IETF Logo Mail Archive

Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13

Mohit Sethi M <mohit.m.sethi@ericsson.com> Fri, 11 October 2019 07:14 UTC

Return-Path: <mohit.m.sethi@ericsson.com>
X-Original-To: emu@ietfa.amsl.com
Delivered-To: emu@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A1ADE120115 for <emu@ietfa.amsl.com>; Fri, 11 Oct 2019 00:14:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.002
X-Spam-Level:
X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OVOxlhe-LrU6 for <emu@ietfa.amsl.com>; Fri, 11 Oct 2019 00:14:36 -0700 (PDT)
Received: from EUR02-VE1-obe.outbound.protection.outlook.com (mail-eopbgr20083.outbound.protection.outlook.com [40.107.2.83]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1214B12008B for <emu@ietf.org>; Fri, 11 Oct 2019 00:14:35 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=a3A4ZdGdr3n/SIhD3uq8fkveDUmfqqu54VkQDmx36/lADg5WgB+NlrQFlGw1wnRsY7l2CyQN8GKVM2YuMm3z32U+LgqPWFuiwWNlAAbC3ArEOoYAtecBjnYC76/mD7BL/POEqSmI3b85nuguyoG1RtqgqHo+VPMUxSCKLxCqShRNzEmiZsJKNYrKz0Y6QX/XVDmqjnq+L32D3LQa5nnD9N6OAR/O32a/p6NPYS/n1Hl8E3cIq5Vsd76cZBJsAdRz4dddRRTd7RYCF6kwksnzHCsLej7bEHoUjPrRBRDuqwgkL4vIBWGxppMgMx0u8bWEL3/ansovGR06sD26JrWyPA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=1x5E+RTcY6riEfpWLE2hpDc1p+m9xIBYOSwqyIoWLTk=; b=bVYXUz2ab8NAQaFOUegD+3yTWq/iMfWQRryNGtwDKpfqGTrQjMx7rv3PUuuIQXGHKZe+b7He9tcc0d7+iT4n9GVnbAYZ79KM2B0qPeJ+Ri+tL114RgZa2VRwg/491xUBJ5grZx2YYKogibqyjayCV8gXGW8KFfZ59v/2hWGoTis+8Otix3bD7D2kcG43LpFgMl9Q+QUjTYw4ZbTTsZ8bOsddW/fdeq+k8uCMpfNMz82ckCCNCvNjBqZqmFdn991QjxdWgjgLYwiTtl9q5gmSMJVt8mYNGfiNYO3KOBPrixaNS0/CRL8S8nKHzXD+wCYO1Vwp3kjO0J09/uxoDnHfyw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=1x5E+RTcY6riEfpWLE2hpDc1p+m9xIBYOSwqyIoWLTk=; b=YC+61rhBRi0ZDsb7fujceDxQZL3wuTyyaofkMoA6R3dnKVF6WUUQLbs5oouO55jauKpHf5Ya/Jfjtq5qDbiEbXmoqwUfUlTLb8g0FqjloKE8r3z5myo5yqsFy4i+HKw+PU68202fwRuqAoMveP4NyWccM9nnrCXmz+ohhrafEIM=
Received: from HE1PR0701MB2905.eurprd07.prod.outlook.com (10.168.98.146) by HE1PR0701MB2283.eurprd07.prod.outlook.com (10.168.36.20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2347.11; Fri, 11 Oct 2019 07:14:33 +0000
Received: from HE1PR0701MB2905.eurprd07.prod.outlook.com ([fe80::f073:9f5c:2438:ea1f]) by HE1PR0701MB2905.eurprd07.prod.outlook.com ([fe80::f073:9f5c:2438:ea1f%6]) with mapi id 15.20.2347.016; Fri, 11 Oct 2019 07:14:32 +0000
From: Mohit Sethi M <mohit.m.sethi@ericsson.com>
To: John Mattsson <john.mattsson=40ericsson.com@dmarc.ietf.org>, Eliot Lear <lear@cisco.com>
CC: EMU WG <emu@ietf.org>
Thread-Topic: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13
Thread-Index: AQHVf0E0Yrfy88y1MEa4KtYtC+eMdKdTi1eAgAAotoCAAFo6gIAA+kUA
Date: Fri, 11 Oct 2019 07:14:32 +0000
Message-ID: <dae74d3f-b15b-2966-80b8-a128c9fdaff4@ericsson.com>
References: <7828_1564869242_5D46027A_7828_348_1_02e001d54a45$e92ae900$bb80bb00$@augustcellars.com> <20b118932a4843b6b88e605799fafea8@aalto.fi> <211AD83C-D111-4EEB-AAF0-D9B5E521F4CF@deployingradius.com> <8F355C6F-DF1E-4E03-B75E-0F1D2508B9D4@ericsson.com> <246280B8-6E5C-484B-95BD-9C940C98C507@deployingradius.com> <CY4PR1101MB22781AB8C8982ACF99B61544DB8E0@CY4PR1101MB2278.namprd11.prod.outlook.com> <17E08795-4E4E-4507-8384-836020966BCF@deployingradius.com> <634C375D-FBF3-4297-A5C0-E68C903CA34A@ericsson.com> <CAOgPGoBko6N_JebmisoSk_EJ=Hq21sV3xoXjLw4r7D+OFSsdZA@mail.gmail.com> <CC58A292-03D6-4D70-A11F-B8FEE7311E78@cisco.com> <40D7307B-E302-4379-9013-C8B300A09050@ericsson.com> <C2573D07-78AE-4320-94AB-9B68C8AEA703@cisco.com> <abdcec26-9fd6-61c8-47fa-717c762bf509@ericsson.com> <CB8BD411-3B93-4720-BE46-D6CFA4DFF0BA@ericsson.com> <143f0e52-84e5-4e19-4597-1855e43094fa@ericsson.com> <EACE47D9-6D92-4361-9512-138058272D0A@ericsson.com>
In-Reply-To: <EACE47D9-6D92-4361-9512-138058272D0A@ericsson.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0
authentication-results: spf=none (sender IP is ) smtp.mailfrom=mohit.m.sethi@ericsson.com;
x-originating-ip: [82.203.244.107]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: b9adee41-a16f-4909-6891-08d74e1aaa50
x-ms-traffictypediagnostic: HE1PR0701MB2283:
x-ms-exchange-purlcount: 3
x-microsoft-antispam-prvs: <HE1PR0701MB22838E5C26022EE1010424EDD0970@HE1PR0701MB2283.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-forefront-prvs: 0187F3EA14
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(346002)(396003)(376002)(136003)(39860400002)(366004)(189003)(199004)(486006)(6512007)(6306002)(476003)(64756008)(66476007)(65956001)(66556008)(66446008)(26005)(110136005)(66946007)(76116006)(65806001)(446003)(5660300002)(305945005)(66066001)(6436002)(4326008)(2616005)(11346002)(6246003)(31696002)(256004)(86362001)(36756003)(7736002)(25786009)(81156014)(81166006)(71200400001)(966005)(71190400001)(8936002)(478600001)(58126008)(316002)(102836004)(76176011)(53546011)(2906002)(6506007)(14454004)(186003)(229853002)(99286004)(6486002)(8676002)(3846002)(6116002)(31686004); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR0701MB2283; H:HE1PR0701MB2905.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: b8vg8pCrt7Gkhj3QLE/74/uiXHNUiPemBngryIsayj3m4vetr9dZY0eOXYTS0RUxReRtiOh0KWFk2SnM+FpK9v1QG3RrGhtdVlhUxrDq9sxIGVQs2AJawxt7RkDHXpWkQDeT3dO6kZIt+udvm8QdO/ZHk2wQ8Fqdp3/ZEGaMvyaGl/cqfBkKiGAf1HKuhMTzl36YWxT/ihCX8dIMX9MDV34EY/vfaMXu/S0ukVK4dB/6qXxYf9XgQ6+Q+/wyPbzOIrFmQUkdcDNELBxLF1aKym1RFe2Sjh7aI1Br49fWX3M6zeC/+FNsi8TJN8PWZeJIMcLbTzyB+xgBCb0J6Ze6Q6OrxbzzF1JjjYS+1Dk96Li3U0ae+H7vqrcUlDwvYR8+0A2sNEnqI/4B/HqDaURym3SDBP1IAWGjwzP4Rpzxok1TMd6sA+WBGLmBaTpeueobdqe2tVqoaU2Qu9AntJ/pWQ==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <26CDD47F252C3144A355767AAB80F864@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-Network-Message-Id: b9adee41-a16f-4909-6891-08d74e1aaa50
X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Oct 2019 07:14:32.8257 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: hTJ4r3IE64Eb/pp42qxFv19hVq1xYu1ya6nmgdSsdBCStEwJfB0ci8Pz1S1Q5eLYXBCzhZHshlpkJGDM4CyzeH5hie2/ZqE0EAn783mIGvI=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0701MB2283
Archived-At: <https://mailarchive.ietf.org/arch/msg/emu/464AQ2WsN_-q5xSdC1OYqY55qKw>
Subject: Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13
X-BeenThere: emu@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/emu/>
List-Post: <mailto:emu@ietf.org>
List-Help: <mailto:emu-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Oct 2019 07:14:39 -0000

I am aware that Openssl has support for external PSK. The Selfie attack 
was demonstrated using this Openssl implementation: 
https://eprint.iacr.org/2019/347

However, the github issue you posted is still helpful. If I understand 
the resolution of this issue: Openssl will first check for a valid 
external PSK before checking for resumption PSKs.

I think we can include EAP-TLS-PSK without major changes to the current 
document. I only want to ensure that EAP-TLS-PSK does not leave any 
implementation ambiguities.

--Mohit

On 10/10/19 7:18 PM, John Mattsson wrote:
> Mohit Sethi M mailto:mohit.m.sethi@ericsson.com wrote:
>
>> Can you give an example of an existing TLS 1.3 deployment that offers both resumption PSKs and external PSKs?
> Don’t know if it is deployed anywhere, but OpenSSL supports resumption of PSK sessions. There was a bug that stopped it from working that was patched 12 months ago.
> https://github.com/openssl/openssl/issues/7433
>
>
> _______________________________________________
> Emu mailing list
> Emu@ietf.org
> https://www.ietf.org/mailman/listinfo/emu

v2.23.0 | Report a Bug | By Email