Re: [TLS] FW: New Version Notification for draft-ietf-tls-ecdhe-psk-aead-04.txt

Benjamin Kaduk <bkaduk@akamai.com> Mon, 22 May 2017 17:56 UTC

Return-Path: <bkaduk@akamai.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BBEE5127342; Mon, 22 May 2017 10:56:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ag-4NVWKpHkx; Mon, 22 May 2017 10:56:31 -0700 (PDT)
Received: from mx0b-00190b01.pphosted.com (mx0b-00190b01.pphosted.com [IPv6:2620:100:9005:57f::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ED64C129B9E; Mon, 22 May 2017 10:56:30 -0700 (PDT)
Received: from pps.filterd (m0050096.ppops.net [127.0.0.1]) by m0050096.ppops.net-00190b01. (8.16.0.21/8.16.0.21) with SMTP id v4MHqVmb007991; Mon, 22 May 2017 18:56:27 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=subject : to : cc : references : from : message-id : date : mime-version : in-reply-to : content-type; s=jan2016.eng; bh=yhorxEs9LKFm0uuLinRGQJti/QWtgfJ6vYFUFqS8VUg=; b=UydWlUnF60qKyQybA7zMv0OFtWDrTHmcioIjwM/V5VZAPMHALJ3MR2YNw3B3hsjFksV4 uzvl/xCl1+7exlWyyERbHTD1ITblkd4s+oC0Zf7AdtdwBGD3VyPjUs0KCJ48P+97Ybsy h/twPgeHt+4bAsHg1Z2hM7ZtDy+sWbeWQsZ21a5VUq+IUm9Te9b5vSGE7O9qCCDKz/K/ 5vRQ9RGPERGTNpaXS7PiTji3ZKIFEEcnrXMLGqHevw1pZOcXzqPXyebq0XEURmxLGU24 3cruFLCQPnrKZZDo/BifKs5uv41oJzCxiU+t6D2DOk/muywqml9wYx1/3IvWxkE2VKVf IQ==
Received: from prod-mail-ppoint4 ([96.6.114.87]) by m0050096.ppops.net-00190b01. with ESMTP id 2aje78c28j-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 22 May 2017 18:56:27 +0100
Received: from pps.filterd (prod-mail-ppoint4.akamai.com [127.0.0.1]) by prod-mail-ppoint4.akamai.com (8.16.0.17/8.16.0.17) with SMTP id v4MHu0he011908; Mon, 22 May 2017 13:56:26 -0400
Received: from prod-mail-relay15.akamai.com ([172.27.17.40]) by prod-mail-ppoint4.akamai.com with ESMTP id 2ajh4v3mbc-1; Mon, 22 May 2017 13:56:25 -0400
Received: from [172.19.17.86] (bos-lpczi.kendall.corp.akamai.com [172.19.17.86]) by prod-mail-relay15.akamai.com (Postfix) with ESMTP id 5C2012007F; Mon, 22 May 2017 11:56:25 -0600 (MDT)
To: Daniel Migault <daniel.migault@ericsson.com>, "tls@ietf.org" <tls@ietf.org>
Cc: tls-chairs <tls-chairs@ietf.org>
References: <149522417333.23956.7024977757521677892.idtracker@ietfa.amsl.com> <2DD56D786E600F45AC6BDE7DA4E8A8C118BDBB01@eusaamb107.ericsson.se>
From: Benjamin Kaduk <bkaduk@akamai.com>
Message-ID: <e6f67985-97a1-3943-7016-3cc6584d38bb@akamai.com>
Date: Mon, 22 May 2017 12:56:24 -0500
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.1.1
MIME-Version: 1.0
In-Reply-To: <2DD56D786E600F45AC6BDE7DA4E8A8C118BDBB01@eusaamb107.ericsson.se>
Content-Type: multipart/alternative; boundary="------------EB8215E7C99344C8092E778B"
Content-Language: en-US
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-05-22_09:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 suspectscore=0 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1703280000 definitions=main-1705220094
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-05-22_09:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 impostorscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1703280000 definitions=main-1705220094
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/IBR7r7paE1o8ODh-UbE0aA3iR8A>
Subject: Re: [TLS] FW: New Version Notification for draft-ietf-tls-ecdhe-psk-aead-04.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 May 2017 17:56:40 -0000

Thanks for the updates; the new revision addresses my concerns raised in
the secdir review.

However,

% In addition, it is worth noting that TLS 1.0 [RFC2246] and TL1.2
% [RFC4346] splits the pre-master in two parts.

s/TL1.2/TLS 1.1/, and maybe the ending as "split the pre-master secret
into two parts".

% the PSK and pre-master are treated by
% distinct hash function with distinct properties.

s/pre-master/ECDHE shared secret/?

-Ben

On 05/19/2017 03:18 PM, Daniel Migault wrote:
> Hi, 
>
> Thank you to all reviewers for their feed backs. Please find the latest version, which as far as I know includes all comments. Comments were not controversial. In order to raise next reviews I am raising aspects that might need a bit more attention.  
>
> 1)  The current document mentions I-D.ietf-tls-rfc4492bis and I-D.ietf-tls-tls13 as normative. We can wait for these documents to become RFCs, but we can also dowref them to informational reference if we want to move that document forward. I will leave the AD to decide, and changes if needed can be done by the RFC -editor
>
> 2)  Section 4 has the following text:
>
> """In the case of ECDHE_PSK authentication, the PSK and pre-master are treated by distinct hash function with distinct properties.  This may introduce vulnerabilities over the expected security provided by the constructed pre-master. As such TLS 1.0 and TLS 1.1 should not be  used with ECDHE_PSK. """
>
> With EDCHE_PSK being the ECDHE PSK method not restricted to the cipher suites defined in the document.  I just want to make sure we are ok with the last sentence. 
>
> Yours, 
> Daniel
>
> -----Original Message-----
> From: internet-drafts@ietf.org [mailto:internet-drafts@ietf.org] 
> Sent: Friday, May 19, 2017 4:03 PM
> To: John Mattsson <john.mattsson@ericsson.com>;; Daniel Migault <daniel.migault@ericsson.com>;; tls-chairs@ietf.org
> Subject: New Version Notification for draft-ietf-tls-ecdhe-psk-aead-04.txt
>
>
> A new version of I-D, draft-ietf-tls-ecdhe-psk-aead-04.txt
> has been successfully submitted by Daniel Migault and posted to the IETF repository.
>
> Name:		draft-ietf-tls-ecdhe-psk-aead
> Revision:	04
> Title:		ECDHE_PSK with AES-GCM and AES-CCM Cipher Suites for Transport Layer Security (TLS)
> Document date:	2017-05-18
> Group:		tls
> Pages:		8
> URL:            https://www.ietf.org/internet-drafts/draft-ietf-tls-ecdhe-psk-aead-04.txt
> Status:         https://datatracker.ietf.org/doc/draft-ietf-tls-ecdhe-psk-aead/
> Htmlized:       https://tools.ietf.org/html/draft-ietf-tls-ecdhe-psk-aead-04
> Htmlized:       https://datatracker.ietf.org/doc/html/draft-ietf-tls-ecdhe-psk-aead-04
> Diff:           https://www.ietf.org/rfcdiff?url2=draft-ietf-tls-ecdhe-psk-aead-04
>
> Abstract:
>    This document defines several new cipher suites for the Transport
>    Layer Security (TLS) protocol.  The cipher suites are all based on
>    the Ephemeral Elliptic Curve Diffie-Hellman with Pre-Shared Key
>    (ECDHE_PSK) key exchange together with the Authenticated Encryption
>    with Associated Data (AEAD) algorithms AES-GCM and AES-CCM.  PSK
>    provides light and efficient authentication, ECDHE provides forward
>    secrecy, and AES-GCM and AES-CCM provides encryption and integrity
>    protection.
>
>                                                                                   
>
>
> Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org.
>
> The IETF Secretariat
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls