended validation tools][4] for syntax and
  formatting validation? If there are any resulting errors or warnings, what is
  the justification for not fixing them at this time? Does the YANG module
  comply with the Network Management Datastore Architecture (NMDA) as specified
  in [RFC 8342][5]?

N/A

8. Describe reviews and automated checks performed to validate sections of the
  final version of the document written in a formal language, such as XML code,
  BNF rules, MIB definitions, CBOR's CDDL, etc.

N/A

## Document Shepherd Checks

9. Based on the shepherd's review of the document, is it their opinion that this
  document is needed, clearly written, complete, correctly designed, and ready
  to be handed off to the responsible Area Director?

Yes this I-D is well baked.

10. Several IETF Areas have assembled [lists of common issues that their
reviewers encounter][6]. For which areas have such issues been identified
and addressed? For which does this still need to happen in subsequent
reviews?

ART -> Media Types: Looks good to me (also Martin is not new to ART)
INT N/A
OPS N/A
RTG N/A
SEC -> Always worth another set of eyes!
TSV N/A

11. What type of RFC publication is being requested on the IETF stream ([Best
Current Practice][12], [Proposed Standard, Internet Standard][13],
[Informational, Experimental or Historic][14])? Why is this the proper type
of RFC? Do all Datatracker state attributes correctly reflect this intent?

The Informational track was chosen as this I-D isn’t really about the TLS protocol.
Martin noted during discussions at
IETF 105 (https://datatracker.ietf.org/doc/minutes-115-tls-202211100930/) that
standards track is a possibility as the file format is exchanged and it would help
a test system “work”.  Nobody in the WG really seems to care much whether
Informational or Standards track is appropriate.  However, if the IESG would
prefer to see this on the Standards track, that might sharpen concerns about
the degree to which the IETF is endorsing this practice and cause the presently
mild objections to be more forcefully presented.

12. Have reasonable efforts been made to remind all authors of the intellectual
property rights (IPR) disclosure obligations described in [BCP 79][7]? To
the best of your knowledge, have all required disclosures been filed? If
not, explain why. If yes, summarize any relevant discussion, including links
to publicly-available messages when applicable.

The Shepherd has confirmed the author has made all the necessary disclosures.

As noted in the Acknowledgements Section, this format originated in the NSS
project.  The author has provided explicit change control the IETF; see [18].

13. Has each author, editor, and contributor shown their willingness to be
listed as such? If the total number of authors and editors on the front page
is greater than five, please provide a justification.

The author has acknowledged their willingness to be listed as the author.

14. Document any remaining I-D nits in this document. Simply running the [idnits
tool][8] is not enough; please review the ["Content Guidelines" on
authors.ietf.org][15]. (Also note that the current idnits tool generates
some incorrect warnings; a rewrite is underway.)

The two obsolete references are intentional.

15. Should any informative references be normative or vice-versa? See the [IESG
Statement on Normative and Informative References][16].

No.

16. List any normative references that are not freely available to anyone. Did
the community have sufficient access to review any such normative
references?

N/A

17. Are there any normative downward references (see [RFC 3967][9] and [BCP
97][10]) that are not already listed in the [DOWNREF registry][17]? If so,
list them.

N/A

18. Are there normative references to documents that are not ready to be
submitted to the IESG for publication or are otherwise in an unclear state?
If so, what is the plan for their completion?

We are creating a cluster behind draft-ietf-tls-rfc8446bis, but work on that
I-D is nearing completion.

19. Will publication of this document change the status of any existing RFCs? If
so, does the Datatracker metadata correctly reflect this and are those RFCs
listed on the title page, in the abstract, and discussed in the
introduction? If not, explain why and point to the part of the document
where the relationship of this document to these other RFCs is discussed.

No.

20. Describe the document shepherd's review of the IANA considerations section,
especially with regard to its consistency with the body of the document.
Confirm that all aspects of the document requiring IANA assignments are
associated with the appropriate reservations in IANA registries. Confirm
that any referenced IANA registries have been clearly identified. Confirm
that each newly created IANA registry specifies its initial contents,
allocations procedures, and a reasonable name (see [RFC 8126][11]).

The IANA Considerations section contains a media type registration. It uses
the template provided in RFC 6838 s5.6. As this I-D will be coming through
the IETF stream, the registration is reviewed and approved by the IESG (and
thanks for that).

21. List any new IANA registries that require Designated Expert Review for
future allocations. Are the instructions to the Designated Expert clear?
Please include suggestions of designated experts, if appropriate.

N/A

[1]: https://www.ietf.org/about/groups/iesg/
[2]: https://www.rfc-editor.org/rfc/rfc4858.html
[3]: https://www.rfc-editor.org/rfc/rfc7942.html
[4]: https://wiki.ietf.org/group/ops/yang-review-tools
[5]: https://www.rfc-editor.org/rfc/rfc8342.html
[6]: https://wiki.ietf.org/group/iesg/ExpertTopics
[7]: https://www.rfc-editor.org/info/bcp79
[8]: https://www.ietf.org/tools/idnits/
[9]: https://www.rfc-editor.org/rfc/rfc3967.html
[10]: https://www.rfc-editor.org/info/bcp97
[11]: https://www.rfc-editor.org/rfc/rfc8126.html
[12]: https://www.rfc-editor.org/rfc/rfc2026.html#section-5
[13]: https://www.rfc-editor.org/rfc/rfc2026.html#section-4.1
[14]: https://www.rfc-editor.org/rfc/rfc2026.html#section-4.2
[15]: https://authors.ietf.org/en/content-guidelines-overview
[16]: https://www.ietf.org/about/groups/iesg/statements/normative-informative-references/
[17]: https://datatracker.ietf.org/doc/downref/
[18]: https://mailarchive.ietf.org/arch/msg/tls/lFYr128JIamDh1NBYbphHH8Mw8Q/