[TLS] AD review of draft-ietf-tls-ecdhe-psk-aead-02
Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> Mon, 01 May 2017 18:27 UTC
Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A88B6129C39 for <tls@ietfa.amsl.com>; Mon, 1 May 2017 11:27:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.7
X-Spam-Level:
X-Spam-Status: No, score=0.7 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 71bQH67R9fDL for <tls@ietfa.amsl.com>; Mon, 1 May 2017 11:27:24 -0700 (PDT)
Received: from mail-pg0-x22b.google.com (mail-pg0-x22b.google.com [IPv6:2607:f8b0:400e:c05::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 10CB712E035 for <tls@ietf.org>; Mon, 1 May 2017 11:24:32 -0700 (PDT)
Received: by mail-pg0-x22b.google.com with SMTP id o3so43053673pgn.2 for <tls@ietf.org>; Mon, 01 May 2017 11:24:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=VpN5fljzUYyLYOyu0MHyg3vD+W6MogM88SmKyghMeCs=; b=CWg9cPOOpdTlyg1YmI6GbaNFUJKgPmXsp2oU4Mt6Pj5IcW+iFG9sVlUcgjs/Y5LQGj wTAmE3TUeUO6wjV4I0OIFAim4mFPwETmOtSPaJS0MGDskq3QQAuWdTunmf9/ne+jiMV8 TaB4Z0BZyJ1em3l6pPXFn7RegP4mmNzmG+jsCd/91wLX9kktNOnOoDANrcQ1ZJSzdPFs dWBLHLV05AlmfC5GF3yZ+5m2NHGE+dCAFveKtb3CJsvRgL9UBIZWX70UpGDvcNweJb+U SZ9o1LnX63Ow27Fwwlb7ajpc13Z6jjLgb5xbH4/wgX3n5Hqv+A4VpHvOzY8EZk8TNK72 EIxA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=VpN5fljzUYyLYOyu0MHyg3vD+W6MogM88SmKyghMeCs=; b=iH10UOW7qMCAIPWRHo17nSNwaX9IvZJ3pXvVnxciQ727ha7BkuGieHoHhYhkqhoDZd tuyf4ba5zhseDq55qft8decSi0Wzc4Z0f152Q7nKxgbbhiC6k1YFkd4UrTqjN9pk8Xa2 xANtT/eUeJfGAJ+olqqre4Gts2AnaqgOzuTEU0f049WMWPCFheIjfyQgXFNZWJTbpnkM /ysCu9fD8nc89GEqeteqlKhYC7W4j7BWQcZ/6z98jWYjB6xIS7EOgFxQY/UN//pY4RbB LzPPleUPHDeRRp1rTi74TY7Pin168dyioHfFvzYtWYFdDcZpPBRfdXet1ZOZu7DCkMol 170A==
X-Gm-Message-State: AN3rC/5IACT0Pvzj3i/mtzcFHmchzzMjZNH6llA/OuWJ1Br87KF7ewE5 w2MFbGrpZoyIBrHanEgwsWxTmSl2JoeD
X-Received: by 10.84.245.1 with SMTP id i1mr30949479pll.51.1493663071453; Mon, 01 May 2017 11:24:31 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.100.185.143 with HTTP; Mon, 1 May 2017 11:23:51 -0700 (PDT)
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
Date: Mon, 01 May 2017 14:23:51 -0400
Message-ID: <CAHbuEH51dg46EfS6PxiZC0BB8RG0-Vj-WXSPPTCqbZdiMLHZBA@mail.gmail.com>
To: "<tls@ietf.org>" <tls@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/9w9zM8qLprMyVhrPPRzG5_5jaf0>
Subject: [TLS] AD review of draft-ietf-tls-ecdhe-psk-aead-02
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 May 2017 18:27:26 -0000
Hello, Thanks for your work on the draft draft-ietf-tls-ecdhe-psk-aead-02. In the IANA section, I think it would be a bit more clear to say in the last column rather than second column wince one might interpret this listing as having 3 columns. The cipher suite numbers listed in the second column are numbers used for cipher suite interoperability testing and it's suggested that IANA use these values for assignment. The registry has this reversed with the description as the second column, which is fine. I'm just pointing that out as it doesn't clarify the column for you. Nits: Security Considerations section: Use of Pre-Shared Keys of limited entropy may allow an active attacker attempts to connect to the server and tries different keys. s/tries/try/ Other example includes the use of a PSK chosen by a human and thus may be exposed to dictionary attacks. s/Other/Another/ -- Best regards, Kathleen
- [TLS] AD review of draft-ietf-tls-ecdhe-psk-aead-… Kathleen Moriarty
- Re: [TLS] AD review of draft-ietf-tls-ecdhe-psk-a… Daniel Migault
- Re: [TLS] AD review of draft-ietf-tls-ecdhe-psk-a… Kathleen Moriarty
- Re: [TLS] AD review of draft-ietf-tls-ecdhe-psk-a… Daniel Migault