Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  newsreader  groups  login

Message-ID:  

The only way to learn a new programming language is by writing programs in it. -- Brian Kernighan

devel / comp.protocols.kerberos / Re: query about a possible "KRB5KEYLOGFILE" feature, to log session keys

SubjectAuthor
o Re: query about a possible "KRB5KEYLOGFILE" feature, to log session keysGreg Hudson

1
Re: query about a possible "KRB5KEYLOGFILE" feature, to log session keys

<mailman.68.1710858478.2322.kerberos@mit.edu>

  copy mid

https://www.novabbs.com/devel/article-flat.php?id=520&group=comp.protocols.kerberos#520

  copy link   Newsgroups: comp.protocols.kerberos
Path: i2pn2.org!i2pn.org!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!tncsrv06.tnetconsulting.net!.POSTED.mailman.mit.edu!not-for-mail
From: ghud...@mit.edu (Greg Hudson)
Newsgroups: comp.protocols.kerberos
Subject: Re: query about a possible "KRB5KEYLOGFILE" feature, to log session
keys
Date: Tue, 19 Mar 2024 10:27:51 -0400
Organization: TNet Consulting
Lines: 10
Message-ID: <mailman.68.1710858478.2322.kerberos@mit.edu>
References: <08dd4568-38a3-0137-35c7-4ea43647dad6@qoxp.net>
<030e8e32-f590-4da2-a54b-0a358aea4109@mit.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Info: tncsrv06.tnetconsulting.net; posting-host="mailman.mit.edu:18.7.21.50";
logging-data="29539"; mail-complaints-to="newsmaster@tnetconsulting.net"
User-Agent: Mozilla Thunderbird
To: "Richard E. Silverman" <res@qoxp.net>, MIT Kerberos <kerberos@mit.edu>
DKIM-Filter: OpenDKIM Filter v2.11.0 unknown-host (unknown-jobid)
Authentication-Results: mailman.mit.edu;
dkim=pass (1024-bit key, unprotected) header.d=mit.edu header.i=@mit.edu
header.a=rsa-sha256 header.s=selector2 header.b=eCjL5FCJ;
dkim=pass (2048-bit key,
unprotected) header.d=mit.edu header.i=@mit.edu header.a=rsa-sha256
header.s=outgoing header.b=VeL1ev/2
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=l2wIEzwaUTQDkj2lOLc8hCbWzbjSDNHh/OwGW4I+utmSKTx5c+ogX2U9sI4VXLn52WcOh/Zgmumwplnq84K2C+keNVler8QbOknVGdqViXE0z36zrZDcKsd+i+KpJnB6RX8F+SVNTdCW6nIjZ2KgiJOxhBp7XlubpsrO1kHEkvjH7CmO0mZdNVWsleJFPXbPbrIBnlEHQ7Tm2Po6/oCXqk2WlUWaVk4rUsx+sd4wZt0jNFiFBA4Klewn3Jd6f8tHmNSr90Niz5T4e5fcVZFf/tyO+WTA67K8ukc6VeN6SZhaUmnv6tIaGzqGn8+sPFbmlS82KvtaRon272OycBgYyQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=p/ChsDJx+Jc8gR+bnmvk/Tj6kTxq3W1vmp3N6sPe5s8=;
b=FrG2JdOykYt33ua7/P7Hw8aQDZH07G7N6+9QfeC0oSCxBR72/Buj6H0MUf5nrctwCmWPdy2fkYzI+FmIIJ1UlflYoWikHOz8hysIQcbeOScnVh1O8ZBa+MzsjWV78K0IrM73n3BwS3XPHsZG7SvjikkumWpl3I9mahqiHexe9pVShfpbEwH/fGZ3IwmTfyTCorys9H3PjacNr/vAzxYU5r+wfABd2v2GT2/KpYnJbhFrwKSChhUF2hgo6TbIQZXNvr9KKYNHNE8Ywa37oqrMEKNhPvWTM6hqAbBitzqNwuVgYv6pig6BGr/LLddSGqFJmVpbvoysqXFecW1sgThFxA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is
18.9.28.11) smtp.rcpttodomain=mit.edu smtp.mailfrom=mit.edu; dmarc=pass
(p=none sp=none pct=100) action=none header.from=mit.edu; dkim=pass
(signature was verified) header.d=mit.edu; arc=none (0)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mit.edu; s=selector2;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=p/ChsDJx+Jc8gR+bnmvk/Tj6kTxq3W1vmp3N6sPe5s8=;
b=eCjL5FCJax9Tfn01Yj95TQRCpMUiYeHwq6+YPoZsrKSG7hDmcIqPK/70KGzMnbv0jUaiqPln7zNVaVX5cReouQMVyKdZKu6V426fUBv09Wq1tk/N/QJmC+DnxgYZ89mswPjVj30gKmki3+xOzSXcw2NG6MIUoa9P9AhqjmQuov0=
Authentication-Results: spf=pass (sender IP is 18.9.28.11)
smtp.mailfrom=mit.edu; dkim=pass (signature was verified)
header.d=mit.edu;dmarc=pass action=none header.from=mit.edu;
Received-SPF: Pass (protection.outlook.com: domain of mit.edu designates
18.9.28.11 as permitted sender) receiver=protection.outlook.com;
client-ip=18.9.28.11; helo=outgoing.mit.edu; pr=C
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mit.edu; s=outgoing;
t=1710858473; bh=p/ChsDJx+Jc8gR+bnmvk/Tj6kTxq3W1vmp3N6sPe5s8=;
h=Message-ID:Date:MIME-Version:Subject:From:Content-Type;
b=VeL1ev/2eSD98yOPYHm1JVFn+i7YsJ2XZxqX5S4QP04iwWNx9c0PSLkBprXKFjwva
TzGC9VQzsibgdouW3zuqCfomglXQBdQKTuXVNWLkcW5wkWP5j+XDMJ5qPpieASct50
wLZx5YnNrgUs0j3m1NirzT4pP+Fx8J8bF4twv/vv7TPfjasZyY7xzu5uNQnLSkudDK
s/btb7/QGlIB+bvRq7Gp5Nwg51sAT6Ys5K5zrcAZmZqyjriwO14lhipJLWxdCv6sIY
ptS5TXmjJLvECL0lnRDu8LtDJOdhSez5Y0cS8CqGt4HjXNBmCqT6L/s11SBsA5C1zI
CSzAyCzDdtA0g==
Content-Language: en-US
In-Reply-To: <08dd4568-38a3-0137-35c7-4ea43647dad6@qoxp.net>
X-EOPAttributedMessage: 0
X-EOPTenantAttributedMessage: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b:0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: CH2PEPF00000099:EE_|PH0PR01MB6213:EE_
X-MS-Office365-Filtering-Correlation-Id: c1f9ec85-def6-4e93-08d0-08dc4820c3ba
X-LD-Processed: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b,ExtAddr
X-MS-Exchange-AtpMessageProperties: SA
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: roqI6Wf0tSpzNNVX/dZaUedZWuexfhfaTQTAKcjyJUrJ8aPJTdinC/zgYjSbZiOb1OUkHeWJer5jLQk9lb9H2bhsOQ6blXhpo5MelysFIY2Zx8hQbRiwN0rBns18KJetdMW4ubplpGEhXvDTOnC9FqSflQMAB+60ePKbY1HiwojjsukheUlF7PYsZhDwiXpXZF8NNlXL9ft8Ao9wx7VusALA1JlxFKHxGZMaAdKAyk6uwdh3vdiQa9e2Hc2+UvWigScEQaK79kQQn1RACW4BGfkdYtbyEEfhKO49Rse1LB7EhM54UbcwgGP3lXMFo+udN1cFX9LW+jlV78TqrrNF5cAYnqfyriHGtOd1jtWgvAvHeZuBNV4WJyuINF7Yw3sS4g+TQwbqfzMjY6pVju7VlhPcqDQcOehvrswfzZlLBKgcAyLf2a2ES+3sjnzeNOWobS8d9pjkiLv/zNAaxGxpVS/HDokeG7KwjiFIXrCO6xC7pE4eE5RfQAIyFNW0K8f13314ra7vSiGThUUSySwzRs7xegkU3gnFEqyONgIDby68IDHDt3M0eOs/iLIl5+1aa7xqhEqeV6Ecd/FLeo5s37STqFPGDEN7Te1cJ6XID35FcXlkuxTevidkvhPlhRBuBrhprWM6ORcBihsJJQfY97REvggM4+rUG2cTYKWnInYVv8QOc9C8DOwql9Q5gG5WE8rsK9wKh4fbmGnGR/4p2LJ8GBjGAjTJgiKp+vdjZDiVM1B3+gqc8RURignUAUIE+nGEiN3HovxJX37halJwhC4RVD28DX6aSHFrvSsbZDw=
X-Forefront-Antispam-Report: CIP:18.9.28.11; CTRY:US; LANG:en; SCL:1; SRV:;
IPV:CAL; SFV:NSPM; H:outgoing.mit.edu; PTR:outgoing-auth-1.mit.edu; CAT:NONE;
SFS:(13230031)(376005)(1800799015); DIR:OUT; SFP:1102;
X-ExternalRecipientOutboundConnectors: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-Auto-Response-Suppress: DR, OOF, AutoReply
X-OriginatorOrg: mit.edu
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 19 Mar 2024 14:27:53.7170 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: c1f9ec85-def6-4e93-08d0-08dc4820c3ba
X-MS-Exchange-CrossTenant-Id: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-MS-Exchange-CrossTenant-AuthSource: CH2PEPF00000099.namprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR01MB6213
X-BeenThere: kerberos@mit.edu
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: The Kerberos Authentication System Mailing List <kerberos.mit.edu>
List-Unsubscribe: <https://mailman.mit.edu/mailman/options/kerberos>,
<mailto:kerberos-request@mit.edu?subject=unsubscribe>
List-Archive: <http://mailman.mit.edu/pipermail/kerberos/>
List-Post: <mailto:kerberos@mit.edu>
List-Help: <mailto:kerberos-request@mit.edu?subject=help>
List-Subscribe: <https://mailman.mit.edu/mailman/listinfo/kerberos>,
<mailto:kerberos-request@mit.edu?subject=subscribe>
X-Mailman-Original-Message-ID: <030e8e32-f590-4da2-a54b-0a358aea4109@mit.edu>
X-Mailman-Original-References: <08dd4568-38a3-0137-35c7-4ea43647dad6@qoxp.net>
 by: Greg Hudson - Tue, 19 Mar 2024 14:27 UTC

On 3/17/24 23:33, Richard E. Silverman wrote:
> I have a patch to libkrb5 which implements a feature similar to the
> SSLKEYLOGFILE environment variable that’s now in pretty wide use for
> TLS: it logs session keys to a keytab named by KRB5KEYLOGFILE. The main
> use for this, just as with the TLS version, is to decrypt packet
> captures with Wireshark; the latter’s KRB5 dissector takes a keytab as
> input.

I think that would be a reasonable feature to add.

1
server_pubkey.txt

rocksolid light 0.9.8
clearnet tor