Re: [TLS] Re: WGLC: draft-ietf-tls-srp-13
<home_pw@msn.com> Fri, 29 December 2006 21:50 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1H0PcC-00035O-PR; Fri, 29 Dec 2006 16:50:12 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1H0PcB-00035J-KD for tls@ietf.org; Fri, 29 Dec 2006 16:50:11 -0500
Received: from bay0-omc1-s14.bay0.hotmail.com ([65.54.246.86]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1H0Pc9-0004hf-83 for tls@ietf.org; Fri, 29 Dec 2006 16:50:11 -0500
Received: from hotmail.com ([65.54.174.75]) by bay0-omc1-s14.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2668); Fri, 29 Dec 2006 13:50:06 -0800
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Fri, 29 Dec 2006 13:50:06 -0800
Message-ID: <BAY103-DAV30366D530EC702791273892C60@phx.gbl>
Received: from 69.227.152.254 by BAY103-DAV3.phx.gbl with DAV; Fri, 29 Dec 2006 21:50:05 +0000
X-Originating-IP: [69.227.152.254]
X-Originating-Email: [home_pw@msn.com]
X-Sender: home_pw@msn.com
From: home_pw@msn.com
To: tls@ietf.org
References: <BAY103-DAV4BF9EC54383E84FC677FB92C60@phx.gbl>
Subject: Re: [TLS] Re: WGLC: draft-ietf-tls-srp-13
Date: Fri, 29 Dec 2006 13:50:19 -0800
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"; charset="iso-8859-1"; reply-type="response"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Windows Live Mail desktop 8.0.1223
X-MimeOLE: Produced By Microsoft MimeOLE V8.0.1223
X-OriginalArrivalTime: 29 Dec 2006 21:50:06.0603 (UTC) FILETIME=[4DA27DB0:01C72B93]
X-Spam-Score: 0.2 (/)
X-Scan-Signature: 10d3e4e3c32e363f129e380e644649be
Cc:
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org
Given RSA "ephemeral" is being discussed on the WG's mailing list and was discussed in Eric's authoritative SSL/TLS book, presumably referring to SSL3/TLS "temporary" keys, we should attempt to put the topic into the formal proceedings. If I read between the lines, perhaps we see the underlying issues of "hardware-assured key exchange" being introduced in NSA's proposed means for "application-enhanced" PRF mechanisms; and, perhaps also in the GSS-API proposals. Whilst this is but conjecture on my part, it's not unreasonable. Given these issues, let's revisit: http://www3.ietf.org/proceedings/04mar/I-D/draft-ietf-smime-cms-rsa-kem-01.txt (as FIPS 800-56B drafts are not available to the likes of me.) Lets contrast schemes, top begin. SSL3 invested in ephemeral (DH) and temporary (RSA) keying as means of enforcing cryptostrength-containment policies (i.e. export rules); others use them for assurance reasons, giving plausible rationales. We saw the latter clearly articulated in 800-56A, and given embodiment by IESG in the CMS with KEA/skipjack RFC. We can see read it furthermore, albeit minimally, in SSLv3 fortezza_dms's type declarations. Now, it was a colleague of Russ Housley who taught me about the linkage between PKC and integrity-protected (1) TEKs/KEKs, (2) wrapped keys/IVs (with or without LEAFs), and the design of assured FIPS-complying cryptomodules. It was a former member of CSE in Canada who then taught me how these principles are extended to trusted path arming processes, in a level 3 FIPS device. If I now summarize what I was taught, when done right, security handshakes are but a way of provisioning a trusted cryptomodule - a way of remoting the admin port, over which previouslyone might have deployed key manually, using a key fill device. When done right, we can then create families of trusted devices distinguished by manufacturing-time certs and group parameters; with HSM-certs that accompany key exchange certificates (both static and ephemeral) to distinguish crypto from such an HSM family from software CSPs. Linked now to FIPS-mode HMACs we see how key derivation can characterize even roles within a security protocol flow, extending the TNI's connection-oriented access control concept to address RBAC. When we look at what NIST and NSA folks have openly taught us, with KEA for DH's key agreement regimes, as reflected in SSLv3 and CMS, I'm open minded whether RSA ciphersuites should adopt similar assurance benefits, re key wrapping, MacTags, etc. Viewing RSA transient and additional nonces no longer as export-regulation enforcement tools but as assurance-producing mechanisms, perhaps we do need to adapt to RSA ciphersuites (a) key wrapping (b) static and ephemeral keys c) nonces (d) manufacturing and HSM certs. Peter. ----- Original Message ----- From: <home_pw@msn.com> To: <tls@ietf.org> Sent: Thursday, December 28, 2006 11:56 PM Subject: Re: [TLS] Re: WGLC: draft-ietf-tls-srp-13 > We were discussing ephemeral DH (etc), vs temporary RSA. > > As always, NIST make things crystal clear: > > http://csrc.nist.gov/CryptoToolkit/kms/SP800-56A_May2006.pdf > > Its best to read this in concert with IETF's CMS for KEA/skipjack, so > one can see its application to more than undergrad DH examples. Then > one can apply it to SSLv3 (and extensions). > > > _______________________________________________ > TLS mailing list > TLS@lists.ietf.org > https://www1.ietf.org/mailman/listinfo/tls > _______________________________________________ TLS mailing list TLS@lists.ietf.org https://www1.ietf.org/mailman/listinfo/tls
- [TLS] WGLC: draft-ietf-tls-srp-13 EKR
- Re: [TLS] WGLC: draft-ietf-tls-srp-13 Peter Sylvester
- RE: [TLS] WGLC: draft-ietf-tls-srp-13 Peter Williams
- Re: [TLS] WGLC: draft-ietf-tls-srp-13 EKR
- Re: [TLS] Re: WGLC: draft-ietf-tls-srp-13 Mike
- [TLS] Re: WGLC: draft-ietf-tls-srp-13 Simon Josefsson
- Re: [TLS] Re: WGLC: draft-ietf-tls-srp-13 Bodo Moeller
- Re: [TLS] Re: WGLC: draft-ietf-tls-srp-13 home_pw
- Re: [TLS] Re: WGLC: draft-ietf-tls-srp-13 home_pw
- Re: [TLS] Re: WGLC: draft-ietf-tls-srp-13 home_pw
- Re: [TLS] Re: WGLC: draft-ietf-tls-srp-13 home_pw
- Re: [TLS] Re: WGLC: draft-ietf-tls-srp-13 home_pw
- RE: [TLS] Re: WGLC: draft-ietf-tls-srp-13 Pasi.Eronen