Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on draft-ietf-emu-eap-tls13-13: (with DISCUSS and COMMENT)
Benjamin Kaduk <kaduk@mit.edu> Mon, 01 February 2021 02:51 UTC
Return-Path: <kaduk@mit.edu>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 315B83A1565; Sun, 31 Jan 2021 18:51:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.919
X-Spam-Level:
X-Spam-Status: No, score=-1.919 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hZ04II-HiYB9; Sun, 31 Jan 2021 18:51:24 -0800 (PST)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9D82C3A1563; Sun, 31 Jan 2021 18:51:23 -0800 (PST)
Received: from kduck.mit.edu ([24.16.140.251]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id 1112pAF6004080 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sun, 31 Jan 2021 21:51:15 -0500
Date: Sun, 31 Jan 2021 18:51:10 -0800
From: Benjamin Kaduk <kaduk@mit.edu>
To: Mohit Sethi M <mohit.m.sethi@ericsson.com>
Cc: Alan DeKok <aland@deployingradius.com>, "tls@ietf.org" <tls@ietf.org>, Martin Thomson <mt@lowentropy.net>, EMU WG <emu@ietf.org>
Message-ID: <20210201025110.GY21@kduck.mit.edu>
References: <9ddd1593-3131-f5cc-d0db-74bf3db697bf@ericsson.com> <3CB58153-8CCA-4B1E-B530-BA67A6035310@deployingradius.com> <CAOgPGoA3U+XpZMY7J+KGovNx6MtAdEzRaGW33xVJdQNWSi4LVg@mail.gmail.com> <770e6a49-52fc-4e8b-91af-48f85e581fbb@www.fastmail.com> <CAOgPGoBGOMXH-kMhQSujWxnACdmBL845u0ouE0fUYc4rWtUrZg@mail.gmail.com> <ca4c526e-79a0-4fa7-abda-2b626795f068@www.fastmail.com> <3409F71E-4CE4-46BB-8079-BFBE9BE83C9A@deployingradius.com> <66157321-55DC-4831-8EF2-D75934D9024C@deployingradius.com> <20210129183220.GI21@kduck.mit.edu> <14073c6e-878b-0b29-5892-b66d9c53eba1@ericsson.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <14073c6e-878b-0b29-5892-b66d9c53eba1@ericsson.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/90IllXwXujP5QBmYE2_ODfcenOA>
Subject: Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on draft-ietf-emu-eap-tls13-13: (with DISCUSS and COMMENT)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Feb 2021 02:51:26 -0000
Hi Mohit, The quoting in your note is not coming across usefully in my MUA, so I'm trimming to (what I think are) just your remarks without other history. On Fri, Jan 29, 2021 at 07:34:42PM +0000, Mohit Sethi M wrote: > Hi Ben, > > RFC 5705 says: > > If no context is provided, it then computes: > > PRF(SecurityParameters.master_secret, label, > SecurityParameters.client_random + > SecurityParameters.server_random > )[length] > > If context is provided, it computes: > > PRF(SecurityParameters.master_secret, label, > SecurityParameters.client_random + > SecurityParameters.server_random + > context_value_length + context_value > )[length] > > > We use only two arguments and say "No context data is used in the TLS exporter interface.". We could show the context argument as empty in the calls to make things clearer. By the way, this is what is done by TEAP also. RFC 7170 says "TEAPv1 makes use of the TLS Keying Material Exporters defined in [RFC5705] to derive the session_key_seed. The label used in the derivation is "EXPORTER: teap session key seed". The length of the session key seed material is 40 octets. No context data is used in the export process." We're using the TLS 1.3 exporter, though, so the RFC 8446 (https://www.rfc-editor.org/rfc/rfc8446.html#section-7.5) three-argument form seems most relevant. Note that there is no difference in TLS 1.3 between an absent context and a zero-length context. > The change of moving the type-code from the context to the label was made based on your review (comments from Martin) and the fact that some libraries such as wolfssl don't support passing a context (so far). See: https://w1.fi/cgit/hostap/tree/src/crypto/tls_wolfssl.c#n1996 I'm not going to get super hung-up on label vs context (but it's clearly a bug if WolfSSL doesn't support contexts). I guess Martin even wanted the type code to be in the label part in the first place, so having it in the label is "better"; we just need to actually show that there's an empty context argument. > I think there was a misunderstanding that an authenticated signal of authentication completed was needed. Only a signal of no more post handshake messages was needed. I think Alan's summary might also explain the situation better. I note that Alan seems to also be a bit unclear about exactly what purpose the commitment message serves; I look forward to seeing how the questions he has listed get answered. Thanks, Ben
- [TLS] Fwd: Benjamin Kaduk's Discuss on draft-ietf… Benjamin Kaduk
- Re: [TLS] Fwd: Benjamin Kaduk's Discuss on draft-… Martin Thomson
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Joseph Salowey
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Martin Thomson
- Re: [TLS] Fwd: Benjamin Kaduk's Discuss on draft-… Mohit Sethi M
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Alan DeKok
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Eric Rescorla
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Alan DeKok
- Re: [TLS] Fwd: Benjamin Kaduk's Discuss on draft-… Martin Thomson
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Alan DeKok
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Martin Thomson
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Benjamin Kaduk
- Re: [TLS] Fwd: Benjamin Kaduk's Discuss on draft-… Benjamin Kaduk
- Re: [TLS] Fwd: Benjamin Kaduk's Discuss on draft-… Benjamin Kaduk
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Joseph Salowey
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Mohit Sethi M
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Mohit Sethi M
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Alan DeKok
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Alan DeKok
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Salz, Rich
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Michael Richardson
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Alan DeKok
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Mohit Sethi M
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Alan DeKok
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Joseph Salowey
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Benjamin Kaduk
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Michael Richardson
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Joseph Salowey
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Alan DeKok
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Benjamin Kaduk
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Martin Thomson
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Mohit Sethi M
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Mohit Sethi M
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Martin Thomson
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Mohit Sethi M
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Joseph Salowey
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Alan DeKok
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Martin Thomson
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Alan DeKok
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Alan DeKok
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Jorge Vergara
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … John Mattsson
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Alan DeKok
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Alan DeKok
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Jorge Vergara
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Benjamin Kaduk
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Alan DeKok
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Mohit Sethi M
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Alan DeKok
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Joseph Salowey
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Joseph Salowey
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Jorge Vergara
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Alan DeKok
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Alan DeKok
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Benjamin Kaduk
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Benjamin Kaduk
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Benjamin Kaduk
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Joseph Salowey
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Peter Gutmann
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Benjamin Kaduk
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Alan DeKok
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Alan DeKok
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Eric Rescorla
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Salz, Rich
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Alan DeKok
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Eric Rescorla
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Alan DeKok
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Eric Rescorla
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Benjamin Kaduk
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Joseph Salowey
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Alan DeKok
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Joseph Salowey
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Jorge Vergara
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Alan DeKok
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Alan DeKok
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Joseph Salowey
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Alan DeKok
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Alan DeKok
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Joseph Salowey
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Benjamin Kaduk
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Benjamin Kaduk
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Joseph Salowey
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … John Mattsson
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Eric Rescorla
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Eric Rescorla
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … John Mattsson