Re: [TLS] draft-housley-tls-tls13-cert-with-extern-psk
Nikos Mavrogiannopoulos <nmav@redhat.com> Mon, 23 April 2018 09:02 UTC
Return-Path: <nmav@redhat.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E8BFA127241 for <tls@ietfa.amsl.com>; Mon, 23 Apr 2018 02:02:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AP2hMO4pfbRd for <tls@ietfa.amsl.com>; Mon, 23 Apr 2018 02:02:03 -0700 (PDT)
Received: from mail-wr0-f170.google.com (mail-wr0-f170.google.com [209.85.128.170]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D1BBE120713 for <tls@ietf.org>; Mon, 23 Apr 2018 02:02:02 -0700 (PDT)
Received: by mail-wr0-f170.google.com with SMTP id v15-v6so20887812wrm.10 for <tls@ietf.org>; Mon, 23 Apr 2018 02:02:02 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:message-id:subject:from:to:date:in-reply-to :references:mime-version:content-transfer-encoding; bh=Ys1LlnAdhYV6zIWFwlGWtTthoIyF63M78ThC+PJ/qlM=; b=oxhGtLz/ovYz7GctpSwbHPvh0xkIboYkzUm80XuWELiRMnEzb6zc/8iomeWz4q/1gF A+f5mPlEP+riSVLeKlPrtL9rFJRIwOAoMWRLQFTvQG68jbDm6xxBOXmkVLnNyqhtqxLH H4rMqS3RdTqWPhpAeZSpOnksWXjofUebxM+fuGDASOsAuLn1ZLicScuS89h7RVXTV4MW nes4Mosx5QVxfV7TOlgqzbR76423tD1pg+sqlA/dAgdGA1XZDrSE6buY7iZLaQOQB7Y+ 8s1+f4IdJH4uxImIBfO+SUGMUPRLB5nLfGIHEDcnqqRHhW+yq1h5eXGx+8A2dIwdbN2c O0tA==
X-Gm-Message-State: ALQs6tBTF1Fg6GXDL/kEi2ChTlnF3RuQlpp4e68otEP2MEcttOGFsvyr K9FJIZdtU0laEjsmODZ7tZ+5y+sAvfU=
X-Google-Smtp-Source: AIpwx49YcI12oWgIQMGz5fd8Vpi9eRAuSabpR8Ko7vpeIqL/2DoFLNxAdM07efM6iVH7Pnvw20PczQ==
X-Received: by 10.28.46.208 with SMTP id u199mr8388714wmu.99.1524474121224; Mon, 23 Apr 2018 02:02:01 -0700 (PDT)
Received: from dhcp-10-40-1-102.brq.redhat.com (nat-pool-brq-t.redhat.com. [213.175.37.10]) by smtp.gmail.com with ESMTPSA id u138sm10662088wmu.24.2018.04.23.02.02.00 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Mon, 23 Apr 2018 02:02:00 -0700 (PDT)
Message-ID: <1524474119.4793.7.camel@redhat.com>
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
To: Russ Housley <housley@vigilsec.com>, IETF TLS <tls@ietf.org>
Date: Mon, 23 Apr 2018 11:01:59 +0200
In-Reply-To: <797D67EC-9390-47CD-BD6A-75E34E5FE33F@vigilsec.com>
References: <797D67EC-9390-47CD-BD6A-75E34E5FE33F@vigilsec.com>
Content-Type: text/plain; charset="UTF-8"
X-Mailer: Evolution 3.26.6 (3.26.6-1.fc27)
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/GWcZLa60WaCSCPJdV-isKuBmrb4>
Subject: Re: [TLS] draft-housley-tls-tls13-cert-with-extern-psk
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Apr 2018 09:02:05 -0000
On Wed, 2018-04-18 at 12:25 -0400, Russ Housley wrote: > In London, I was on the agenda to talk about certificate-based > authentication with external pre-shared key (PSK). We ran out of > time, and I did not get to make the presentation. The slides are in > the proceedings; see https://datatracker.ietf.org/meeting/101/materia > ls/slides-101-tls-sessa-certificate-based-authentication-with- > external-psk-00. > > Please review the document and send comments to the list. > > I would like the TLS WG to adopt this document. In the presentation the main driver for it seems to be quantum computer resistance as temporary measure. If that's the main argument I don't think it is really significant. PSK can hardly be used with PKI, and as a matter of fact we use PKI because of PSK key distribution problems. If we switch to PSK for quantum computer resistance there is there a reason to use PKI? Probably no (I may be wrong here, if there is a reason for a hubrid model I'm missing, I'd be glad to know). I could see the main driver for such proposal the replacement of the RSA-PSK ciphersuites. I know they have _some_ adoption, but I'm not sure whether that is significant to require update to TLS1.3. On the implementation side, why not use post-handshake authentication here? I.e., extend it to be usable from client-side, and on a PSK key exchange, have the client request server authentication after the handshake? regards, Nikos
- [TLS] draft-housley-tls-tls13-cert-with-extern-psk Russ Housley
- Re: [TLS] draft-housley-tls-tls13-cert-with-exter… Nikos Mavrogiannopoulos
- Re: [TLS] draft-housley-tls-tls13-cert-with-exter… Russ Housley
- Re: [TLS] draft-housley-tls-tls13-cert-with-exter… Nikos Mavrogiannopoulos
- Re: [TLS] draft-housley-tls-tls13-cert-with-exter… Russ Housley