[TLS] Murray Kucherawy's No Objection on draft-ietf-tls-external-psk-guidance-04: (with COMMENT)
Murray Kucherawy via Datatracker <noreply@ietf.org> Wed, 15 December 2021 06:31 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: tls@ietf.org
Delivered-To: tls@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 19FD63A03FA; Tue, 14 Dec 2021 22:31:49 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Murray Kucherawy via Datatracker <noreply@ietf.org>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-tls-external-psk-guidance@ietf.org, tls-chairs@ietf.org, tls@ietf.org, sean@sn3rd.com
X-Test-IDTracker: no
X-IETF-IDTracker: 7.41.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Murray Kucherawy <superuser@gmail.com>
Message-ID: <163954990839.15753.7839825858788900022@ietfa.amsl.com>
Date: Tue, 14 Dec 2021 22:31:49 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/Vj95vK-1-BizE5tVBZ0l6jyWdA8>
Subject: [TLS] Murray Kucherawy's No Objection on draft-ietf-tls-external-psk-guidance-04: (with COMMENT)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Dec 2021 06:31:50 -0000
Murray Kucherawy has entered the following ballot position for draft-ietf-tls-external-psk-guidance-04: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/blog/handling-iesg-ballot-positions/ for more information about how to handle DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-tls-external-psk-guidance/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Thanks to Martin Thomson for his ARTART review. A stylistic point: The Abstract is made up of five sentences all of which start "This document". It's a bit of a rigid read. Maybe something like this? This document provides usage guidance for external Pre-Shared Keys (PSKs) in Transport Layer Security (TLS) 1.3 as defined in RFC 8446. It lists TLS security properties provided by PSKs under certain assumptions, and then demonstrates how violations of these assumptions lead to attacks. It also discusses PSK use cases and provisioning processes. Advice for applications to help meet these assumptions is provided. Finally, it lists the privacy and security properties that are not provided by TLS 1.3 when external PSKs are used. Section 4.1 contains this, which I can't quite parse: To illustrate the rerouting attack, consider the group of peers who know the PSK be A, B, and C. Should there be a "to" after "PSK"? In Section 8: Each endpoint SHOULD know the identifier of the other endpoint with which its wants to connect and SHOULD compare it with the other s/its/it/
- [TLS] Murray Kucherawy's No Objection on draft-ie… Murray Kucherawy via Datatracker
- Re: [TLS] Murray Kucherawy's No Objection on draf… Russ Housley