Re: [TLS] AD review of draft-ietf-tls-external-psk-importer-05

Sean Turner <sean@sn3rd.com> Mon, 05 October 2020 15:51 UTC

Return-Path: <sean@sn3rd.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8C1EA3A0CD8 for <tls@ietfa.amsl.com>; Mon, 5 Oct 2020 08:51:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sn3rd.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MGqJFGPoi_NR for <tls@ietfa.amsl.com>; Mon, 5 Oct 2020 08:51:15 -0700 (PDT)
Received: from mail-qk1-x729.google.com (mail-qk1-x729.google.com [IPv6:2607:f8b0:4864:20::729]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F0DE73A0BA6 for <tls@ietf.org>; Mon, 5 Oct 2020 08:51:14 -0700 (PDT)
Received: by mail-qk1-x729.google.com with SMTP id q63so12467695qkf.3 for <tls@ietf.org>; Mon, 05 Oct 2020 08:51:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sn3rd.com; s=google; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=nFMDa3K5YI98rrcGw9eBSWcbRyMQECQva1k6/gzyv88=; b=SR/u3H/zRjpolBqF1MG6qcJh5yobbrT7J6sTFMYEORIex2npojmggwD2jovuyq3OWb MJ+peG01TqEO9dHFL5XnvPgyOyCiIZlQKn0qymoFR6YTjCbMbwZ1TrF1H3sl+Rb2i9Db pgskAa3p669WrJOJli2J37NwVCer4sozVNdvA=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=nFMDa3K5YI98rrcGw9eBSWcbRyMQECQva1k6/gzyv88=; b=UP0JGmgcpdvy/0uMWBUDAe2QGp/XknTQYfpDwz6bPnU23whwfO3aOeIi/k5aloNx/y 4p/9DE4yeXKAmo75q+Ix+buMlP8rtSvZfYUpcI1I55+kpfBjjMa4X11YU9kQlm/9hIhI XnxUs9Cy4YYsYahPblQgQnlAx0NnlvhLbAJUWcMUVmNxVpnVSXKqIlppN1mXfnAPpUa9 TzJ2bC1rBRdcimtTWqksjMVfLG4z26Mrx+unD7CNvfS8Q6+EKMEkYQsnc+YbKYi+XBNH 49xhjVUAMcCkkj18Kr27Oy7kYdUwqwi63ad8AMU6/M6yLCbEjlaDi7yAQCgSi8Hp9Kdd /kFQ==
X-Gm-Message-State: AOAM5307dkcvxLVQzYiNSllYGOfZXV5BrfwQtmNiuodRiFLt2pUngFcK HiMgTgUuing7opVF3Jx5jYWaiVdQXq2i1A==
X-Google-Smtp-Source: ABdhPJyaazUE9Af3gVlquSXI7Pfm8gwxm29DIlVkckAJQahwORm2XfSSKcYBXG9KZJ9HIAxGJMTcbQ==
X-Received: by 2002:a05:620a:795:: with SMTP id 21mr582966qka.131.1601913073926; Mon, 05 Oct 2020 08:51:13 -0700 (PDT)
Received: from [192.168.1.152] (pool-108-31-39-252.washdc.fios.verizon.net. [108.31.39.252]) by smtp.gmail.com with ESMTPSA id m138sm300893qke.99.2020.10.05.08.51.11 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 05 Oct 2020 08:51:11 -0700 (PDT)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.4\))
From: Sean Turner <sean@sn3rd.com>
In-Reply-To: <f7c983a755954f588e9b321365b0d5c8@cert.org>
Date: Mon, 5 Oct 2020 11:51:10 -0400
Cc: TLS List <tls@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <A4C6ACA2-7985-4863-93EF-2FF2FB618F5E@sn3rd.com>
References: <f7c983a755954f588e9b321365b0d5c8@cert.org>
To: Roman Danyliw <rdd@cert.org>
X-Mailer: Apple Mail (2.3608.120.23.2.4)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/2Plr24-pmUQKg4zJvwNWF55YaL8>
Subject: Re: [TLS] AD review of draft-ietf-tls-external-psk-importer-05
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Oct 2020 15:51:23 -0000

I submitted these as an Issue in the repo:
https://github.com/tlswg/draft-ietf-tls-external-psk-importer/issues/37

spt

> On Oct 1, 2020, at 16:22, Roman Danyliw <rdd@cert.org> wrote:
> 
> ** Section 1.  Editorial.  Expand acronym on first use:
> -- s/TLS 1.2 PRF/TLS 1.2 Pseudorandom Function (PRF)/
> -- s/KDF/Key Derivation Function (KDF)/
> 
> ** Section 1. Editorial.  Since the text says "... this document specifies a PSK Importer interface ... for use in D(TLS 1.3)" perhaps the this scoping should also be upfront in the first sentence too:
> s/TLS 1.3 [RFC8446] supports/(D)TLS 1.3 [RFC8446][ID-DTLS]/
> 
> ** Section 4.1.  Editorial.  Per "The list of 'target_kdf' ...", other parts of this text refer to elements of struct ImportIdentity with the notation "ImportedIdentity.*".  Consider s/The list of "target_kdf" values/The list of ImportedIdentity.target_kdf values/
> 
> ** Section 4.1.
> If the EPSK is a key derived from some other protocol or
>   sequence of protocols, ImportedIdentity.context MUST include a
>   channel binding for the deriving protocols [RFC5056].
> 
> To the end of this normative guidance, I'd recommend adding something to the effect of: "The details of this binding will be protocol specific and out of scope in this document".
> 
> ** Section 4.1.  Per "If no hash function is specified, SHA-256 MUST be used"
> 
> -- Please provide a reference for SHA-256 (per "... If no hash function is specified, SHA-256 MUST be used").  
> 
> -- It is likely worth saying that this is the equivalent of HKDF_SHA256 (i.e., 0x0001)
> 
> ** Section 4.1.  Per "EPSKs may be imported before the started of the connection ..." and "EPSKs may also be imported for early data use ..." should be these be a normative MAYs?
> 
> ** Section 4.1.  Per "Minimally, that means ALPN, QUIC ... must be provisioned alongside these EPSK"
> -- Please expand ALPN
> 
> -- should this be a normative MUST?
> 
> ** Section 9.  Per the columns in the registry:
> -- Is there a reason why there isn't a Reference column in the registry to capture which specification describes the particular KDF?  I think it needs one to eliminate guesswork from the label in "KDF Description" to an algorithm.  
> 
> -- Was a Recommended column (and the associated processed for populating it like a few of the other TLS registries) discussed/considered?
> 
> ** Section 9.  While it is implied by the label, the text doesn't explicitly say what HKDF_SHA256 and _SHA384 are (per previous comment about needing a reference).