Re: [lamps] Review draft-ietf-lamps-cms-mix-with-psk-00
Russ Housley <housley@vigilsec.com> Mon, 19 November 2018 16:47 UTC
Return-Path: <housley@vigilsec.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 194D4130DE2 for <spasm@ietfa.amsl.com>; Mon, 19 Nov 2018 08:47:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YZYslSmV4Xrn for <spasm@ietfa.amsl.com>; Mon, 19 Nov 2018 08:47:34 -0800 (PST)
Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 262B1130DD3 for <spasm@ietf.org>; Mon, 19 Nov 2018 08:47:34 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id E0B6C300A58 for <spasm@ietf.org>; Mon, 19 Nov 2018 11:47:31 -0500 (EST)
X-Virus-Scanned: amavisd-new at mail.smeinc.net
Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 7eU-2Amviq_P for <spasm@ietf.org>; Mon, 19 Nov 2018 11:47:30 -0500 (EST)
Received: from [192.168.1.161] (pool-71-178-45-35.washdc.fios.verizon.net [71.178.45.35]) by mail.smeinc.net (Postfix) with ESMTPSA id B6E57300A4A; Mon, 19 Nov 2018 11:47:30 -0500 (EST)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <018d01d477fa$97522760$c5f67620$@augustcellars.com>
Date: Mon, 19 Nov 2018 11:47:31 -0500
Cc: SPASM <spasm@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <14A5DD8E-15E3-4009-961C-2E33011E0C44@vigilsec.com>
References: <018d01d477fa$97522760$c5f67620$@augustcellars.com>
To: Jim Schaad <ietf@augustcellars.com>
X-Mailer: Apple Mail (2.3445.9.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/jgxJPEBeqsB00jW4ErRd96AGbh8>
Subject: Re: [lamps] Review draft-ietf-lamps-cms-mix-with-psk-00
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Nov 2018 16:47:36 -0000
Jim: Thanks for the careful review. I just posted -01 to resolve your comments. The biggest change is the addition of Section 5 on key derivation. Russ > On Nov 9, 2018, at 2:05 AM, Jim Schaad <ietf@augustcellars.com> wrote: > > Abstract: Needs to be re-worded " if existing syntax the does not > accommodated them." > > Section 1: Needs to be re-worded "if current syntax the does not > accommodated them." > > Section 1: Needs to be re-worded: " by mixing with a strong PSK with the > output" > > Section 2 - Which key? "generates the key" Pushing something from the next > two sentences forward would be useful. Not talking about generating the > ephemeral DH key. > > Section 2 - you have not introduced the KDK yet and now I am creating one. > Perhaps a simple discussion on how what happens is that an additional key > wrap is inserted using ... > > Section 2 - It would be nice to add a sentence where you say that you are > introducing two new management techniques to say that they are agnostic > towards the underlying key management technique. > > Section 3 - I am wondering if it would make more sense to use the > KEKIdentifier structure instead of just having an octet string for the > PreSharedKeyIdentifier type? > > Section 4 - This is twice that I have read this and am unclear what we are > doing. The sentence "private key and recipient's public key to generate a > pairwise key" From this and from information in my mind I am not completely > clear that this is the DH pairwise key or something else. > > Summary: Is it your thought that I should be able to implement this > document as written? A the moment I do not believe that this is possible. > Do we need to define how the KDF function operates? > > Jim > > > > >
- [lamps] Review draft-ietf-lamps-cms-mix-with-psk-… Jim Schaad
- Re: [lamps] Review draft-ietf-lamps-cms-mix-with-… Russ Housley
- Re: [lamps] Review draft-ietf-lamps-cms-mix-with-… Jim Schaad
- Re: [lamps] Review draft-ietf-lamps-cms-mix-with-… Russ Housley
- Re: [lamps] Review draft-ietf-lamps-cms-mix-with-… Russ Housley
- Re: [lamps] Review draft-ietf-lamps-cms-mix-with-… Jim Schaad
- Re: [lamps] Review draft-ietf-lamps-cms-mix-with-… Russ Housley
- Re: [lamps] Review draft-ietf-lamps-cms-mix-with-… Russ Housley
- Re: [lamps] Review draft-ietf-lamps-cms-mix-with-… Jim Schaad
- Re: [lamps] Review draft-ietf-lamps-cms-mix-with-… Russ Housley
- Re: [lamps] Review draft-ietf-lamps-cms-mix-with-… Jim Schaad
- Re: [lamps] Review draft-ietf-lamps-cms-mix-with-… Russ Housley
- Re: [lamps] Review draft-ietf-lamps-cms-mix-with-… Jim Schaad
- Re: [lamps] Review draft-ietf-lamps-cms-mix-with-… Russ Housley