Re: [TLS] draft-tuexen-dtls-for-sctp-00.txt
Michael Tuexen <Michael.Tuexen@lurchi.franken.de> Mon, 28 August 2006 20:53 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1GHo6V-0008JI-Iz; Mon, 28 Aug 2006 16:53:07 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GHo6U-0008JC-CU for tls@ietf.org; Mon, 28 Aug 2006 16:53:06 -0400
Received: from stsc1260-eth-s1-s1p1-vip.va.neustar.com ([156.154.16.129] helo=chiedprmail1.ietf.org) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GHnZP-0003Wj-1f for tls@ietf.org; Mon, 28 Aug 2006 16:18:55 -0400
Received: from mail-n.franken.de ([193.175.24.27] helo=ilsa.franken.de) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1GHmeU-0005qH-O3 for tls@ietf.org; Mon, 28 Aug 2006 15:20:08 -0400
Received: from [192.168.1.3] (p5481FEBB.dip.t-dialin.net [84.129.254.187]) by ilsa.franken.de (Postfix) with ESMTP id 5EB06245D3; Mon, 28 Aug 2006 21:20:00 +0200 (CEST) (KNF account authenticated via SMTP-AUTH)
In-Reply-To: <AC1CFD94F59A264488DC2BEC3E890DE502580384@xmb-sjc-225.amer.cisco.com>
References: <AC1CFD94F59A264488DC2BEC3E890DE502580384@xmb-sjc-225.amer.cisco.com>
Mime-Version: 1.0 (Apple Message framework v752.2)
Content-Type: text/plain; charset="US-ASCII"; delsp="yes"; format="flowed"
Message-Id: <4572CCD5-382C-464B-A507-20D1084D6EAC@lurchi.franken.de>
Content-Transfer-Encoding: 7bit
From: Michael Tuexen <Michael.Tuexen@lurchi.franken.de>
Subject: Re: [TLS] draft-tuexen-dtls-for-sctp-00.txt
Date: Mon, 28 Aug 2006 21:19:59 +0200
To: Joseph Salowey <jsalowey@cisco.com>
X-Mailer: Apple Mail (2.752.2)
X-Spam-Score: -2.6 (--)
X-Scan-Signature: 386e0819b1192672467565a524848168
Cc: tls@ietf.org
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org
Hi Joe, (taking of the ADs from CC...) thank you very much for the pointer. I'll look into it. Best regards Michael On Aug 28, 2006, at 5:37 PM, Joseph Salowey (jsalowey) wrote: > Hi Michael, > > In the context of extended EAP keying material, we have been > looking at > the problem of deriving multiple keys from a single root in a > coordinated fashion to avoid conflicts. A similar approach may > work for > TLS. I'm not sure that it makes sense to use the same details such as > IANA registry or key derivation function, but it may. > > The current version of the draft is > http://www.ietf.org/internet-drafts/draft-salowey-eap-emsk- > deriv-01.txt. > Let me know if you have any questions. > > Cheers, > > Joe > >> -----Original Message----- >> From: Michael Tuexen [mailto:Michael.Tuexen@lurchi.franken.de] >> Sent: Monday, August 28, 2006 3:26 AM >> To: tls@ietf.org >> Cc: lars.eggert@netlab.nec.de; hartmans-ietf@mit.edu >> Subject: [TLS] draft-tuexen-dtls-for-sctp-00.txt >> >> Dear all, >> >> I would like to get some comments on draft-tuexen-dtls-for- >> sctp-00.txt. This includes >> >> - technical comments >> We would like to use the TLS master secret to generate an >> additional shared secret which >> we would use at the transport layer (SCTP) for SCTP-AUTH. >> It was already brought up, >> that this is a layer violation (but a nice one) and the >> risk would be that multiple >> instances would do this, then these multiple instances >> would use the same key material >> which is definitely bad. >> How should we progress here? From an implementation point >> of view I see only a limited >> risk here, because we will modify the TLS implementation >> to generate the additional >> material and would provide to to SCTP via a socket option. >> So there is NOT API to the >> TLS user involved. >> Another point was to have something like a registry for >> the material generated. This >> would avoid two instances to use the same material. What >> about this? Is this a good or >> bad idea? How can we achieve this, if it is a good idea? >> >> - procedural advises (Sam, Lars this is why you are CCed) >> Currently this document is an individual submission. How >> can it be progressed? Should >> it be taken to a WG? Which one? SCTP (including SCTP-AUTH) >> is handled in TSVWG and >> TLS is handled in the TLS WG. I'm not sure where DTLS was >> handled, if it was handled in >> any WG. >> >> I think having DTLS for SCTP is important because it is >> needed by anyone using SCTP with PR-SCTP or unordered >> delivery and wanting to have a TLS like security solution. >> IPFIX is one example. >> >> Best regards >> Michael >> >> >> >> >> _______________________________________________ >> TLS mailing list >> TLS@lists.ietf.org >> https://www1.ietf.org/mailman/listinfo/tls >> > _______________________________________________ TLS mailing list TLS@lists.ietf.org https://www1.ietf.org/mailman/listinfo/tls
- [TLS] draft-tuexen-dtls-for-sctp-00.txt Michael Tuexen
- RE: [TLS] draft-tuexen-dtls-for-sctp-00.txt Joseph Salowey (jsalowey)
- [TLS] Re: draft-tuexen-dtls-for-sctp-00.txt Sam Hartman
- Re: [TLS] draft-tuexen-dtls-for-sctp-00.txt Michael Tuexen
- RE: [TLS] draft-tuexen-dtls-for-sctp-00.txt Lakshminath Dondeti
- Re: [TLS] draft-tuexen-dtls-for-sctp-00.txt Eric Rescorla
- Re: [TLS] draft-tuexen-dtls-for-sctp-00.txt Lakshminath Dondeti
- Re: [TLS] draft-tuexen-dtls-for-sctp-00.txt Eric Rescorla