Re: [quicwg/base-drafts] Use the same KDF regardless of TLS version (#2034)

MikkelFJ <notifications@github.com> Fri, 23 November 2018 01:06 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 190A6128D0C for <quic-issues@ietfa.amsl.com>; Thu, 22 Nov 2018 17:06:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.46
X-Spam-Level:
X-Spam-Status: No, score=-9.46 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-1.46, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8EHFeue35sqt for <quic-issues@ietfa.amsl.com>; Thu, 22 Nov 2018 17:06:51 -0800 (PST)
Received: from out-3.smtp.github.com (out-3.smtp.github.com [192.30.252.194]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8A0D4128CF3 for <quic-issues@ietf.org>; Thu, 22 Nov 2018 17:06:51 -0800 (PST)
Date: Thu, 22 Nov 2018 17:06:50 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1542935210; bh=E03gp2OPB8iSaNrwmE+JnlOK6dq3qDrw7UMxQpprIWM=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=duim9a4rwcjdUmw2geCE9o53eosieO+F1VIDNM9yeOrH/J9h8glfFCX5+lsqFx0jN UpbqyS+6oG527g0leMBkx43vODmKiOpm+nm3TWc49DHg7PRqy70iEwUo7t5FpR03+V NxwQDRevpvVyhZK3Aiuwx+Iz8llzpXLCyat+N9ms=
From: MikkelFJ <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4aba32a3f7ee8282ed3e33aaca5697435e1610fc87092cf00000001180f14aa92a169ce16d3c410@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/pull/2034/c441139688@github.com>
In-Reply-To: <quicwg/base-drafts/pull/2034@github.com>
References: <quicwg/base-drafts/pull/2034@github.com>
Subject: Re: [quicwg/base-drafts] Use the same KDF regardless of TLS version (#2034)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5bf752aa9875f_7cb83fbdcced45bc193671"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: mikkelfj
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/WHO_NQ-pVbZQK7UZXosX6C2XdsU>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Nov 2018 01:06:53 -0000

> And just as QUIC provided its own AEAD, why not also a KDF?

I think this a valid point of view - but I also think it is more precise to say that QUIC handles its own implementation and representation of the AEAD specified by TLS. It makes sense that the KDF is paired with the negotiated cipher. If for no other reason than that it provides agility of both cipher and KDF, but also because ultimately they could be related in a security proof - not in this version, but eventually.

Perhaps QUIC could benefit from a more formal crypto interface that TLS plugs into but which other frameworks could also use. This could also guide the work of future TLS versions and also future versions of QUIC. But this is easier to do when QUIC v1 is finalized or close to finalized.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/pull/2034#issuecomment-441139688