[TLS] Re: Feedback on draft-bmw-tls-pake13-01.txt
Rob Sayre <sayrer@gmail.com> Sun, 16 March 2025 18:51 UTC
Return-Path: <sayrer@gmail.com>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 9C6ECC47C23 for <tls@mail2.ietf.org>; Sun, 16 Mar 2025 11:51:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -1.838
X-Spam-Level:
X-Spam-Status: No, score=-1.838 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, HTML_OBFUSCATE_05_10=0.26, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OVkh3OsFvucg for <tls@mail2.ietf.org>; Sun, 16 Mar 2025 11:51:39 -0700 (PDT)
Received: from mail-pj1-x1029.google.com (mail-pj1-x1029.google.com [IPv6:2607:f8b0:4864:20::1029]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 1B568C47C19 for <tls@ietf.org>; Sun, 16 Mar 2025 11:51:39 -0700 (PDT)
Received: by mail-pj1-x1029.google.com with SMTP id 98e67ed59e1d1-3014cb646ecso1423366a91.1 for <tls@ietf.org>; Sun, 16 Mar 2025 11:51:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1742151098; x=1742755898; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=mka8R8zbVJannr+boY/nON0Zev7Ld0a2ohwfcaTvRlk=; b=anN+Na5AYq2qHWQeg0nNIptNvhbDtrG6Src+jcttxjgtL4l2rzogV5U4Nr/WIFtMpF UF5Gtf0Rcp654fCPtlFYTv27yvuqPuR7IdqPKNoZkbY8sFuvochcmvsYdfI46CNhgIK9 ejXG8nA5L1hyRBso+VcPy0w5peOE+nQqCj/1rGMQTHxZ6CivF+cHkMxoTcxwcrwaacvo wqUsc9tWi8HvRkxvrh12cXzP6kJsgKr9LfPFYTXit2EKBw/7cyH8gggdUmEbzVrGx4Qz xu10u4ioBAI+tceFm1zbboB4xNTT/wI4q7JCWG/pSbPArwvb0Mc9unJfEDlQe7XJ65o6 CKTw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1742151098; x=1742755898; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=mka8R8zbVJannr+boY/nON0Zev7Ld0a2ohwfcaTvRlk=; b=GFmK2JZOPkm5suwMNme2E3dmmFxQXxLj3MWsYHW2g5J7ManrpEsHdNkHXOq7BFkZ0R uZmzCqD3QrW4EXtyORDzJC6bC9LynxKktL0r2JQZRUSgTcyPwUJE5x023SUcInKV+xCl SS43qUIcMpmtPsGIJcxcZ/kp9dssdND7PnJWpQiBl/qLEmaMMRZGGLxl+Xuaa3gYpVy4 SYzLwN9ufhRJ6kNt88LB0EzKNmQROwor89PqhHpjtUMBXpeRdMbtnQZ8jbvungQoe2iM N4GfrVi8nDmcKrv1S0/A/t/aXOshmKnAbtimtqg399FPd4BTB8cRNlfj8bRZrQnzO8tT Qfmg==
X-Gm-Message-State: AOJu0YyEZm5routxp953KnErCeFxA+FF3yvAMl3IwG277GYsS0Duar50 GSemal4JGVl3dMnkKASQ4lveHQN+FO3y5wCrkbe/U8X66x1uHd7kSl1CrQHWqFmGfknHVJNvIdZ UM5BBFBApY/Z+Dbx3PJX5F6bNpObzDQ==
X-Gm-Gg: ASbGncvL2Pe4Atlgs3MGPmwWvo7B8nFyPGP6szleTuTaR7jtm7tCjF6d9SQnBGaltee rMsdlwmaa3X38ER54lbX8/VGsaYEfK03Pbsdxu8enLUU9nEZrJzsh+/4rCHnw6qGSl9OMx56UBB pEQi6ph+KRrE4sugJmw1G0jQ6DOlQ=
X-Google-Smtp-Source: AGHT+IE+kL09wlMSoiOMIwHcQCPrxzIzD4u/i3QxdEFs4N491PlAL8A9PV8ZldDuuVF9xXPmZt/OBTwD5vXvo80fxwQ=
X-Received: by 2002:a17:90b:53c7:b0:2ee:d63f:d73 with SMTP id 98e67ed59e1d1-30151ce1651mr12656265a91.11.1742151097941; Sun, 16 Mar 2025 11:51:37 -0700 (PDT)
MIME-Version: 1.0
References: <05B28816-9AA9-4035-B451-8ACFFBE2D4DE@apple.com>
In-Reply-To: <05B28816-9AA9-4035-B451-8ACFFBE2D4DE@apple.com>
From: Rob Sayre <sayrer@gmail.com>
Date: Sun, 16 Mar 2025 11:51:27 -0700
X-Gm-Features: AQ5f1JpY5RqG4V6xROl2Kw4rfvpxEm5LG_7ul9UsAtpE3bFccUHIkcfbUwSgS6w
Message-ID: <CAChr6Sy1Eew1J5z9at3qEwLRWn+7ZLm0f564LobNQGMD7ANQaA@mail.gmail.com>
To: Laura Bauman <l_bauman=40apple.com@dmarc.ietf.org>
Content-Type: multipart/alternative; boundary="00000000000056860a06307a29c5"
Message-ID-Hash: HQTBRIRY6NUFBMBNGYCT4M32PHAA32DR
X-Message-ID-Hash: HQTBRIRY6NUFBMBNGYCT4M32PHAA32DR
X-MailFrom: sayrer@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: tls@ietf.org
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: Feedback on draft-bmw-tls-pake13-01.txt
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/WqMlEoQK1R9HUkPssWWDa231vEE>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>
On Sat, Mar 15, 2025 at 7:21 PM Laura Bauman <l_bauman= 40apple.com@dmarc.ietf.org> wrote: > Thanks to everyone that has taken a look at draft-bmw-tls-pake13-01.txt > and provided feedback so far. As more people start reading it, I wanted to > clarify that the current draft version does not yet reflect the change we > intend to make to allow Certificates and the pake extension to be used > together. We’ve filed a GitHub issue here tracking our intent to change > this: https://github.com/chris-wood/draft-bmw-tls-pake13/issues/25. > I'm pretty sure this is not news to authors, but I've thought about this one before (when the IRTF was conducting their PAKE contest). It seems like using both PAKE and certificates together, in combination with "Sign In" products would be pretty powerful. I am not sure why this draft needs TLS extensions, and it doesn't cover the thorny problem of PAKE registration at all. Couldn't it be click "Sign In", and start the TLS key schedule from there, instead of "0"? No extensions necessary. I decided not to work on this problem, because I figured it would make a lot of people mad, and I didn't want to spend my time on it. But, might as well ask the question since we have this draft in front of us. thanks, Rob
- [TLS] Feedback on draft-bmw-tls-pake13-01.txt Laura Bauman
- [TLS] Re: Feedback on draft-bmw-tls-pake13-01.txt Rob Sayre
- [TLS] Re: Feedback on draft-bmw-tls-pake13-01.txt Eric Rescorla
- [TLS] Re: Feedback on draft-bmw-tls-pake13-01.txt David Benjamin
- [TLS] Re: Feedback on draft-bmw-tls-pake13-01.txt Björn Haase
- [TLS] Re: Feedback on draft-bmw-tls-pake13-01.txt Rob Sayre
- [TLS] Re: Feedback on draft-bmw-tls-pake13-01.txt Eric Rescorla
- [TLS] Re: Feedback on draft-bmw-tls-pake13-01.txt Rob Sayre
- [TLS] Re: Feedback on draft-bmw-tls-pake13-01.txt Eric Rescorla
- [TLS] Re: Feedback on draft-bmw-tls-pake13-01.txt Rob Sayre
- [TLS] Re: Feedback on draft-bmw-tls-pake13-01.txt Rob Sayre
- [TLS] Re: Feedback on draft-bmw-tls-pake13-01.txt Laura Bauman
- [TLS] Re: Feedback on draft-bmw-tls-pake13-01.txt Rob Sayre
- [TLS] Re: Feedback on draft-bmw-tls-pake13-01.txt Christopher Patton
- [TLS] Re: Feedback on draft-bmw-tls-pake13-01.txt Eric Rescorla
- [TLS] Re: Feedback on draft-bmw-tls-pake13-01.txt Christopher Patton
- [TLS] Re: Feedback on draft-bmw-tls-pake13-01.txt Eric Rescorla
- [TLS] Re: Feedback on draft-bmw-tls-pake13-01.txt Martin Thomson
- [TLS] Re: Feedback on draft-bmw-tls-pake13-01.txt Eric Rescorla