Re: [TLS] draft-jay-tls-psk-identity-extension-01
David Woodhouse <dwmw2@infradead.org> Wed, 21 September 2016 20:33 UTC
Return-Path: <BATV+2953c840cc985df65dd1+4777+infradead.org+dwmw2@bombadil.srs.infradead.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8B85812BCB7 for <tls@ietfa.amsl.com>; Wed, 21 Sep 2016 13:33:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.516
X-Spam-Level:
X-Spam-Status: No, score=-6.516 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-2.316] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bMwgb48lwm3j for <tls@ietfa.amsl.com>; Wed, 21 Sep 2016 13:33:20 -0700 (PDT)
Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2001:1868:205::9]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 688CA12BE4D for <tls@ietf.org>; Wed, 21 Sep 2016 13:33:20 -0700 (PDT)
Received: from [2001:8b0:10b:1:841b:5eff:0:f69] (helo=shinybook.infradead.org) by bombadil.infradead.org with esmtpsa (Exim 4.85_2 #1 (Red Hat Linux)) id 1bmoCg-00071F-Dc; Wed, 21 Sep 2016 20:33:14 +0000
Message-ID: <1474489991.30494.5.camel@infradead.org>
From: David Woodhouse <dwmw2@infradead.org>
To: Ilari Liusvaara <ilariliusvaara@welho.com>
Date: Wed, 21 Sep 2016 21:33:11 +0100
In-Reply-To: <20160921200022.GA14520@LK-Perkele-V2.elisa-laajakaista.fi>
References: <1474098807.2070.10.camel@gmail.com> <1474270465.144982.206.camel@infradead.org> <FDFEA8C9B9B6BD4685DCC959079C81F5E18F6DA9@BLREML509-MBX.china.huawei.com> <1474485375.24595.250.camel@infradead.org> <20160921200022.GA14520@LK-Perkele-V2.elisa-laajakaista.fi>
Content-Type: multipart/signed; micalg="sha-256"; protocol="application/x-pkcs7-signature"; boundary="=-eH5uQmru0K1tt6PeDbcL"
X-Mailer: Evolution 3.18.5.2 (3.18.5.2-1.fc23)
Mime-Version: 1.0
X-SRS-Rewrite: SMTP reverse-path rewritten from <dwmw2@infradead.org> by bombadil.infradead.org. See http://www.infradead.org/rpr.html
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/E9wg_XaNJFoZCSvzpljDQmgWqMc>
Cc: "tls@ietf.org" <tls@ietf.org>, Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>, "jayaraghavendran@gmail.com" <jayaraghavendran@gmail.com>
Subject: Re: [TLS] draft-jay-tls-psk-identity-extension-01
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Sep 2016 20:33:21 -0000
On Wed, 2016-09-21 at 23:00 +0300, Ilari Liusvaara wrote: > On Wed, Sep 21, 2016 at 08:16:15PM +0100, David Woodhouse wrote: > > > > On Wed, 2016-09-21 at 17:46 +0000, Raja ashok wrote: > > > > > > > > [ashok] : I feel sending the selected ID is better, otherwise while > > > process "server hello" msg, client has to maintain the PSK ID list in > > > the same order in which it sent. Already there was a discussion in > > > TLS1.3 group for sending selected ID instead of index. > > There is also discussion of supporting only a *single* PSK identity in > > TLSv1.3. If that happens, is there a real need for the extension to > > permit more than one identity in TLS <= 1.2. > Is the intended usecase some "IoT"/"embedded" devices? If so, I think > this is *extremely* bad idea. > > Those things tend to have very long lifespans, so one shouldn't put > one out except with cutting-edge stuff. Anything less, and there is > substantial risk of it going bad during lifetime. > > It would be possible to retrofit an extension to do multiple identites > at once into TLS 1.3 even if baseline TLS 1.3 allows only one, altough > implementing it probably will not be pleasant.[1] Typically I would expect that a given IoT client would still support only one form of PSK, and offer one identifier. The update model would be that the server accepts *either* the old or the new keys, and clients are slowly upgraded to offer the latter. But still only one at a time? > [1] E.g. altering hello_finished to be a list, one entry for each > identity, or omitting it entierely for "implicit finished with the > used 0-RTT key before ServerHello" trick I outlined earlier. > > (Neither is probably pleasant to implement... The latter is probably > easier if the library architecture is suitable). I had also suggested including a hello_finished only for the first (preferred) PSK identity. If the server doesn't want that one, it can send a HelloRetryRequest with a PreSharedKeyExtension indicating which PSK identity it *does* want. Or did I miss a reason why that wasn't sufficient and *each* ClientHello needed to be validated? I confess I've only been looking at this for the last day or so. -- dwmw2
- Re: [TLS] draft-jay-tls-psk-identity-extension-01 Raja ashok
- Re: [TLS] draft-jay-tls-psk-identity-extension-01 David Woodhouse
- Re: [TLS] draft-jay-tls-psk-identity-extension-01 Ilari Liusvaara
- Re: [TLS] draft-jay-tls-psk-identity-extension-01 David Woodhouse
- Re: [TLS] draft-jay-tls-psk-identity-extension-01 Eric Rescorla
- Re: [TLS] draft-jay-tls-psk-identity-extension-01 Ilari Liusvaara
- Re: [TLS] draft-jay-tls-psk-identity-extension-01 David Woodhouse
- Re: [TLS] draft-jay-tls-psk-identity-extension-01 Eric Rescorla
- Re: [TLS] draft-jay-tls-psk-identity-extension-01 David Woodhouse
- Re: [TLS] draft-jay-tls-psk-identity-extension-01 Raja ashok