Re: [TLS] I-D Action: draft-ietf-tls-ecdhe-psk-aead-00.txt

Sean Turner <sean@sn3rd.com> Mon, 11 July 2016 14:35 UTC

Return-Path: <sean@sn3rd.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3752C12D50D for <tls@ietfa.amsl.com>; Mon, 11 Jul 2016 07:35:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sn3rd.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aRxSFL1v_CNK for <tls@ietfa.amsl.com>; Mon, 11 Jul 2016 07:35:22 -0700 (PDT)
Received: from mail-qk0-x22a.google.com (mail-qk0-x22a.google.com [IPv6:2607:f8b0:400d:c09::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1EE6412D187 for <tls@ietf.org>; Mon, 11 Jul 2016 07:35:22 -0700 (PDT)
Received: by mail-qk0-x22a.google.com with SMTP id o67so28850960qke.1 for <tls@ietf.org>; Mon, 11 Jul 2016 07:35:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sn3rd.com; s=google; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=mJE8YUEfGtoTYoQcUI6lOm+mHpWT9OdBX5xKnoNDOz0=; b=d7G4e4TxVl0dGhuniDNu+KSgu9QkOgmJs1Y7C1OaO6XMxpZEX74SLkWnUQ782mSQkk b7KbchE+2xpDkKa/JCrNx2xKrZ4MLPLOjTw7KGflXREXCMFNe+LyHPa3lfdfYQeVTDzi BGG2piEByqVQ4H6V3KO3kWnD3Jx0K62tzFgl8=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=mJE8YUEfGtoTYoQcUI6lOm+mHpWT9OdBX5xKnoNDOz0=; b=mePuim36h4+x8Irdz4UkAr9anRvHLgMAFM8DKRyBMdBlqnHxOuH4v+RxkYXxISwEmL 4hzElUCaL23jsvqbEbOAXN59rQFdiR8+63oy1sCBeKwq2U3Fw5l1y+sLrj3mLzQN/ClK jmYFwGdTQVExpS0CbTXuncG9AgaQqW7f2G9hiSJoafrD+FIEYMD0XgyFUa9pUVYIwYXP 1TMYBXMYqXLFAeZuSF0hYf5c0+eEfSgr4ulTmxQMYbiytyVvuJgjBgy7E8drpDGFD53D Hst50DrNDSkc7+UddHjq413aWzm5riQ4ocOuX1BAmM8aWUKF6P02juV2e3JG/7J/aJv9 xK0g==
X-Gm-Message-State: ALyK8tI1ksf7VAwbjpf9So8oUnhW0/CQpJtSioGtjToqE7xs2tQiXRdUSMNPRGNdtnHnkQ==
X-Received: by 10.55.215.141 with SMTP id t13mr26224362qkt.31.1468247721316; Mon, 11 Jul 2016 07:35:21 -0700 (PDT)
Received: from [172.16.0.112] ([96.231.230.69]) by smtp.gmail.com with ESMTPSA id l32sm2901527qta.23.2016.07.11.07.35.20 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 11 Jul 2016 07:35:20 -0700 (PDT)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
From: Sean Turner <sean@sn3rd.com>
In-Reply-To: <880079020.470300.1468136219291.JavaMail.yahoo@mail.yahoo.com>
Date: Mon, 11 Jul 2016 10:35:18 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <D8740F7F-AA39-4CD7-8373-9E72B7DDB9D8@sn3rd.com>
References: <20160527171935.11166.82258.idtracker@ietfa.amsl.com> <880079020.470300.1468136219291.JavaMail.yahoo@mail.yahoo.com>
To: g_e_montenegro@yahoo.com
X-Mailer: Apple Mail (2.3124)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/D8b33LnwhWQmg22E7NvyaVUZO7k>
Cc: draft-ietf-dice-profile@ietf.org, "tls@ietf.org" <tls@ietf.org>, draft-ietf-tls-ecdhe-psk-aead@ietf.org
Subject: Re: [TLS] I-D Action: draft-ietf-tls-ecdhe-psk-aead-00.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Jul 2016 14:35:24 -0000

> On Jul 10, 2016, at 03:36, g_e_montenegro@yahoo.com wrote:
> 
> Hi,
> 
> I'm curious as to the relationship between this TLS WG draft and the DICE profile for IoT (currently in Auth48):
> https://tools.ietf.org/html/draft-ietf-dice-profile
> 
> The dice profile uses two TLS ciphershuites
> 
> TLS_PSK_WITH_AES_128_CCM_8             (defined in https://tools.ietf.org/html/rfc6655)
> 
> TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8     (defined in https://tools.ietf.org/html/rfc7251)
> 
> Notice that the DICE profile defines nothing (it has no IANA considerations). Instead, it reuses definitions established previously per the references above.
> 
> This draft-ietf-tls-ecdhe-psk-aeak  claims to also define IoT-friendly ciphersuites, for example, TLS_ECDHE_PSK_WITH_AES_128_CCM_8_SHA256 
> 
> However, it does not reference the DICE profile draft. 
> 
> What is the difference between these?

There’s might be a relationship between the DICE profile and this draft in the future.

The DICE draft profiles the existing set of cipher suites that are already defined for IoT; the complete list can be found here:
https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-4

draft-ietf-tls-ecdhe-psk-aead is adding more algorithms to that list.  The DICE profile can be updated later to include these newly defined cipher suites if that’s what the WG wants to do.

Make sense?

spt