IETF Logo Mail Archive

Re: [TLS] TLS and hardware security modules - some issues related to PKCS11

Michael StJohns <msj@nthpermutation.com> Tue, 17 September 2013 15:52 UTC

Return-Path: <msj@nthpermutation.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CDA5411E848B for <tls@ietfa.amsl.com>; Tue, 17 Sep 2013 08:52:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[AWL=-0.001, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qAo2i3BleNkV for <tls@ietfa.amsl.com>; Tue, 17 Sep 2013 08:52:05 -0700 (PDT)
Received: from mail-vc0-f174.google.com (mail-vc0-f174.google.com [209.85.220.174]) by ietfa.amsl.com (Postfix) with ESMTP id D5F2211E829E for <tls@ietf.org>; Tue, 17 Sep 2013 08:52:00 -0700 (PDT)
Received: by mail-vc0-f174.google.com with SMTP id gd11so4220921vcb.33 for <tls@ietf.org>; Tue, 17 Sep 2013 08:51:59 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :cc:subject:references:in-reply-to:content-type; bh=Hcsy9l1OJx7aVlcIMSj3ki4W74LBYzMk0YLfe4Bd2T4=; b=X2nzO4Uz1lbUUbjmV/AgMzAL8z9RQT98CxrVoZc008vT8rymRx/glx6OA5h2fYU3hg NGYZPO5zkaIYqfZ2+PRCiOo58dA+nvTbahEqoERVf3/hQzUbXsu5Zw0Sv9cvNPsS9XCB m2fOnfiXqvuMbyoRZbpibYNVGtK0djvtgxizPpBNgZWbQuxxOdOePAvXG/GFqBujEOCR N0zcngHOLKyTFCNtCMK7EBYg0t7ol3aG/ke1aYpiJwEGaesELgymJdQdMy1JUkIceG29 evoFIOz/+wJHUY0EGagQ8/SWatJpvUuC3kfoCurCN0pGlssqBgYNPgIvWul0qVl6gX3x BGfQ==
X-Gm-Message-State: ALoCoQkURPcdIxLa1fDidjtJtzKk9Juo+HZ866wbPueIzj+i/6xz+Y5aQCWLORJRYFsmuz1DcubI
X-Received: by 10.52.108.161 with SMTP id hl1mr210364vdb.62.1379433119784; Tue, 17 Sep 2013 08:51:59 -0700 (PDT)
Received: from [10.151.100.170] ([148.87.13.6]) by mx.google.com with ESMTPSA id zn4sm11017054vdb.0.1969.12.31.16.00.00 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 17 Sep 2013 08:51:59 -0700 (PDT)
Message-ID: <52387AAA.107@nthpermutation.com>
Date: Tue, 17 Sep 2013 11:52:10 -0400
From: Michael StJohns <msj@nthpermutation.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130801 Thunderbird/17.0.8
MIME-Version: 1.0
To: Pascal Urien <pascal.urien@gmail.com>
References: <52379643.7070705@nthpermutation.com> <20130917124948.8DEFB1A974@ld9781.wdf.sap.corp> <CAEQGKXQ8cwSxkmM5H0Gooi4dFFr0q9TNT1HpBjkTrTSMUdDWSQ@mail.gmail.com>
In-Reply-To: <CAEQGKXQ8cwSxkmM5H0Gooi4dFFr0q9TNT1HpBjkTrTSMUdDWSQ@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------020806090100020909080701"
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] TLS and hardware security modules - some issues related to PKCS11
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Sep 2013 15:52:09 -0000

On 9/17/2013 8:57 AM, Pascal Urien wrote:
> Why don't you realize a TLS stack in a secure element ?. For both full 
> and resume mode , in order to protect the master secret
> see 
> http://www.ethertrust.com/wp-content/themes/ethertrust/about_ethertrust.pdf
> Pascal

This is a valid solution, but doesn't actually match what PKCS11 is 
designed to do - e.g. provide generic access to cryptographic functions, 
rather than build the TLS stack inside the token.

Also, the above doesn't provide any support for TLS key material 
exporters. (And wasn't that a problem to solve with PKCS11 safely).

The nice thing about PKCS11 is that its a toolkit that can be used for a 
lot of things - not just TLS.

Mike


>
>
> 2013/9/17 Martin Rex <mrex@sap.com <mailto:mrex@sap.com>>
>
>     I fail to understand what you're trying to protect.
>
>     The master secret of a session is never a secret that is hidding
>     within the hardware module, instead, it is something known to the
>     calling TLS protocol stack and part of the TLS session cache.
>
>     For vanilla RSA cipher suites, it is deterministically derived
>     from randomness generated by the client and conveyed under
>     RSA encryption, deterministically combined with data known
>     in plain to the TLS protocol stack.
>
>     -Martin
>     _______________________________________________
>     TLS mailing list
>     TLS@ietf.org <mailto:TLS@ietf.org>
>     https://www.ietf.org/mailman/listinfo/tls
>
>

v2.23.0 | Report a Bug | By Email