Re: [TLS] Martin Duke's Discuss on draft-ietf-tls-external-psk-importer-06: (with DISCUSS)
Martin Duke <martin.h.duke@gmail.com> Tue, 19 January 2021 18:40 UTC
Return-Path: <martin.h.duke@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0E9A83A16AF; Tue, 19 Jan 2021 10:40:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dLK_vRTsJFwC; Tue, 19 Jan 2021 10:40:25 -0800 (PST)
Received: from mail-io1-xd33.google.com (mail-io1-xd33.google.com [IPv6:2607:f8b0:4864:20::d33]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D09C83A16AB; Tue, 19 Jan 2021 10:40:24 -0800 (PST)
Received: by mail-io1-xd33.google.com with SMTP id e22so41644477iom.5; Tue, 19 Jan 2021 10:40:24 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=scPqMZuXtr2UX4jgWWRYX3fJmZ5ZvDN44q3TE24iNuk=; b=ECMtZifxBq08CcAMJfPLvohgwcxKYSHckme2Y46S0/ZnXtAlTgVijAIrZVcceAG66t yF8O+Ku33R1zyah4DKEf1takNRJLRj2YXWPlGe+sC3BzymcxlNhhMLUmAvzSUKMF+j08 n0CQWrxMjBMcvz8eh+q5sRJvCHwfzmuMKCdUskGZRljih31hr5THA1VP4r04h3Hrtok6 VCQhowkO1eV+BlHmHVree8JX+zrgZi/KZ9CAtU/SH99Ph3CwZuD9KhCGXbPFMEDz6dgf NIowWXuYqOJLAKV3PxekTSjTG2UTCg1af0GrZMCc2bBfyQ1LzVN0D09FSVCgz+CE1ktg 5fNg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=scPqMZuXtr2UX4jgWWRYX3fJmZ5ZvDN44q3TE24iNuk=; b=C2nyfnnh35jgsnBk4kJdsEJbT+RMXG6patvLIdyqSUrL4plYRkftxT6anyBJYexF23 515vmJxx+cnDyJdI68n+uxsQ8d30rYd5V3oQ7ABeUIaSLIqarsNQJnpTiJYBgc7K9uFk zTIG0Q451Tm/BlACfEPehH2ZHZuEvXZQxFqDJBFSE/wu4zI+9K6cy2LliQQdTz2RPgEX B9qG4XZRrYtT7U/gZlTPZRw5bbBZYNZsewIagOtT/x+fmBRJjDhuFJ+CCW+WXm5QRxJy NYlVbti6DFMM67VR13HJBGrzMfTySIrdn1hib5JuI1iY9QrpkkQ67zalNPf/4/xktgyE T2/A==
X-Gm-Message-State: AOAM532GISB82paJl+YL7zCaXKhCPU+Ry9q6/dfeRuplDfv1KkoRlz0F YIru9j/Gjf3gnWcLJtBMdWfXwXYBIy9V9sUVJuvsBC7/pBo1yg==
X-Google-Smtp-Source: ABdhPJx9fSfuo8Q2s2VG0aifM+HyFqsn8+C11e+idaDIGhftN/7WUwFumxdLFJeCoGlkN2x8YLzR/UTEzseIPnt46dc=
X-Received: by 2002:a6b:5915:: with SMTP id n21mr4008205iob.20.1611081623993; Tue, 19 Jan 2021 10:40:23 -0800 (PST)
MIME-Version: 1.0
References: <160980363454.20851.10184061700085456941@ietfa.amsl.com> <20210108003928.GR93151@kduck.mit.edu> <CABcZeBNpip-ue7iyx-K-u3eOC52TQ5sqpOHQb+moE=urxJYGSQ@mail.gmail.com>
In-Reply-To: <CABcZeBNpip-ue7iyx-K-u3eOC52TQ5sqpOHQb+moE=urxJYGSQ@mail.gmail.com>
From: Martin Duke <martin.h.duke@gmail.com>
Date: Tue, 19 Jan 2021 10:40:12 -0800
Message-ID: <CAM4esxRq5aJkWMWbqoxR_HF=v2XrWMgN6N849-gm_RR6WjEB_Q@mail.gmail.com>
To: Eric Rescorla <ekr@rtfm.com>
Cc: Benjamin Kaduk <kaduk@mit.edu>, "<tls@ietf.org>" <tls@ietf.org>, draft-ietf-tls-external-psk-importer@ietf.org, The IESG <iesg@ietf.org>, tls-chairs <tls-chairs@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000e7017a05b9452bd9"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/5hr7Cu_zaIO_8GXLEgT5KjkEqdk>
Subject: Re: [TLS] Martin Duke's Discuss on draft-ietf-tls-external-psk-importer-06: (with DISCUSS)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Jan 2021 18:40:27 -0000
Ekr, I appreciate that this is hard to represent in 8446 notation. Would it be possible to add some text in 4.1 that says "Due to the maximum size of the PSK extension, the external_identity and context fields MUST sum to a length of 2^16-5", or something to that effect? IMO, it would be unfortunate if the PSK Importer interface allowed parameters that result in undefined behavior on the wire. If this is unworkable or very very dumb for some other reason, I am willing to accept that feedback. Martin On Thu, Jan 7, 2021 at 4:57 PM Eric Rescorla <ekr@rtfm.com> wrote: > > > On Thu, Jan 7, 2021 at 4:39 PM Benjamin Kaduk <kaduk@mit.edu> wrote: > >> On Mon, Jan 04, 2021 at 03:40:34PM -0800, Martin Duke via Datatracker >> wrote: >> > Martin Duke has entered the following ballot position for >> > draft-ietf-tls-external-psk-importer-06: Discuss >> > >> > When responding, please keep the subject line intact and reply to all >> > email addresses included in the To and CC lines. (Feel free to cut this >> > introductory paragraph, however.) >> > >> > >> > Please refer to >> https://www.ietf.org/iesg/statement/discuss-criteria.html >> > for more information about IESG DISCUSS and COMMENT positions. >> > >> > >> > The document, along with other ballot positions, can be found here: >> > https://datatracker.ietf.org/doc/draft-ietf-tls-external-psk-importer/ >> > >> > >> > >> > ---------------------------------------------------------------------- >> > DISCUSS: >> > ---------------------------------------------------------------------- >> > >> > This is probably just my own ignorance, but I see two potential >> problems in Sec >> > 4.1. >> > >> > - 'The identity of "ipskx" as sent on the wire is ImportedIdentity, >> i.e., the >> > serialized content of ImportedIdentity is used as the content of >> > PskIdentity.identity in the PSK extension.' IIUC ImportedIdentity has a >> maximum >> > length of 2^17 + 2. But the Identity field in the PSK option has a >> maximum >> > length of 2^16-1. I presume this never actually happens, but the spec >> should >> > handle the boundary condition, perhaps by limiting the first two fields >> of >> > Imported Identity to sum to 2^16-5 bytes or something. >> >> I'll leave this one for the authors. >> > > I can see how someone would want this, but in practice that's not how it's > generally done in TLS. Trying to compute the precise upper bounds gets > complicated very fast when there are multiple fields. We do generally > try to get the lower bound right, though even then there have been > mistakes: > > https://github.com/ekr/tls13-spec/pull/56/files > > -Ekr >
- [TLS] Martin Duke's Discuss on draft-ietf-tls-ext… Martin Duke via Datatracker
- Re: [TLS] Martin Duke's Discuss on draft-ietf-tls… Benjamin Kaduk
- Re: [TLS] Martin Duke's Discuss on draft-ietf-tls… Eric Rescorla
- Re: [TLS] Martin Duke's Discuss on draft-ietf-tls… Martin Duke
- Re: [TLS] Martin Duke's Discuss on draft-ietf-tls… Martin Duke
- Re: [TLS] Martin Duke's Discuss on draft-ietf-tls… Martin Duke
- Re: [TLS] Martin Duke's Discuss on draft-ietf-tls… Christopher Wood
- Re: [TLS] Martin Duke's Discuss on draft-ietf-tls… Martin Duke