IETF Logo Mail Archive

Re: [TLS] TLS 1.3 multiple PSKs (was session tickets) from the client?

Jim Schaad <ietf@augustcellars.com> Fri, 11 May 2018 01:32 UTC

Return-Path: <ietf@augustcellars.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7180812E85B for <tls@ietfa.amsl.com>; Thu, 10 May 2018 18:32:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I_BMt4Gvspb7 for <tls@ietfa.amsl.com>; Thu, 10 May 2018 18:31:58 -0700 (PDT)
Received: from mail2.augustcellars.com (augustcellars.com [50.45.239.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 58B6012D7F0 for <tls@ietf.org>; Thu, 10 May 2018 18:31:58 -0700 (PDT)
Received: from Jude (73.180.8.170) by mail2.augustcellars.com (192.168.0.56) with Microsoft SMTP Server (TLS) id 15.0.1347.2; Thu, 10 May 2018 18:29:17 -0700
From: Jim Schaad <ietf@augustcellars.com>
To: 'Martin Thomson' <martin.thomson@gmail.com>, tls@ietf.org
References: <773A6343-2978-4195-BF53-B5253E3B9129@dukhovni.org> <CABkgnnXNnheqdRBO_h6XVK5uvr-qoM9_xSMq4EEH5CgKLWqabw@mail.gmail.com> <CABcZeBPqVTWaZ5pXBf66jt+2m0rXA6LoqaddQB8onvwjE+39QQ@mail.gmail.com> <71974FFA-DEA4-4C66-BDAE-FAD7BF46463B@dukhovni.org> <CABcZeBN1gF7gtQbxKg_5xs4DSimKR1Gf=-0Pm9=b1D_M6rSY3A@mail.gmail.com> <BBFEDE28-AC26-4748-9F49-8B6EBF12F1F1@dukhovni.org> <2AF454E0-48F4-4C98-855D-B4BB342E4C47@dukhovni.org> <45BA18DD-AD60-4D15-B757-3DB4C35C3B3D@dukhovni.org> <CABkgnnXUs-LNKS0MfoDpjg7c9gVEXGMeN+m8VYZrq5eBzapa4w@mail.gmail.com>
In-Reply-To: <CABkgnnXUs-LNKS0MfoDpjg7c9gVEXGMeN+m8VYZrq5eBzapa4w@mail.gmail.com>
Date: Thu, 10 May 2018 18:31:47 -0700
Message-ID: <011201d3e8c7$d54b63a0$7fe22ae0$@augustcellars.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQGTDf2ca+/EaVn+aDsMX+CPKYACLwJuW5tWASYjITgBgYDeggIqYyu6AWWoof4CFWKn0gJzK4rhAXRBdJqkNlyGUA==
Content-Language: en-us
X-Originating-IP: [73.180.8.170]
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/Bn8R4yV5p2Y6ajC_i-73rQPM9m8>
Subject: Re: [TLS] TLS 1.3 multiple PSKs (was session tickets) from the client?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 May 2018 01:32:00 -0000

After thinking about this for a while, I would expect that sending an
external PSK w/ a ticket should be rare for those systems that are going to
want to do privacy protection.  Sending the external PSK would allow for
association of sessions that should not happen with just the ticket.

Jim


> -----Original Message-----
> From: TLS <tls-bounces@ietf.org> On Behalf Of Martin Thomson
> Sent: Thursday, May 10, 2018 5:31 PM
> To: <tls@ietf.org> <tls@ietf.org>
> Subject: Re: [TLS] TLS 1.3 multiple PSKs (was session tickets) from the
client?
> 
> On Fri, May 11, 2018 at 9:08 AM Viktor Dukhovni <ietf-dane@dukhovni.org>
> wrote:
> >   Should servers issue resumption tickets after an initial PSK
handshake?
> >   And if so, should resumption be preferred for any reason when the
client
> >   sends both a resumption ticket and the external PSK?
> 
> I don't think that we can codify anything here, but the angle I approach
this
> from is in terms of what safeguards are placed on keys.
> 
> Ticket keys are typically stored in volatile or temporary storage with
their
> relatively brief validity interval being the primary safeguard against
theft.
> That makes them easy to use, but they are consequently unusable over long
> periods of time.
> 
> If an external PSK has a need to be viable over longer periods, then
perhaps
> you want to use it less often.  That might be to avoid having to load it
into
> memory and risk it being readable, or it might be because the controls on
its
> use are more onerous.  For instance, some might require user input (for a
> PIN or the like), or have a performance cost involved in access.
> 
> All speculation, but there you go.
> 
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls

v2.23.0 | Report a Bug | By Email