Re: [TLS] FW: New Version Notification for draft-mattsson-tls-psk-ke-dont-dont-dont-02.txt
John Mattsson <john.mattsson@ericsson.com> Fri, 30 December 2022 18:34 UTC
Return-Path: <john.mattsson@ericsson.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E7A00C15170F for <tls@ietfa.amsl.com>; Fri, 30 Dec 2022 10:34:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HLp2XRI7mb-q for <tls@ietfa.amsl.com>; Fri, 30 Dec 2022 10:34:38 -0800 (PST)
Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-db3eur04on2047.outbound.protection.outlook.com [40.107.6.47]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 74B71C15170A for <tls@ietf.org>; Fri, 30 Dec 2022 10:34:37 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=CPoHHQhKfx+lWxLX7itchztPAxDs/fx9ASeoSSe7KV54g8TnBr0t0aVYS1wAFLdasdcO5nHcPgKdPhkDso4fZhEcoK16jADj+YkSb9+vFYgvgVV3u4c5PhkOpfkKkYdDRJ7g8ms/aAUhWZ0AKyF37GR2nbU0TtytuF9vrIq/x7Kxx6/Z4+4X/MM62uwZ5djssmuwuwlJbi/YO54V8Z5X91E8xXjjEghp6w1WJMb36yXckzNy/ObyaQVJRID5ouMLf93bw8EKCdf7MeLwxSK6GEUs2B6PddYIhMB82waEDjUzB1E/W8saOXuY85/e/dSmn+8It+ikDZj1d0H8dDA1Ig==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=liwZu9Rzcjf+U5h02QdELmZ1AkTRNFJMAMqIEpfp+xs=; b=RmYBTF/ZTFm8ydv6Qqu8Ai53H2avhq/u36PXtEhjNGXZF9D8xC+Py9TyZtenwcy5Ibn5uXGNjWT3s2j4CiGJA01UivagS4xUDsBa4mgi3w8Ui+FI3gCdGehtOpqPAdgn29/tI9q054DVlhNvJhTFY6zVN9D0c02Vi9Qk1xrIMvAit3VICIqg+zFBFksSCUOJn3ykTJg24QLQTIrBs76yTy7l+xO5h5zmAOkxn+qK/dxmR5t1AP2fv07/HGS+hReK+DjZtL3hanROUOiTKdZ6KUvjsiC8pJdfMYE0II3+mbUZOrErOvpVuWovKPYrOSNr9WXhYYn3xQRpcArgnm4YiA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=liwZu9Rzcjf+U5h02QdELmZ1AkTRNFJMAMqIEpfp+xs=; b=Nbr5ZCJEvQeWE94Xeh2Y5pfm9KZ9pGsMC+5deQv/XbBxoDAUh9F+3sd9HGTi7U4LCJB7awkB5e5w9sepEP5vMG8k5YAVNbCMdC5OEEi48ETDdUzc7daTR1ncsLLWwZQyj9XlEqKpkBKuZovNVsTUEM7v3a38e6nmg273wH7gL3o=
Received: from HE1PR0701MB3050.eurprd07.prod.outlook.com (2603:10a6:3:4b::8) by PAWPR07MB9466.eurprd07.prod.outlook.com (2603:10a6:102:363::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5944.16; Fri, 30 Dec 2022 18:34:34 +0000
Received: from HE1PR0701MB3050.eurprd07.prod.outlook.com ([fe80::fc77:42d2:1bc6:ec49]) by HE1PR0701MB3050.eurprd07.prod.outlook.com ([fe80::fc77:42d2:1bc6:ec49%12]) with mapi id 15.20.5944.016; Fri, 30 Dec 2022 18:34:33 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: Achim Kraus <achimkraus@gmx.net>
CC: "TLS@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] FW: New Version Notification for draft-mattsson-tls-psk-ke-dont-dont-dont-02.txt
Thread-Index: AQHZHCtVfhw/LValBEanfMHwPcRhUa6GHoRygACImYCAAA68Eg==
Date: Fri, 30 Dec 2022 18:34:33 +0000
Message-ID: <HE1PR0701MB305051DBDB2029513D6FCFD889F09@HE1PR0701MB3050.eurprd07.prod.outlook.com>
References: <167238999618.44941.2496293209257158766@ietfa.amsl.com> <HE1PR0701MB3050328AF3C8C12C48CD29A489F09@HE1PR0701MB3050.eurprd07.prod.outlook.com> <e15b7d17-4649-bc9e-6a3d-9f4ca4dd585e@gmx.net>
In-Reply-To: <e15b7d17-4649-bc9e-6a3d-9f4ca4dd585e@gmx.net>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: HE1PR0701MB3050:EE_|PAWPR07MB9466:EE_
x-ms-office365-filtering-correlation-id: 25cf1feb-b4ed-40db-0fcf-08daea947f48
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 6qZcBm3pdix+95jTJTxNaRwwoewrVcHgDk/9JHtZ57BeL8HgB5/qmVpB6Ap7oIB6i1Z2LZxWer+KwFn7e5hfAattSYryyUs4BN9m5CrQMjJGCMeE4D9yLzAAUEZfa7+gGEoulfAzYVGXG1Ul29Fwdzu3EudBORIpEonS9URjq4nyb6FyJiGOSbV0d+rGokrjTZDoU1dVEPCWpS+Syn+66YNFER3isGdRaGcaeeR9dSftCOqk2QsVbZWgUudRUy69BLgXkuGb+mIQh1U/K+9mVkfs5xp0rAuAZTF3UGk1N40FcJd6aSJcbhp3dQgtXQQEX7j48aQCaH+f6ljQ+IQcPVDWSmNl6a3sXexMOknaFYeFnAg/ETYzcrlP6NfRpURzB8lFTvxLRndxzYaZrLvWLLbewPCYN26//6LDRQwS90RlQSg1e6dvROjfW0PnJjdsW1edr0Lfa2AFRty5hBe0nuX/ubDvYOv2SwhR9AsDHoLHNSv0DktR0+TH/8DtxiAWOtgK2uLaVYJVsSkl8VngBbDn5Z7JKX2JKQyEx3zcjR8QXaqspbsck2fHEl9CeztrYp/wJQiMqNOIQf6YFHJkN2O2Do0OC/qVHzfA/qQWqD14ISu26orPv+SzWyhncUUD/ouGZcF9tYoZNPlOtIatwnb/cfowoKh6b3r+ZWqKdoEmWhFtBLXir/jk1+AwmTU4gLD+ztUSBr+c23VllFDG+biLI49DEi+wkUkux+0evo3GpbjQNT3cy2w8X6Gkrg56fxhk5GjwjFAiIe1bXN/vtGMjtM7QJhnWrZGLHB481wc=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:HE1PR0701MB3050.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230022)(4636009)(346002)(366004)(39860400002)(376002)(136003)(396003)(451199015)(9686003)(26005)(186003)(966005)(83380400001)(38100700002)(52536014)(53546011)(33656002)(478600001)(71200400001)(66574015)(7696005)(38070700005)(6506007)(122000001)(86362001)(6916009)(66476007)(8936002)(15650500001)(55016003)(41300700001)(66556008)(2906002)(66946007)(316002)(66446008)(5660300002)(8676002)(4326008)(4001150100001)(166002)(91956017)(64756008)(44832011)(21615005)(76116006)(82960400001)(192303002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 8j5pXkziDMLzFBkJGs57zYOThk+E3b2kYYfBz3fvCg1kxJRpB5xsYeJAt9OaRCJS/OTvXTWHr6/r6zEYFOiO88ERLxPmuq08mNjh+jwe2FDND1JNOUnrsu7O6rLUUaAo5nyMsi4PJKGhyUmTodlizbTKLjSoo9BzCPHofe6axxvg55qUcSFHBY0OnGzxZugbBYcOLISJ5nxt8rURvBunO8c90U0FLGWZcoAT7MEWIItfWOlVckxYWLZgHGd7y4F56MDF/ZC2tP68RWOwFFhzMjrZuKuHEzs2H9Ayb0zRHuKlmjkBVGe3Wfca790KD1x+v8XckXjsd+vez5R84kOjymxTn0fv9Bk6AP7jBzNiKWESaqUMdtcgEVLnTFVJy6XKJqIxrgQBmH4ZvDqiYm3XBMLbpda0H0/DAXab6rzcmoPbXmqfLWXHVSSkJsCUvxvJhp2nb4ENel2Zfz25sTH5Hwdi9gzUpwJ61+V8DFdzDmdkzP28yWU3F5HRsB+KUlmFed/VumbrkPrvTM2tRCeoIYaKb4CdtTJ6bWR5YcXumVPkgULazXak2Pg6PStsW3A656uxG7FayJMaDMv4yM0MAkc5R+iWab7JkAsgie/OCfdUk+GhoLD5viAMLnIK+VMRCi0oZKMQdUyBmvCjef/Ai/TT+il9LR0NkudsJwHc5JUfJwUG7BplLnji1XS1dkO2JPVwSSU1Lvguvo+qxelkAUjomENN4+95vVM79xasM5gdnDv/nBAmSw8GRn18MFyblgSIiF9knd4f4l6gNDlXOp8+hpP5vCqW/y6VxNZRNVSBG7EoXBa+tlCeGVwRMyCJ5yFfz0Gy99j02AGmjkLpBu/8hhp3aIUmpySmtiMBZVPTYI1Pab+h1H0lwi1LkVqAqFf+maarKSB/71SerlA5eYYW1WbDE/y7Ge171VAljS+GyCtKGLYV1jIBDx9Ij8oEwk5ZKGfY4A9N+Z+9Wn2s2qqW4ILdWSjDpecXP/6sRxgZ0nRBRFyFqudpxw9IFm7warWrED5T9cU+y6uyDo+oMSbRWf1SWg1m4FU+ozQNLL3TBa+87zcs7oyGEAgNmKJuBImSBNMTpKYdAS/piQc53b9J47wpvoD3BDK2Ap4oxfShPC6PJUY1GOJhIzZvzuV/8462FEAhMY9Iz2qLajvrsg9p3JI6w+UCJ7st4o+wGcjYnB8I5NrZIoJuT6ZRuqezWnPvu7UpX0UkothDf+4o83dwFNfks3FMxvvmcIODevxojFe6p/E+g/J3CD3UXGBSEa22irabehSA5wHlbY1gySxnevtCIcbU4N68Ohka2rzbyE4Y7KJstj+ZaSWyS+GGwKm93Pqz1gtAYRh4iIGY9vJgq62Q2qdA0Dy2tHkEEW2eVWbGLEtKEMj7XcH3l04E1+enRy6bZpF5APH43hnM3ACuxoUr2wzgG5itbsfIqWJIhpg1o+i5ZfWuD38ZVGapfi5kalad71SD3hpW4e2mU2xMhGpCDJiTnjTNPcPk6lzmw8rPfPyuZZPczEf5mwPZ8w9Vsz/QR7sFmdrc6zdOjA09ueCJt+JxlUGAh/tKbPGNgbt3uTuc8jA+IujwpnngOVIfHQ9pnEhzeAyTLPLo8bqQal1MXMjGNZSJDa11B/o=
Content-Type: multipart/alternative; boundary="_000_HE1PR0701MB305051DBDB2029513D6FCFD889F09HE1PR0701MB3050_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: HE1PR0701MB3050.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 25cf1feb-b4ed-40db-0fcf-08daea947f48
X-MS-Exchange-CrossTenant-originalarrivaltime: 30 Dec 2022 18:34:33.7366 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Mz7PAmKM5wZBdf/ZaWxPZ6W7/4bGKBOTa3ZtF2AyxPd/yVH2OvoeGRGBe6ZWJLcczPe08XPTOjBkJCOXzkYTaGl+Y8kE4lXIn6BW9rgsnMs=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAWPR07MB9466
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/0slOHmqCJRlPK-eVu0N2tvLTxXU>
Subject: Re: [TLS] FW: New Version Notification for draft-mattsson-tls-psk-ke-dont-dont-dont-02.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Dec 2022 18:34:43 -0000
>discussion gets this time shorter. Let’s hope so. I think quite a lot of things have happened since 2020. BSI decision that psk_ke can only be used until 2026, as well as a lot more discussion of exfiltration attacks and zero trust principles. I hope the working group can have a vote. >Are there considerations how that affects similar simple OSCORE variants? Yes, no difference there, OSCORE keyed without ECDHE or 3GPP AKA without ECDHE are equally bad security practice. In the case of OSCORE, the problem is rather the key management protocols like ACE rather than OSCORE, which is similar to the TLS record protocol. I have been equally critical of ACE. As soon as draft-ietf-ace-edhoc-oscore-profile is published I will write a contribution to 3GPP suggesting that use of RFC 9203 should be phased out asap. John From: Achim Kraus <achimkraus@gmx.net> Date: Friday, 30 December 2022 at 17:57 To: John Mattsson <john.mattsson@ericsson.com> Cc: TLS@ietf.org <tls@ietf.org> Subject: Re: [TLS] FW: New Version Notification for draft-mattsson-tls-psk-ke-dont-dont-dont-02.txt Hi John, I'm not sure, are there any new arguments for this since this discussion https://mailarchive.ietf.org/arch/msg/tls/WoBwUCqEMcFhvIHN6neo5W4Urg4/ in 2020? Maybe, if the new arguments are highlighted, the discussion gets this time shorter. "Malicious actors can get access to long-term keys in different ways" Are there considerations how that affects similar simple OSCORE variants? best regards Achim Am 30.12.22 um 09:58 schrieb John Mattsson: > Hi, > > I submitted a new version of draft-mattsson-tls-psk-ke-dont-dont-dont. > psk_ke is likely the weakest part of TLS 1.3 and German BSI has already > made a deadline for its deprecation. It is long overdue to change the > "Recommended" value for psk_ke to "N". > > This is a major update to earlier versions and adds a lot of background > and motivation. The earlier version was never posted to the list. I plan > to request presentation time at IETF 116. > > Cheers, > > John > > *From: *internet-drafts@ietf.org <internet-drafts@ietf.org> > *Date: *Friday, 30 December 2022 at 09:47 > *To: *John Mattsson <john.mattsson@ericsson.com>, John Mattsson > <john.mattsson@ericsson.com> > *Subject: *New Version Notification for > draft-mattsson-tls-psk-ke-dont-dont-dont-02.txt > > > A new version of I-D, draft-mattsson-tls-psk-ke-dont-dont-dont-02.txt > has been successfully submitted by John Preuß Mattsson and posted to the > IETF repository. > > Name: draft-mattsson-tls-psk-ke-dont-dont-dont > Revision: 02 > Title: Key Exchange Without Forward Secrecy is NOT RECOMMENDED > Document date: 2022-12-30 > Group: Individual Submission > Pages: 9 > URL: > https://www.ietf.org/archive/id/draft-mattsson-tls-psk-ke-dont-dont-dont-02.txt <https://www.ietf.org/archive/id/draft-mattsson-tls-psk-ke-dont-dont-dont-02.txt> > Status: > https://datatracker.ietf.org/doc/draft-mattsson-tls-psk-ke-dont-dont-dont/ <https://datatracker.ietf.org/doc/draft-mattsson-tls-psk-ke-dont-dont-dont/> > Html: > https://www.ietf.org/archive/id/draft-mattsson-tls-psk-ke-dont-dont-dont-02.html <https://www.ietf.org/archive/id/draft-mattsson-tls-psk-ke-dont-dont-dont-02.html> > Htmlized: > https://datatracker.ietf.org/doc/html/draft-mattsson-tls-psk-ke-dont-dont-dont <https://datatracker.ietf.org/doc/html/draft-mattsson-tls-psk-ke-dont-dont-dont> > Diff: > https://author-tools.ietf.org/iddiff?url2=draft-mattsson-tls-psk-ke-dont-dont-dont-02 <https://author-tools.ietf.org/iddiff?url2=draft-mattsson-tls-psk-ke-dont-dont-dont-02> > > Abstract: > Massive pervasive monitoring attacks using key exfiltration and made > possible by key exchange without forward secrecy has been reported. > If key exchange without Diffie-Hellman is used, static exfiltration > of the long-term authentication keys enables passive attackers to > compromise all past and future connections. Malicious actors can get > access to long-term keys in different ways: physical attacks, > hacking, social engineering attacks, espionage, or by simply > demanding access to keying material with or without a court order. > Exfiltration attacks are a major cybersecurity threat. The use of > psk_ke is not following zero trust principles and governments have > already made deadlines for its deprecation. This document updates > the IANA PskKeyExchangeMode registry by setting the "Recommended" > value for psk_ke to "N". > > > > > The IETF Secretariat > > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls
- [TLS] FW: New Version Notification for draft-matt… John Mattsson
- Re: [TLS] FW: New Version Notification for draft-… Achim Kraus
- Re: [TLS] FW: New Version Notification for draft-… John Mattsson