Re: [TLS] Fwd: Benjamin Kaduk's Discuss on draft-ietf-emu-eap-tls13-13: (with DISCUSS and COMMENT)
Benjamin Kaduk <kaduk@mit.edu> Tue, 05 January 2021 05:44 UTC
Return-Path: <kaduk@mit.edu>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6B79B3A1018; Mon, 4 Jan 2021 21:44:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.92
X-Spam-Level:
X-Spam-Status: No, score=-1.92 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nuMMhABKpg2X; Mon, 4 Jan 2021 21:43:58 -0800 (PST)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6651E3A1016; Mon, 4 Jan 2021 21:43:57 -0800 (PST)
Received: from kduck.mit.edu ([24.16.140.251]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id 1055hppi005611 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 5 Jan 2021 00:43:56 -0500
Date: Mon, 04 Jan 2021 21:43:51 -0800
From: Benjamin Kaduk <kaduk@mit.edu>
To: Martin Thomson <mt@lowentropy.net>
Cc: tls@ietf.org, emu@ietf.org
Message-ID: <20210105054351.GQ93151@kduck.mit.edu>
References: <160815821055.25925.15897627611548078426@ietfa.amsl.com> <20201216223842.GR64351@kduck.mit.edu> <0f2b05db-5c98-43d4-aae3-cf620814bacc@www.fastmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <0f2b05db-5c98-43d4-aae3-cf620814bacc@www.fastmail.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/G_HHypZTlWITCxLG4Fwm4w_zrHs>
Subject: Re: [TLS] Fwd: Benjamin Kaduk's Discuss on draft-ietf-emu-eap-tls13-13: (with DISCUSS and COMMENT)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Jan 2021 05:44:00 -0000
On Mon, Jan 04, 2021 at 02:44:01PM +1100, Martin Thomson wrote: > > I would instead either prohibit the use of application data outright or say that it carries no semantics unless otherwise negotiated. The current design has the effect of rendering application data unusable, so perhaps the former is best. The "rendering application data unusable" bit is something that bothered me a lot as well. While banning application data is okay for EAP-TLS itself (AIUI), the document implies that other TLS-based EAP mechanisms do need to convey application data, and I think that the responsible thing to do is ensure that the machinery we use here would be compatible with those other EAP mechanisms with no, or only minimal, changes. > # Key Schedule > > The other thing I observe is the way that this slices up the exporter output. This was something that old versions of TLS did, but TLS 1.3 did away with. Though RFC 5216 did this, EAP-TLS for TLS 1.3 doesn't need to. This could - and should - do the same. All it means is having more exporter labels. > > I appreciate that this uses exporters now rather than abusing the internal PRF. That's good. The next step is to dispense with the intermediate values (Key_Material, MSK, EMSK, IV) and all the slicing that occurs and use the TLS exporter for each of the six values that the protocol requires. I also note that the 0x0D value is used multiple times, unnecessarily, both as a context strong to the exporter and as a prefix to the session ID. I think Alan explained the dual purpose of the Type-Code here. (I myself had missed the connection of where the 0x0d value came from, and a reference for that seems like it would be helpful, as setting up this machinery for reuse by other mechanisms in a way that provides key separation.) -Ben
- [TLS] Fwd: Benjamin Kaduk's Discuss on draft-ietf… Benjamin Kaduk
- Re: [TLS] Fwd: Benjamin Kaduk's Discuss on draft-… Martin Thomson
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Joseph Salowey
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Martin Thomson
- Re: [TLS] Fwd: Benjamin Kaduk's Discuss on draft-… Mohit Sethi M
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Alan DeKok
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Eric Rescorla
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Alan DeKok
- Re: [TLS] Fwd: Benjamin Kaduk's Discuss on draft-… Martin Thomson
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Alan DeKok
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Martin Thomson
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Benjamin Kaduk
- Re: [TLS] Fwd: Benjamin Kaduk's Discuss on draft-… Benjamin Kaduk
- Re: [TLS] Fwd: Benjamin Kaduk's Discuss on draft-… Benjamin Kaduk
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Joseph Salowey
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Mohit Sethi M
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Mohit Sethi M
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Alan DeKok
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Alan DeKok
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Salz, Rich
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Michael Richardson
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Alan DeKok
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Mohit Sethi M
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Alan DeKok
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Joseph Salowey
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Benjamin Kaduk
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Michael Richardson
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Joseph Salowey
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Alan DeKok
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Benjamin Kaduk
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Martin Thomson
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Mohit Sethi M
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Mohit Sethi M
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Martin Thomson
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Mohit Sethi M
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Joseph Salowey
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Alan DeKok
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Martin Thomson
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Alan DeKok
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Alan DeKok
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Jorge Vergara
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … John Mattsson
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Alan DeKok
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Alan DeKok
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Jorge Vergara
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Benjamin Kaduk
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Alan DeKok
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Mohit Sethi M
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Alan DeKok
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Joseph Salowey
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Joseph Salowey
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Jorge Vergara
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Alan DeKok
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Alan DeKok
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Benjamin Kaduk
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Benjamin Kaduk
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Benjamin Kaduk
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Joseph Salowey
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Peter Gutmann
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Benjamin Kaduk
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Alan DeKok
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Alan DeKok
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Eric Rescorla
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Salz, Rich
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Alan DeKok
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Eric Rescorla
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Alan DeKok
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Eric Rescorla
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Benjamin Kaduk
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Joseph Salowey
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Alan DeKok
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Joseph Salowey
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Jorge Vergara
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Alan DeKok
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Alan DeKok
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Joseph Salowey
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Alan DeKok
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Alan DeKok
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Joseph Salowey
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Benjamin Kaduk
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Benjamin Kaduk
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Joseph Salowey
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … John Mattsson
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Eric Rescorla
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … Eric Rescorla
- Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on … John Mattsson