Re: [TLS] issues with DTLS + PSK

Martin Thomson <martin.thomson@gmail.com> Mon, 05 January 2015 17:42 UTC

Return-Path: <martin.thomson@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A815B1A86DE for <tls@ietfa.amsl.com>; Mon, 5 Jan 2015 09:42:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IESQ_qGB6jL4 for <tls@ietfa.amsl.com>; Mon, 5 Jan 2015 09:42:56 -0800 (PST)
Received: from mail-ob0-x22a.google.com (mail-ob0-x22a.google.com [IPv6:2607:f8b0:4003:c01::22a]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3C9071A0041 for <tls@ietf.org>; Mon, 5 Jan 2015 09:42:56 -0800 (PST)
Received: by mail-ob0-f170.google.com with SMTP id wp18so61850141obc.1 for <tls@ietf.org>; Mon, 05 Jan 2015 09:42:55 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=q0AASc3rv9bVbIF1FSep/yjpnIYJXd/nDz9lBxcV7sU=; b=t7g/pcG4A+fbGcXfCmHdD/HkJaKul3y1g+B15CmQpaRic/88mhsBF/RA4XpBHoOjls /fG1AiFuzdt55lcHnmEeMr1KuqDfaH/gDeZR5/p8GoVYX1mt9K0mHY9z2JrkaOH+uVNg Tlo6ViSH2j3/W8TcJUUIskG++/RHEYWAwcPYBPQaT3/qpt8fzCUTH2YFvXN3bcJLDbZL 1kQOGpeW/G/It+dQG++1drTuSFUl/ff+t8kZqYit0CET+5BDadTOVtW505/Rvc2w629B XXLAJSETy6xO5PgnB4c19D746eYnEyasdRRr1Uvm5E27H1mKeJx9X2AGaz/3zCQ+pBdk 5Yhw==
MIME-Version: 1.0
X-Received: by 10.60.76.10 with SMTP id g10mr34447840oew.0.1420479775630; Mon, 05 Jan 2015 09:42:55 -0800 (PST)
Received: by 10.202.226.136 with HTTP; Mon, 5 Jan 2015 09:42:55 -0800 (PST)
In-Reply-To: <1420474094.10168.49.camel@redhat.com>
References: <1420474094.10168.49.camel@redhat.com>
Date: Mon, 05 Jan 2015 09:42:55 -0800
Message-ID: <CABkgnnU3ZWPxVQaSK+8o=ViX-LdS5y5ZESr0Nht=evk4QGgPew@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: Nikos Mavrogiannopoulos <nmav@redhat.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/VgLpFVLewFgFFQ6bSkmh_0l7N2k
Cc: IETF TLS <tls@ietf.org>
Subject: Re: [TLS] issues with DTLS + PSK
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Jan 2015 17:42:57 -0000

On 5 January 2015 at 08:08, Nikos Mavrogiannopoulos <nmav@redhat.com> wrote:
> A solution would be, on a revision of the PSK ciphersuites, to define
> PSK ciphersuites which will authenticate (e.g., with a MAC), an (EC)DH
> key exchange. That would allow a graceful failure in case of a mismatch
> of keys. In addition it will allow the usage of hardware security
> modules with PSK (something that is very hard to impossible with the
> current ECDHE/DHE PSK ciphersuites).

If the same general formulation we've been using for TLS 1.3 is
consistently applied to PSK, then key derivation will be based on the
(EC)DH exchange and the PSK will only be used to authenticate, exactly
as you describe.  I think that would be a pretty good answer.