Re: [TLS] Last Call: draft-ietf-tls-extractor (Keying Material Exporters for Transport Layer Security (TLS)) to Proposed Standard

Erick O <ericko0@yahoo.com> Fri, 18 September 2009 14:53 UTC

Return-Path: <ericko0@yahoo.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7966C3A6AD2 for <tls@core3.amsl.com>; Fri, 18 Sep 2009 07:53:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.54
X-Spam-Level:
X-Spam-Status: No, score=-2.54 tagged_above=-999 required=5 tests=[AWL=0.058, BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mes1WOLNYpa7 for <tls@core3.amsl.com>; Fri, 18 Sep 2009 07:53:08 -0700 (PDT)
Received: from web45501.mail.sp1.yahoo.com (web45501.mail.sp1.yahoo.com [68.180.197.53]) by core3.amsl.com (Postfix) with SMTP id 5F9293A67CC for <tls@ietf.org>; Fri, 18 Sep 2009 07:53:08 -0700 (PDT)
Received: (qmail 65610 invoked by uid 60001); 18 Sep 2009 14:47:23 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1253285243; bh=4BIIQUCzvA8in1NVdc/UYog1jT74LuWmSSih+UVoM/Y=; h=Message-ID:X-YMail-OSG:Received:X-Mailer:References:Date:From:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=RTIRPv9FqrgTpM1VN0HKTeOq1mPq6QLfaeaXrG8fGd7jgUzOxZywe699+XN5v2GxOoCc9mwosAiWU4mp4bBVH4WuWSnDaAJt8llobTblGJRocAnABl/TYZrrYTt8jSv3wxFO6yK/UCdUvxkJHkeBWzUurw/xJVkPT7jdbMrbrZo=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:X-YMail-OSG:Received:X-Mailer:References:Date:From:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=jzcyZi1e6VCF3gqZByc/GDaFl4hHafcvHP9OzzZrje/9vQeWcI/X3TASgKOHG5bnovsHrjKklvsUXftjYiIH4p6MwcMxdrbmrpqpwrYJlL/IbESeplkhoy51MvyAGnGJ7vg/9KnJw6XttnVa6Wx8QH/0hWjqaqPbclhAWu0XdsI=;
Message-ID: <997098.63763.qm@web45501.mail.sp1.yahoo.com>
X-YMail-OSG: D4wXqxgVM1meQ.DQebqpTl29vJS9rVl_uiVF8PcqZ8Fp0brNwBEdW6GdbjRCAilRoM4SoUOVyNDxFG8ODRM6LeMvpZKMANorGq.ySby9G1N4vWMO6j7QDhC_pd2SFJGWygBZtpHg_6sJMJ38TshafWtXIrL5nwRtrXtScA3dqz9P9x98Wd0J3cCouBzOEUlRU2aZwPMcmxvwid8pZZkHykiCwp7YeqlMnSw11sQSWxDaci65Fw--
Received: from [68.106.217.192] by web45501.mail.sp1.yahoo.com via HTTP; Fri, 18 Sep 2009 07:47:22 PDT
X-Mailer: YahooMailRC/157.18 YahooMailWebService/0.7.347.2
References: <20090720164816.328D928C1C8@core3.amsl.com> <10B26916-E4EC-4678-B35E-0C09D58E4169@stebila.ca>
Date: Fri, 18 Sep 2009 07:47:22 -0700
From: Erick O <ericko0@yahoo.com>
To: Douglas Stebila <douglas@stebila.ca>, IETF Discussion <ietf@ietf.org>
In-Reply-To: <10B26916-E4EC-4678-B35E-0C09D58E4169@stebila.ca>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="0-945837849-1253285242=:63763"
Cc: tls@ietf.org
Subject: Re: [TLS] Last Call: draft-ietf-tls-extractor (Keying Material Exporters for Transport Layer Security (TLS)) to Proposed Standard
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Sep 2009 14:53:08 -0000





________________________________
From: Douglas Stebila <douglas@stebila.ca>
To: IETF Discussion <ietf@ietf.org>
Cc: tls@ietf.org
Sent: Tuesday, July 21, 2009 1:32:21 AM
Subject: Re: [TLS] Last Call: draft-ietf-tls-extractor (Keying Material Exporters for Transport Layer Security (TLS)) to Proposed Standard

I have implemented draft-ietf-tls-extractor-06 in the TLS v1.0 implementation in OpenSSL.  I found the draft easy to implement with no ambiguities or concerns.  I believe that the functionality provided by the draft will be extremely valuable for building application-level security protocols and encourage its standardization.

It is my interpretation of the draft that it can be implemented in any version of TLS, not just TLS v1.2.  Obviously the derived key may be different if the underlying TLS PRF is defined differently (as it is for TLS v1.2), but the draft is still well-defined for previous versions of TLS.

For those interested in the OpenSSL implementation, I have posted a page on my website with the patch.
    http://www.douglas.stebila.ca/code/keying-material-exporters/
In addition to a patch for OpenSSL, I have also done patches to Apache and PHP to expose a PHP function that allows a PHP application to derive keying material from the underlying TLS connection according to the draft specification.

Douglas

On 2009-Jul-21, at 2:48 AM, The IESG wrote:

> The IESG has received a request from the Transport Layer Security WG
> (tls) to consider the following document:
> 
> - 'Keying Material Exporters for Transport Layer Security (TLS) '
>  <draft-ietf-tls-extractor-06.txt> as a Proposed Standard
> 
> The IESG plans to make a decision in the next few weeks, and solicits
> final comments on this action.  Please send substantive comments to the
> ietf@ietf.org mailing lists by 2009-08-10. Exceptionally,
> comments may be sent to iesg@ietf.org instead. In either case, please
> retain the beginning of the Subject line to allow automated sorting.
> 
> The file can be obtained via
> http://www.ietf.org/internet-drafts/draft-ietf-tls-extractor-06.txt
> 
> 
> IESG discussion can be tracked via
> https://datatracker.ietf.org/public/pidtracker.cgi?command=view_id&dTag=16821&rfc_flag=0
> 
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls

_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls