Re: [TLS] TLS 1.3 multiple PSKs (was session tickets) from the client?
Jim Schaad <ietf@augustcellars.com> Fri, 11 May 2018 01:32 UTC
Return-Path: <ietf@augustcellars.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7180812E85B for <tls@ietfa.amsl.com>; Thu, 10 May 2018 18:32:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I_BMt4Gvspb7 for <tls@ietfa.amsl.com>; Thu, 10 May 2018 18:31:58 -0700 (PDT)
Received: from mail2.augustcellars.com (augustcellars.com [50.45.239.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 58B6012D7F0 for <tls@ietf.org>; Thu, 10 May 2018 18:31:58 -0700 (PDT)
Received: from Jude (73.180.8.170) by mail2.augustcellars.com (192.168.0.56) with Microsoft SMTP Server (TLS) id 15.0.1347.2; Thu, 10 May 2018 18:29:17 -0700
From: Jim Schaad <ietf@augustcellars.com>
To: 'Martin Thomson' <martin.thomson@gmail.com>, tls@ietf.org
References: <773A6343-2978-4195-BF53-B5253E3B9129@dukhovni.org> <CABkgnnXNnheqdRBO_h6XVK5uvr-qoM9_xSMq4EEH5CgKLWqabw@mail.gmail.com> <CABcZeBPqVTWaZ5pXBf66jt+2m0rXA6LoqaddQB8onvwjE+39QQ@mail.gmail.com> <71974FFA-DEA4-4C66-BDAE-FAD7BF46463B@dukhovni.org> <CABcZeBN1gF7gtQbxKg_5xs4DSimKR1Gf=-0Pm9=b1D_M6rSY3A@mail.gmail.com> <BBFEDE28-AC26-4748-9F49-8B6EBF12F1F1@dukhovni.org> <2AF454E0-48F4-4C98-855D-B4BB342E4C47@dukhovni.org> <45BA18DD-AD60-4D15-B757-3DB4C35C3B3D@dukhovni.org> <CABkgnnXUs-LNKS0MfoDpjg7c9gVEXGMeN+m8VYZrq5eBzapa4w@mail.gmail.com>
In-Reply-To: <CABkgnnXUs-LNKS0MfoDpjg7c9gVEXGMeN+m8VYZrq5eBzapa4w@mail.gmail.com>
Date: Thu, 10 May 2018 18:31:47 -0700
Message-ID: <011201d3e8c7$d54b63a0$7fe22ae0$@augustcellars.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQGTDf2ca+/EaVn+aDsMX+CPKYACLwJuW5tWASYjITgBgYDeggIqYyu6AWWoof4CFWKn0gJzK4rhAXRBdJqkNlyGUA==
Content-Language: en-us
X-Originating-IP: [73.180.8.170]
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/Bn8R4yV5p2Y6ajC_i-73rQPM9m8>
Subject: Re: [TLS] TLS 1.3 multiple PSKs (was session tickets) from the client?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 May 2018 01:32:00 -0000
After thinking about this for a while, I would expect that sending an external PSK w/ a ticket should be rare for those systems that are going to want to do privacy protection. Sending the external PSK would allow for association of sessions that should not happen with just the ticket. Jim > -----Original Message----- > From: TLS <tls-bounces@ietf.org> On Behalf Of Martin Thomson > Sent: Thursday, May 10, 2018 5:31 PM > To: <tls@ietf.org> <tls@ietf.org> > Subject: Re: [TLS] TLS 1.3 multiple PSKs (was session tickets) from the client? > > On Fri, May 11, 2018 at 9:08 AM Viktor Dukhovni <ietf-dane@dukhovni.org> > wrote: > > Should servers issue resumption tickets after an initial PSK handshake? > > And if so, should resumption be preferred for any reason when the client > > sends both a resumption ticket and the external PSK? > > I don't think that we can codify anything here, but the angle I approach this > from is in terms of what safeguards are placed on keys. > > Ticket keys are typically stored in volatile or temporary storage with their > relatively brief validity interval being the primary safeguard against theft. > That makes them easy to use, but they are consequently unusable over long > periods of time. > > If an external PSK has a need to be viable over longer periods, then perhaps > you want to use it less often. That might be to avoid having to load it into > memory and risk it being readable, or it might be because the controls on its > use are more onerous. For instance, some might require user input (for a > PIN or the like), or have a performance cost involved in access. > > All speculation, but there you go. > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls
- [TLS] TLS 1.3 multiple session tickets from the c… Viktor Dukhovni
- Re: [TLS] TLS 1.3 multiple session tickets from t… Martin Thomson
- Re: [TLS] TLS 1.3 multiple session tickets from t… Eric Rescorla
- Re: [TLS] TLS 1.3 multiple session tickets from t… Viktor Dukhovni
- Re: [TLS] TLS 1.3 multiple session tickets from t… Eric Rescorla
- Re: [TLS] TLS 1.3 multiple session tickets from t… Viktor Dukhovni
- Re: [TLS] TLS 1.3 multiple session tickets from t… Eric Rescorla
- Re: [TLS] TLS 1.3 multiple PSKs (was session tick… Viktor Dukhovni
- Re: [TLS] TLS 1.3 multiple session tickets from t… Jim Schaad
- Re: [TLS] TLS 1.3 multiple PSKs (was session tick… Viktor Dukhovni
- Re: [TLS] TLS 1.3 multiple PSKs (was session tick… Martin Thomson
- Re: [TLS] TLS 1.3 multiple PSKs (was session tick… Jim Schaad
- Re: [TLS] TLS 1.3 multiple session tickets from t… Nikos Mavrogiannopoulos
- Re: [TLS] TLS 1.3 multiple session tickets from t… Hubert Kario
- Re: [TLS] TLS 1.3 multiple PSKs (was session tick… Hubert Kario
- Re: [TLS] TLS 1.3 multiple session tickets from t… Ander Juaristi
- Re: [TLS] TLS 1.3 multiple session tickets from t… Nikos Mavrogiannopoulos