Re: [TLS] WGLC for "Guidance for External PSK Usage in TLS"

Ben Smyth <research@bensmyth.com> Tue, 19 January 2021 10:28 UTC

Return-Path: <research@bensmyth.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0D6F53A1422 for <tls@ietfa.amsl.com>; Tue, 19 Jan 2021 02:28:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=bensmyth.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7o95MUCaJlzj for <tls@ietfa.amsl.com>; Tue, 19 Jan 2021 02:28:07 -0800 (PST)
Received: from 2.smtp.34sp.com (2.smtp.34sp.com [46.183.9.2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 744FA3A11E8 for <tls@ietf.org>; Tue, 19 Jan 2021 02:28:06 -0800 (PST)
Received: from smtpauth2.mailarray.34sp.com (lvs5.34sp.com [46.183.13.73]) by 2.smtp.34sp.com (Postfix) with ESMTPS id 2A2F758170B for <tls@ietf.org>; Tue, 19 Jan 2021 10:27:28 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bensmyth.com; s=dkim; t=1611052048; bh=AqSh3dkacLBo+oK3AvUgBGR6xZjbwP7xMgn/k36bi7c=; h=References:In-Reply-To:Reply-To:From:Date:Subject:To:Cc; b=L4l9URb4JCHF+cQJpd5iFz7fEyKNbVJv0dxUboEUYtZagsYlL7IILSH67uXwGCsYV Y6UkQwFR8DooMt+NpDYvQu3itDMb+1A8IOiyIpiXdBMMURZdQ8+aD3sd4VG8sPpNvS +RrzFanQPQAakOxlfm6/D/pjFkmk4TWpmT7Y5Iwk=
Received: from mail-ua1-f52.google.com ([209.85.222.52]:37757) by smtpauth2.mailarray.34sp.com with esmtpsa (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.92) (envelope-from <research@bensmyth.com>) id 1l1oES-0004CG-0t for tls@ietf.org; Tue, 19 Jan 2021 10:27:28 +0000
Received: by mail-ua1-f52.google.com with SMTP id a16so184114uad.9 for <tls@ietf.org>; Tue, 19 Jan 2021 02:27:27 -0800 (PST)
X-Gm-Message-State: AOAM532QuHeug50qguV2nReUkRnz1oBavsGe6MwOUd6t6GwtxM1C7f/G SQjv5+bSxjKc3iUa+vFG30E1kbjn6kSnV79bzFQ=
X-Google-Smtp-Source: ABdhPJyn/gRTcmn3Fhpa8DtElx2TxsQTfdTX9dxXX89GExOMwxR74n33xhsR15ASGbMuqaIt8KiwNbylzpLAjz+KHBY=
X-Received: by 2002:ab0:6454:: with SMTP id j20mr1911197uap.0.1611052046836; Tue, 19 Jan 2021 02:27:26 -0800 (PST)
MIME-Version: 1.0
References: <CAOgPGoADZ=0-VnpHmU4GO996DuFefyfb4ia7wAjZ7h-bZkyDzQ@mail.gmail.com> <CAOgPGoCP4V3XFw4qfq7cetQc6UNty=mrkd7FjurKPYyCsSS+tA@mail.gmail.com>
In-Reply-To: <CAOgPGoCP4V3XFw4qfq7cetQc6UNty=mrkd7FjurKPYyCsSS+tA@mail.gmail.com>
Reply-To: research@bensmyth.com
From: Ben Smyth <research@bensmyth.com>
Date: Tue, 19 Jan 2021 11:27:00 +0100
X-Gmail-Original-Message-ID: <CA+_8xu1_zut1zLYrvdeFPO1R-j9mAf8c_biYmc-Ne-0QdX_wpA@mail.gmail.com>
Message-ID: <CA+_8xu1_zut1zLYrvdeFPO1R-j9mAf8c_biYmc-Ne-0QdX_wpA@mail.gmail.com>
To: Joseph Salowey <joe@salowey.net>
Cc: "<tls@ietf.org>" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000f7686d05b93e48a6"
X-Authenticated-As: research@bensmyth.com
X-OriginalSMTPIP: 209.85.222.52
X-34spcom-MailScanner-Information: Please contact the ISP for more information
X-34spcom-MailScanner-ID: 2A2F758170B.A44A6
X-34spcom-MailScanner: Found to be clean
X-34spcom-MailScanner-SpamCheck: not spam, SpamAssassin (score=-11.1, required 6.5, autolearn=disabled, DKIM_SIGNED 0.10, DKIM_VALID -0.10, DKIM_VALID_AU -0.10, HTML_MESSAGE 0.00, SPF_PASS -0.00, X34SP_ALLOW_GMAIL_EVEN_IF_BLACKLISTED -10.00, X34SP_OVERRIDE -1.00)
X-34spcom-MailScanner-From: research@bensmyth.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/6VpvKj_2vkPL_r1-95Hn35ozlJw>
Subject: Re: [TLS] WGLC for "Guidance for External PSK Usage in TLS"
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Jan 2021 10:28:10 -0000

Dear Joe,

On Sat, 16 Jan 2021 at 21:29, Joseph Salowey <joe@salowey.net> wrote:

> We've only had one review in response to the last call so far,  I'd like
> to see a few more reviews of this document before moving it forward.  Are
> there any volunteers who can commit to a review in the near future?
>

I've reviewed and have only a handful of minor comments.

Section 1, opening: Password and key comparison seems rather weak, unless
low-entropy PSKs are used. If low-entropy PSKs are a focus, then perhaps
make this clearer, which will simultaneously strengthen the comparison.

Section 4, "These keys do not provide protection of endpoint identities
(see Section 5), nor do they provide non-repudiation (one endpoint in a
connection can deny the conversation)": Perhaps relate to other modes of
TLS which do provide such protection.

Section 4, "If this assumption is violated": The assumption has two
aspects, namely, "each PSK is known to exactly one client and one server"
and "these never switch roles." The following paragraph explains what
happens if each PSK is known to more than one client, server, or both. But
what if roles are switched? Whilst maintaining the former aspect of the
assumption.

Section 4, "then the security properties of TLS are severely weakened":
Perhaps add "as explained below" or similar.


Best regards,

Ben