Re: [TLS] Last Call: <draft-ietf-tls-external-psk-guidance-03.txt> (Guidance for External PSK Usage in TLS) to Informational RFC
John Mattsson <john.mattsson@ericsson.com> Thu, 04 November 2021 13:26 UTC
Return-Path: <john.mattsson@ericsson.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8AA4E3A0BE9; Thu, 4 Nov 2021 06:26:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s7KAwiq6rNH5; Thu, 4 Nov 2021 06:26:14 -0700 (PDT)
Received: from EUR01-VE1-obe.outbound.protection.outlook.com (mail-ve1eur01on062f.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe1f::62f]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 12CA63A0BDF; Thu, 4 Nov 2021 06:26:10 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=nIUhTVifH4gEA2Jv94exDkuiLVhS7yVippdI9tZ9LKlWUzvgFyaIhsoP04J35x3jcacHP743vJRPXMZlgXeGbFXcdZ56sgxsqHHCLXZ8AazxMOI/0rVR2sqRJ/rk9+a1fIOeUfm3kyI/APrccpXMow12x6rdFl6LLmFwGLmKqnam/b5fmmJGwGOi7RPXaUH+f/V1nWfrm3zeybz9jo8F4VXJPNbNz7arJqIkEetobe8wmn3XxqzqiS0BQjbBkAAQPk5PLlfU7K9VLlOhrJ8QBn7kG6PLh4NPEmKjS+CiB6/4SPiD4LMznJ5uI3lE8zx1F5tL6PpAPke90eLIXQb3IQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=qt9ZnNztAeMJfxXfCbN7qtRfuFIBMQiwqh6rw1hQm+U=; b=AQsiOEd/UAukhJIkomxGViftlD0yLc8DN/+o/guPoBZKjYk1QhdjgBbov0EpGhMbLZqGicAp0MLQeUfekTtbePODgCfYHHaKLLBz70ocjr0/rmjcyJWxYZHqinb/dFvVP+U67frvHX/1+x2y3bi04ykHTxiiANUbbyctj07O1oxlymg7YrbDC6mTQuxCq1AQ+mPzLJeVy6X1J9dJhaZztAixI5bJ4kqvdewMVURtTwY9cQcfGzv0P7MsIavy/X7amRnuqsFzgDUMvyVrZOExiWWD1nP1ml43ourScL/VX2IO7NqN2nZXXaegi8+UKGIDxF9MJWrKGKHUg74R808gwA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=qt9ZnNztAeMJfxXfCbN7qtRfuFIBMQiwqh6rw1hQm+U=; b=s1TlADgr5N7BRtLCp8qaDMeXMeSHMBhjj6Q1uPxKyb4v/35njMYeAlIf/Dgmn/AvHxcHuI547HysT4Gxgwg+/LvGFvwU8uzG6eDMoQXgVkGl3x2sCtFaRZmnBGnLhlVqUzYD8hggWPyXy0eZafr3gy8Yasn56DwxUL7O9Xt8GXE=
Received: from HE1PR0701MB3050.eurprd07.prod.outlook.com (2603:10a6:3:4b::8) by HE1PR0702MB3737.eurprd07.prod.outlook.com (2603:10a6:7:8a::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4669.8; Thu, 4 Nov 2021 13:26:06 +0000
Received: from HE1PR0701MB3050.eurprd07.prod.outlook.com ([fe80::acd7:51e8:bdfe:c133]) by HE1PR0701MB3050.eurprd07.prod.outlook.com ([fe80::acd7:51e8:bdfe:c133%7]) with mapi id 15.20.4690.006; Thu, 4 Nov 2021 13:26:06 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: "last-call@ietf.org" <last-call@ietf.org>
CC: "tls@ietf.org" <tls@ietf.org>, "draft-ietf-tls-external-psk-guidance@ietf.org" <draft-ietf-tls-external-psk-guidance@ietf.org>, "kaduk@mit.edu" <kaduk@mit.edu>, "tls-chairs@ietf.org" <tls-chairs@ietf.org>
Thread-Topic: [TLS] Last Call: <draft-ietf-tls-external-psk-guidance-03.txt> (Guidance for External PSK Usage in TLS) to Informational RFC
Thread-Index: AQHXzOCcjdsTps+Pz0qWXMpu57QKBavzZNPG
Date: Thu, 04 Nov 2021 13:26:06 +0000
Message-ID: <HE1PR0701MB3050132F0C6D1DB8FA48529D898D9@HE1PR0701MB3050.eurprd07.prod.outlook.com>
References: <163552419830.4698.11840592589716354497@ietfa.amsl.com>
In-Reply-To: <163552419830.4698.11840592589716354497@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 8b26a146-2624-4ef0-c1c4-08d99f96a813
x-ms-traffictypediagnostic: HE1PR0702MB3737:
x-microsoft-antispam-prvs: <HE1PR0702MB3737EDBBEFC034AEBC908D8B898D9@HE1PR0702MB3737.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: JPMxUEmMy9MfT5h/SBq9kcz3GCO/bgtCvgRmRBy/3iJuTChLMd/2ACGwch3DXV3rOXqJlRsJCyAr9EQSqRq1QBMBGlS5D5grx9srQMSC6n4wB3VqmeivGVCmWqWPZ0WKxFFXalIPxuy8roIASu9POxz87lnt2PkwU0Ea82y3z2jsDC2UIIKKzjTfXqSu+2IejkW0y0EwAXBAFE4OzYTrWNHJM7e4U1xbZNOO97rw75XeLzZUYapIEnS++/ESRf/+l8WMZgFSI08bJI6YKEcB3r1AebXClGkmIUPqnb1c+EqrwDfEt2Ykp7E2Pv1mmD0Z3ziSlvPmsvTwxpGXjpJxwY1z3dTWYI88TABTG6dFd0rOHZhR/AxOvspx8ulNvqxGP+bByd5/EDT2Ka8SKyu1dqQdu/TotjbMF1oNQCNtAMpajyaTHn3bD4fgmBPfGTn2ysWQ4SVCLXuBt+bwcoJK2ikgGUHu7saaYPBdlX7gLjKNAq7NdYLHmMrRmugW2x2NKZ7hLkt5pm6+bkFasBBhBlln366XPZ95YRDAoeZ2laxv5HvIZ/R+yaqg3HzBP31ur+c1+Eaqle9euWRoFxVi2mOhHxuO7JqhsZbzfqofAoxfC8wu5sRjx3tPUpZOt9u1OyaBm+sR16i3UTFx5hvqB4hdnWfqbKJ0VFIAsw02rR604RNrGcEXuCYBW/ApJ9P+TNaPs0HTl/H0qlKGGMHRzgUp0EDS4abGKP57yrPNmzVYCPp49d7VfW+dXiBo7kBQEFsEDE1SbJ+uS2v+XX/hcrjUg/1K+hqDkbJ6boR8abk+ywlF88BUrpds5R5o/eMPNAd21+o7lRzWi8ckDszwjQ==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:HE1PR0701MB3050.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(166002)(71200400001)(44832011)(53546011)(4001150100001)(66946007)(83380400001)(508600001)(26005)(33656002)(38100700002)(64756008)(66446008)(76116006)(91956017)(7696005)(66476007)(6506007)(122000001)(66556008)(54906003)(316002)(86362001)(52536014)(5660300002)(9686003)(6916009)(966005)(186003)(4326008)(2906002)(8676002)(38070700005)(55016002)(82960400001)(8936002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: ApPkC6/cDxUzjn0IC4a27zDRImcss342KV/2iN3gFHi808sQmaFlqhT0tnd55qWTaTv7e0PVX0bmmxJ+nZGbS+FDoOlXl8p7+RPEnQvgvxeHCT7sraM7y4GvyW2mAPckxGcYCQN68bccwYriBDTjHu/OaqqGar6ZbiE5djg9g3AYgP+gL23Olr8OJcWkXV9CS7NRddQFZmtqyfaCZzQYilLB5Rc1XXA5RpbjcCcNzvvQ2SfbKWuAKzN7rzWClqX+3TzG18kC+i43Kn2dgl7XW4VgZuEz1BP5UXyaLoHPR34j9NxxEvHdbbVlZqPxu1GmkaevkSrcYZrhJVlnr5T11pfmGPxUPX3KjmiBYzhh/LZs13pIx1KwNeER36pCmYiMoz3KJ33u01JaWdAqvMP+ncPpH1BCMHM8gDu24XzndlUk5hoCWmL+IciTOTYaGMZeXC/3Ysjmopac4ahW9IMNi+Jd5BidGvegxRTRuyGlZi9vFRle6OdHHip7TQWA89/01AEZ7Iz74/UhOCjVJ1KC8ZUMFLeYR4s0rCzP1Q8TTzhMiWynbjZylL0x0g+pjf/O9nADPiYGVBy/zf5Blyt1t4Hdmi44b56h49Y86dQ/7CGjp3QNK0+EYhbVmX22/8M9l6FZdG0xjPF4dGi6YU1uAIbUtJg3ex9sgdVc9S7dBpuBi5hK8qA0oU+4OWd1tjm7pbcGPJ+ahNlrMcwvDMGziI2dQgzSuiRg+DwA3sREST5ObUdFHoZof94ETdQ1SzGmk+YR/ThYm4VJYKcMQ5PpFueOuDbfhLOvgppmB1ety1Q3oy2lm9B3mwuCqvLdVoJgTOQRf7/XA1R/UxMV6U0dr5gbSeYmoI7WkdRKFYfopqgLz8eGPmhrhbTHXF/1Cvz/X9VrHJDmruffnAQJPplvvcf1O2/a/JrFg17nS7jKYG5KN1n8HuvHMsJcyBO89maOekbPlIVIdcD1evezV2TzHIzYOGcXzH5XVMr3fGULqz0H/pTsJGAhd3Jq/rkiBiNQOnfbtxRdTw1nTYvs9CSYSKQB0deFPyIPqf2z4tVnndHyZVHodFTRjkI4K1OFVqEfw598fRit74t0Tiuuj+ZFSZ5qYYViYttffMQj9s9Jj7GN+8i75mg8G55hqKJWYxB9Ux/QwWYiaEy/sZHxR1ftA1aYPoWF6or94SHrujdU69iOEhfyzPsBEMv7z0U6BsK4aUa80YKFfYqrcH3+ZDVShkh+BWv8rE5492BTZuYxfoVycTOBd70SQk/Cs+kzm5ReFB6LVMUOs1ZinFB3on75niSe5f9rkJpVuPes5xBQ1FSFK6MJ//x2u+AhZvawY7/BAWE2wdYfGueAr2Ju0sBPyWJE7sYwiHTwv5YYD56titXhDVWHU9EGXxxso5GzkCc7jXphiGOAPds8S20FrCJRkEEF2n7ZbAlLtelCwCpPwj3twyDGtd9cRGawov3oQo/EjU3Rl2RnwbcAqDdcQRTVCpwEmjw75ZB4+xKzPwyJSJhl9vKHGO4eVRJAQ6tpTWOI/Xvga7ll7bTaMm29saimvDV2eFGgpjMopmdP0nrwSlXUFaupxPW11/0FNMY5QAhQNz5MWE+EfKBIz+rXJEZUWxO8AB2tc0tXHdUh1ZhzfN+Z9PDYw6T8OGtg9ykPVCI1rlRWyQPjSlPM8ep+6pA++f6J+B5YRDtzE4OQw9KglbY=
Content-Type: multipart/alternative; boundary="_000_HE1PR0701MB3050132F0C6D1DB8FA48529D898D9HE1PR0701MB3050_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: HE1PR0701MB3050.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 8b26a146-2624-4ef0-c1c4-08d99f96a813
X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Nov 2021 13:26:06.2374 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: d1r8Xh/pN3saDYsSjIXrZY6k/T/fn2ULvxssV8ggePp3P1/7JUzX4/ST0fBe+KUGcTg8Ss6KO5VFZ4MmxIvvnt5W9giwkmJisGXe0egFdk8=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0702MB3737
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/4J29hdvJNMLz7_sOERqbFo_avJ4>
Subject: Re: [TLS] Last Call: <draft-ietf-tls-external-psk-guidance-03.txt> (Guidance for External PSK Usage in TLS) to Informational RFC
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Nov 2021 13:26:20 -0000
Hi, I think this is a great document with a lot of good information. I think some things that should be more positive: -- For both PSK authentication and PSK key exchange without (EC)DHE the bad security properties such as lack of identity protection and lack of forward secrecy can be overcome by using one-time PSKs. External PSKs with short lifetimes are quite common in many real deployments. I think this should be mentioned. -- I think quantum resistance should be mentioned earlier in the document. Quantum resistance is a security property, not use a use case. Some things that should be more negative: -- In the list in 4.1 you can add "4. Any group member can blame any other group member." Other comments: -- "then PSK-only key establishment modes are secure against both active and passive attack." I think this you need to describe the exact attacks you have in mind rather than use the work "secure". My view would be that acceptable security in 2021 includes both identity protection and forward secrecy. But more on a system level, then necessarily by TLS itself. -- "DH" I think it would be good to change all “DH” to “DHE” and all “Diffie-Hellman” to “ephemeral Diffie-Hellman” to avoid confusion with the static DH cipher suites in obsolete versions of TLS. -- "As discussed in Section 6, there are use cases where it is desirable for multiple clients or multiple servers to share a PSK." "However, as discussed in Section 6, there are application scenarios that may rely on sharing the same PSK among multiple nodes." Unless you have any real deployments to share, I think this should be reformulated. These are Gedankenexperiments used to illustrate the attack, not real-world applications. I would reformulate and remove "desirable", group PSKs should be very much discouraged. Suggestion: "As discussed in Section 6, to illustrate their attack, [Akhmetzyanova] describes scenarios where multiple clients or multiple servers share a PSK." Cheers, John From: TLS <tls-bounces@ietf.org> on behalf of The IESG <iesg-secretary@ietf.org> Date: Friday, 29 October 2021 at 18:18 To: IETF-Announce <ietf-announce@ietf.org> Cc: tls@ietf.org <tls@ietf.org>, draft-ietf-tls-external-psk-guidance@ietf.org <draft-ietf-tls-external-psk-guidance@ietf.org>, kaduk@mit.edu <kaduk@mit.edu>, tls-chairs@ietf.org <tls-chairs@ietf.org> Subject: [TLS] Last Call: <draft-ietf-tls-external-psk-guidance-03.txt> (Guidance for External PSK Usage in TLS) to Informational RFC The IESG has received a request from the Transport Layer Security WG (tls) to consider the following document: - 'Guidance for External PSK Usage in TLS' <draft-ietf-tls-external-psk-guidance-03.txt> as Informational RFC The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the last-call@ietf.org mailing lists by 2021-11-19. Exceptionally, comments may be sent to iesg@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract This document provides usage guidance for external Pre-Shared Keys (PSKs) in Transport Layer Security (TLS) 1.3 as defined in RFC 8446. This document lists TLS security properties provided by PSKs under certain assumptions, and then demonstrates how violations of these assumptions lead to attacks. This document discusses PSK use cases and provisioning processes. This document provides advice for applications to help meet these assumptions. This document also lists the privacy and security properties that are not provided by TLS 1.3 when external PSKs are used. The file can be obtained via https://datatracker.ietf.org/doc/draft-ietf-tls-external-psk-guidance/ No IPR declarations have been submitted directly on this I-D. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls