Re: [TLS] Pre_shared_key Extension Question

Eric Rescorla <ekr@rtfm.com> Wed, 17 August 2016 22:18 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6F6EB12D0D9 for <tls@ietfa.amsl.com>; Wed, 17 Aug 2016 15:18:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rysXXuF1rW3U for <tls@ietfa.amsl.com>; Wed, 17 Aug 2016 15:18:00 -0700 (PDT)
Received: from mail-yb0-x232.google.com (mail-yb0-x232.google.com [IPv6:2607:f8b0:4002:c09::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4D6C812D0FB for <tls@ietf.org>; Wed, 17 Aug 2016 15:17:55 -0700 (PDT)
Received: by mail-yb0-x232.google.com with SMTP id e31so426604ybi.3 for <tls@ietf.org>; Wed, 17 Aug 2016 15:17:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=qqJLARmchcv+04G0AHUNqJ2lYMEw41iaBzyVN1OamDk=; b=A9JqQw/4mw5srrDvNmMkbFHc/6Fv3E6eHbWMkK3t98vdX4SKJZ8ZnOvdiTNHZT4xtY TWqR3XGwd6TnTGsmwyaGjj25b+HlrXNlg3fzFxsbh209xBoklE8XqRFCXwdI45ZDaD8g aqqoDik2lnqL3pjRDeWAw+NsW1b2mP+DkYWMjyVB53ZzsM7tZqOqtDloh7Bfmcgld1t6 Qth6qnwF5iriPC1tBD4MhVnKy5F407HBXjq+YDLOPLK8s6ophAWu+EvvORyMNo3JzhNJ FL3H8VmAZMN2sc6Ecw1arCtxuuZeTjVq4ygPfzVKKgzM5jg5lFmjpyz/UWyEFjXQ55Ck 13mQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=qqJLARmchcv+04G0AHUNqJ2lYMEw41iaBzyVN1OamDk=; b=FrOYsEEWXaUXUpE3C8RRNUXGx0lmpGZXZuA2KtPYmGD7UwzO8lA1CVJXPtP/LUMO1Y sm9X+DLawDy5SBKHbxtQ+mMYj9N/YRROWexT7Osr08JW1F/fQKTSS6wqcAdRlMXVqUvD nR2jz0QMQIkgauWS2aGN8NCcNpOR20QK5Eukts5Am1j5+uuuGr6QY7fMJ7vOtuOt4EX+ wZQwqumFgK+AWHRu5PabTJKO+NckWovoYKqjpcWoNr7nb1bM+EzKoFS4E9a7SIFdvoZf OPQjIOwDf+4hA3jlo5bBsLLllljefefsyWcj5fjHx9bsQQuzqMrJLfqoKuOLtGjsuXfq uxeQ==
X-Gm-Message-State: AEkoousw1OkkOIRA49K9d78bdRdcTmBqDr16Tihq5rpBU7z6Kjp4Z03rk7BQ7KFiv8IKpQ0icxLaul3PANRoFw==
X-Received: by 10.37.203.7 with SMTP id b7mr2365251ybg.162.1471472274632; Wed, 17 Aug 2016 15:17:54 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.129.48.193 with HTTP; Wed, 17 Aug 2016 15:17:14 -0700 (PDT)
In-Reply-To: <fa85eafb-b2f5-b5c2-859a-a2e24d734324@gmx.net>
References: <fa85eafb-b2f5-b5c2-859a-a2e24d734324@gmx.net>
From: Eric Rescorla <ekr@rtfm.com>
Date: Wed, 17 Aug 2016 15:17:14 -0700
Message-ID: <CABcZeBOBffGU6RWgfMkRhqzxLd-yUw0v_CoUvtdDyTR0Ubvm6A@mail.gmail.com>
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>
Content-Type: multipart/alternative; boundary=94eb2c05a3be3a30a2053a4bd689
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/LP4KFu2lC08W_d33mpNxPqDCKtc>
Cc: "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [TLS] Pre_shared_key Extension Question
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Aug 2016 22:18:01 -0000

The intention here was to compensate for not having psk_identity_hint.
However, it also allows you to do resumption of PSK-established sessions.

It would be a fairly significant simplification to say you could only have
one PSK, because then we could easily require the client to prove knowledge
of the key, for instance by stuffing a MAC at the end of the ClientHello as
we discussed in Berlin.

So:
Is there any demand for multiple identities? I do not believe there is any
in the Web context. If not, we should remove this feature.

-Ekr


On Thu, Aug 11, 2016 at 1:39 AM, Hannes Tschofenig <
hannes.tschofenig@gmx.net> wrote:

> Hi all,
>
> the currently defined “pre_shared_key” extension allows clients to send
> a list of the identities. I was wondering in what use cases this is
> useful and what policy guides the server to pick the most appropriate
> psk identity. I couldn't find any discussion in the document about this
> aspect.
>
> Ciao
> Hannes
>
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>
>