On 1/23/2024 7:51 PM, Marten Seemann wrote: > On Wed, 24 Jan 2024 at 10:39, Willy Tarreau <[email protected]> wrote:
What I suspect in fact is that in the datacentre what most admins would be interested in would just be to disable header protection to make it easier to follow the protocol itself (e.g. observe retransmits etc) without risking to expose the payload, that absolutely nobody wants to see the vast majority of the time during debugging.
That's an interesting idea. In principle it should be possible to only export the header protection keys without exporting any other TLS keys. I don't believe the SSLKEYLOGFILE has an option for that though, and I'm not sure if there's a way to load header protection keys into Wireshark.
That may be an interesting idea, but it will not do what you believe it does.
Some parts of the header are already in clear text, by necessity. You don't need the header protection key to access the packet type, or the payload length of handshake packets. You can follow the progression of the handshake by just looking at the packet types, no header protection key required.
In practice, the header protection only protects the packet sequence number, and a couple of bits in the first byte. So, in addition to the packet types, you will get the packet numbers. That will not tell you very much. It will not tell you whether a packet is retransmission of another one. It will not tell you whether a packet acknowledges another one, which stream it carries, or anything like that.
I am not sure that building a mechanism to export just the header encryption key is worth the trouble.
-- Christian Huitema
