Re: [TLS] Binding imported PSKs to KDFs rather than hash functions

"Christopher Wood" <caw@heapingbits.net> Sat, 28 September 2019 00:31 UTC

Return-Path: <caw@heapingbits.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EB8F512004E for <tls@ietfa.amsl.com>; Fri, 27 Sep 2019 17:31:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=heapingbits.net header.b=G3mMY3xh; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=ABBHh/3w
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id e_BXUs2KxS-r for <tls@ietfa.amsl.com>; Fri, 27 Sep 2019 17:31:01 -0700 (PDT)
Received: from wout2-smtp.messagingengine.com (wout2-smtp.messagingengine.com [64.147.123.25]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 25040120026 for <tls@ietf.org>; Fri, 27 Sep 2019 17:31:01 -0700 (PDT)
Received: from compute6.internal (compute6.nyi.internal [10.202.2.46]) by mailout.west.internal (Postfix) with ESMTP id B3CA6481 for <tls@ietf.org>; Fri, 27 Sep 2019 20:31:00 -0400 (EDT)
Received: from imap4 ([10.202.2.54]) by compute6.internal (MEProxy); Fri, 27 Sep 2019 20:31:00 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=heapingbits.net; h=mime-version:message-id:in-reply-to:references:date:from:to :subject:content-type; s=fm2; bh=8RiRCaESQqzjrit3fNDVKkN5n+rrzYf b4n4IP+BNRJE=; b=G3mMY3xhGxY2QKeMEhZJrvKabQWWCOvkwTDyqMnqydm5TA+ 7Q9pqrwy1EmmcnTpkF62+aRWuxGh1xraIw8kGsfVaUD1111t9jjUvzxO+p0pQMDg Tz/pRbrpEhtBswmC0icnUznIYTz2sytP3qtK2dKypjQYQcf3LWwsl3E+fya5G6hu FqN8bmWb2iSBkUS3pb6cmUjv3GhU0RPQNoUuTlDIeb3XEknuGOZFo+rh2PJTGF4A ftEQwTeNb6Mv+osBFZk+PhCdt1BcRbYiqjfvlx80yc2ynwcUnVrbJC8jcVG8BEl6 JzYe5lio94r+HFvALAdINaEbsyYarcKAgB1TaLA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; bh=8RiRCa ESQqzjrit3fNDVKkN5n+rrzYfb4n4IP+BNRJE=; b=ABBHh/3wwX96h+g9e9e/yj XnlkhaWuNEAdbRSfJghjReseMr2BJJXopFLrpDH94nIzlFxBfeK2Ihv1tzGzTJHJ r3QBj4r4WGA5qsJ1CHkJPvt4rSf1w5OgjHY8eqnNaIXn61SlmRpPNlDobCadUJFQ zgo9J0SR9tHj/19A3jVyps0JUY144avEXKFki6OgRRF1lo/E9FiHvxC86fSgMY6A lFTKDBluTL32m8QTJ9zwbLA8wqZTjW31ivQCnfPK2ENBkCuFxh/UUG9yL+nmZ1BW DtY7r+bOO0MvRVzoHTfTcqyngxkQIQsGsPFb5QDG5MEmW2vSFy0Nqx+uhPjFNuBA ==
X-ME-Sender: <xms:w6mOXa9J9A3m0AOe8OYhuIm6IN5VKy8d1cl57vkdMMj1NHK_W6NWbQ>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedufedrfeejgdeffecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhepofgfggfkjghffffhvffutgesthdtre dtreertdenucfhrhhomhepfdevhhhrihhsthhophhhvghrucghohhougdfuceotggrfies hhgvrghpihhnghgsihhtshdrnhgvtheqnecuffhomhgrihhnpehgihhthhhusgdrtghomh enucfrrghrrghmpehmrghilhhfrhhomheptggrfieshhgvrghpihhnghgsihhtshdrnhgv thenucevlhhushhtvghrufhiiigvpedt
X-ME-Proxy: <xmx:w6mOXXfD77gV3bzuXAqf1SW2A8_d0JgILDOiEGt4ua06gjeu1-O8ug> <xmx:w6mOXfntiFNOZpmIRne7KJME0h2ezNc-btXmbYsXHfr_hmSymOQ8og> <xmx:w6mOXbFjC7rdLfgvlBCkgZPUz6x2attlvt545uvtc2jSHWWVUjESpw> <xmx:xKmOXYJ7fdmegHG6Z9o3N_u6owGI-swWxaQA7C18Ywf7_a-Zzpxnxw>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id CC4813C00A1; Fri, 27 Sep 2019 20:30:59 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.1.7-305-g4111847-fmstable-20190924v1
Mime-Version: 1.0
Message-Id: <286e60fe-a4b3-49c3-ae57-07290cc57468@www.fastmail.com>
In-Reply-To: <180387df-ef1b-4d81-8ecf-6f80bedc8439@www.fastmail.com>
References: <e484c148-d64b-4538-9145-85e0363b0cc9@www.fastmail.com> <1f5dda7a-576c-4309-b465-7fa93c2d7662@www.fastmail.com> <f0aa22d1-0461-47d6-b0c3-c26c664c0d50@www.fastmail.com> <96018dee-e0a5-45c4-877b-447aa277494a@www.fastmail.com> <93833d8a-76c5-4c0c-b5c7-ac39bcc1cb71@www.fastmail.com> <c3aac25a-bd7e-4ab6-9f5a-cb0a4548fdcb@www.fastmail.com> <180387df-ef1b-4d81-8ecf-6f80bedc8439@www.fastmail.com>
Date: Fri, 27 Sep 2019 17:30:39 -0700
From: "Christopher Wood" <caw@heapingbits.net>
To: "TLS@ietf.org" <tls@ietf.org>
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/OolDro4o83yuukECYNlrOLQFENs>
Subject: Re: [TLS] Binding imported PSKs to KDFs rather than hash functions
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 28 Sep 2019 00:31:03 -0000

On Thu, Sep 19, 2019, at 6:41 AM, Christopher Wood wrote:
> On Wed, Sep 18, 2019, at 4:31 PM, Martin Thomson wrote:
> > On Thu, Sep 19, 2019, at 01:41, Christopher Wood wrote:
> > > Ah, so, I think this is where the miscommunication is happening! The 
> > > target KDFs I've been envisioning are not protocol specific. 
> > 
> > As HKDF and the TLS 1.2 PRF are not the same function, wouldn't it be 
> > better to have separate identifiers?  Sure, we could rely on the 
> > `protocol` field to diversify the output, but I think that we should be 
> > applying the same principle throughout, namely that the one key is only 
> > used with the one KDF instantiation.
> 
> Agreed on the principle, especially if future versions of TLS define 
> new KDFs and we want to avoid using the same imported key across both.
> 
> I'll make that change after #18 
> (https://github.com/tlswg/draft-ietf-tls-external-psk-importer/pull/18) 
> lands, at which point we should be able to close issues #15 and #16. 

OK, #18, modified to take this discussion into account, has been merged. Thanks to everyone who commented here and on GitHub!

Best,
Chris