Re: [TLS] Last Call: draft-ietf-tls-extractor (Keying Material Exporters for Transport Layer Security (TLS)) to Proposed Standard
Douglas Stebila <douglas@stebila.ca> Tue, 21 July 2009 08:32 UTC
Return-Path: <douglas@stebila.ca>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C29F128C1DE; Tue, 21 Jul 2009 01:32:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.469
X-Spam-Level:
X-Spam-Status: No, score=-5.469 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, DNS_FROM_OPENWHOIS=1.13, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zjomNQ2L13lV; Tue, 21 Jul 2009 01:32:35 -0700 (PDT)
Received: from services107.math.uwaterloo.ca (services107.math.uwaterloo.ca [129.97.140.58]) by core3.amsl.com (Postfix) with ESMTP id C37133A6A07; Tue, 21 Jul 2009 01:32:35 -0700 (PDT)
Received: from [131.181.101.246] ([131.181.101.246]) (authenticated bits=0) by services107.math.uwaterloo.ca (8.13.8/8.13.8) with ESMTP id n6L8WRc7013280 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Tue, 21 Jul 2009 04:32:32 -0400 (EDT)
Message-Id: <10B26916-E4EC-4678-B35E-0C09D58E4169@stebila.ca>
From: Douglas Stebila <douglas@stebila.ca>
To: IETF Discussion <ietf@ietf.org>
In-Reply-To: <20090720164816.328D928C1C8@core3.amsl.com>
Content-Type: text/plain; charset="US-ASCII"; format="flowed"; delsp="yes"
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (Apple Message framework v935.3)
Date: Tue, 21 Jul 2009 18:32:21 +1000
References: <20090720164816.328D928C1C8@core3.amsl.com>
X-Mailer: Apple Mail (2.935.3)
X-Greylist: Sender succeeded SMTP AUTH authentication, not delayed by milter-greylist-3.0 (services107.math.uwaterloo.ca [129.97.140.58]); Tue, 21 Jul 2009 04:32:34 -0400 (EDT)
X-Miltered: at mailchk-w03 with ID 4A657D1B.000 by Joe's j-chkmail (http://j-chkmail.ensmp.fr)!
X-Virus-Scanned: clamav-milter 0.95.2 at mailchk-w01
X-Virus-Status: Clean
X-UUID: 9f9bbb25-3068-4844-bedb-4bdc2cdad915
Cc: tls@ietf.org
Subject: Re: [TLS] Last Call: draft-ietf-tls-extractor (Keying Material Exporters for Transport Layer Security (TLS)) to Proposed Standard
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Jul 2009 08:32:36 -0000
I have implemented draft-ietf-tls-extractor-06 in the TLS v1.0 implementation in OpenSSL. I found the draft easy to implement with no ambiguities or concerns. I believe that the functionality provided by the draft will be extremely valuable for building application-level security protocols and encourage its standardization. It is my interpretation of the draft that it can be implemented in any version of TLS, not just TLS v1.2. Obviously the derived key may be different if the underlying TLS PRF is defined differently (as it is for TLS v1.2), but the draft is still well-defined for previous versions of TLS. For those interested in the OpenSSL implementation, I have posted a page on my website with the patch. http://www.douglas.stebila.ca/code/keying-material-exporters/ In addition to a patch for OpenSSL, I have also done patches to Apache and PHP to expose a PHP function that allows a PHP application to derive keying material from the underlying TLS connection according to the draft specification. Douglas On 2009-Jul-21, at 2:48 AM, The IESG wrote: > The IESG has received a request from the Transport Layer Security WG > (tls) to consider the following document: > > - 'Keying Material Exporters for Transport Layer Security (TLS) ' > <draft-ietf-tls-extractor-06.txt> as a Proposed Standard > > The IESG plans to make a decision in the next few weeks, and solicits > final comments on this action. Please send substantive comments to > the > ietf@ietf.org mailing lists by 2009-08-10. Exceptionally, > comments may be sent to iesg@ietf.org instead. In either case, please > retain the beginning of the Subject line to allow automated sorting. > > The file can be obtained via > http://www.ietf.org/internet-drafts/draft-ietf-tls-extractor-06.txt > > > IESG discussion can be tracked via > https://datatracker.ietf.org/public/pidtracker.cgi?command=view_id&dTag=16821&rfc_flag=0 > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls
- [TLS] Last Call: draft-ietf-tls-extractor (Keying… The IESG
- Re: [TLS] Last Call: draft-ietf-tls-extractor (Ke… Dean Anderson
- Re: [TLS] Last Call: draft-ietf-tls-extractor (Ke… Dean Anderson
- Re: [TLS] Last Call: draft-ietf-tls-extractor (Ke… Dan Harkins
- Re: [TLS] Last Call: draft-ietf-tls-extractor (Ke… Douglas Stebila
- Re: [TLS] Last Call: draft-ietf-tls-extractor (Ke… Dean Anderson
- Re: [TLS] Last Call: draft-ietf-tls-extractor (Ke… Nikos Mavrogiannopoulos
- Re: [TLS] Last Call: draft-ietf-tls-extractor (Ke… Martin Rex
- Re: [TLS] Last Call: draft-ietf-tls-extractor (Ke… Dean Anderson
- Re: [TLS] Last Call: draft-ietf-tls-extractor (Ke… Dean Anderson
- Re: [TLS] Last Call: draft-ietf-tls-extractor (Ke… Paul Hoffman
- Re: [TLS] Last Call: draft-ietf-tls-extractor (Ke… Martin Rex
- Re: [TLS] Last Call: draft-ietf-tls-extractor (Ke… Dean Anderson
- Re: [TLS] Last Call: draft-ietf-tls-extractor (Ke… Nicolas Williams
- Re: [TLS] Last Call: draft-ietf-tls-extractor (Ke… Dean Anderson
- Re: [TLS] Last Call: draft-ietf-tls-extractor (Ke… Nikos Mavrogiannopoulos
- Re: [TLS] Last Call: draft-ietf-tls-extractor (Ke… Jeffrey A. Williams
- Re: [TLS] Last Call: draft-ietf-tls-extractor (Ke… Jeffrey A. Williams
- Re: [TLS] Last Call: draft-ietf-tls-extractor (Ke… Jeffrey A. Williams
- Re: [TLS] Last Call: draft-ietf-tls-extractor (Ke… Eric Rescorla
- Re: [TLS] Last Call: draft-ietf-tls-extractor (Ke… Florian Weimer
- Re: [TLS] Last Call: draft-ietf-tls-extractor (Ke… Eric Rescorla
- Re: [TLS] Last Call: draft-ietf-tls-extractor (Ke… Dean Anderson
- Re: [TLS] Last Call: draft-ietf-tls-extractor (Ke… Simon Josefsson
- Re: [TLS] Last Call: draft-ietf-tls-extractor (Ke… Joseph Salowey (jsalowey)
- Re: [TLS] Last Call: draft-ietf-tls-extractor (Ke… Simon Josefsson
- Re: [TLS] Last Call: draft-ietf-tls-extractor (Ke… Dean Anderson
- Re: [TLS] Last Call: draft-ietf-tls-extractor (Ke… Dean Anderson
- Re: [TLS] Last Call: draft-ietf-tls-extractor (Ke… Richard Stallman
- Re: [TLS] Last Call: draft-ietf-tls-extractor (Ke… Joseph Salowey (jsalowey)
- Re: [TLS] Last Call: draft-ietf-tls-extractor (Ke… Nicolas Williams
- Re: [TLS] Last Call: draft-ietf-tls-extractor (Ke… Dean Anderson
- Re: [TLS] Last Call: draft-ietf-tls-extractor (Ke… Jeffrey A. Williams
- Re: [TLS] Last Call: draft-ietf-tls-extractor (Ke… Matthew Campagna
- Re: [TLS] Last Call: draft-ietf-tls-extractor (Ke… Jeffrey A. Williams
- Re: [TLS] Last Call: draft-ietf-tls-extractor (Ke… Dean Anderson
- Re: [TLS] [Ietf-honest] Last Call: draft-ietf-tls… Matthew Campagna
- Re: [TLS] [Ietf-honest] Last Call: draft-ietf-tls… Dean Anderson
- Re: [TLS] [Ietf-honest] Last Call: draft-ietf-tls… Nicolas Williams
- Re: [TLS] [Ietf-honest] Last Call: draft-ietf-tls… Jeffrey A. Williams
- Re: [TLS] [Ietf-honest] Last Call: draft-ietf-tls… Todd Glassey
- Re: [TLS] [Ietf-honest] Last Call: draft-ietf-tls… Todd Glassey
- Re: [TLS] [Ietf-honest] Last Call: draft-ietf-tls… Martin Rex
- Re: [TLS] [Ietf-honest] Last Call: draft-ietf-tls… Dean Anderson
- Re: [TLS] [Ietf-honest] Last Call: draft-ietf-tls… Jeffrey A. Williams
- Re: [TLS] Last Call: draft-ietf-tls-extractor (Ke… Richard Stallman
- Re: [TLS] Last Call: draft-ietf-tls-extractor (Ke… Jeffrey A. Williams
- Re: [TLS] Last Call: draft-ietf-tls-extractor (Ke… Richard Stallman
- Re: [TLS] Last Call: draft-ietf-tls-extractor (Ke… Jeffrey A. Williams
- Re: [TLS] Last Call: draft-ietf-tls-extractor (Ke… Noel Chiappa
- Re: [TLS] [Ietf-honest] Last Call: draft-ietf-tls… Jeffrey A. Williams
- Re: [TLS] Last Call: draft-ietf-tls-extractor (Ke… Richard Stallman
- Re: [TLS] Last Call: draft-ietf-tls-extractor (Ke… Richard Stallman
- Re: [TLS] Last Call: draft-ietf-tls-extractor (Ke… Simon Josefsson
- Re: [TLS] Last Call: draft-ietf-tls-extractor (Ke… Wes Beebee (wbeebee)
- Re: [TLS] Last Call: draft-ietf-tls-extractor (Ke… David Morris
- Re: [TLS] [Ietf-honest] Last Call: draft-ietf-tls… Dean Anderson
- Re: [TLS] [Ietf-honest] Last Call: draft-ietf-tls… Jeffrey A. Williams
- Re: [TLS] [Ietf-honest] Last Call: draft-ietf-tls… Dean Anderson
- Re: [TLS] Last Call: draft-ietf-tls-extractor (Ke… Lawrence Rosen
- Re: [TLS] Last Call: draft-ietf-tls-extractor (Ke… Paul Hoffman
- Re: [TLS] Last Call: draft-ietf-tls-extractor(Key… Jeffrey A. Williams
- Re: [TLS] Last Call: draft-ietf-tls-extractor (Ke… Dean Anderson
- Re: [TLS] Last Call: draft-ietf-tls-extractor (Ke… Stephen Kent
- Re: [TLS] Last Call: draft-ietf-tls-extractor (Ke… Pasi.Eronen
- Re: [TLS] Last Call: draft-ietf-tls-extractor (Ke… Dean Anderson
- [TLS] Archiving IETF IPR documents was Re: Last C… Dean Anderson
- Re: [TLS] Last Call: draft-ietf-tls-extractor (Ke… Simon Josefsson
- Re: [TLS] [Ietf-honest] Last Call: draft-ietf-tls… Erick O
- Re: [TLS] Last Call: draft-ietf-tls-extractor (Ke… Erick O
- Re: [TLS] [Ietf-honest] Last Call: draft-ietf-tls… Erick O
- Re: [TLS] Last Call: draft-ietf-tls-extractor (Ke… Erick O
- Re: [TLS] Last Call: draft-ietf-tls-extractor (Ke… Erick O
- Re: [TLS] Last Call: draft-ietf-tls-extractor (Ke… Erick O
- Re: [TLS] [Ietf-honest] Last Call: draft-ietf-tls… Erick O
- Re: [TLS] Last Call: draft-ietf-tls-extractor (Ke… Erick O
- Re: [TLS] Last Call: draft-ietf-tls-extractor (Ke… Erick O
- Re: [TLS] Last Call: draft-ietf-tls-extractor (Ke… Erick O
- Re: [TLS] [Ietf-honest] Last Call: draft-ietf-tls… Erick O
- Re: [TLS] Last Call: draft-ietf-tls-extractor (Ke… Erick O
- Re: [TLS] Last Call: draft-ietf-tls-extractor (Ke… Erick O
- Re: [TLS] Last Call: draft-ietf-tls-extractor (Ke… Erick O
- Re: [TLS] [Ietf-honest] Last Call: draft-ietf-tls… Erick O
- Re: [TLS] Last Call: draft-ietf-tls-extractor (Ke… Erick O
- Re: [TLS] [Ietf-honest] Last Call: draft-ietf-tls… Erick O
- Re: [TLS] Last Call: draft-ietf-tls-extractor (Ke… Erick O
- Re: [TLS] Last Call: draft-ietf-tls-extractor (Ke… Erick O
- Re: [TLS] Last Call: draft-ietf-tls-extractor (Ke… Erick O
- Re: [TLS] Last Call: draft-ietf-tls-extractor (Ke… Erick O
- Re: [TLS] Last Call: draft-ietf-tls-extractor (Ke… Erick O
- Re: [TLS] Last Call: draft-ietf-tls-extractor (Ke… Erick O
- Re: [TLS] [Ietf-honest] Last Call: draft-ietf-tls… Erick O
- Re: [TLS] [Ietf-honest] Last Call: draft-ietf-tls… Erick O
- Re: [TLS] [Ietf-honest] Last Call: draft-ietf-tls… Erick O
- Re: [TLS] [Ietf-honest] Last Call: draft-ietf-tls… Erick O
- Re: [TLS] [Ietf-honest] Last Call: draft-ietf-tls… Erick O
- Re: [TLS] [Ietf-honest] Last Call: draft-ietf-tls… Erick O
- Re: [TLS] [Ietf-honest] Last Call: draft-ietf-tls… Erick O
- Re: [TLS] [Ietf-honest] Last Call: draft-ietf-tls… Erick O
- Re: [TLS] Last Call: draft-ietf-tls-extractor (Ke… Erick O
- Re: [TLS] Last Call: draft-ietf-tls-extractor (Ke… Erick O
- Re: [TLS] Last Call: draft-ietf-tls-extractor (Ke… Erick O
- Re: [TLS] Last Call: draft-ietf-tls-extractor (Ke… Erick O
- Re: [TLS] Last Call: draft-ietf-tls-extractor (Ke… Erick O
- Re: [TLS] Last Call: draft-ietf-tls-extractor (Ke… Erick O
- Re: [TLS] Last Call: draft-ietf-tls-extractor (Ke… Erick O
- Re: [TLS] Last Call: draft-ietf-tls-extractor (Ke… Erick O
- Re: [TLS] Last Call: draft-ietf-tls-extractor (Ke… Erick O
- Re: [TLS] Last Call: draft-ietf-tls-extractor (Ke… Erick O
- Re: [TLS] Last Call: draft-ietf-tls-extractor (Ke… Erick O
- Re: [TLS] Last Call: draft-ietf-tls-extractor (Ke… Erick O
- Re: [TLS] Last Call: draft-ietf-tls-extractor (Ke… Erick O
- Re: [TLS] Last Call: draft-ietf-tls-extractor (Ke… Erick O
- Re: [TLS] Last Call: draft-ietf-tls-extractor (Ke… Erick O
- Re: [TLS] [Ietf-honest] Last Call: draft-ietf-tls… Dean Anderson
- Re: [TLS] [Ietf-honest] Last Call: draft-ietf-tls… Richard Stallman
- Re: [TLS] [Ietf-honest] Last Call: draft-ietf-tls… Peter Saint-Andre
- Re: [TLS] [Ietf-honest] Last Call: draft-ietf-tls… Marsh Ray
- Re: [TLS] [Ietf-honest] Last Call: draft-ietf-tls… Dean Anderson
- Re: [TLS] [Ietf-honest] Last Call: draft-ietf-tls… Richard Stallman
- Re: [TLS] [Ietf-honest] Last Call: draft-ietf-tls… Marsh Ray
- Re: [TLS] [Ietf-honest] Last Call: draft-ietf-tls… Dean Anderson
- Re: [TLS] [Ietf-honest] Last Call: draft-ietf-tls… Richard Stallman
- Re: [TLS] [Ietf-honest] Last Call: draft-ietf-tls… Richard Stallman
- Re: [TLS] [Ietf-honest] Last Call: draft-ietf-tls… Richard Stallman
- Re: [TLS] [Ietf-honest] Last Call: draft-ietf-tls… Richard Stallman
- Re: [TLS] [Ietf-honest] Last Call: draft-ietf-tls… Marsh Ray
- Re: [TLS] [Ietf-honest] Last Call: draft-ietf-tls… Dean Anderson
- Re: [TLS] [Ietf-honest] Last Call: draft-ietf-tls… Richard Stallman
- Re: [TLS] [Ietf-honest] Last Call: draft-ietf-tls… Richard Stallman