Re: [TLS] TLS 1.3 servers and psk_key_exchange_modes == [psk_ke]?
Peter Gutmann <pgut001@cs.auckland.ac.nz> Wed, 08 March 2023 05:11 UTC
Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DAA59C14CEED for <tls@ietfa.amsl.com>; Tue, 7 Mar 2023 21:11:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.9
X-Spam-Level:
X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LoY-uCp4TwTK for <tls@ietfa.amsl.com>; Tue, 7 Mar 2023 21:11:33 -0800 (PST)
Received: from au-smtp-delivery-117.mimecast.com (au-smtp-delivery-117.mimecast.com [103.96.23.117]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2825BC14F74E for <tls@ietf.org>; Tue, 7 Mar 2023 21:11:32 -0800 (PST)
Received: from AUS01-ME3-obe.outbound.protection.outlook.com (mail-me3aus01lp2235.outbound.protection.outlook.com [104.47.71.235]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id au-mta-10-orHSuNl5ObC9KylnDFPLxQ-1; Wed, 08 Mar 2023 16:11:29 +1100
X-MC-Unique: orHSuNl5ObC9KylnDFPLxQ-1
Received: from SY4PR01MB6251.ausprd01.prod.outlook.com (2603:10c6:10:10b::10) by SY6PR01MB8443.ausprd01.prod.outlook.com (2603:10c6:10:1de::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6178.16; Wed, 8 Mar 2023 05:11:27 +0000
Received: from SY4PR01MB6251.ausprd01.prod.outlook.com ([fe80::d897:3340:611b:bc0c]) by SY4PR01MB6251.ausprd01.prod.outlook.com ([fe80::d897:3340:611b:bc0c%6]) with mapi id 15.20.6156.029; Wed, 8 Mar 2023 05:11:27 +0000
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] TLS 1.3 servers and psk_key_exchange_modes == [psk_ke]?
Thread-Index: AQHZSxzeBLBHoqXA7E6nunRaj84TNa7ujYtVgABIBwCAAYwHdA==
Date: Wed, 08 Mar 2023 05:11:27 +0000
Message-ID: <SY4PR01MB62513F1EC6DC284DCFB4E96FEEB49@SY4PR01MB6251.ausprd01.prod.outlook.com>
References: <Y/1ngz1ITlYds2WP@straasha.imrryr.org> <SY4PR01MB6251E03AE8A05E38FA8A3F0DEEB79@SY4PR01MB6251.ausprd01.prod.outlook.com> <ZAbL6AP8uzgb60NB@straasha.imrryr.org>
In-Reply-To: <ZAbL6AP8uzgb60NB@straasha.imrryr.org>
Accept-Language: en-NZ, en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: SY4PR01MB6251:EE_|SY6PR01MB8443:EE_
x-ms-office365-filtering-correlation-id: bdca6c33-b0f7-49f7-4bf6-08db1f93920b
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0
x-microsoft-antispam-message-info: EVNiPEsnT9eokU5AJvSHx0ZXNgd5UVG9jMFel+NVNZUKerx9jpeSOEZXIc412rTGBciF32mz4UGHbdeXdw0zalsdQ2+QZqoogMny52HhUkEk9l4FulZD1NrsWFDk2z1CD8XgciFCJj+kosUGN6Tvar8lbmVky/v5nCk9P3MftmXoyQitu3ZL+iq0M1yHXztm4gp12V0mt0rTqltlpVd1aiLVjHvZpR2PWlgHHc86ODZAb7QoAs8g9VNCHSQlbamtttXpbZsbnfwOSb7dHuJEgjWm0sG4vdhzeOaCKHhvJvkIJHLvbpGkkYTGHqpwMWnjTm2gV/NvnbO6jdSPulcIlMObw1+JmiT9ClfFGoMZLLFMJrrSYSq0zkeNnKvHLsLRdeFcn+HJbMJZrnF8lywtBP0WVIoGFyZFBL+YQMUI0BeVXFR6RscC386JIrpx58mIMv5IsuS1BfS0x1CODxP7HwDBauWh3Nq65b1LnLDYCNvkE/qU+OjJ5ND7xjAoo9Z2H0jA41QWLWH+V0J/sbBA28K0OOMcKQcedWQZhYrVSia8qtoXalF5jTNfczVKOun3vAinH2mvBjVgSuk7tVLKFjXKVSuSb0xfU6nl6/OJ/5fmvP6ZRVVU9IjotKFQXkzHjCS3rrJQIXd7c88600KYBEs5UXKizCHi5pnCREZXnkxHm2ekGO8vtqgkPQSqY5Xpz8IYHY7So8x4taj6FBvfNrp3hvfYjMQI6jec4IsvgBzNoZZb80RGC+CX8JWhD6NP
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SY4PR01MB6251.ausprd01.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230025)(4636009)(346002)(136003)(376002)(366004)(39860400002)(396003)(451199018)(38100700002)(122000001)(41300700001)(4326008)(478600001)(6916009)(66946007)(66446008)(66556008)(5660300002)(66476007)(64756008)(8676002)(76116006)(52536014)(8936002)(38070700005)(33656002)(86362001)(83380400001)(26005)(186003)(9686003)(6506007)(71200400001)(55016003)(7696005)(316002)(786003)(107886003)(2906002); DIR:OUT; SFP:1101
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: X46bznEK7AHMPrunLPn5C5j+rpzGkKFiOm9MslKMeJjBBMDYeqzILU9t9ytDudNpRkZAB82+1r+N4l11hs8fpxgvl0bwbGMQWcMDDmyOqbGgntH8of208QxoNJOca8uWGSIBml16mNcE38fu+Z8OJkKCX8JCKktrgnNEwHa9G5xEW9/6V3vzfvMeY/5D0FO3Jc9K8Lh9hPTIlWz/wUgXgDaZBrC9ZQwDMGkfFYrx65LnVElE8cjvUcoP0o0XfuZhjZXbPwEnajn5TLPTP6Y+kBJxup/6/2+00wUodlId97wUFBeBzy4/6e1HyURX6atPXPk5mXob55l/kuor0+I7qQzwBUOrJD/k/sQfAmHrL8a7/loEMKd+AfoIKYCcAhZI3SN73ZHNP7nZFJ6fi1V5krYSU2U8kOp4A62MoPMKjQXfo6oU3xTk5+25JjrfJVWuYZLGc4npHKO8PEp9hLnCu8AK7RmutwA7RtnOzTeHgoghA3mM1ZcPR3xCaaxTSo3yEqd4+J1C4A585ThuTPoCgW7XnyYvb8WieCV6vujcNCNqeIwGnelPAIjySJyYtnhRo79NqVPT6FZsVf/nUlt3s17se/Sr7zawblRFW3y7KL3aQSh+vOXohJDgH9RXr0yH85kC5wvKbBQSHW+JFyW6h4BIHZOxx6069IbWKKlYjnvGqIZ6gLZT3TPSW/9o8h5fiPy+gjIq4SBSgOxn+8dN6o193+/Ux6HzOiS20iqCM9S3S8pL6gdiW2z+CWKFJbGAyZqFIDMZ9z5XKdPUARr9fAy9LAYij3G1ydh6rAmoK7LDVMJxy9E/4tnUvSP/ySBO3LwtoWqFgVHiBjCQziL4jsS4qT0r6XWCuwBDfpQkhvN8aCNN1plIBEi25WWhB4fnx7ej9kh2/ntBD9c/JodwIE2ZPTNQZOt00mQnKcTbzBiv/W84vVA32qVXpj6fc036/eiIcMmfG722woUQ1KmaHzyic/y+XqauktCUpOHYN/dBTigamtS2T0qkP4tUDCTfUcewUQTFYiY//vGcGyhaek9dsKbh3IWeFb8jn8ISFAjYD7/J/PlbBJNi6R3PJ/y24MmMo7KDgum/tVbaj+I0aAgTb3MlH2vSAg9KWVyDCcjDAHEgJaWXE8kZep/ak3aWZwtIVmcziIFNbnDoDrIZ6b9WyQPwAHZ2PHfYI+Shc7Tgc20xkY9USzubfuTAQgmqBuLC1swLzwb/L9sHZC144p/FBjT9pTW9IqU3f+j4cv0qUzf8vPfNls8qMvyCrJQCIzPKxhBd7tZZoB/kmGVqLOZb5RI6UCyrau1+kqDsMt+mA21kLgN4wdBoxnAfnq/tpeElcUt1NSgKho/64vRoD25ZogZXlhgbUOeQjHmReEl0xK2yukFroOM4ouSTh42e87QBiNv8NKgL1P4ZS8B65hBY6x1pW1hMqV9KHFjKg8zGv4gpT9tGBzRStdtPgBfuJwet46puMPS6kZarZjLBj9aVrsFM9vtByhomQmkb4NjKJGvrpsKrrqil7FVHKb61nu7eDATrNGjIgOfebOmT6WKZcasNsDPPPoBMHjnYih8GB0hhOkjV8szLWDMLL4xbMMUNGn1IJKtkhIZyJWMyXA==
MIME-Version: 1.0
X-OriginatorOrg: cs.auckland.ac.nz
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SY4PR01MB6251.ausprd01.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: bdca6c33-b0f7-49f7-4bf6-08db1f93920b
X-MS-Exchange-CrossTenant-originalarrivaltime: 08 Mar 2023 05:11:27.3611 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: d1b36e95-0d50-42e9-958f-b63fa906beaa
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: CE7KhvgxFQBsYuj6ATxPb+5BqX5Q3zSFCNWL+fqyFR6ARWaRtttN+FROpQ19T3tG6nrICHaLnsMbW/OSsbNYjohs/Rv4soMXgPcFpLj8UMk=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SY6PR01MB8443
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: cs.auckland.ac.nz
Content-Language: en-NZ
Content-Type: text/plain; charset="WINDOWS-1252"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/B899qaYyYG_Qw3D32Y7a7TQZUhw>
Subject: Re: [TLS] TLS 1.3 servers and psk_key_exchange_modes == [psk_ke]?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Mar 2023 05:11:34 -0000
Viktor Dukhovni <ietf-dane@dukhovni.org> writes: >The protocol specification needs to say something along the lines of: I'm not sure if this will work though. The PSK stuff is already the second biggest dog's breakfast in the spec (why are there two extensions used to communicate PSK information, with complex reconciliation rules needed between them?), full of special cases and exceptions and weird requirements (if the client asks for meat in pre_shared_key then the server must abort the handshake if it doesn't have red wine for its pre_shared_key unless the client has indicated it doesn't drink in its psk_key_exchange_modes or has negotiated a vegetarian option in signature_algorithms that will be used during the handshake or indicated they're vegan in signature_algorithms_cert), adding the list you've given just makes it an even more complex mess, assuming you can get implementations to both adopt it and get it right. I think a safer option moving forward is "scrap it and order a new one", just do an RFC with a new, single extension with unambiguous semantics that reintroduces the TLS classic session resumption, but done with TLS 1.3 mechanisms. In other words just a standalone psk_ke in a new extension with a description of "if the client sends this, use it". Peter.
- [TLS] TLS 1.3 servers and psk_key_exchange_modes … Viktor Dukhovni
- Re: [TLS] TLS 1.3 servers and psk_key_exchange_mo… Peter Gutmann
- Re: [TLS] TLS 1.3 servers and psk_key_exchange_mo… Viktor Dukhovni
- Re: [TLS] TLS 1.3 servers and psk_key_exchange_mo… Nick Harper
- Re: [TLS] TLS 1.3 servers and psk_key_exchange_mo… Viktor Dukhovni
- Re: [TLS] TLS 1.3 servers and psk_key_exchange_mo… Nick Harper
- Re: [TLS] TLS 1.3 servers and psk_key_exchange_mo… Viktor Dukhovni
- Re: [TLS] TLS 1.3 servers and psk_key_exchange_mo… Nick Harper
- Re: [TLS] TLS 1.3 servers and psk_key_exchange_mo… Peter Gutmann
- Re: [TLS] TLS 1.3 servers and psk_key_exchange_mo… Viktor Dukhovni
- Re: [TLS] TLS 1.3 servers and psk_key_exchange_mo… Peter Gutmann