Re: [Gen-art] Genart last call review of draft-ietf-kitten-tls-channel-bindings-for-tls13-09
Sam Whited <sam@samwhited.com> Mon, 18 October 2021 10:44 UTC
Return-Path: <sam@samwhited.com>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id E340A3A12B2;
Mon, 18 Oct 2021 03:44:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.101
X-Spam-Level:
X-Spam-Status: No, score=-2.101 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001,
SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key)
header.d=samwhited.com header.b=cH1YsI9i;
dkim=pass (2048-bit key)
header.d=messagingengine.com header.b=cGaOL+7v
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id CvWikAkbs5Zs; Mon, 18 Oct 2021 03:44:24 -0700 (PDT)
Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com
[66.111.4.27])
(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id BDBE03A0BAC;
Mon, 18 Oct 2021 03:44:23 -0700 (PDT)
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41])
by mailout.nyi.internal (Postfix) with ESMTP id BC48F5C0152;
Mon, 18 Oct 2021 06:44:20 -0400 (EDT)
Received: from imap42 ([10.202.2.92])
by compute1.internal (MEProxy); Mon, 18 Oct 2021 06:44:20 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=samwhited.com;
h=mime-version:message-id:in-reply-to:references:date:from:to
:cc:subject:content-type:content-transfer-encoding; s=fm1; bh=eh
EOCYm3emdWjWE45bOJjv13/4gAh+HBF66HySMTwao=; b=cH1YsI9iUwcCUOG3EU
23HvDnG7qQd4jKcgK1vO/IkSi9wrcV8akBoMs1FdUDDa/arA6LolPF7GKKryDhTy
bKGnq90IN7SjHoqckUOTOnWPw5RClndWpITnaVXrcpUPlVozuwZKTZAFObcUGPzH
05y6DCeI6fEUZCZaRfbofLnFL8N0pxYu/K0YE11bklr5LRMsx6xE/20FqW8Z9gvj
oKKXbhQPueD7InZZi4EZawt3lnbQw2CRWXI78cS5YfsKdLpRvXfLt26HTzPVpC2l
9OjisMTTh21IZL06mPf3Eww1G24wiZZCEkOgYSFWZqwfX2VTiWv1zq4lA42rnP/n
0z5g==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
messagingengine.com; h=cc:content-transfer-encoding:content-type
:date:from:in-reply-to:message-id:mime-version:references
:subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender
:x-sasl-enc; s=fm1; bh=ehEOCYm3emdWjWE45bOJjv13/4gAh+HBF66HySMTw
ao=; b=cGaOL+7vhVDrnxxSwEF+JhRoqRd25ZVF8yuvNtV8nF0yUDPcO9vCxVZ3H
Mz/TFdhmGM6FLpu4ihmg5fGNP6oDIr3nh/BbHBIlELHpApLmU0Q0UbKJLR2Jfvq6
iIlrorgM3C55DJxGbZNXPstQt1IGYdfBuLL03AhEr0BvD+zQeWfD92nCdWQ3AHTL
aY/0YcFbXDPzi/MV+OOIef4XYl/pSxD/mxDzLOJRHng+BaWlCBTtnVXj+U5ta5NJ
NORxF72od78bD1EnN2weTbiggDpCuupmgqfjcoQ01Ap4fx+aDp4GznYQ9ekqxdq1
xVXMginrReeQAbLaVYK7bScGt9e8g==
X-ME-Sender: <xms:BFBtYT7ncKxK-HCIm-cNx-4dPS56C01OAT9j8NEQlZBFrJetj7W5SQ>
<xme:BFBtYY5F8hQYhG0c2cv1InGjBcjztEzzkoDjgcika9qstdKnj9G_B4LE3zV_Hswhi
jUStOfuHYsd57RT5A>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvtddrvddvtddgvdelucetufdoteggodetrfdotf
fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen
uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne
cujfgurhepofgfggfkjghffffhvffutgfgsehtqhertderreejnecuhfhrohhmpedfufgr
mhcuhghhihhtvggufdcuoehsrghmsehsrghmfihhihhtvggurdgtohhmqeenucggtffrrg
htthgvrhhnpeefuddukeekueetueelfeeguedvuedvffehvdevieffgeehhfejffdtveev
uedvffenucffohhmrghinhepihgvthhfrdhorhhgnecuvehluhhsthgvrhfuihiivgeptd
enucfrrghrrghmpehmrghilhhfrhhomhepshgrmhesshgrmhifhhhithgvugdrtghomh
X-ME-Proxy: <xmx:BFBtYaeJ7c_Jd-FURY4TXTFypnDpvDkiarkfRXRQ0uXdteJRrQCF3g>
<xmx:BFBtYUISp-76bjTzB5k9ccyHdbB7rd-AAlqGT3Pj3BTUABMqrVdOJA>
<xmx:BFBtYXLWpQSRt5OVNErwRxm25Onn0YDedzf1EHKXvdILLEOqMSE3lw>
<xmx:BFBtYf07Vxhmpf3Dl14-jgkS-mhmvP2uSKP7M8rg0iehWAtQezTIEw>
Received: by mailuser.nyi.internal (Postfix, from userid 501)
id 4C1C82180075; Mon, 18 Oct 2021 06:44:20 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.5.0-alpha0-1345-g8441cd7852-fm-20211006.001-g8441cd78
Mime-Version: 1.0
Message-Id: <ef2a2958-230a-402d-a1ac-d5bd698993e7@www.fastmail.com>
In-Reply-To: <20211018045008.GF88762@kduck.mit.edu>
References: <5791c4e5-8145-416e-85d2-702a7349f327@www.fastmail.com>
<87fst1ejn6.fsf@hobgoblin.ariadne.com> <20211018045008.GF88762@kduck.mit.edu>
Date: Mon, 18 Oct 2021 06:43:59 -0400
From: "Sam Whited" <sam@samwhited.com>
To: "Benjamin Kaduk" <kaduk@mit.edu>, "Dale R. Worley" <worley@ariadne.com>
Cc: gen-art@ietf.org,
draft-ietf-kitten-tls-channel-bindings-for-tls13.all@ietf.org,
"KITTEN Working Group" <kitten@ietf.org>, last-call@ietf.org
Content-Type: text/plain;charset=utf-8
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/gen-art/i6gBPvh_86i5tC6FjDmArsZf7_U>
Subject: Re: [Gen-art] Genart last call review of
draft-ietf-kitten-tls-channel-bindings-for-tls13-09
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>,
<mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>,
<mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Oct 2021 10:44:32 -0000
Looks like the same link got included twice? But thank you, I'll try to rework the language again to reference that. —Sam On Mon, Oct 18, 2021, at 00:50, Benjamin Kaduk wrote: > On Fri, Oct 15, 2021 at 11:25:01PM -0400, Dale R. Worley wrote: >> "Sam Whited" <sam@samwhited.com> writes: >> >> The appearance of this paragraph in this section suggests (but >> >> does not assert) that in TLS 1.3, the cipher negotiation always >> >> results in unique master secrets. Indeed, it would be extremely >> >> convenient if (standard-conformant) use of TLS 1.3 always did so, >> >> and if so, it would be convenient to inform the user by asserting >> >> that at the end of section 2 (after moving the current last >> >> paragraph to a different section). >> > >> > This one I had a lot of trouble with. I tried to put in some new >> > language, but it feels out of place to me somehow. I'm not sure >> > that this document should make assertions about the correctness of >> > TLS 1.3, as well vetted as it has been, so I tried to phrase it in >> > terms of "this mechanism is useful so long as this property holds", >> > which seems like it might belong in security considerations, not >> > the registration section? >> >> This is probably the only really significant point in my review ... >> I can understand your caution here. It seems to me that the ideal >> solution is for TLS 1.3 to have been explicitly designed so that >> there are unique master secrets, and then you just reference that. >> Now it seems that everybody thinks TLS 1.3 has this property, so I'd >> expect that was an explicit design goal, and it would be documented >> somewhere. And then this document could just point to that. > > The last paragraph of > https://datatracker.ietf.org/doc/html/rfc8446#appendix-D > discusses how TLS > 1.3 should be treated as always providing the RFC 7627 "extended > master secret" behavior; that RFC, in turn, discusses the (non- > )uniqueness of the master secret in the absence of the "extended" > behavior. > > https://datatracker.ietf.org/doc/html/rfc8446#appendix-D also > discusses the uniqueness of TLS 1.3 secrets/keys. > > -Ben -- Sam Whited
- [Gen-art] Genart last call review of draft-ietf-k… Dale Worley via Datatracker
- Re: [Gen-art] Genart last call review of draft-ie… Sam Whited
- Re: [Gen-art] Genart last call review of draft-ie… worley
- Re: [Gen-art] Genart last call review of draft-ie… Benjamin Kaduk
- Re: [Gen-art] Genart last call review of draft-ie… Sam Whited
- Re: [Gen-art] [Last-Call] Genart last call review… Lars Eggert