Re: [TLS] Binding imported PSKs to KDFs rather than hash functions
"Martin Thomson" <mt@lowentropy.net> Wed, 18 September 2019 23:32 UTC
Return-Path: <mt@lowentropy.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id EC1291200B3
for <tls@ietfa.amsl.com>; Wed, 18 Sep 2019 16:32:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001]
autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key)
header.d=lowentropy.net header.b=IxympqWQ;
dkim=pass (2048-bit key)
header.d=messagingengine.com header.b=r37x0y/U
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id uXQfns5irdVv for <tls@ietfa.amsl.com>;
Wed, 18 Sep 2019 16:32:12 -0700 (PDT)
Received: from wout3-smtp.messagingengine.com (wout3-smtp.messagingengine.com
[64.147.123.19])
(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id CC07712008F
for <tls@ietf.org>; Wed, 18 Sep 2019 16:32:12 -0700 (PDT)
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41])
by mailout.west.internal (Postfix) with ESMTP id 51FB5645
for <tls@ietf.org>; Wed, 18 Sep 2019 19:32:12 -0400 (EDT)
Received: from imap7 ([10.202.2.57])
by compute1.internal (MEProxy); Wed, 18 Sep 2019 19:32:12 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net;
h=mime-version:message-id:in-reply-to:references:date:from:to
:subject:content-type; s=fm3; bh=hOBLlz1oL6nk5gElLeBdGvLTI70ewZP
RpJ3RFQkbgPo=; b=IxympqWQLlac1nHaBmNZ+nTU2iaXrrqyUCrtW0gJeGa4/JT
ZOqRXQ6K3vUwVZD6KfDglZxKUPAUW8FnIJ9C11IBwTDESbUeDQR0TPLN3Ctgw98m
MZjSu6bPGlDB4qMp4xHBgMj+50SUCZW/HfdYQ53SJM75mynnkMthDbNkvlAGvHl5
WfzgUHo5FSO+ZKOfisLmdku36MXMdXZg2iqtSDg8DvJSYB6LCwaXfRDnP9NqEQhq
Sobe4v9AwBb9arYd/6FwGBNKR8cogmVLtkq9kHsp8TDI9+g6TZh28yDjTseNCg+s
sjY6ZFYEsYsK92pwHaxBEfyXzy20g+BwKHPrhFg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
messagingengine.com; h=content-type:date:from:in-reply-to
:message-id:mime-version:references:subject:to:x-me-proxy
:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; bh=hOBLlz
1oL6nk5gElLeBdGvLTI70ewZPRpJ3RFQkbgPo=; b=r37x0y/UpowehL1hWyGxYN
jxDTeoBzu7I/Dpb1wSNB2JyCijS8UaDF4j8ATe9spIlTPmfANGd2IU2zHGLP6GgX
AlxOaC/tpbXAiY85QdoBxbfq9GxViodYoKfsb7+dWOzavkCsrSI9vvQaM3msAmht
Qqktw9bMKMENk2no0ekIpdI34kRm5nRp9Bg+iRdq4gz7jwzmGHab3X4JfQY6y/of
rKnvitH+SgghBPezOrQggt3EmU3N9kajoN5KS12rPxsmo6lCAhmN4Frjh7xBSaUi
WBEKVFt07fmoBfn2K5oo4vqrdZN5Z9BknY/OjGrTla+VRAt+Nfgc6wdiCjIDw5WQ
==
X-ME-Sender: <xms:e76CXTrspWoW8c4hWPNn8wD-tJfOk31FL2M4N0sUos9UtErCJMFIHQ>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedufedrudelgddulecutefuodetggdotefrodftvf
curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu
uegrihhlohhuthemuceftddtnecunecujfgurhepofgfggfkjghffffhvffutgesthdtre
dtreertdenucfhrhhomhepfdforghrthhinhcuvfhhohhmshhonhdfuceomhhtsehlohif
vghnthhrohhphidrnhgvtheqnecurfgrrhgrmhepmhgrihhlfhhrohhmpehmtheslhhofi
gvnhhtrhhophihrdhnvghtnecuvehluhhsthgvrhfuihiivgeptd
X-ME-Proxy: <xmx:e76CXaGmT_WsqIJq3hMa_sU2wMVdfn_UzIdlrzzYn2ehYi3fSKAEkA>
<xmx:e76CXcOsTZzlaXQE6dMTfz0xiL1j6Ekay1aOoUed50EHFR-hOmZ9Ng>
<xmx:e76CXYVslqbBXbvbOUwcJvmkVdOm7szShv6aIirbAi8le9yal8TcJA>
<xmx:e76CXQCFRXgnbjN2PrqgqAIj1ns35iiOhM5Nc_cXDzzCzG2VY1W_Yg>
Received: by mailuser.nyi.internal (Postfix, from userid 501)
id B66731C0001; Wed, 18 Sep 2019 19:32:11 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.1.7-238-g170a812-fmstable-20190913v1
Mime-Version: 1.0
Message-Id: <c3aac25a-bd7e-4ab6-9f5a-cb0a4548fdcb@www.fastmail.com>
In-Reply-To: <93833d8a-76c5-4c0c-b5c7-ac39bcc1cb71@www.fastmail.com>
References: <e484c148-d64b-4538-9145-85e0363b0cc9@www.fastmail.com>
<1f5dda7a-576c-4309-b465-7fa93c2d7662@www.fastmail.com>
<f0aa22d1-0461-47d6-b0c3-c26c664c0d50@www.fastmail.com>
<96018dee-e0a5-45c4-877b-447aa277494a@www.fastmail.com>
<93833d8a-76c5-4c0c-b5c7-ac39bcc1cb71@www.fastmail.com>
Date: Thu, 19 Sep 2019 09:31:51 +1000
From: "Martin Thomson" <mt@lowentropy.net>
To: tls@ietf.org
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/XoYI2_LWfxv2of5DhddaZKc2BG8>
Subject: Re: [TLS] Binding imported PSKs to KDFs rather than hash functions
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working
group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>,
<mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>,
<mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Sep 2019 23:32:14 -0000
On Thu, Sep 19, 2019, at 01:41, Christopher Wood wrote: > Ah, so, I think this is where the miscommunication is happening! The > target KDFs I've been envisioning are not protocol specific. As HKDF and the TLS 1.2 PRF are not the same function, wouldn't it be better to have separate identifiers? Sure, we could rely on the `protocol` field to diversify the output, but I think that we should be applying the same principle throughout, namely that the one key is only used with the one KDF instantiation.
- [TLS] Binding imported PSKs to KDFs rather than... Christopher Wood
- Re: [TLS] Binding imported PSKs to KDFs rather ... Martin Thomson
- Re: [TLS] Binding imported PSKs to KDFs rather ... Martin Thomson
- Re: [TLS] Binding imported PSKs to KDFs rather ... Christopher Wood
- Re: [TLS] Binding imported PSKs to KDFs rather ... Martin Thomson
- Re: [TLS] Binding imported PSKs to KDFs rather ... Christopher Wood
- Re: [TLS] Binding imported PSKs to KDFs rather ... Martin Thomson
- Re: [TLS] Binding imported PSKs to KDFs rather ... Christopher Wood
- Re: [TLS] Binding imported PSKs to KDFs rather ... Christopher Wood