Re: [TLS] Martin Duke's Discuss on draft-ietf-tls-external-psk-importer-06: (with DISCUSS)

Eric Rescorla <ekr@rtfm.com> Fri, 08 January 2021 00:58 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8048E3A0F47 for <tls@ietfa.amsl.com>; Thu, 7 Jan 2021 16:58:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7cqS6pYiZr2h for <tls@ietfa.amsl.com>; Thu, 7 Jan 2021 16:58:02 -0800 (PST)
Received: from mail-lf1-x129.google.com (mail-lf1-x129.google.com [IPv6:2a00:1450:4864:20::129]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B58FA3A0F4D for <tls@ietf.org>; Thu, 7 Jan 2021 16:58:01 -0800 (PST)
Received: by mail-lf1-x129.google.com with SMTP id 23so18993129lfg.10 for <tls@ietf.org>; Thu, 07 Jan 2021 16:58:01 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=eh5oWzgHAh6pibxwgrOrAocJJtH3sjsF8JQ+MlIBrkI=; b=abLNXuIjMaupJn9UMJvAtegnI+D3PKccDxYeAPTybPtW+h4lxDWI9gTMVuH01H6BMx fKNpConKIdAHxRhVb4Zk96Conb8mT/MQUNatuF08b6vpm/DuIugpWpPwqE7JOGu5KKlA lE6pYM0rgJZQ5AC9ePRG0GgJfN7zkQRmELInFsjmL7l6KDzQij4vihgtU2f/UyI8FgQ2 /29OgBn4CoS4mYqMNREgCpARuZaQ9GtslDA/Vzle+RB4xyIU48kKf69gE6ACDEXLeG4X Lk6s940HIkCo6nSDCHscL9chYEbu4TdGapZ5lV5tf8zU7WML4xR42IACdWrpb4bGT3wP 2jog==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=eh5oWzgHAh6pibxwgrOrAocJJtH3sjsF8JQ+MlIBrkI=; b=j8fnPePSlvQA/B7PosHIyN/cJExKEsm1Nr9kZ/fChpyDVxihT3YqTAZ14mNI6nTtFx xfzNU3k+6n4rrk6Yz1xOt/1L7nL7y+yWPdnL5A6Umhx14NfAwHHpeiA4L59k263YyBTp KFGj8gJ+LV2So9CoR+aa6egkOAFMWUym0uCuAxJLZTQM1pi10z2SGPXh9yJaUOlS7/kX g4x3Jsy7HD9FplF1H48FD6OYhY98NSLfZetVnsFNHMptXfBXTp8Y0K9kyTneg7TV/iau HtRnxuCljQpU75tyYoc5GDSWkWtSLU+b28XjTOANgBisZFiHHFVt0xBKkOQHm2HJ8KjV sKjg==
X-Gm-Message-State: AOAM5321DTUDWRSSJf3wKUvcr3uLcC8cGgwA2Ai5K0afm955Ki7ul/Ez OatxIQgfW1LqruZ21rCJgJUOgKZPBurq9fYbE7e/FA==
X-Google-Smtp-Source: ABdhPJySpUn0k7Wkdkme9hLbS4bSd1HbFVW2fzDbQZCoucutxF6dn/4RK4h03eUFQxB1PqWPapMlop+QdB9sIH37qlk=
X-Received: by 2002:a2e:8106:: with SMTP id d6mr471917ljg.217.1610067479564; Thu, 07 Jan 2021 16:57:59 -0800 (PST)
MIME-Version: 1.0
References: <160980363454.20851.10184061700085456941@ietfa.amsl.com> <20210108003928.GR93151@kduck.mit.edu>
In-Reply-To: <20210108003928.GR93151@kduck.mit.edu>
From: Eric Rescorla <ekr@rtfm.com>
Date: Thu, 7 Jan 2021 16:57:23 -0800
Message-ID: <CABcZeBNpip-ue7iyx-K-u3eOC52TQ5sqpOHQb+moE=urxJYGSQ@mail.gmail.com>
To: Benjamin Kaduk <kaduk@mit.edu>
Cc: Martin Duke <martin.h.duke@gmail.com>, "<tls@ietf.org>" <tls@ietf.org>, draft-ietf-tls-external-psk-importer@ietf.org, The IESG <iesg@ietf.org>, tls-chairs <tls-chairs@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000002f2b5005b8590c15"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/YF53VGXQYnNwYr3MJwhFugruFrI>
Subject: Re: [TLS] Martin Duke's Discuss on draft-ietf-tls-external-psk-importer-06: (with DISCUSS)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Jan 2021 00:58:05 -0000

On Thu, Jan 7, 2021 at 4:39 PM Benjamin Kaduk <kaduk@mit.edu> wrote:

> On Mon, Jan 04, 2021 at 03:40:34PM -0800, Martin Duke via Datatracker
> wrote:
> > Martin Duke has entered the following ballot position for
> > draft-ietf-tls-external-psk-importer-06: Discuss
> >
> > When responding, please keep the subject line intact and reply to all
> > email addresses included in the To and CC lines. (Feel free to cut this
> > introductory paragraph, however.)
> >
> >
> > Please refer to
> https://www.ietf.org/iesg/statement/discuss-criteria.html
> > for more information about IESG DISCUSS and COMMENT positions.
> >
> >
> > The document, along with other ballot positions, can be found here:
> > https://datatracker.ietf.org/doc/draft-ietf-tls-external-psk-importer/
> >
> >
> >
> > ----------------------------------------------------------------------
> > DISCUSS:
> > ----------------------------------------------------------------------
> >
> > This is probably just my own ignorance, but I see two potential problems
> in Sec
> > 4.1.
> >
> > - 'The identity of "ipskx" as sent on the wire is ImportedIdentity,
> i.e., the
> > serialized content of ImportedIdentity is used as the  content of
> > PskIdentity.identity in the PSK extension.' IIUC ImportedIdentity has a
> maximum
> > length of 2^17 + 2. But the Identity field in the PSK option has a
> maximum
> > length of 2^16-1. I presume this never actually happens, but the spec
> should
> > handle the boundary condition, perhaps by limiting the first two fields
> of
> > Imported Identity to sum to 2^16-5 bytes or something.
>
> I'll leave this one for the authors.
>

I can see how someone would want this, but in practice that's not how it's
generally done in TLS. Trying to compute the precise upper bounds gets
complicated very fast when there are multiple fields. We do generally
try to get the lower bound right, though even then there have been
mistakes:

https://github.com/ekr/tls13-spec/pull/56/files

-Ekr