IETF Logo Mail Archive

Re: [TLS] External PSK design team

Jonathan Hoyland <jonathan.hoyland@gmail.com> Tue, 21 January 2020 10:49 UTC

Return-Path: <jonathan.hoyland@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E33EE120860 for <tls@ietfa.amsl.com>; Tue, 21 Jan 2020 02:49:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.997
X-Spam-Level:
X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Gkg9mAl2mkDg for <tls@ietfa.amsl.com>; Tue, 21 Jan 2020 02:49:54 -0800 (PST)
Received: from mail-ua1-x934.google.com (mail-ua1-x934.google.com [IPv6:2607:f8b0:4864:20::934]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 60B411200FE for <tls@ietf.org>; Tue, 21 Jan 2020 02:49:54 -0800 (PST)
Received: by mail-ua1-x934.google.com with SMTP id c7so778532uaf.5 for <tls@ietf.org>; Tue, 21 Jan 2020 02:49:54 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=1IErXcJNqXYZzko0UZQ5MHMGxisXX99dOt/YwDMIs+0=; b=gUSUfGyVAIFu9aD8MGo65LCS4Kgw35my/tJ8LCQGpCmkv97+XyXqa4aUKLPmbSVsSi s9tFYevHtY9wzZWvseU/FftvGAmCY50QeYw9pyBwcfWNyAEe1D1o97AaqRYAGYQqNoP9 Dcl2U3FkQScEdPQ+A6uXKNo3UZnRLeT2Yy7kU2QiV1BFeA/7kzec2QmaMhp9IiYOcspc cpD0DpqNkwZAaQTcq/Wh15poqL/W8wteFSXrWsd335nd3cbayyLYKhSBFBIBXmZcCgGM v2jhGes80zo72adY7b1zYLxusMSqhkTZk2ZYp9u2azsGcBFvqX3obwLYMasfYUhdcNui okZw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=1IErXcJNqXYZzko0UZQ5MHMGxisXX99dOt/YwDMIs+0=; b=mKAmN2LhAjIrsyvtWsbTy5ELvICQ00YrryHHafuwMLsBg9xptqvYebInZEn9y3ZP3e Ol5czncXfKNpsgY2BGVVy2glE5hoFU2ycalLRf6fUh4wM/58YVhLO4hQGZbzHl1subcn 37tAAIREP78i4lbuFlsiLgYPeggJKGcz0keCI3BtG1phxlg8r7U4KEGRmbmo2dq70bHj kSPDBXezZkj9X/VkxvHGfym42xxsMRHOgNkFSZPJxB9qANoCwdpu1pFnsIJxw3UWP4/2 3sL/S7n7DJgCmJzxsMm3rAuI+VTaqLcVHzwIQLv5N3cY3JzmYYxgRTlyX5oG8PWr6o23 ldzQ==
X-Gm-Message-State: APjAAAUeGzigFXx1K6+BlMpAfdbIqbSYwzflvDt2u78KSFAaMYcLnzBK 8X2XtR7SZXw7mPdAquKLHB/RVhvKAogpIu0p/Vk=
X-Google-Smtp-Source: APXvYqyl5Kf549BTHwjyjJ3i00Afj3IgooT2V9lxXsFoW+DQ6MKB8At4bl4+X1ZEMaeduAyZtri0zFvZQpQnLsLeUk8=
X-Received: by 2002:a9f:3e84:: with SMTP id x4mr2310684uai.83.1579603793391; Tue, 21 Jan 2020 02:49:53 -0800 (PST)
MIME-Version: 1.0
References: <DCF8B276-346E-4323-A57F-04123D8C126C@sn3rd.com> <CAAF6GDc0kE+hftk1fPPPnEr3ADNguJhN7suoOxHQOsrWxHQVVA@mail.gmail.com> <6b080bb0-bdb5-c424-c6c8-596fbeadb588@ericsson.com> <VI1PR05MB6509F3AC096B3DFB5065B059830D0@VI1PR05MB6509.eurprd05.prod.outlook.com> <815ea7c9-b0ce-b0e3-3763-1cda6fe1b5b0@ericsson.com>
In-Reply-To: <815ea7c9-b0ce-b0e3-3763-1cda6fe1b5b0@ericsson.com>
From: Jonathan Hoyland <jonathan.hoyland@gmail.com>
Date: Tue, 21 Jan 2020 10:49:42 +0000
Message-ID: <CACykbs1r-rGWh9QeokSOQqdrMuPaHyYM0s+1V56MS=J3iLHzVQ@mail.gmail.com>
To: Mohit Sethi M <mohit.m.sethi=40ericsson.com@dmarc.ietf.org>
Cc: Björn Haase <bjoern.haase@endress.com>, Colm MacCárthaigh <colm@allcosts.net>, Sean Turner <sean@sn3rd.com>, TLS List <tls@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000fdb570059ca42a1b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/9iUYxWxQElihSUX3hEc_RZSIPCk>
Subject: Re: [TLS] External PSK design team
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Jan 2020 10:50:00 -0000

Hi All,

This is something I'm very interested in.

Definitely want to participate.

Regards,

Jonathan

On Tue, 21 Jan 2020 at 10:04, Mohit Sethi M <mohit.m.sethi=
40ericsson.com@dmarc.ietf.org> wrote:

> I would let CFRG deal with the PAKE selection process:
> https://mailarchive.ietf.org/arch/msg/cfrg/-a1sW3jK_5avmb98zmFbCNLmpAs
> and not have this design team spend time and energy on designing PAKEs.
>
> --Mohit
>
> On 1/21/20 11:52 AM, Björn Haase wrote:
> > Hello to all,
> >
> > I am also willing to contribute. My concern is that I observe that in
> some industrial control applications, PSK mechanisms (that actually require
> high-entropy keys) are (mis)-used in conjunction with TLS, where the PSK is
> actually of insufficient entropy (maybe derived only from a 4 digit PIN).
> >
> > In order to fix this issue, I'd really appreciate to have an PSK-style
> TLS operation using a balanced PAKE (note that this could be implemented
> with virtually no computational overhead in comparison to conventional ECDH
> session key generation).
> >
> > Yours,
> >
> > Björn.
> >
> >
> >
> > Mit freundlichen Grüßen I Best Regards
> >
> > Dr. Björn Haase
> >
> >
> > Senior Expert Electronics | TGREH Electronics Hardware
> > Endress+Hauser Conducta GmbH+Co.KG | Dieselstrasse 24 | 70839 Gerlingen
> | Germany
> > Phone: +49 7156 209 377 | Fax: +49 7156 209 221
> > bjoern.haase@endress.com |  www.conducta.endress.com
> >
> >
> >
> >
> >
> > Endress+Hauser Conducta GmbH+Co.KG
> > Amtsgericht Stuttgart HRA 201908
> > Sitz der Gesellschaft: Gerlingen
> > Persönlich haftende Gesellschafterin:
> > Endress+Hauser Conducta Verwaltungsgesellschaft mbH
> > Sitz der Gesellschaft: Gerlingen
> > Amtsgericht Stuttgart HRA 201929
> > Geschäftsführer: Dr. Manfred Jagiella
> >
> >
> > Gemäss Datenschutzgrundverordnung sind wir verpflichtet, Sie zu
> informieren, wenn wir personenbezogene Daten von Ihnen erheben.
> > Dieser Informationspflicht kommen wir mit folgendem Datenschutzhinweis (
> https://www.endress.com/de/cookies-endress+hauser-website) nach.
> >
> >
> >
> >
> >
> > Disclaimer:
> >
> > The information transmitted is intended only for the person or entity to
> which it is addressed and may contain confidential, proprietary, and/or
> privileged material. Any review, retransmission, dissemination or other use
> of, or taking of any action in reliance upon, this information by persons
> or entities other than the intended recipient is prohibited. If you receive
> this in error, please contact the sender and delete the material from any
> computer. This e-mail does not constitute a contract offer, a contract
> amendment, or an acceptance of a contract offer unless explicitly and
> conspicuously designated or stated as such.
> >
> >
> >
> > -----Ursprüngliche Nachricht-----
> > Von: TLS <tls-bounces@ietf.org> Im Auftrag von Mohit Sethi M
> > Gesendet: Dienstag, 21. Januar 2020 10:45
> > An: Colm MacCárthaigh <colm@allcosts.net>; Sean Turner <sean@sn3rd.com>
> > Cc: TLS List <tls@ietf.org>
> > Betreff: Re: [TLS] External PSK design team
> >
> > I am certainly interested and willing to contribute. We need some
> > consensus on whether PSKs can be shared with more than 2 parties,
> > whether the parties can switch roles, etc.
> >
> > EMU is going to work on EAP-TLS-PSK and the question of
> > privacy/identities will pop-up there too.
> >
> > --Mohit
> >
> > On 1/21/20 7:33 AM, Colm MacCárthaigh wrote:
> >> Interested, as it happens - this is something I've been working on at
> Amazon.
> >>
> >> On Mon, Jan 20, 2020 at 8:01 PM Sean Turner <sean@sn3rd.com> wrote:
> >>> At IETF 106, we discussed forming a design team to focus on external
> PSK management and usage for TLS. The goal of this team would be to produce
> a document that discusses considerations for using external PSKs, privacy
> concerns (and possible mitigations) for stable identities, and more
> developed mitigations for deployment problems such as Selfie. If you have
> an interest in participating on this design team, please reply to this
> message and state so by 2359 UTC 31 January 2020.
> >>>
> >>> Cheers,
> >>>
> >>> Joe and Sean
> >>> _______________________________________________
> >>> TLS mailing list
> >>> TLS@ietf.org
> >>>
> https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Ftls&amp;data=02%7C01%7Cbjoern.haase%40endress.com%7C5af7f9dcd2f746b6638a08d79e56a7dc%7C52daf2a93b734da4ac6a3f81adc92b7e%7C1%7C0%7C637151967330246544&amp;sdata=xtt%2F1mxS0XbrTQ8mExdzUP%2F%2BHSJKrXANsVqsX%2F4sUZA%3D&amp;reserved=0
> >>
> > _______________________________________________
> > TLS mailing list
> > TLS@ietf.org
> >
> https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Ftls&amp;data=02%7C01%7Cbjoern.haase%40endress.com%7C5af7f9dcd2f746b6638a08d79e56a7dc%7C52daf2a93b734da4ac6a3f81adc92b7e%7C1%7C0%7C637151967330246544&amp;sdata=xtt%2F1mxS0XbrTQ8mExdzUP%2F%2BHSJKrXANsVqsX%2F4sUZA%3D&amp;reserved=0
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>

v2.23.0 | Report a Bug | By Email