IETF Logo Mail Archive

[TLS] PSK in 1.3?

Manuel Pégourié-Gonnard <mpg@polarssl.org> Sun, 19 October 2014 09:30 UTC

Return-Path: <mpg@polarssl.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0A29F1A00AF for <tls@ietfa.amsl.com>; Sun, 19 Oct 2014 02:30:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.397
X-Spam-Level:
X-Spam-Status: No, score=0.397 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HELO_MISMATCH_COM=0.553, HOST_EQ_NL=1.545, MIME_8BIT_HEADER=0.3, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u9rtD4BBEzDf for <tls@ietfa.amsl.com>; Sun, 19 Oct 2014 02:30:51 -0700 (PDT)
Received: from vps2.offspark.com (vps2.brainspark.nl [141.138.204.106]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0B3931A00A9 for <tls@ietf.org>; Sun, 19 Oct 2014 02:30:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=polarssl.org; s=exim; h=Subject:Content-Transfer-Encoding:Content-Type:To:MIME-Version:From:Date:Message-ID; bh=Pj42+T8pmHF3R2z7f1eyTronXQhWyfwXp0Ye/5mUmY8=; b=grsxdhoHBrJ64D+avfeWJ7kXCfKWUXTcREyOJ1IsXOOKtwoS3l7Nlv9F5M/XDmnndjFqvFp1y0/C+f1Xhg66yVUQq6W7cdRPFt3/ORg0yDN3WRQa9JdXcgMKKtIenYVVBGKlCl40vZWxJ83Owh7tyROhwbqaNc5dcFo/2YhGv4k=;
Received: from thue.elzevir.fr ([88.165.216.11] helo=[192.168.0.124]) by vps2.offspark.com with esmtpsa (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <mpg@polarssl.org>) id 1Xfmp2-0001ko-5n for tls@ietf.org; Sun, 19 Oct 2014 11:30:44 +0200
Message-ID: <544384C7.9030002@polarssl.org>
Date: Sun, 19 Oct 2014 11:30:47 +0200
From: Manuel Pégourié-Gonnard <mpg@polarssl.org>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0
MIME-Version: 1.0
To: "<tls@ietf.org>" <tls@ietf.org>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
X-SA-Exim-Connect-IP: 88.165.216.11
X-SA-Exim-Mail-From: mpg@polarssl.org
X-SA-Exim-Version: 4.2.1 (built Mon, 26 Dec 2011 16:24:06 +0000)
X-SA-Exim-Scanned: Yes (on vps2.offspark.com)
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/4pi4BE53_JcjF2rRwcddQtEW9pw
Subject: [TLS] PSK in 1.3?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 19 Oct 2014 09:30:52 -0000

Hi,

Sorry if this was discussed previously and I missed it, but I was wondering
about the fate of PSK in TLS 1.3. The RSA and (EC)DH key exchanges were removed
because they do not offer forward security. PSK does not offer FS either. OTOH,
it has very interesting performance properties, namely it's the only key
exchange that does not require asymmetric crypto.

It seems to me it makes a lot of sense to keep it, even if it doesn't give FS.

The reason I'm asking this now is the parallel discussion about new handshake
flows and possibly proving them secure. If we're keeping PSK, maybe it's good to
keep it in mind in this discussion, since it may have different properties than
(EC)DHE for the proofs/security discussion.

Manuel.

v2.23.0 | Report a Bug | By Email