Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on draft-ietf-emu-eap-tls13-13: (with DISCUSS and COMMENT)

Martin Thomson <mt@lowentropy.net> Tue, 12 January 2021 00:09 UTC

Return-Path: <mt@lowentropy.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 73EF63A03F5; Mon, 11 Jan 2021 16:09:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.12
X-Spam-Level:
X-Spam-Status: No, score=-2.12 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b=LSwENyS0; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=n2lWuLfR
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CWjqJJDPL2Oq; Mon, 11 Jan 2021 16:09:07 -0800 (PST)
Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com [66.111.4.25]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 17AB73A03F4; Mon, 11 Jan 2021 16:09:06 -0800 (PST)
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.nyi.internal (Postfix) with ESMTP id 5CEDB5C01B1; Mon, 11 Jan 2021 19:09:05 -0500 (EST)
Received: from imap10 ([10.202.2.60]) by compute1.internal (MEProxy); Mon, 11 Jan 2021 19:09:05 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=mime-version:message-id:in-reply-to:references:date:from:to :cc:subject:content-type; s=fm1; bh=FXY5XK2fZRhx9TCJLryOgaMjBCjh 9lzKwXytkEmCIGo=; b=LSwENyS0ZM+ihYHrc89384i+nMQeHKeuwm7hBKR59brR uRLnA7+OgD6aTvRN69Ju0boEuNtW7rejHaefNZJZdrEbs93C+EL5gwiKro33shOG 9WlZ4df0Au7Rf4lod0DaBWUWTSG3dBL4QeWaXcxKTAHu8GgE4lchytkriDP9qNNN EuiCaetPHPT6Gd26dAwQjq0WSMWrBswjXWA8mP3k28V6JTKE4hKfjL5GMFFFRjZL aDcCKnNUt00NCRCA4WG+zoxf7nfhAYX4J5omHeLRdKUv7EH935/oLq0oDqPoow6M fJC9AUFl4Ix/WaaBp3WQE/1wlJ4284BXx3V+3EPCiQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=FXY5XK 2fZRhx9TCJLryOgaMjBCjh9lzKwXytkEmCIGo=; b=n2lWuLfRwnhl42zgi5cM9t fIkaAZ0TyY7fy9dMkBkvhxIE3jWCyZxPN7S40hgvXihq8SJKJalUw+eq2Ua7bXeo rXTNYlQQKQTRcS5ha/ITIlE5YE+oXd9aELOVuggidHXRWAOieX8bxhyB98l8zZxh 8J83xV9ier9l4ApZVsRbMHWAZAEJghZr4YqzzS51BFzjnyhphUCpUpxQctPsHL4F 87O7ciM/gSms59Wc+w0/rtFcFIvuuBlumt5njXGWItAMBHUss/57iNy3SJLIPiP2 psvpnB0Q33cIOn+S6PvuaKdrN7X+y63Zd/R+EenqBlxaIV4uKQ2jWHG6CD4yHbiQ ==
X-ME-Sender: <xms:oOj8X5XfV_4NFBOQayMJE-Va4fV3Vh4r6-ybnN3iN7uzgmTvFYf9rw> <xme:oOj8X5ksnNnBH-IlvkYfrlo4uXYIvSYMP9gS8cQOP6rLK2juY_DUOmtJwsfEs315D 04pJ2VHIFL4yuxkR7Q>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedujedrvdehvddgudejucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefofgggkfgjfhffhffvufgtsehttd ertderreejnecuhfhrohhmpedfofgrrhhtihhnucfvhhhomhhsohhnfdcuoehmtheslhho figvnhhtrhhophihrdhnvghtqeenucggtffrrghtthgvrhhnpeehfeetudduudehtdekhf dvhfetleffudejgeejffehffevkeduiefgueevkeefleenucevlhhushhtvghrufhiiigv pedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehmtheslhhofigvnhhtrhhophihrdhnvg ht
X-ME-Proxy: <xmx:oOj8X1bL_LlZF7jNZgDZlhpuYRWoH75pL0hIMG-iHYk-nrD4lHCgEQ> <xmx:oOj8X8VDfZvhYzdMWjPtTMl_CrsMq4qqoXAsib3dyX7PwVR8XRMqcg> <xmx:oOj8XzmdGEsLP5FVcQZ0P-nR8dGnV4fAbiuPX8WK1dj1YXQ49wPDFA> <xmx:oej8Xyu9m_Hab7yVh4XZSit4g_7upkNtm9Fumg1BTN47njtMHwV7UA>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 8BF7A20139; Mon, 11 Jan 2021 19:09:04 -0500 (EST)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.5.0-alpha0-45-g4839256-fm-20210104.001-g48392560
Mime-Version: 1.0
Message-Id: <ca4c526e-79a0-4fa7-abda-2b626795f068@www.fastmail.com>
In-Reply-To: <CAOgPGoBGOMXH-kMhQSujWxnACdmBL845u0ouE0fUYc4rWtUrZg@mail.gmail.com>
References: <160815821055.25925.15897627611548078426@ietfa.amsl.com> <20201216223842.GR64351@kduck.mit.edu> <0f2b05db-5c98-43d4-aae3-cf620814bacc@www.fastmail.com> <A4BBA31B-8754-4D8C-B0F1-D1C6C859F6AE@deployingradius.com> <CAOgPGoBvBzhA0q4gFqpFSm2HkAs6NoyLc6RVZYLtTYsNd02i8A@mail.gmail.com> <e669002f-caff-1e6e-e28b-d09157eb0c07@ericsson.com> <6241F0B6-C722-449E-AC3A-183DE330E7B5@deployingradius.com> <9ddd1593-3131-f5cc-d0db-74bf3db697bf@ericsson.com> <3CB58153-8CCA-4B1E-B530-BA67A6035310@deployingradius.com> <CAOgPGoA3U+XpZMY7J+KGovNx6MtAdEzRaGW33xVJdQNWSi4LVg@mail.gmail.com> <770e6a49-52fc-4e8b-91af-48f85e581fbb@www.fastmail.com> <CAOgPGoBGOMXH-kMhQSujWxnACdmBL845u0ouE0fUYc4rWtUrZg@mail.gmail.com>
Date: Tue, 12 Jan 2021 11:08:45 +1100
From: Martin Thomson <mt@lowentropy.net>
To: Joseph Salowey <joe@salowey.net>
Cc: "<tls@ietf.org>" <tls@ietf.org>, EMU WG <emu@ietf.org>
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/3hw1Ozo3fxHhzDhbTdbF_y7uZ6I>
Subject: Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on draft-ietf-emu-eap-tls13-13: (with DISCUSS and COMMENT)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Jan 2021 00:09:09 -0000


On Mon, Jan 11, 2021, at 17:07, Joseph Salowey wrote:
> 
> 
> On Thu, Jan 7, 2021 at 2:42 PM Martin Thomson <mt@lowentropy.net> wrote:
> > Hi Joe,
> > 
> > Thanks for doing this, I think that this is a distinct improvement (and I will take your word for the difficulties involved with further splits).
> > 
> > One point that I made poorly perhaps, and was dismissed, might be worth restating:
> > 
> > MSK = TLS-Exporter("EXPORTER_EAP_TLS_MSK", Type-Code, 64) 
> > 
> 
> [Joe] I think you propose something like this instead (eliminating context):
> 
> MSK = TLS-Exporter("EXPORTER_EAP_TLS_MSK-" + ASCII-Type-Code, 64) 
> 
> Where + is concatenation and ASCII-Type-Code is "13"

I was not exactly.  I was thinking that EAP-TLS uses the unadorned string and other usages (that need a different MSK) define their own string as needed.  Though what you describe would scale more, if the ordinality of that scale is bounded by RFC numbers, defining the extra strings would not be that hard.  You could provide some sort of infrastructure in the form of a recommended label prefix if you are concerned about misuse.