Technical Summary
A format that supports the logging information about the secrets used
in a TLS connection is described. Recording secrets to a file in
SSLKEYLOGFILE format allows diagnostic and logging tools that use
this file to decrypt messages exchanged by TLS endpoints.
Working Group Summary
The one thing that worried some people (including your responsible AD)
was the fact that this could be used as pervasive monitoring tool if this
file is offloaded/shared on production systems. Numerous warnings were
added to the document to not do this. As the feature is already readily
available (Firefox, Chrome, Wireshark, openssl, libcurl, etc.) those
who are building such monitoring devices can already do so anyway.
Document Quality
This is documenting a widely deployed feature that is used for development
and debugging major crypto libraries and browsers (see above)
Personnel
The Document Shepherd for this document is Sean Turner. The Responsible
Area Director is Paul Wouters.