IETF Logo Mail Archive

[TLS] Binder key labels for imported PSKs

"Christopher Wood" <caw@heapingbits.net> Mon, 02 September 2019 23:29 UTC

Return-Path: <caw@heapingbits.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DBB4C12007C for <tls@ietfa.amsl.com>; Mon, 2 Sep 2019 16:29:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=heapingbits.net header.b=O/9mua5E; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=JCCgen3n
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ri_F_7MjU0AG for <tls@ietfa.amsl.com>; Mon, 2 Sep 2019 16:29:49 -0700 (PDT)
Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 010611200A4 for <TLS@ietf.org>; Mon, 2 Sep 2019 16:29:48 -0700 (PDT)
Received: from compute6.internal (compute6.nyi.internal [10.202.2.46]) by mailout.nyi.internal (Postfix) with ESMTP id 032CB21E44 for <TLS@ietf.org>; Mon, 2 Sep 2019 19:29:47 -0400 (EDT)
Received: from imap4 ([10.202.2.54]) by compute6.internal (MEProxy); Mon, 02 Sep 2019 19:29:48 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=heapingbits.net; h=mime-version:message-id:date:from:to:subject:content-type; s= fm2; bh=y/FjKOtt3Ve7qcBJZ6EEoE7ssDjufYH2MMnROCxKMh8=; b=O/9mua5E rYqKnw7RJxua7vLLtyI0bMUOsGRmOxn0RXWetjyAZRY9uxoJFaSY5AOv2slVjN0m m69NB5nlTdnnKpyfFw3dPJUrQ8aQjX2+hm+OaqYaRZoB+cz6fUyrqFReW7Wyl0aF t1isIOdT9FnBW4r2+nVAu2wsVvBA2woFvFeKx/99vjmxspt/+ub24UPMtx9kdOgm pShsZhNQ0+cSfUhgADcOkPd0RHZLJMJfOVyirfFMXA904HKy+uNNKS196YwkuN2j o/H0xHJejg252fO9zKwdwBI6d71UBF4aiGDJ6SA3kEfvCW3MbgppLRkwOi5CQBSo Tdgkxl7Oi+eqKw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:message-id :mime-version:subject:to:x-me-proxy:x-me-proxy:x-me-sender :x-me-sender:x-sasl-enc; s=fm3; bh=y/FjKOtt3Ve7qcBJZ6EEoE7ssDjuf YH2MMnROCxKMh8=; b=JCCgen3nP2fpiCDlaeMfNg9xOGa7fwVeOaD5jScqnDzKe tf9ThC+2pJKUs+Z7rHahSsZPxMNhHvUYWwgHbLv853v5cY5UyqbGO1XxYD5DfyIa Bru9x+8IDUKw43YIP8qOQGxbwGIHl3uGvbDdQNgQhiDJrFakCXodGFbGcJG9niLF D1TobDXDUyrdD0iRIoGSc46LH8ydVqqcdz2szGuZm4ATglRvyS9UViJ9mgva2njC oq6bXMFx8OzgfDR97IL17otWdW08eatV3UnueKw7oF1Y4hVtqrhZEBHjuqAkCEeB 4GkFzItKLKYkkjXiaAEDpMdGtyIWy3OuHYJf6YB4w==
X-ME-Sender: <xms:66VtXX0KvN8RFfkTnfKFUUefN7frStoa5I1_fCfVvd9B6_PIfbts3Q>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduvddrudejuddgvddvucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefofgggkfffhffvufgtsehttdertd erredtnecuhfhrohhmpedfvehhrhhishhtohhphhgvrhcuhghoohgufdcuoegtrgifsehh vggrphhinhhgsghithhsrdhnvghtqeenucffohhmrghinhepghhithhhuhgsrdgtohhmne curfgrrhgrmhepmhgrihhlfhhrohhmpegtrgifsehhvggrphhinhhgsghithhsrdhnvght necuvehluhhsthgvrhfuihiivgeptd
X-ME-Proxy: <xmx:66VtXTqh_DDWBajJPzoZq6xn9BXKhu47l1jzF8iMfnVLL47jMgmbKA> <xmx:66VtXeUvklC2rGrURBggdzD1K_6c08NLFxNPkIirKSDzRoTtvvBBxA> <xmx:66VtXeb2Fqq8xEE27_TLyy5bRsJAB5AK5tDytV8hN4Z-UUODS5dhfA> <xmx:66VtXXFjWr3F6bWV7PGkgw0xAW3tOx2rQExSV38LcAVESjQnp71ryw>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 6CECF3C00A1; Mon, 2 Sep 2019 19:29:47 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.1.7-154-gfa7592a-fmstable-20190829v1
Mime-Version: 1.0
Message-Id: <be3e3ff3-9561-46a2-a849-382abc847b2a@www.fastmail.com>
Date: Mon, 02 Sep 2019 16:29:25 -0700
From: Christopher Wood <caw@heapingbits.net>
To: "TLS@ietf.org" <TLS@ietf.org>
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/D7VEcn0itiBlN5-G8UGyfQ_rToo>
Subject: [TLS] Binder key labels for imported PSKs
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Sep 2019 23:29:52 -0000

Hi folks,


Per Jonathan Hoyland's recommendation, we're considering adding a new binder_key label ("imp binder") for imported PSKs. Specifically, this changes the key schedule from this:

~~~
              0
              |
              v
    PSK ->  HKDF-Extract = Early Secret
              |
              +-----> Derive-Secret(., "ext binder" | "res binder", "")
              |                     = binder_key
~~~

to this:

~~~
              0
              |
              v
    PSK ->  HKDF-Extract = Early Secret
              |
              +-----> Derive-Secret(., "ext binder"
              |                      | "res binder"
              |                      | "imp binder", "")
              |                     = binder_key
 ~~~

Details can be found in the PR [1]. 

This does not seem to affect the interoperability story (imported keys are further differentiated from non-imported keys). However, it's non trivial, so we'd like feedback from the group before merging the change.

Thanks!
Chris (no hat)

[1] https://github.com/tlswg/draft-ietf-tls-external-psk-importer/pull/10

v2.23.0 | Report a Bug | By Email