IETF Logo Mail Archive

[TLS] Request for TLS Key Material Exporter Label for OpenVPN

Arne Schwabe <arne@openvpn.net> Tue, 11 August 2020 15:07 UTC

Return-Path: <arne@openvpn.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 727F63A1108 for <tls@ietfa.amsl.com>; Tue, 11 Aug 2020 08:07:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=openvpn.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id L1MpT_AxRoIO for <tls@ietfa.amsl.com>; Tue, 11 Aug 2020 08:07:02 -0700 (PDT)
Received: from smtp71.ord1c.emailsrvr.com (smtp71.ord1c.emailsrvr.com [108.166.43.71]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 02FA63A10F9 for <tls@ietf.org>; Tue, 11 Aug 2020 08:07:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=openvpn.net; s=20170822-45nk5nwl; t=1597158421; bh=DAWV5ZJUt5E3wKAsw3nSQV2LD+m921ziJG0RPXUQxho=; h=To:From:Subject:Date:From; b=J2dE4SQirFt6XiBDUFwPVIQGS8srPBImLPQGtRA5Tl0Ifp9YLlifBVQt49llP0tjW 3+YoKLXtflvy/YrocssYoObH92LFV8HXvMrvTwl04msTR0A6N6s2F3J2q43sVGYNA8 nqieDP3w5zcYf9bGT/3PnaGOCou4B0u2woyWykP4=
X-Auth-ID: arne@openvpn.net
Received: by smtp1.relay.ord1c.emailsrvr.com (Authenticated sender: arne-AT-openvpn.net) with ESMTPSA id EEB702042D for <tls@ietf.org>; Tue, 11 Aug 2020 11:07:00 -0400 (EDT)
To: tls@ietf.org
From: Arne Schwabe <arne@openvpn.net>
Autocrypt: addr=arne@openvpn.net; prefer-encrypt=mutual; keydata= mQINBFusyrsBEAC2Re1MmQjPiutRC8w4vzmHBiPCIRpCPd97rP+ZNdf4DMWlqvSl+Kw+8urP lbh6dQKVpdcUGu9iNcLyPDI4xjatvYXo7VKvI1zVri6qboZ2EypezpyekZXHFS5tv3Dnbf55 S0/MUBQVraIsc3kedeZGizv9alokgGAq3NTACuqFe6plm/+bFLpA51Qfex5FUrSz6bB59tgU LptPLVa10W6mSAL4pusdhUvHEeqxF1+fYsQ3KKEbry8Rnc6F2wExmSyicHOBjRstw7cIqWGG OdsSz68LXEtvXwEzuxv/YlSABTrs2AhouKRedRJx7XbEK+H9GboTRofqX4Ph4uZoJbU5cilV KWen0goCOzR6CohYC/fyjqSEGvhwfmtm3slqj4ZXLpdNrcsgwxmT1Az9S35Vm1Kxcn+RoG+R bHhFvv+gL+cuoiwnhWCozh/Ooy1SlSxqQtWl57WULEr9Pu/JyMwUG82xjQhgu2KhuBz2tvs9 WmQHT/N3ADEbHhtNLB/cXlY8LDwJ6D5diVBix2kaXRj9Ux5ERNDcbGGL5ztrOGyvbDIf2ZSQ 4DQyCYzvv6YMB/08R0tm/C7XCzTawcF0mdRYEkOQmP2H96NV167WxvxZxF6uLRJKQ7B0IxcW riayxsWe4jUmoso7cxB6M5sMtpPN8FoWgmcjacEDM7FCaVd+LQARAQABtB9Bcm5lIFNjaHdh YmUgPGFybmVAb3BlbnZwbi5uZXQ+iQJOBBMBCAA4FiEE88wmPb+Azu8xbws3FRhsZwKxRFQF Alus0tUCGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQFRhsZwKxRFQcfw/+Js7VPtDL agdlOVrymsQOnCzdwM5LHu9qVUeCUAUS3aiSd+bq3lGPyDVG+gTZ0b2Uq4+ZNWYoJg0hknBx v3A1K7/bRSltFbOx6KoFWPL+SttuCtQu+UYEirLAc9pZSZk0BNRAafztapmU10s7/s5oDNBt WCWaGWDJMqEwzJ4+n8YHwFSNmUs5C65poijvQyR1eEWyk9tx5cnWeQ8QAasEeotzahqI7q6L iQbzlqFE2xlxpOW1DgFY0piBHS/oFi+Y2DOo4rVcQfOi/yExJIhgkJ//lVqo+XZxyYMto/Oq XNONkYveQ8ummy4GIZ83FPgbEXTFnt8UylDUTWxKLq/WJL16IaslfN0Z2BOh33BUDYNcXjfp 9kB5W0eAoaeKCYQrCZbH4eg3AtTIYbojDUGnc/7HIHdr1ur/IYn/D981zzLEzlEOTFMTEnAf v3DiblFKhi5r62BmGH5iOhu+3Zq1pr/CQHJi/xEft2undk4GOEXYuvaX07ob2aWB3xjHgUTc X1P7/zsizJNBwRJcsIrN3m5qGkaiwtjrY8dipLm+JAZkMFNfJIpj+FijXo8SWuaIg9qOJ0Q+ ktc2LQXzKk1GLfjlEcnpP3TKovuUD17bY5EVzqCLKW7JKOchiGfNjp7gkWao5CiB31HTcAwM z7tlzEr4/xMSbtMvpDC5jfZfRtu5Ag0EW6zK3QEQAN1LZ11oc6mAIw1Rh7wdG2eBzv/ifbdS 1g0j6wzZ/dIktvfYnkU5QvYwOn7j/dmYw1mlp3sh7Eumwmu4LDEAn93qQPE8hRJePLFThZx9 LP9RrY4D2BS7IAfNxIpoiTkxovIrLOzQqebm3qxzAJk0JTRtYIjneZff0MrYGP/Wnhnb9qIU dmT0UA5K1mynBpHfa31DjWWNSUWohS5245KedzmrrHoBRURcNFZmofk5L5I+Fw7gp22cSIOc 4lDYQI/KFXFdR1EhxZBUX3ITd81gINSzypTFdfmzyvhaFJaz5cHReUvFAG9TEBxpTFgPiXGE 3I+ORzpm8WJK76NTLFicJZ/B90T4p6HXLtoPixhCxY0c/xVta4B1r/sBnOnE0IkNgNMhJh6G 1VqKsXDrWyd96tvONw5cd3xq+SQp0CoXT5A7ExQGg7Lynel/pCJ5JWEWKLWvkKxLFXTUkSJh g5YU9i1uodWsvm0mQltTMooE+/yifhymKp/7tLZuguzQ+vto1jnc96V48DR6yIXB+c9CgMVq DYYk5o+XM5pcxAcyqVxAKQ7DGd/nriiZRUlvdGGgyjR0sJWMhWsWatNycVfruX7Zfz51PlEi 59nlNj5/ZDoXu0EYEhl4hrDLn8RUKjve+1mx6/YA8ixGE+RPOZ5PUNAouw/pXWD2ucRISe+s 8nbtABEBAAGJAjYEGAEIACAWIQTzzCY9v4DO7zFvCzcVGGxnArFEVAUCW6zK3QIbDAAKCRAV GGxnArFEVDUnD/wIkxMssF3u1GHcD+a8A1Iaa477dbMRgPUrsz2k0S601dwK8eJRuQWXOk+e SiwSwXRn3feAfYR2uRaE4lB+wsapkFZU+ZO9VVh1R2qWcetF8JJk/gEpPFYltT9bkdDmCRRx URePkpqlZMYOJSJWI6ZmqCteloV9ed/4XJVgknGISot7u4Umdl3RdNLMGACU3HvodUq6F8T8 n0x6XMvguG0t1G4br0DTL+fabBh50xFxpf5hII5K8Iw1r14GTYgxIMzIfcGWVQ+O2lq5UKsU Dm9o/z11QfxuukCqZWWGoteaW90Z8SynN3RhDr3d3Q/VyZ/xXCQhQ5VprMOyiNmm2EMXPFPr RKOz2ZdTcKIFO1Xj+7GmElnwlIrO2wrGre2fXHeaWbGLiTNlcyWnuEGI56OivfZne1uiY/GV k2W5FlpfJPeBVUKiKhCmp4hOb9mC7ICBSYS1UmCjguR8QSUuKQFiwZ4qi9hnko8b+OT7q8s7 NaYmgD04Jjgth0YKGZxd3Mf3ngg+hSU+B6ngLd0wkLsjzDwU9OJpuW9kTPrx0iwNZfnTU87k YuJAJRfZmG36ySM8JSPXjnkLiHTGc4vtwbS+FGrS6D7nV69+40JbvkKFfHWTyXLjE6+jkOvw ThNCJSdPKjl0MMk2QmY6TGjjrlR+yewhQ2VZfzflJwuAQ2SVog==
Message-ID: <4a6e3301-74e8-3307-a7a4-416f11541033@openvpn.net>
Date: Tue, 11 Aug 2020 17:06:59 +0200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:68.0) Gecko/20100101 Thunderbird/68.10.0
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Language: en-GB
Content-Transfer-Encoding: 8bit
X-Classification-ID: af77aadc-d5d2-454f-a54d-f0e8b705a704-1-1
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/IWFb5hLsqNlCcIMnEDDuPAkzXvg>
X-Mailman-Approved-At: Tue, 11 Aug 2020 08:40:27 -0700
Subject: [TLS] Request for TLS Key Material Exporter Label for OpenVPN
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Aug 2020 15:07:45 -0000

Hey,

I would like to request a label for OpenVPN to use with the RFC5705
Keying Material Exporters to generate keying material for its data
channel encryption.

I hope this the right place to discuss this topic.

The requirements of requesting a label seem to be to have specification
for the protocol. Unfortunately the OpenVPN protocol does not have a
full written specification. We have some documentation for the key
exchange process
(https://github.com/schwabe/openvpn/blob/tls_key_export/doc/doxygen/doc_key_generation.h)
and some other parts documented as well but no full specification of the
protocol.

Nevertheless, I would like to be able to use RFC 5705 API as this seems
a much cleaner approach compared to OpenVPN's custom TLS 1.0 inspired
PRF function and I am wondering what the best approach here to choose a
label is.

In my current implementation I used EXPORTER-OpenVPN-datakeys as label
as the currently defined seems to follow no particular pattern, so I was
not sure what a "good" label would be.



https://github.com/schwabe/openvpn/commits/tls_key_export

Arne

v2.23.0 | Report a Bug | By Email