Re: [TLS] Regarding the identity bidding issue when using raw public key with TLS
Wang Haiguang <wang.haiguang.shieldlab@huawei.com> Mon, 16 July 2018 15:46 UTC
Return-Path: <wang.haiguang.shieldlab@huawei.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 438D0130EB0 for <tls@ietfa.amsl.com>; Mon, 16 Jul 2018 08:46:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RfHi-g6dtIR5 for <tls@ietfa.amsl.com>; Mon, 16 Jul 2018 08:46:01 -0700 (PDT)
Received: from huawei.com (lhrrgout.huawei.com [185.176.76.210]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2006D130FF1 for <tls@ietf.org>; Mon, 16 Jul 2018 08:46:01 -0700 (PDT)
Received: from lhreml707-cah.china.huawei.com (unknown [172.18.7.106]) by Forcepoint Email with ESMTP id C201897486BB for <tls@ietf.org>; Mon, 16 Jul 2018 16:45:56 +0100 (IST)
Received: from SINEML701-CAH.china.huawei.com (10.223.161.51) by lhreml707-cah.china.huawei.com (10.201.108.48) with Microsoft SMTP Server (TLS) id 14.3.399.0; Mon, 16 Jul 2018 16:45:58 +0100
Received: from SINEML521-MBX.china.huawei.com ([169.254.1.215]) by SINEML701-CAH.china.huawei.com ([169.254.245.173]) with mapi id 14.03.0382.000; Mon, 16 Jul 2018 23:45:53 +0800
From: Wang Haiguang <wang.haiguang.shieldlab@huawei.com>
To: "<tls@ietf.org>" <tls@ietf.org>
Thread-Topic: [TLS] Regarding the identity bidding issue when using raw public key with TLS
Thread-Index: AdQZwdlVj/TBP8f2Sb2VA3i7V7Seh///qsuA//438UD//Fb5wP/4rAbQ//FXLFD/4q2/gP/FWrmw/4mgufv/EhiugP4hS5IK
Date: Mon, 16 Jul 2018 15:45:52 +0000
Message-ID: <0AE05CBFB1A6A0468C8581DAE58A31309E0BF8C5@SINEML521-MBX.china.huawei.com>
References: <0AE05CBFB1A6A0468C8581DAE58A31309E0B122F@SINEML521-MBX.china.huawei.com> <20180712121729.GA3925@LK-Perkele-VII> <0AE05CBFB1A6A0468C8581DAE58A31309E0B16F3@SINEML521-MBX.china.huawei.com> <0AE05CBFB1A6A0468C8581DAE58A31309E0B5E73@SINEML521-MBS.china.huawei.com>, <20180715032625.GQ14551@akamai.com>
In-Reply-To: <20180715032625.GQ14551@akamai.com>
Accept-Language: en-SG, en-US
Content-Language: en-SG
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.124.182.191]
Content-Type: text/plain; charset="iso-2022-jp"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/GajaMpyXqqMWsfIOS_rvdNLUbCs>
Subject: Re: [TLS] Regarding the identity bidding issue when using raw public key with TLS
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Jul 2018 15:46:03 -0000
Dear Benjamin, See my comments below. ________________________________________ From: Benjamin Kaduk [bkaduk@akamai.com] Sent: Sunday, 15 July, 2018 11:26:25 AM To: Wang Haiguang Cc: <tls@ietf.org> Subject: Re: [TLS] Regarding the identity bidding issue when using raw public key with TLS On Sat, Jul 14, 2018 at 01:44:28AM +0000, Wang Haiguang wrote: > Dear ilari, > > Thanks very much for the reply :-). Please see my comments inline below. > > -----Original Message----- > From: ilariliusvaara@welho.com [mailto:ilariliusvaara@welho.com] > Sent: Thursday, July 12, 2018 8:17 PM > To: Wang Haiguang <wang.haiguang.shieldlab@huawei.com> > Cc: <tls@ietf.org> <tls@ietf.org> > Subject: Re: [TLS] Regarding the identity bidding issue when using raw public key with TLS > > On Thu, Jul 12, 2018 at 09:30:40AM +0000, Wang Haiguang wrote: > > Can anyone give us some comments regarding using IBC as raw public key > > for TLS for massive IoT authentication? > > I do not think there is any way currently to do that. The only defined signature algorithms are ([*] means removed from TLS 1.3): > > - RSA PKCS#1 v1.5[*] > - DSA[*] > - ECDSA > - EdDSA2 (Ed25519 and Ed448) > > These are also the only algorithms that can be used with raw public key authentication. None of these is IBC algorithm.. > > Also, the way the raw public keys work is the same in both TLS 1.2 and > 1.3 (the precise messages are different, but it still works the same). > > [HG-1] Yes. With TLS-1.3, IBC algorithm is not supported at the moment. So we hope that we can develop a separate RFC based on 1.3 and support IBC for massive IoT usage scenarios only? > RFC 6507 specifies an IBC signature method based on ECC, it is similar to ECDSA. We can start with that first. Writing an internet-draft that specifies IBC signatures for TLS 1.3 is the first step, but in principle such usage would not need to be limited to "massive IoT usage scenarios only". [HG-2] Yes. IBC can be used for other scenarios also. We are happy to extend the usage scenarios also. --Haiguang
- [TLS] Regarding the identity bidding issue when u… Wang Haiguang
- Re: [TLS] Regarding the identity bidding issue wh… Ilari Liusvaara
- Re: [TLS] Regarding the identity bidding issue wh… Wang Haiguang
- Re: [TLS] Regarding the identity bidding issue wh… Benjamin Kaduk
- Re: [TLS] Regarding the identity bidding issue wh… Wang Haiguang