Re: [TLS] WGLC for draft-ietf-tls-tls13-cert-with-extern-psk

"Blumenthal, Uri - 0553 - MITLL" <> Mon, 20 May 2019 19:41 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 64EA612010E for <>; Mon, 20 May 2019 12:41:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.197
X-Spam-Status: No, score=-4.197 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id bR4Q8MqLfwET for <>; Mon, 20 May 2019 12:41:29 -0700 (PDT)
Received: from (LLMX3.LL.MIT.EDU []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 27D91120048 for <>; Mon, 20 May 2019 12:41:28 -0700 (PDT)
Received: from ( by (unknown) with ESMTPS id x4KJfQ3O040869 for <>; Mon, 20 May 2019 15:41:26 -0400
From: "Blumenthal, Uri - 0553 - MITLL" <>
Thread-Topic: [TLS] WGLC for draft-ietf-tls-tls13-cert-with-extern-psk
Thread-Index: AQHU71Dl4FuLhOFUaEet5GHjTbcLfaZspnEAgAhAFwD//8LZAA==
Date: Mon, 20 May 2019 19:41:24 +0000
Message-ID: <>
References: <> <> <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
user-agent: Microsoft-MacOutlook/
x-originating-ip: []
Content-Type: multipart/alternative; boundary="_000_71EB9B8AC4104A35A0FE3E2BE89E7C65llmitedu_"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-05-20_08:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1905200122
Archived-At: <>
Subject: Re: [TLS] WGLC for draft-ietf-tls-tls13-cert-with-extern-psk
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 20 May 2019 19:41:31 -0000

I reviewed this draft (“browsed through” would be a more honest statement). I didn’t spot an obvious problem with it.

One question that I have after reading it: I understand why one wants to implement this extension, but I don’t see how the two endpoints would arrive at that external PSK.

From: TLS <> on behalf of Russ Housley <>
Date: Monday, May 20, 2019 at 3:21 PM
To: Joe Salowey <>
Subject: Re: [TLS] WGLC for draft-ietf-tls-tls13-cert-with-extern-psk

TLS 1.3 Extension for Certificate-based Authentication with an External PSK ensures the US Government has a quantum-resistant option for TLS in the interim years until post-quantum algorithms emerge from the NIST process. For this reason, there is an intent to specify this extension in future procurements.


On May 15, 2019, at 9:20 AM, Joseph Salowey <<>> wrote:

The last call has come and gone without any comment.  Please indicate if you have reviewed the draft even if you do not have issues to raise so the chairs can see who has reviewed it.  Also indicate if you have any plans to implement the draft.

On Tue, Apr 9, 2019 at 8:51 PM Joseph Salowey <<>> wrote:
This is the working group last call for the "TLS 1.3 Extension for Certificate-based Authentication with an External Pre-Shared Key” draft available at Please review the document and send your comments to the list by 2359 UTC on 23 April 2019.

Chris, Joe, and Sean