IETF Logo Mail Archive

[TLS] New Version Notification for draft-putman-tls-preshared-ecdh-00.txt

Tony Putman <Tony.Putman@dyson.com> Thu, 30 November 2017 17:43 UTC

Return-Path: <prvs=5008e56f8=Tony.Putman@dyson.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5327D126D85 for <tls@ietfa.amsl.com>; Thu, 30 Nov 2017 09:43:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3gjPZwEyvxWH for <tls@ietfa.amsl.com>; Thu, 30 Nov 2017 09:43:21 -0800 (PST)
Received: from esa4.dyson.c3s2.iphmx.com (esa4.dyson.c3s2.iphmx.com [68.232.139.183]) (using TLSv1.2 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 04C2F126BF3 for <tls@ietf.org>; Thu, 30 Nov 2017 09:43:20 -0800 (PST)
X-IronPort-SPF: SKIP
X-IronPort-AV: E=McAfee;i="5900,7806,8730"; a="26127773"
X-IronPort-AV: E=Sophos;i="5.45,341,1508799600"; d="scan'208";a="26127773"
Received: from unknown (HELO uk-dlp-smtp-01.dyson.global.corp) ([62.189.202.16]) by esa4.dyson.c3s2.iphmx.com with ESMTP; 30 Nov 2017 17:43:18 +0000
Received: from uk-dlp-smtp-01.dyson.global.corp (uk-dlp-smtp-01.dyson.global.corp [127.0.0.1]) by uk-dlp-smtp-01.dyson.global.corp (Service) with ESMTP id BB176FA10 for <tls@ietf.org>; Thu, 30 Nov 2017 16:26:43 +0000 (GMT)
Received: from UK-MAL-CAS-02.dyson.global.corp (unknown [10.1.108.3]) by uk-dlp-smtp-01.dyson.global.corp (Service) with ESMTP id A3A7CFA02 for <tls@ietf.org>; Thu, 30 Nov 2017 16:26:43 +0000 (GMT)
Received: from UK-MAL-MBOX-02.dyson.global.corp ([fe80::d06f:fa07:f6dd:5a9c]) by UK-MAL-CAS-02.dyson.global.corp ([fe80::d0fe:1c2d:58fc:2dbb%17]) with mapi id 14.03.0319.002; Thu, 30 Nov 2017 17:43:18 +0000
From: Tony Putman <Tony.Putman@dyson.com>
To: "tls@ietf.org" <tls@ietf.org>
Thread-Topic: New Version Notification for draft-putman-tls-preshared-ecdh-00.txt
Thread-Index: AQHTafzmFrjATNGI7ku1Z80A/CPnz6MtLWfw
Date: Thu, 30 Nov 2017 17:43:18 +0000
Message-ID: <140080C241BAA1419B58F093108F9EDC0B0363F0@UK-MAL-MBOX-02.dyson.global.corp>
References: <151206123390.4809.15953787972366154379.idtracker@ietfa.amsl.com>
In-Reply-To: <151206123390.4809.15953787972366154379.idtracker@ietfa.amsl.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.1.108.27]
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/REoHGRY7zsHWND10a9fuXb9STEw>
Subject: [TLS] New Version Notification for draft-putman-tls-preshared-ecdh-00.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Nov 2017 17:43:23 -0000

Hi,

I've fleshed out my ideas on the use of triple-ECDH authentication for TLS 1.2 into the I-D referenced below. While working on this I came to some new conclusions: 
 - PFS may not be important for IoT, so I included cipher suites using Double-ECDH as well
 - Protecting the PSK Identity is really easy, so I added that as well
 - I added the static public keys into the premaster calculation to match the security proof; I don't know if this is necessary

I suppose that the next step is to find out if anyone else is interested in this approach. I'd appreciate it if people could suggest other mailing lists who might show an interest (ACE?). Other questions and suggestions are welcome. 
-- 
Tony

-----Original Message-----
From: internet-drafts@ietf.org [mailto:internet-drafts@ietf.org] 
Sent: 30 November 2017 17:01
To: Tony Putman
Subject: New Version Notification for draft-putman-tls-preshared-ecdh-00.txt


A new version of I-D, draft-putman-tls-preshared-ecdh-00.txt
has been successfully submitted by Tony Putman and posted to the
IETF repository.

Name:		draft-putman-tls-preshared-ecdh
Revision:	00
Title:		ECDH-based Authentication using Pre-Shared Asymmetric Keypairs for (Datagram) Transport Layer Security ((D)TLS) Protocol version 1.2
Document date:	2017-11-30
Group:		Individual Submission
Pages:		17
URL:            https://www.ietf.org/internet-drafts/draft-putman-tls-preshared-ecdh-00.txt
Status:         https://datatracker.ietf.org/doc/draft-putman-tls-preshared-ecdh/
Htmlized:       https://tools.ietf.org/html/draft-putman-tls-preshared-ecdh-00
Htmlized:       https://datatracker.ietf.org/doc/html/draft-putman-tls-preshared-ecdh-00


Abstract:
   This document defines a new mutual authentication method for the
   Transport Layer Security (TLS) protocol version 1.2.  The
   authentication method requires that the client and server are each
   pre-provisioned with a unique asymmetric Elliptic Curve Diffie-
   Hellman (ECDH) keypair and with the public ECDH key of the peer.  The
   handshake provides ephemeral ECDH keys, and a premaster key is agreed
   using Double- or Triple-ECDH; confirmation of possession of this key
   provides mutual authentication.  Multiple new cipher suites which use
   this authentication method are specified.

                                                                                  


Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

The IETF Secretariat


Dyson Technology Limited, company number 01959090, Tetbury Hill, Malmesbury, SN16 0RP, UK.
This message is intended solely for the addressee and may contain confidential information. If you have received this message in error, please immediately and permanently delete it, and do not use, copy or disclose the information contained in this message or in any attachment.
Dyson may monitor email traffic data and content for security & training.

v2.23.0 | Report a Bug | By Email