IETF Logo Mail Archive

Re: [TLS] Initial draft of DH-based key exchange

Eric Rescorla <ekr@rtfm.com> Fri, 27 March 2015 23:50 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1E6131A028A for <tls@ietfa.amsl.com>; Fri, 27 Mar 2015 16:50:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XAIO4bZwCh0E for <tls@ietfa.amsl.com>; Fri, 27 Mar 2015 16:50:15 -0700 (PDT)
Received: from mail-wi0-f179.google.com (mail-wi0-f179.google.com [209.85.212.179]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A55C21A0276 for <tls@ietf.org>; Fri, 27 Mar 2015 16:50:14 -0700 (PDT)
Received: by wibgn9 with SMTP id gn9so50876069wib.1 for <tls@ietf.org>; Fri, 27 Mar 2015 16:50:13 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=ylslXsOd/J8P7q1Dx38OqcYLQe0+17xAHBhDpAGs+Fo=; b=MFz9QWotvdpULikExRPIGuHQQk7SGKewW1xBu8mgr1UrJH3VwWhRso8WI288CCJsO0 IlBxXsL2CY1hU6eMnLDgpSRdhL8Sd9S28N538afc3fN5UFiNIPiHCAyfk3aGhGUmJ0jt mNPZgU6BvZfTNoQViLJTIPYoxitfdNpEEbLsQIp8GrWKOGpKnPip9ZxcdMMpAHFgnzOJ e/84CfwPHJZWljTuDopIf64QDXuVob9O4Eq1jWIzKa/UQ89RTIowoLKXjSLm2dZ1Bq9Z dpVVfVs30y47FzYJoSfalJWLcuSOZECoI/WJkzYe/JrDjng5/pIEAuVPS72t16pip5D+ NUyg==
X-Gm-Message-State: ALoCoQlK6e59mSoE0/p0K0jXau8D7Cw32SxJ1/k9MoUn3Whr3iL4vuUrtBZkRMDCyndxDbxbt5ZF
X-Received: by 10.181.13.133 with SMTP id ey5mr1947542wid.59.1427500213424; Fri, 27 Mar 2015 16:50:13 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.27.205.198 with HTTP; Fri, 27 Mar 2015 16:49:33 -0700 (PDT)
In-Reply-To: <27B74C98-C6B2-4AD0-A90A-4528DB50B904@vigilsec.com>
References: <CABcZeBNmufvfJ_2Nvw1YwvwGZ2u1=WvL45rPGJXARN1tAxOEfw@mail.gmail.com> <27B74C98-C6B2-4AD0-A90A-4528DB50B904@vigilsec.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Fri, 27 Mar 2015 18:49:33 -0500
Message-ID: <CABcZeBNMqKc=QawatkERD+Qv6OZV3XsWZRuFnkgUHgBzzcrtEA@mail.gmail.com>
To: Russ Housley <housley@vigilsec.com>
Content-Type: multipart/alternative; boundary="f46d04388fe123880405124dcbab"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/Jkkbrh4UXp5U9SYh8WvP6ITiUyY>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Initial draft of DH-based key exchange
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 27 Mar 2015 23:50:16 -0000

On Fri, Mar 27, 2015 at 4:44 PM, Russ Housley <housley@vigilsec.com> wrote:

> Eric:
>
> At the interim discussed transitioning to a DH-based handshake (rather
> than a signature-based one) like that proposed by Hugo Krawczyk and
> Hoeteck Wee. The major rationale for this change is that any 0-RTT
> mode is inherently DH-based and so if we make that our basic mode,
> then we can simplify the protocol logic and key derivation model. This
> model also allows us to pull in PSK modes under the same basic
> structure.
>
>
> I was not at the interim, but I was at the TLS session at IETF 92 in
> Dallas.
>
> I was watching your presentation pretty carefully, and I do not recall a
> slide on support for PSK.  Can you point me to a description of "PSK modes
> under the same basic structure"?
>

The document I pointed to upthread contains a description of the key
schedule. I still have to write up the PSK negotiation syntax.


-Ekr


> Russ
>
>

v2.23.0 | Report a Bug | By Email