Hi, The log files often contain keying material when they shouldn't. I figure I'd throw out a rules (er, dogma) on what keying material can appear in a log file and see how far it gets :-)
- you can log chunk contents The assumption here is that its things like cookies, nonces, et.al. which either came from or will go on the wire. If we find a chunk that shouldn't be logged then ask the question "should this be a symkey" because: - you cannot log symkey contents (unless DBG_PRIVATE) Of course there'll be exceptions such as PSKs (which is why this is dogma :-). Wit this in mind, I've added a DBG_dump_symkey that only logs limited information (unless DBG_PRIVATE). Andrew
_______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
