[TLS] [tls] Guidance for External PSK Usage in TLS
"Quick, Matthew" <mquick@verisign.com> Mon, 08 November 2021 18:48 UTC
Return-Path: <mquick@verisign.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 06F893A0E7C for <tls@ietfa.amsl.com>; Mon, 8 Nov 2021 10:48:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=verisign.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KkyAs4rv8r4c for <tls@ietfa.amsl.com>; Mon, 8 Nov 2021 10:48:42 -0800 (PST)
Received: from mail5.verisign.com (mail5.verisign.com [69.58.187.31]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 191863A0FB6 for <tls@ietf.org>; Mon, 8 Nov 2021 10:48:41 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=verisign.com; l=16030; q=dns/txt; s=VRSN; t=1636397322; h=from:to:subject:date:message-id:mime-version; bh=C9S9X/AIf7Y64ibZ1TgLKq7mNlCHWBJTLACwghakXhU=; b=OUbOenC6zZYyuTskGLjimEqyOOggiL9wuu78Z+CeGQumvDHOlOyULdtF gqJgDOx3Jm3BPLy93zHTMk3R7b+MuRCtp0nEJgHryehOxq1b7GmxAuyTh wXt2fJaSpBvNBx4cX0BnZ8WlSCi0axO+KmnnxXHX2b8NWBDgTtmj4pFka EdG38S2YBE1n8A21mj0NK47ukNwCe9IiqUFHVVMHrUUM19xMKsT9+zqOT 6UFRAIErBDLc8bJt2eyDbXzImOS0oO6RYDwFbIC4BfgPMPavKdr0Dn5En qSKvzZrBaISwjAcYAsjSqdG8Mlc/tYMQ2FnXrLxwMgxB5ho4RKoIBretQ A==;
IronPort-SDR: hquXoc8jFN2EaGFGVKNwxIpHy+nxCQ3pFdtaDtOMrdFGO0+WlcjzHM7PFjCnNo5YNRk/5Ylcrp 4bWIubfSGzMZNxVhjetJY2k4p1QMldrg7RZ8FWt9uefg5d0QlIGvSe92KiwaPRKzJnyGzp6Ntt I1xFwgXrtrR0C9T+5G7RlbaUpOcverGo1QnBCzf0uVAVm+sx1SocdY31eCAJMcyy8k5tGw89MT OejrNAcxUDh7hmWzomt9dsQuJgEVr7oBGrdA1e/nzPdBeHcnu19duiP2QTznLsrE18q8D9kL5B awo=
IronPort-Data: A9a23:gNqIsauVWjVgSlwQgc+7INVTCufnVMlcMUV32f8akzHdYApBsoF/q tZmKWDVOviIa2ShKIx0O4u18E4EuJDcztRgHgBu/iA0Fy4b9ZOVVN+UEBz9bniYRiHhoOKLz Cm/hv3odp1coqr0/0/1WlTZQPoVOZigHtIQMsadUsxKbVIiGHhJZS5LwbZj29cx2YjhWmthh PupyyHhEA79s9JLGj9Mg06zgEsHUCPa4W5wUvQWPJinjXeG/5UnJMt3yZKZdhMUdrJp8tuSH I4v+l0ZElTxpH/BAvv9+lryWhNSHu6KZWBigFIOM0SpqkAqSiDfTs/XnRfTAKtao2zhojx/9 DlCnbCoECEnJIfDotk2Tkl0Lzx3GKsFu5aSdBBTseTLp6HHW1HW5axRKmwGZdde5O1wG3kI/ PBeNioWaFaIgOfeLLCTE7Eq35t4apC2Z8VD6xmMzhmAZRoiaZXaXqTB5vdG0S0xncFBG7DVY M9xhT9HNUyfO0ITYA5/5JQWnb+FtHL8fhRjkVfN9ZMsyXXJ0jZA6e24WDbSUpnQLSlPpW6Eo nnu/mnlDFcdLtP39Nae2ni2gLbQmy7rANhXD6OisPtrmxiZwSoZEhtPE0Whuv//gUm7Mz5CF 3EpFuMVhfBa3CSWohPVBnVUfFbsUsYgZudt
IronPort-HdrOrdr: A9a23:PbxNXaoqeLZeThpppNFW0nsaV5r2eYIsimQD101hICG9Ffbo8v xG/c5rtyMc5wxwZJhNo7690cq7Lk80nKQdibX5Vo3SPzUO1lHIEKhSqaXvxDH6EzDz+6p3xc 5bH5RWOZnVAUJhhcj3pCu1A78bquWvweSNif3Fx3lgCTt2bbpthj0VNi+AHlZoSBJ9CZ01KZ qZ6qN8zAadRQ==
X-IronPort-AV: E=Sophos;i="5.87,218,1631592000"; d="p7s'?scan'208,217";a="10707421"
Received: from BRN1WNEX01.vcorp.ad.vrsn.com (10.173.153.48) by BRN1WNEX02.vcorp.ad.vrsn.com (10.173.153.49) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.15; Mon, 8 Nov 2021 13:48:40 -0500
Received: from BRN1WNEX01.vcorp.ad.vrsn.com ([fe80::a89b:32d6:b967:337d]) by BRN1WNEX01.vcorp.ad.vrsn.com ([fe80::a89b:32d6:b967:337d%4]) with mapi id 15.01.2308.015; Mon, 8 Nov 2021 13:48:40 -0500
From: "Quick, Matthew" <mquick@verisign.com>
To: "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [tls] Guidance for External PSK Usage in TLS
Thread-Index: AQHX1NE/u+R23Oefok+4kmS5X0pG5Q==
Date: Mon, 08 Nov 2021 18:48:40 +0000
Message-ID: <05C60098-E23A-4C5F-9C1B-9153FF9DADF8@verisign.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [10.170.148.18]
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha256"; boundary="B_3719224120_1071296634"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/91YZUIGxzCRLQrP10lwY3EU75oQ>
Subject: [TLS] [tls] Guidance for External PSK Usage in TLS
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Nov 2021 18:48:47 -0000
Hello Russ et al, I hope this finds you well. Please find comments for “draft-ietf-tls-external-psk-guidance-03”, below. The document is well written and the latest revision has improved the clarity of presentation – no concerns with publication, only minor editorial comments. Your feedback is greatly appreciated. Best, Matthew Quick, Verisign ____________________________ 2. Section 7, items 1 and 2 Justification: Both use the acronym "EPSK" without defining it. Existing text: "EPSK" Suggested text: "external PSK" in both places, consistent with other uses throughout the document. ____________________________ 3. Section 7, item 2: Justification: Editorial correction. Existing text: "PSKs know to a group". Suggested text: "PSKs known to a group". ____________________________ 4. Section 4.1 Justification: Items 2 and 3 respectively describe an attacker who can "read (and modify)" and "passively read (and actively modify)" traffic. Unless "read" is meant to be different than "passively read," and "modify" differs from "actively modify,". Suggested text: Either dropping "actively" and "passively" from item 3, or moving the terms to item 2 so they qualify "modify" and "read" on first use and thus extend to both uses. ____________________________ 5. Section 8, paragraph 2 Justification: Editorial correction. Existing text: "and uses it" Suggested text: "and use it" (matching change from "selects" to "to select")
- [TLS] [tls] Guidance for External PSK Usage in TLS Quick, Matthew