IETF Logo Mail Archive

Re: [TLS] TLS 1.3 multiple PSKs (was session tickets) from the client?

Viktor Dukhovni <ietf-dane@dukhovni.org> Thu, 10 May 2018 17:28 UTC

Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 58BD612DA25 for <tls@ietfa.amsl.com>; Thu, 10 May 2018 10:28:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cWGxo4nCd0hT for <tls@ietfa.amsl.com>; Thu, 10 May 2018 10:28:47 -0700 (PDT)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [108.5.242.66]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C96A812D95E for <tls@ietf.org>; Thu, 10 May 2018 10:28:46 -0700 (PDT)
Received: from [192.168.1.161] (straasha.imrryr.org [100.2.39.101]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mournblade.imrryr.org (Postfix) with ESMTPSA id 0E2B57A3309 for <tls@ietf.org>; Thu, 10 May 2018 17:28:46 +0000 (UTC) (envelope-from ietf-dane@dukhovni.org)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 11.3 \(3445.6.18\))
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
In-Reply-To: <BBFEDE28-AC26-4748-9F49-8B6EBF12F1F1@dukhovni.org>
Date: Thu, 10 May 2018 13:28:45 -0400
Content-Transfer-Encoding: quoted-printable
Reply-To: TLS WG <tls@ietf.org>
Message-Id: <2AF454E0-48F4-4C98-855D-B4BB342E4C47@dukhovni.org>
References: <773A6343-2978-4195-BF53-B5253E3B9129@dukhovni.org> <CABkgnnXNnheqdRBO_h6XVK5uvr-qoM9_xSMq4EEH5CgKLWqabw@mail.gmail.com> <CABcZeBPqVTWaZ5pXBf66jt+2m0rXA6LoqaddQB8onvwjE+39QQ@mail.gmail.com> <71974FFA-DEA4-4C66-BDAE-FAD7BF46463B@dukhovni.org> <CABcZeBN1gF7gtQbxKg_5xs4DSimKR1Gf=-0Pm9=b1D_M6rSY3A@mail.gmail.com> <BBFEDE28-AC26-4748-9F49-8B6EBF12F1F1@dukhovni.org>
To: TLS WG <tls@ietf.org>
X-Mailer: Apple Mail (2.3445.6.18)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/2YwD5201u5ED1fU76_4qD9fIbdw>
Subject: Re: [TLS] TLS 1.3 multiple PSKs (was session tickets) from the client?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 May 2018 17:28:48 -0000


> On May 10, 2018, at 11:46 AM, Viktor Dukhovni <ietf-dane@dukhovni.org> wrote:
> 
>> I would imagine, but NSS, at least, doesn't support external PSKs.
> 
> Good to know.  Does any implementation other than OpenSSL support
> external PSKs?  How do you distinguish between external PSKs and
> resumption PSKs?

So no need to distinguish in either NSS or Mint.  Anyone else?

On a related note, should a client sending both a resumption and
an external PSK place the resumption PSK first in the list of
PSK identities?  My concern is that server implementations might
otherwise recognize the external PSK first, and then not even
look at the resumption PSK.  Is that a valid concern?

Should server implementations first see if any of the PSKs
are resumption PSKs before considering the rest?

-- 
	Viktor.

v2.23.0 | Report a Bug | By Email