Re: [TLS] An IETF draft on TLS based on ECCSI public key (RFC 6507)

Ilari Liusvaara <ilariliusvaara@welho.com> Fri, 07 July 2017 19:52 UTC

Return-Path: <ilariliusvaara@welho.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3C3B9131552 for <tls@ietfa.amsl.com>; Fri, 7 Jul 2017 12:52:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Dn4AWf_KkPVj for <tls@ietfa.amsl.com>; Fri, 7 Jul 2017 12:52:02 -0700 (PDT)
Received: from welho-filter2.welho.com (welho-filter2.welho.com [83.102.41.24]) by ietfa.amsl.com (Postfix) with ESMTP id 6242A12EBF9 for <tls@ietf.org>; Fri, 7 Jul 2017 12:52:01 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by welho-filter2.welho.com (Postfix) with ESMTP id 034E420B14; Fri, 7 Jul 2017 22:52:00 +0300 (EEST)
X-Virus-Scanned: Debian amavisd-new at pp.htv.fi
Received: from welho-smtp3.welho.com ([IPv6:::ffff:83.102.41.86]) by localhost (welho-filter2.welho.com [::ffff:83.102.41.24]) (amavisd-new, port 10024) with ESMTP id i8sorZYXz0yw; Fri, 7 Jul 2017 22:51:59 +0300 (EEST)
Received: from LK-Perkele-VII (87-92-19-27.bb.dnainternet.fi [87.92.19.27]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by welho-smtp3.welho.com (Postfix) with ESMTPSA id A35F22315; Fri, 7 Jul 2017 22:51:56 +0300 (EEST)
Date: Fri, 7 Jul 2017 22:51:55 +0300
From: Ilari Liusvaara <ilariliusvaara@welho.com>
To: Russ Housley <housley@vigilsec.com>
Cc: Rich Salz <rsalz@akamai.com>, IETF TLS <tls@ietf.org>
Message-ID: <20170707195155.ks4ntmolvph77iy3@LK-Perkele-VII>
References: <149907920017.607.217202033021863337.idtracker@ietfa.amsl.com> <0AE05CBFB1A6A0468C8581DAE58A31309DF69D8C@SINEML521-MBX.china.huawei.com> <20170704112144.gzfenmkmvmwry4tg@LK-Perkele-VII> <201707062201.08455.davemgarrett@gmail.com> <5af19fe7273748579cb2537313667aba@usma1ex-dag1mb1.msg.corp.akamai.com> <20170707161525.ayv4z4olmo4r3h73@LK-Perkele-VII> <6F5C1F62-2A47-4BE7-AEA6-A8BAE56EDA08@vigilsec.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <6F5C1F62-2A47-4BE7-AEA6-A8BAE56EDA08@vigilsec.com>
User-Agent: NeoMutt/20170609 (1.8.3)
Sender: ilariliusvaara@welho.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/HO9AvijJWAE3JM8R7Wm68F0gstA>
Subject: Re: [TLS] An IETF draft on TLS based on ECCSI public key (RFC 6507)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Jul 2017 19:52:05 -0000

On Fri, Jul 07, 2017 at 03:40:03PM -0400, Russ Housley wrote:
> > - PFS or pure-PSK only.
> > 
> > Small things can't do PFS unfortunately.
> 
> The TLS WG wants to work on a a way to combine a PSK with (EC)DH
> after the current specification is finished for quantum protection.

Well, PSK with DH does provode classical PFS.

And did you perhaps mean using PSK with DH and certificates? Because
both TLS 1.2 and TLS 1.3 can combine PSK with DH, but not all
three of PSK, DH and certificate all at once.



-Ilari