IETF Logo Mail Archive

Re: [TLS] Minutes for TLS IETF 102 uploaded

Christopher Wood <christopherwood07@gmail.com> Mon, 13 August 2018 15:26 UTC

Return-Path: <christopherwood07@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9ABD6130F59 for <tls@ietfa.amsl.com>; Mon, 13 Aug 2018 08:26:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.749
X-Spam-Level:
X-Spam-Status: No, score=-1.749 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ajqsH9ChfrhC for <tls@ietfa.amsl.com>; Mon, 13 Aug 2018 08:26:07 -0700 (PDT)
Received: from mail-it0-x233.google.com (mail-it0-x233.google.com [IPv6:2607:f8b0:4001:c0b::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 01248130EEC for <tls@ietf.org>; Mon, 13 Aug 2018 08:26:06 -0700 (PDT)
Received: by mail-it0-x233.google.com with SMTP id d10-v6so13609054itj.5 for <tls@ietf.org>; Mon, 13 Aug 2018 08:26:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=gr1laOcYp+IWcOTJi4rxegq0Eh/FwtFj70mETggYneA=; b=eXbkzNbokIbfOG8bdrfVMn+OxAqMzU7mCmY70X2hc+sAg2rghXFvrmSodLArdOggbC /uJCxhmJeDSokSWy8DOV08MKBUYTww3Oz1G1WWmU4AnLP4W+7fR9Czy9xJ0QJEqnzD+4 k7EK5Orcq4AIIC9o8E8hgCxRQt9TtEXSIn8fGvBX/uzhppAwS5bYB1MBTM0GIA+aMZRh wRK3xhaQu8VwWDJZlRxrf3FiM9BK3AF/Q0mGyPOdAGBXX0aZOJDib6koJ4s76Ayxd3cm c/DyQ8F4r5gZ1DGya3AVw0H7CRGQAPUcRMWqIk1/cHFHJhONfebIz8Vtm4W4GVBDkJRX Pk9Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=gr1laOcYp+IWcOTJi4rxegq0Eh/FwtFj70mETggYneA=; b=L48mnaMKpBizbJCK8exiFm6BN31A9QgZ+dZYVUeoFvw0UVKznFsCo1NsJom3K8aV41 ecU+d6vS/+2F9sFIeaSnwkg6+h+c/mtgkDMX+oWC2k/V0MxFvAdbci1o8UJYQ9nz+1Ta TxK7AnfP61BSKuixmMtIDMek2Qex0YvmMWfaW5P81m6wPOZTbBqVHGnME6OVmuvGDygP QhsxBsdOVEfCDkjYsimyjHIY9UUOzbb0fI+A5EPyxrfTOP1AI5atK4bU8xCSemYHEGVw 4JdKyjKQOuwJ5JM4ORdHFQQSnZi9yxXDLjzbFN50YKgpCLdKGZjlTeX6VNIEDMtLPIsN vwLA==
X-Gm-Message-State: AOUpUlGUF1tFHiars+POH0ebkexIAgS7fB/dJgL9812lUGYfmJNRGB+3 qO+evWAzAn0ADWZCObEReOo5oCBqd4ybs04l+I8Q+j7o
X-Google-Smtp-Source: AA+uWPyUdbfKvhXewxesK82EldBfDzwkeG+esGo6t0CAfDyaJfvT4qbwEKOZ2u5p3dyCGoGXD9LcMCJ6AUS6j8Yi8aI=
X-Received: by 2002:a24:5e0b:: with SMTP id h11-v6mr11418325itb.80.1534173965870; Mon, 13 Aug 2018 08:26:05 -0700 (PDT)
MIME-Version: 1.0
References: <CAO8oSXnTn0DjBiz6opbavDetJfSa1wDbaSDd3LsZkP36iZi7Zw@mail.gmail.com> <B5C02445-C74B-49EE-961B-40FAC1938DB0@vigilsec.com> <358d7f50-2055-b903-36f9-7518e957b791@gmail.com> <B5768C2D-5C9D-4347-A32E-F66A69713868@gmail.com> <502D8CE4-B955-4DE6-B908-B80D499B611F@vigilsec.com>
In-Reply-To: <502D8CE4-B955-4DE6-B908-B80D499B611F@vigilsec.com>
From: Christopher Wood <christopherwood07@gmail.com>
Date: Mon, 13 Aug 2018 08:25:54 -0700
Message-ID: <CAO8oSXmhDwGr3kO4Q2vQVA-2=un2y798om-fZmn70NRu2EC4EA@mail.gmail.com>
To: Russ Housley <housley@vigilsec.com>
Cc: "<tls@ietf.org>" <tls@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/c058a2JFyH6li6-MXlBtnzJZsTE>
Subject: Re: [TLS] Minutes for TLS IETF 102 uploaded
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Aug 2018 15:26:09 -0000

I patched the minutes with your change.

Best,
Chris

On Fri, Aug 10, 2018 at 2:42 PM Russ Housley <housley@vigilsec.com> wrote:
>
> I suggest this change to the minutes:
>
> OLD:
>
> Russ: Current 1.3 key schedule uses a sig across (?). DH is the thing that
> drives the key schedule. Subsequent handshake based on resumption PSK or that
> and an additional DH result. Proposal: add an additional option to the initial
> hs to include an external PSK and combine with the DH. Want to do this for
> quantum protection, you've mixed in this external OOB-distro'd PSK so that any
> attacker has to get the PSK too. (See ladder diagram of where this would fit.)
> Syntax: boolean, present or not. If you negotiate, you'll agree to do that.
> Presently language in the spec that precludes PSK when certs are used. wouldn't
> be used with a resumption, just external. Group of TLS peers would need to get
> the PSKs. If the quantum computer comes, have to compromise one of the numbers
> of the group to compromise the PSK. Ask: WG adopt as a work item, then review
> and comment.
>
> NEW:
>
> Russ: In TLS 1.3, initial handshake authentication is based on certificate and
> signature, and DH shared secret drives the key schedule. In a subsequent
> handshake, authentication is based on resumption PSK, and the key schedule is
> driven by the resumption PSK or the resumption PSK plus and an additional DH
> shared secret. Proposal: add an additional option to the initial handshake to
> include an external PSK that is combined with the DH shared secret. Want to do
> this for quantum protection; the external PSK must be distributed out of band.
> An attacker with a quantum computer needs to learn the external PSK to crack
> the key schedule. (See ladder diagram of where this would fit.) Syntax: a
> boolean; the TLS extension is present or not. If the extension is negotiated,
> the client and server agree to include the external PSK in the key schedule.
> Presently language in TLS 1.3 precludes PSK when certs are used. The external
> PSK wouldn't be used for resumption, just initial handshake. Group of TLS
> peers would need the same PSK and identifier. If the quantum computer comes
> along, the attacker would have to compromise one of the members of the group
> to obtain the PSK. Ask: WG adopt as a work item, then review and comment.
>
> Russ
>
>
> On Aug 10, 2018, at 11:40 AM, Christopher Wood <christopherwood07@gmail.com> wrote:
>
> Thanks for pointing out this formatting issue, Russ. I updated the notes in an attempt to improve readability. Please have a look and let me know if you see other (or new) issues.
>
> Best,
> Chris
>
> On 9 Aug 2018, at 21:53, Kaarthik Sivakumar wrote:
>
> Could be line ending issues - I see something like these when switching between different OSes.
>
>
> -kaarthik-
>
> On 10/08/18 03:37, Russ Housley wrote:
>
> I do not understand the formatting.  Are the '*' characters supposed to be bullets?  If so, them appearing in the middle of paragraphs is confusing.
>
> Russ
>
>
> On Jul 28, 2018, at 1:32 PM, Christopher Wood <christopherwood07@gmail.com> wrote:
>
> Minutes for both TLS sessions at IETF 102 have been uploaded:
> https://datatracker.ietf.org/doc/minutes-102-tls/
>
> Many thanks to Joe Hall and Gurshabad Grover for taking detailed notes.
>
> Please review the minutes and check for inaccuracies. If anything is
> incorrect, please let the chairs know ASAP.
>
> Thanks,
> Chris, Joe, and Sean
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>
>
>

v2.23.0 | Report a Bug | By Email