RE: [TLS] draft-tuexen-dtls-for-sctp-00.txt

"Joseph Salowey \(jsalowey\)" <jsalowey@cisco.com> Mon, 28 August 2006 15:38 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1GHjBa-00021u-T5; Mon, 28 Aug 2006 11:38:02 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GHjBZ-00021X-6t for tls@ietf.org; Mon, 28 Aug 2006 11:38:01 -0400
Received: from stsc1260-eth-s1-s1p1-vip.va.neustar.com ([156.154.16.129] helo=chiedprmail1.ietf.org) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GHjBZ-0004uw-4Q for tls@ietf.org; Mon, 28 Aug 2006 11:38:01 -0400
Received: from sj-iport-3-in.cisco.com ([171.71.176.72] helo=sj-iport-3.cisco.com) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1GHjAv-0007MP-BM for tls@ietf.org; Mon, 28 Aug 2006 11:37:24 -0400
Received: from sj-dkim-2.cisco.com ([171.71.179.186]) by sj-iport-3.cisco.com with ESMTP; 28 Aug 2006 08:37:21 -0700
X-IronPort-AV: i="4.08,176,1154934000"; d="scan'208"; a="441731926:sNHT33561124"
Received: from sj-core-2.cisco.com (sj-core-2.cisco.com [171.71.177.254]) by sj-dkim-2.cisco.com (8.12.11.20060308/8.12.11) with ESMTP id k7SFbKJJ011849; Mon, 28 Aug 2006 08:37:20 -0700
Received: from xbh-sjc-221.amer.cisco.com (xbh-sjc-221.cisco.com [128.107.191.63]) by sj-core-2.cisco.com (8.12.10/8.12.6) with ESMTP id k7SFbJYp002446; Mon, 28 Aug 2006 08:37:20 -0700 (PDT)
Received: from xmb-sjc-225.amer.cisco.com ([128.107.191.38]) by xbh-sjc-221.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Mon, 28 Aug 2006 08:37:19 -0700
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: [TLS] draft-tuexen-dtls-for-sctp-00.txt
Date: Mon, 28 Aug 2006 08:37:17 -0700
Message-ID: <AC1CFD94F59A264488DC2BEC3E890DE502580384@xmb-sjc-225.amer.cisco.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [TLS] draft-tuexen-dtls-for-sctp-00.txt
Thread-Index: AcbKjXD2rSUtLI1MSwuMS8RaE+1CjAAKhgPg
From: "Joseph Salowey \(jsalowey\)" <jsalowey@cisco.com>
To: "Michael Tuexen" <Michael.Tuexen@lurchi.franken.de>, <tls@ietf.org>
X-OriginalArrivalTime: 28 Aug 2006 15:37:19.0720 (UTC) FILETIME=[D91FBE80:01C6CAB7]
DKIM-Signature: a=rsa-sha1; q=dns; l=2745; t=1156779440; x=1157643440; c=relaxed/simple; s=sjdkim2002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=jsalowey@cisco.com; z=From:=22Joseph=20Salowey=20\(jsalowey\)=22=20<jsalowey@cisco.com> |Subject:RE=3A=20[TLS]=20draft-tuexen-dtls-for-sctp-00.txt; X=v=3Dcisco.com=3B=20h=3DH3M2wQ5zx0eq8GVThq76l3vAc4s=3D; b=0bYWE1meLiFDk1dL8bna40flNPltrmgwgGg0S1AmVdM2H2r7E/X7fgM91Lbwbb7/m6CfEePM cIq0P8/4BFNDSuUwyqNAvu9DVChr1V8WjqOt+gmLy/w0XsaRT7v1asMl;
Authentication-Results: sj-dkim-2.cisco.com; header.From=jsalowey@cisco.com; dkim=pass ( sig from cisco.com verified; );
X-Spam-Score: -2.6 (--)
X-Scan-Signature: 00e94c813bef7832af255170dca19e36
Cc: lars.eggert@netlab.nec.de, hartmans-ietf@mit.edu
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org

Hi Michael,

In the context of extended EAP keying material, we have been looking at
the problem of deriving multiple keys from a single root in a
coordinated fashion to avoid conflicts.  A similar approach may work for
TLS. I'm not sure that it makes sense to use the same details such as
IANA registry or key derivation function, but it may.  

The current version of the draft is
http://www.ietf.org/internet-drafts/draft-salowey-eap-emsk-deriv-01.txt.
Let me know if you have any questions. 

Cheers,

Joe 

> -----Original Message-----
> From: Michael Tuexen [mailto:Michael.Tuexen@lurchi.franken.de] 
> Sent: Monday, August 28, 2006 3:26 AM
> To: tls@ietf.org
> Cc: lars.eggert@netlab.nec.de; hartmans-ietf@mit.edu
> Subject: [TLS] draft-tuexen-dtls-for-sctp-00.txt
> 
> Dear all,
> 
> I would like to get some comments on draft-tuexen-dtls-for- 
> sctp-00.txt. This includes
> 
> - technical comments
>    We would like to use the TLS master secret to generate an 
> additional shared secret which
>    we would use at the transport layer (SCTP) for SCTP-AUTH. 
> It was already brought up,
>    that this is a layer violation (but a nice one) and the 
> risk would be that multiple
>    instances would do this, then these multiple instances 
> would use the same key material
>    which is definitely bad.
>    How should we progress here? From an implementation point 
> of view I see only a limited
>    risk here, because we will modify the TLS implementation 
> to generate the additional
>    material and would provide to to SCTP via a socket option. 
> So there is NOT API to the
>    TLS user involved.
>    Another point was to have something like a registry for 
> the material generated. This
>    would avoid two instances to use the same material. What 
> about this? Is this a good or
>    bad idea? How can we achieve this, if it is a good idea?
> 
> - procedural advises (Sam, Lars this is why you are CCed)
>    Currently this document is an individual submission. How 
> can it be progressed? Should
>    it be taken to a WG? Which one? SCTP (including SCTP-AUTH) 
> is handled in TSVWG and
>    TLS is handled in the TLS WG. I'm not sure where DTLS was 
> handled, if it was handled in
>    any WG.
> 
> I think having DTLS for SCTP is important because it is 
> needed by anyone using SCTP with PR-SCTP or unordered 
> delivery and wanting to have a TLS like security solution.
> IPFIX is one example.
> 
> Best regards
> Michael
> 
> 
> 
> 
> _______________________________________________
> TLS mailing list
> TLS@lists.ietf.org
> https://www1.ietf.org/mailman/listinfo/tls
> 

_______________________________________________
TLS mailing list
TLS@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls