You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
On a production system you probably don't want to log TLS secrets, even if you qlog (some of the) connections. The new field in the key_updated event therefore should not be mandatory.
I'm not sure I understand the old field either. If you're logging 1-RTT key updates and their sequence numbers, the key would already be written to the qlog, so there's no need to export it again. Or am I missing something?
Maybe it would be a good idea to keep key material to the SSLKEYLOGFILE and not even offer an option to write them to qlog?
The text was updated successfully, but these errors were encountered:
Additionally, we should add an "owner" field to the key_update event.
Now, difference between client/server keys is made with the trigger and also the KeyType: this should be made more consistent with the other events. See also #44.
An endpoint would then emit separate events for client and server key updates, which should work event if key calculation is delayed (though not 100% sure yet).
On a production system you probably don't want to log TLS secrets, even if you qlog (some of the) connections. The
new
field in thekey_updated
event therefore should not be mandatory.I'm not sure I understand the
old
field either. If you're logging 1-RTT key updates and their sequence numbers, the key would already be written to the qlog, so there's no need to export it again. Or am I missing something?Maybe it would be a good idea to keep key material to the SSLKEYLOGFILE and not even offer an option to write them to qlog?
The text was updated successfully, but these errors were encountered: