Re: [TLS] [Gen-art] Genart last call review of draft-ietf-tls-external-psk-importer-05

Brian E Carpenter <brian.e.carpenter@gmail.com> Thu, 03 December 2020 21:29 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 44A603A0CDC; Thu, 3 Dec 2020 13:29:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hi38IQoqWtJ0; Thu, 3 Dec 2020 13:29:48 -0800 (PST)
Received: from mail-pl1-x62f.google.com (mail-pl1-x62f.google.com [IPv6:2607:f8b0:4864:20::62f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B26113A0CDB; Thu, 3 Dec 2020 13:29:45 -0800 (PST)
Received: by mail-pl1-x62f.google.com with SMTP id bj5so1899016plb.4; Thu, 03 Dec 2020 13:29:45 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:cc:references:from:organization:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=ITq1t0vw0pKLdnehBtRlRvoGwUEsddrAKcHdcUjLctU=; b=NOHi0bwc4LyE5Amj78+zV6k83y+MOSevaZSCcZ3AFpaKEncipvjtBKiYgEM/KTTYvS pvijUh7WdxOK81mxzah1DMR1R25GHXZnsDR/6cEkNbIfOC82r9f9ZivW0+g5mRHQ6JVP mXvmi9Fb5coIqRaPtZmI/PtM2Zqt8QuTTIs65Ey5u4ftWlmhnXRmWKrux3StkbpbIpiS 15hQARPkZScru23JkcmSCUO9lH8xp+7vDYAd+D/Ds8IRr+mN6pdQHbuLnnbP0kMWTCXb nXTF4z6Tdz5wr/t07etnvTobi4eXNy0S6WwS5OG7Wr7h/wQxnvk7sT5Wpp06Fdj5m/xc 2q7w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:organization :message-id:date:user-agent:mime-version:in-reply-to :content-language:content-transfer-encoding; bh=ITq1t0vw0pKLdnehBtRlRvoGwUEsddrAKcHdcUjLctU=; b=MqVHepr3c1J0sMkpLXNEVsYY3A4pSJ1qTJ/Yg2w9F0gmwkBZUOCSlZ71Bi0QIzcvzZ dKZiiM/Wz2/Fc4fyRHmltMNUFwlAs0WIpJNs6SruQ4VC+1QRLLSUYfZFVQ5fHhRLdRwO tCuv8acRVFxERp5gRhI4qScE5uH4yXRTrWGwkbNuPK0ZMWuzyB/zfgrfBJNXhQCDwSXj buS+6GCEgKKRgPEtZ5cSkBV0Cog47zY0y3eQXl/PqTkPOWecskVKcEDRMLTjYQkKZU8D S+xP2tOh6hFpgytoU7YZcZ7MeLd2MIE3wmnBGhUqIUGayiglhRe6dxMLhUiOCFl5Hrk4 fYeg==
X-Gm-Message-State: AOAM532HcN4oKLD6KZx1OMiYrRO8RSXLTxmls21AXZ9djZbd1wdPgIJx Vzc+I4f9f75JdHn25biddntaTYXIik++Ow==
X-Google-Smtp-Source: ABdhPJxgmQ4Qt6s08c56rj1WF8z0MkCuk78Box0BVGjvFeoB/TaklaS0kwFgq3FF7j2y7Pt+FyoOog==
X-Received: by 2002:a17:90b:157:: with SMTP id em23mr958311pjb.41.1607030984845; Thu, 03 Dec 2020 13:29:44 -0800 (PST)
Received: from [192.168.178.20] ([151.210.131.28]) by smtp.gmail.com with ESMTPSA id s65sm1900962pgb.78.2020.12.03.13.29.42 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 03 Dec 2020 13:29:44 -0800 (PST)
To: gen-art@ietf.org
Cc: last-call@ietf.org, tls@ietf.org, draft-ietf-tls-external-psk-importer.all@ietf.org
References: <160203748311.30970.1068662766302884172@ietfa.amsl.com>
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Organization: University of Auckland
Message-ID: <1cd15f9c-128c-a6d1-57bd-3a38d05c71b9@gmail.com>
Date: Fri, 4 Dec 2020 10:29:39 +1300
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
MIME-Version: 1.0
In-Reply-To: <160203748311.30970.1068662766302884172@ietfa.amsl.com>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/-OSxr-huRW7yOMVN9Gx1_k18NH0>
Subject: Re: [TLS] [Gen-art] Genart last call review of draft-ietf-tls-external-psk-importer-05
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Dec 2020 21:29:50 -0000

FYI, the -06 draft satisfies all my concerns.

Thanks
   Brian Carpenter

On 07-Oct-20 15:24, Brian Carpenter via Datatracker wrote:
> Reviewer: Brian Carpenter
> Review result: Ready with Issues
> 
> Gen-ART Last Call review of draft-ietf-tls-external-psk-importer-05
> 
> I am the assigned Gen-ART reviewer for this draft. The General Area
> Review Team (Gen-ART) reviews all IETF documents being processed
> by the IESG for the IETF Chair.  Please treat these comments just
> like any other last call comments.
> 
> For more information, please see the FAQ at
> <http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>.
> 
> Document: draft-ietf-tls-external-psk-importer-05
> Reviewer: Brian Carpenter
> Review Date: 2020-10-07
> IETF LC End Date: 2020-10-15
> IESG Telechat date:  
> 
> Summary: Ready with issues
> --------
> 
> Issues:
> -------
> 
>> 1.  Introduction
>>
>>    Applications SHOULD provision separate PSKs for TLS 1.3 and prior
>>    versions when possible.
> 
> I think that "when possible" could easily be used as a loophole by a
> lazy implementer. ("Impossible, because I'd have to refactor my code.")
> Since presumably this rule is to avoid all risk of a "related output"
> cryptanalytic vulnerability, why weaken the RFC2119 definition of SHOULD?
> The formal definition of SHOULD is stronger, with "the full implications
> must be understood and carefully weighed before choosing a different
> course." So I suggest simply deleting "when possible".
> 
>> 6.  Incremental Deployment
>>
>>   Recall that TLS 1.2 permits computing the TLS PRF with any hash
>>   algorithm and PSK.  Thus, an EPSK may be used with the same KDF (and
>>   underlying HMAC hash algorithm) as TLS 1.3 with importers.  However,
>>   critically, the derived PSK will not be the same since the importer
>>   differentiates the PSK via the identity and target KDF and protocol.
>>   Thus, PSKs imported for TLS 1.3 are distinct from those used in TLS
>>   1.2, and thereby avoid cross-protocol collisions.  Note that this
>>   does not preclude endpoints from using non-imported PSKs for TLS 1.2.
>>   Indeed, this is necessary for incremental deployment.
> 
> I read this three times and I have to ask whether "TLS 1.2" is
> really what you want in the penultimate line.
> 
> Nits:
> -----
> 
>> 4.1.  External PSK Diversification
> ...
>>   ImportedIdentity.target_protocol MUST be the (D)TLS protocol version
>>   for which the PSK is being imported.  For example, TLS 1.3 [RFC8446]
>>   and QUICv1 [QUIC] use 0x0304. 
> 
> As far as I can tell, [QUIC] doesn't specify this, but draft-ietf-quic-tls
> does specify that QUICv1 uses TLS1.3. So the phrasing is a bit misleading.
> Maybe:
> 
>   For example, TLS 1.3 [RFC8446] uses 0x0304, which will therefore also be
>   used by QUICv1 [QUIC-TLS]. 
> 
> Are all the RFC2119 terms capitalised when required? For example, there
> are lower case 'may' and 'must' in the last paragraph of section 4.1
> (External PSK Diversification). I couldn't determine whether they were
> intended to be normative.
> 
> 
> 
> 
> _______________________________________________
> Gen-art mailing list
> Gen-art@ietf.org
> https://www.ietf.org/mailman/listinfo/gen-art
>