Re: [TLS] PSK in 1.3?
Jeffrey Walton <noloader@gmail.com> Sun, 19 October 2014 14:58 UTC
Return-Path: <noloader@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7A6551A1A90 for <tls@ietfa.amsl.com>; Sun, 19 Oct 2014 07:58:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XH0my7jjgjlJ for <tls@ietfa.amsl.com>; Sun, 19 Oct 2014 07:58:38 -0700 (PDT)
Received: from mail-ie0-x231.google.com (mail-ie0-x231.google.com [IPv6:2607:f8b0:4001:c03::231]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 54CB01A016B for <tls@ietf.org>; Sun, 19 Oct 2014 07:58:38 -0700 (PDT)
Received: by mail-ie0-f177.google.com with SMTP id rd18so3293689iec.36 for <tls@ietf.org>; Sun, 19 Oct 2014 07:58:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:reply-to:in-reply-to:references:date:message-id :subject:from:to:cc:content-type:content-transfer-encoding; bh=bICcSOC7opfDYfhiVsjW47LbLQCIN7lMVog7EQ6okIg=; b=gDx7CjE2Nz+//HbJsTkGtLm5TF6vgRnvFOcLwG6xkTS16E7wNBmtNNznu29ToWDi5q 45jEOpYAb+teGdoDdaeeVERgPpMIZNFcXbrvyIOovAyhpaqrT8dVUBNIFKmSxDI0koVr HNuQ0J6cbg0RnbnMYwRuPbYqRQWD1+Dl0YqDFfcXZdv8zCLVRdZyZVPD+XRkXQSpwzKX PdxOEvJ7JI5V4NGoPyxRwwV5RtksO0W7XeMwyUNReFCVdz2B4opgkpqjtq4qUp4gRiKw yQ4YdrHA5KMfBy1j/OxRnfhxsXYUcosa3MhlFFhpVS5RHBDKM/2a8oyL5aawx8za2apJ 7z9g==
MIME-Version: 1.0
X-Received: by 10.42.21.19 with SMTP id i19mr21293143icb.37.1413730717674; Sun, 19 Oct 2014 07:58:37 -0700 (PDT)
Received: by 10.107.3.87 with HTTP; Sun, 19 Oct 2014 07:58:37 -0700 (PDT)
In-Reply-To: <1D875BD8-2727-4895-842A-FC4FAA482E15@gmail.com>
References: <544384C7.9030002@polarssl.org> <78795A6D-3DFA-41C6-A380-C63DDF4C0285@gmail.com> <5443BF11.3090505@polarssl.org> <1D875BD8-2727-4895-842A-FC4FAA482E15@gmail.com>
Date: Sun, 19 Oct 2014 10:58:37 -0400
Message-ID: <CAH8yC8kbF+8OdNad9VdbzEaeANKZbZ1fB8+zAgdzHQ3otz3GgQ@mail.gmail.com>
From: Jeffrey Walton <noloader@gmail.com>
To: Yoav Nir <ynir.ietf@gmail.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/Ab0erNFX12k5b84_UnEhRy2sC3U
Cc: "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [TLS] PSK in 1.3?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: noloader@gmail.com
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 19 Oct 2014 14:58:39 -0000
> I understand. It’s just weird that we’re treating non-PFS like it was made from asbestos, laced with arsenic and painted with lead paint, while this is proposing to allow asbestos/arsenic/lead combo as long as it’s much cheaper. > > ... > So either we believe that PSK compromise is unlikely, or we believe that the data in a connection with a PSK ciphersuite is not future-sensitive. If we don’t, we’re saying that we’re just piling on security nice-to-haves because we think the users can handle them. > TLS-PSK provides mutual authentication and channel binding, which addresses a major problem with RSA key transport: wrap a secret in anybody's public key and send it (even if its the wrong server or public key). I'm not sure its wise to discard mutual authentication and channel binding. They are improvements over key transport.
- Re: [TLS] PSK in 1.3? Yoav Nir
- [TLS] PSK in 1.3? Manuel Pégourié-Gonnard
- Re: [TLS] PSK in 1.3? Ilari Liusvaara
- Re: [TLS] PSK in 1.3? Eric Rescorla
- Re: [TLS] PSK in 1.3? Ilari Liusvaara
- Re: [TLS] PSK in 1.3? Manuel Pégourié-Gonnard
- Re: [TLS] PSK in 1.3? Yoav Nir
- Re: [TLS] PSK in 1.3? Hauke Mehrtens
- Re: [TLS] PSK in 1.3? Manuel Pégourié-Gonnard
- Re: [TLS] PSK in 1.3? Hauke Mehrtens
- Re: [TLS] PSK in 1.3? Watson Ladd
- Re: [TLS] PSK in 1.3? Jeffrey Walton
- Re: [TLS] PSK in 1.3? Paul Bakker
- Re: [TLS] PSK in 1.3? Eric Rescorla
- Re: [TLS] PSK in 1.3? Eric Rescorla
- Re: [TLS] PSK in 1.3? Dan Harkins
- Re: [TLS] PSK in 1.3? Watson Ladd
- Re: [TLS] PSK in 1.3? Dan Harkins
- Re: [TLS] PSK in 1.3? Manuel Pégourié-Gonnard
- Re: [TLS] PSK in 1.3? Manuel Pégourié-Gonnard
- Re: [TLS] PSK in 1.3? Dan Harkins
- Re: [TLS] PSK in 1.3? Watson Ladd
- Re: [TLS] PSK in 1.3? Peter Gutmann
- Re: [TLS] PSK in 1.3? Manuel Pégourié-Gonnard
- Re: [TLS] PSK in 1.3? Dan Harkins
- Re: [TLS] PSK in 1.3? Mohamad Badra
- Re: [TLS] PSK in 1.3? Peter Gutmann
- Re: [TLS] PSK in 1.3? Peter Gutmann
- Re: [TLS] PSK in 1.3? Yoav Nir
- Re: [TLS] PSK in 1.3? Viktor Dukhovni
- Re: [TLS] PSK in 1.3? Dan Harkins
- Re: [TLS] PSK in 1.3? Ilari Liusvaara
- Re: [TLS] PSK in 1.3? Sven Schäge
- Re: [TLS] PSK in 1.3? Christian Kahlo
- Re: [TLS] PSK in 1.3? Dan Harkins
- Re: [TLS] PSK in 1.3? John Mattsson
- Re: [TLS] PSK in 1.3? Alex Elsayed
- Re: [TLS] PSK in 1.3? Dan Harkins
- Re: [TLS] PSK in 1.3? Dan Harkins
- Re: [TLS] PSK in 1.3? Viktor Dukhovni
- Re: [TLS] PSK in 1.3? Stephen Checkoway
- Re: [TLS] PSK in 1.3? Dan Harkins
- Re: [TLS] PSK in 1.3? Stephen Checkoway
- Re: [TLS] PSK in 1.3? Dan Harkins
- Re: [TLS] PSK in 1.3? Stephen Checkoway
- Re: [TLS] PSK in 1.3? Viktor Dukhovni
- Re: [TLS] PSK in 1.3? Watson Ladd