Re: [TLS] New Internet-Draft: draft-housley-tls-tls13-cert-with-extern-psk-00
Martin Thomson <martin.thomson@gmail.com> Thu, 01 March 2018 21:54 UTC
Return-Path: <martin.thomson@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 806BC12FAC7 for <tls@ietfa.amsl.com>; Thu, 1 Mar 2018 13:54:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WqeATo_0EEzw for <tls@ietfa.amsl.com>; Thu, 1 Mar 2018 13:54:41 -0800 (PST)
Received: from mail-oi0-x22b.google.com (mail-oi0-x22b.google.com [IPv6:2607:f8b0:4003:c06::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 69DC51201FA for <tls@ietf.org>; Thu, 1 Mar 2018 13:54:41 -0800 (PST)
Received: by mail-oi0-x22b.google.com with SMTP id g5so5655362oiy.8 for <tls@ietf.org>; Thu, 01 Mar 2018 13:54:41 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=XUQqGQT2wwIsknrlY37I9eOOKn6U0PrJE4tYl/Ei02M=; b=DddfLu+w9anr+2eoknxkTRRySq8KipQF2PLDfUYFF5uXMZToP5hXRzMYYSSUwro33+ cWso05oUSOnnDOx97TfsMrqSA1qizg+u9u+9Duqnl2c2hLqx1IEdSlarLS/NDbzRIuxc MRDYe2fCaz3/0BK1Mrg9SYaime0bOuq5ayhjkU6SVZHFQpu+ZNtj1jPfo3EIBNVYmzXA LkM5iKqo+LSbBQuWDWXAQQlDGrpmBQI+JquLAc6DfZpPOXqd2JLbzM8doEY7jwvfXkkC TTQb6lDsl6fo6s04F6AjrRgo9R+s/N1sLypHNyY5rHjXVVNK365tqAay+mKW/E3My9yY RigQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=XUQqGQT2wwIsknrlY37I9eOOKn6U0PrJE4tYl/Ei02M=; b=gDVqqfi2LkjJesldraX/4b++zB4/iyZf1OP0G9idqvJZoLMLtC51dHxm3ODNQIshYb o/jpFCjhbpBUzrS6RAMklk2ycgrmUQGoQZ+kQ2/hxbmYqiT41b3r1G8qhf4Dx2EhTHrx C7H88UUGEuz6jwLf1lVg7ani9DL6+RgwwNvHE1eJ/bCHeHKk9uPpnPTPT7lMZzyM+5p4 l6TWhumS/jry12XQEE2eYjFs+cl1mTLYCLQaH5xMXx8sYQcr21mRoMzAHSf0acPVexKN 5Oa/MxMKgff8Sot/CAf6OMGDX1nR15que2PLOoy8DcLAM/oLMpWeWxppch09Rxw3YpUi OT3Q==
X-Gm-Message-State: AElRT7EsnVPbLceBEFiQkC1JQEPmz5IexW5PQHnaJbuHh+ehBkGcMxrJ Zhq2G8Rg1ufpn/ESj0TSSGTGytGCdyoVwleuv68=
X-Google-Smtp-Source: AG47ELv81LG7QN2wuEHl0qy4VJhXSX9hZLtx3riduKNSJz+GnU4L3iqvTuCtMzRS9pvaIGtOLYA6bREZwL7mYx/DB0I=
X-Received: by 10.202.235.133 with SMTP id j127mr2331873oih.346.1519941280549; Thu, 01 Mar 2018 13:54:40 -0800 (PST)
MIME-Version: 1.0
Received: by 10.157.16.85 with HTTP; Thu, 1 Mar 2018 13:54:40 -0800 (PST)
In-Reply-To: <1DD2B1C1-23E7-48F7-A1FB-76D3DFCEA755@vigilsec.com>
References: <151993882481.21672.8815898642665419019.idtracker@ietfa.amsl.com> <1DD2B1C1-23E7-48F7-A1FB-76D3DFCEA755@vigilsec.com>
From: Martin Thomson <martin.thomson@gmail.com>
Date: Fri, 02 Mar 2018 08:54:40 +1100
Message-ID: <CABkgnnVdUbsf6RQ9TY_KOaO5Kf1L-bd7nDFDxLRi7hXBZA=d1A@mail.gmail.com>
To: Russ Housley <housley@vigilsec.com>
Cc: IETF TLS <tls@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/bpP6u9V3CtKIWWILz47_4MxiPzY>
Subject: Re: [TLS] New Internet-Draft: draft-housley-tls-tls13-cert-with-extern-psk-00
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Mar 2018 21:54:43 -0000
Hi Russ, This seems like a welcome addition. I'm not sure why you think that PQ needs are a good motivation for this work though. Managing external PSKs is so unwieldy that it almost seems like this would do more harm than good in that regard. I find this more interesting from the perspective of providing continuing proof of possession for keys while also permitting the use of 0-RTT (and session continuation more generally). FWIW, I don't see any reason that this approach would be a problem given that it is additive, the problem that Sam Scott et. al. from before was a result of important contextual information being omitted from the transcript. Why didn't you consider a new codepoint on psk_key_exchange_modes that permits/requires use of the certificate? The purpose of that extension is to signal that a) you want PSK, and b) what additional things are permitted alongside that PSK. It's not clear from your text on client certificate authentication whether your mode permits the server to omit its Certificate, but then send CertificateRequest. You should clarify that one way or other. --Martin On Fri, Mar 2, 2018 at 8:37 AM, Russ Housley <housley@vigilsec.com> wrote: > I would like to get comments on this Internet-Draft. Once a round of > comments have been received and folded into -01, I would like to work with > folks that did the earlier proofs with Tamarin to make sure that the this > does not negatively impact the TLS 1.3 protocol changes that were made to > eliminate the man-in-the-middle attack that they found in 2015. > > Thanks, > Russ > > > From: internet-drafts@ietf.org > Subject: New Version Notification for > draft-housley-tls-tls13-cert-with-extern-psk-00.txt > Date: March 1, 2018 at 4:13:44 PM EST > To: "Russ Housley" <housley@vigilsec.com> > > > A new version of I-D, draft-housley-tls-tls13-cert-with-extern-psk-00.txt > has been successfully submitted by Russ Housley and posted to the > IETF repository. > > Name: draft-housley-tls-tls13-cert-with-extern-psk > Revision: 00 > Title: TLS 1.3 Extension for Certificate-based Authentication with an > External Pre-Shared Key > Document date: 2018-03-01 > Group: Individual Submission > Pages: 9 > URL: > https://www.ietf.org/internet-drafts/draft-housley-tls-tls13-cert-with-extern-psk-00.txt > Status: > https://datatracker.ietf.org/doc/draft-housley-tls-tls13-cert-with-extern-psk/ > Htmlized: > https://tools.ietf.org/html/draft-housley-tls-tls13-cert-with-extern-psk-00 > Htmlized: > https://datatracker.ietf.org/doc/html/draft-housley-tls-tls13-cert-with-extern-psk-00 > > > Abstract: > This document specifies a TLS 1.3 extension that allows a server to > authenticate with a combination of a certificate and an external pre- > shared key (PSK). > > > > > Please note that it may take a couple of minutes from the time of submission > until the htmlized version and diff are available at tools.ietf.org. > > The IETF Secretariat > > > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
- [TLS] New Internet-Draft: draft-housley-tls-tls13… Russ Housley
- Re: [TLS] New Internet-Draft: draft-housley-tls-t… Martin Thomson
- Re: [TLS] New Internet-Draft: draft-housley-tls-t… Russ Housley
- Re: [TLS] New Internet-Draft: draft-housley-tls-t… Martin Thomson