Technical Summary
A format that supports the logging information about the secrets used
in a TLS connection is described. Recording secrets to a file in
SSLKEYLOGFILE format allows diagnostic and logging tools that use
this file to decrypt messages exchanged by TLS endpoints.
Working Group Summary
The one thing that worried some people (including your responsible AD)
was the fact that this could be used as pervasive monitoring tool if this
file is offloaded/shared on production systems. Numerous warnings were
added to the document to not do this. As the feature is already readily
available (Firefox, Chrome, Wireshark, openssl, libcurl, etc.) those
who are building such monitoring devices can already do so anyway.
An additional WGLC was done to confirm the feeling of the room at IETF 122,
and no new voices objecting were heard. The IETF LC was extended by another
two weeks to give people more time to raise their concens, but again no
new people raised objections.
Document Quality
This is documenting a widely deployed feature that is used for development
and debugging major crypto libraries and browsers (see above)
Personnel
The Document Shepherd for this document is Sean Turner. The Responsible
Area Director is Paul Wouters.