IETF Logo Mail Archive

Re: [TLS] The future of external PSK in TLS 1.3

Hannes Tschofenig <Hannes.Tschofenig@arm.com> Mon, 21 September 2020 09:22 UTC

Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E3C733A0B25 for <tls@ietfa.amsl.com>; Mon, 21 Sep 2020 02:22:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=sCiRsajk; dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=sCiRsajk
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZBaLFAr6pknP for <tls@ietfa.amsl.com>; Mon, 21 Sep 2020 02:22:37 -0700 (PDT)
Received: from EUR02-VE1-obe.outbound.protection.outlook.com (mail-eopbgr20052.outbound.protection.outlook.com [40.107.2.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F40643A0B22 for <tls@ietf.org>; Mon, 21 Sep 2020 02:22:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ZyoIhmuFksiXITFIY1UFjIoQlUACJjR8YRQJ7LxY9UM=; b=sCiRsajkTHFqSR34HTRjs6TwrjFjyOmZSWoM55URyvGF7QEunpu3ZF5FXAUb5zpav7JKR37T+wCrezgDYpQ1Hx9uROqbWgELMpMmPImcUnNMw3l5HF2yPqO7mTpGA3ceTwrMxTrbsi9VlGbRh26uMXtCgfY1eMU+sFrZpIcxpTo=
Received: from AM0PR01CA0141.eurprd01.prod.exchangelabs.com (2603:10a6:208:168::46) by AM0PR08MB4194.eurprd08.prod.outlook.com (2603:10a6:208:130::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3391.11; Mon, 21 Sep 2020 09:22:34 +0000
Received: from AM5EUR03FT003.eop-EUR03.prod.protection.outlook.com (2603:10a6:208:168:cafe::e7) by AM0PR01CA0141.outlook.office365.com (2603:10a6:208:168::46) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3391.13 via Frontend Transport; Mon, 21 Sep 2020 09:22:34 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; ietf.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;ietf.org; dmarc=bestguesspass action=none header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com;
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by AM5EUR03FT003.mail.protection.outlook.com (10.152.16.149) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3391.15 via Frontend Transport; Mon, 21 Sep 2020 09:22:34 +0000
Received: ("Tessian outbound 7161e0c2a082:v64"); Mon, 21 Sep 2020 09:22:34 +0000
X-CR-MTA-TID: 64aa7808
Received: from 06fc9294e417.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id 093D0CA0-AA9D-40F0-8F74-DF83A932DACE.1; Mon, 21 Sep 2020 09:22:29 +0000
Received: from EUR02-VE1-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 06fc9294e417.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Mon, 21 Sep 2020 09:22:29 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Rd8XKmG40U8HcmI9RLw85J1LwBl6g3nE/Le4TPl2PciN9VaeOA8FhDDMVWj+uRmp7V/IQ/OwI+GiiIOGPE0zYzVfLDzoP+RDl17jGp8wmmSLTOjEmribmGxzzBQta4zqIrBTlKHQshOhQgzQgp9PKuy8MJ2GXcp9xrGHJkfhUjUXRq2SCJ0pu/DkLoFq16aqLGwsnMqgrBjzZvnzhBLO8jkJ+vxWK37MmUTghbuiAFMFoia+y1CjI1QsQc+sbjycxyS4W7SeyKxTO0eSGOZV3n3Pk+Q9QPMSoUjSKYL/zU0rc0GHWg8bEmmb/BKfTrWbwTcWRLkWTDtblcZ27oo1aQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ZyoIhmuFksiXITFIY1UFjIoQlUACJjR8YRQJ7LxY9UM=; b=GQjVGfUL0U+Cy5feYukKW02XGGbwwOW2k1nONdOVIlOmOX/gAgvJD5ob3GR9Qmf3DqWm6ToxSxs1elZJG54jsrK98gDUPndTnPM9xHXhUK59Zt68A8nqQAKXedVtx9veiFU4Oy8bz2Up0armP5k6XYvluoMbLC2mA9v6QVeW+kdDw2Dqdw+J9saandt0EmOURI4kMwSUIpZjW0NJPeo66IeWIXcDERFPjCRJmDMIvvSgKvoEx6h9zM+LtGvsvKdozstxdeVTDUreDT4W0J6CiHekMhfKti65urDh6g4iki1X24qH1QOod4d/rNLys/BfQ/K8s3fyNYRZ7Fzo9CnATQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ZyoIhmuFksiXITFIY1UFjIoQlUACJjR8YRQJ7LxY9UM=; b=sCiRsajkTHFqSR34HTRjs6TwrjFjyOmZSWoM55URyvGF7QEunpu3ZF5FXAUb5zpav7JKR37T+wCrezgDYpQ1Hx9uROqbWgELMpMmPImcUnNMw3l5HF2yPqO7mTpGA3ceTwrMxTrbsi9VlGbRh26uMXtCgfY1eMU+sFrZpIcxpTo=
Received: from AM0PR08MB3716.eurprd08.prod.outlook.com (2603:10a6:208:106::13) by AM0PR08MB5169.eurprd08.prod.outlook.com (2603:10a6:208:163::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3391.13; Mon, 21 Sep 2020 09:22:25 +0000
Received: from AM0PR08MB3716.eurprd08.prod.outlook.com ([fe80::900e:c64d:a006:4860]) by AM0PR08MB3716.eurprd08.prod.outlook.com ([fe80::900e:c64d:a006:4860%6]) with mapi id 15.20.3391.026; Mon, 21 Sep 2020 09:22:25 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: Carrick Bartle <cbartle891=40icloud.com@dmarc.ietf.org>, Filippo Valsorda <filippo@ml.filippo.io>
CC: "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] The future of external PSK in TLS 1.3
Thread-Index: AQHWjng9Pwzr8fTsOkSjvpJZy/djPKlv2BqIgABG0ACAAlNKgIAAVNSg
Date: Mon, 21 Sep 2020 09:22:25 +0000
Message-ID: <AM0PR08MB3716861B782527DAB3C1EA1BFA3A0@AM0PR08MB3716.eurprd08.prod.outlook.com>
References: <77039F11-188E-4408-8B39-57B908DDCB80@ericsson.com> <1600516093048.75181@cs.auckland.ac.nz> <2f2ecb30-bef5-414a-8ff7-d707d773c7ea@www.fastmail.com> <FDD012C2-9B37-461D-BC81-854135EE994E@icloud.com>
In-Reply-To: <FDD012C2-9B37-461D-BC81-854135EE994E@icloud.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ts-tracking-id: B9725DEC01A19F4DAD283489CE16045B.0
x-checkrecipientchecked: true
Authentication-Results-Original: dmarc.ietf.org; dkim=none (message not signed) header.d=none;dmarc.ietf.org; dmarc=none action=none header.from=arm.com;
x-originating-ip: [80.92.122.149]
x-ms-publictraffictype: Email
X-MS-Office365-Filtering-HT: Tenant
X-MS-Office365-Filtering-Correlation-Id: 6c93f6ad-a04e-4514-292d-08d85e0fdf99
x-ms-traffictypediagnostic: AM0PR08MB5169:|AM0PR08MB4194:
X-Microsoft-Antispam-PRVS: <AM0PR08MB41940F94EFF7E0FA3EA58E7AFA3A0@AM0PR08MB4194.eurprd08.prod.outlook.com>
x-checkrecipientrouted: true
nodisclaimer: true
x-ms-oob-tlc-oobclassifiers: OLM:6108;OLM:8273;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: gwzezZG6P5Qi0XZ0elbRFdcl9VLXo6q8CwJCO5xkasOoULeh4D/E8dAPnzuVIbjDGZu1/0T52rKr7W1lEQsyllEduimCf9e1Uqu1Qg194WHCQRakaYnw83VLD88gB0lPfHYFFnQYmSgq79K0DTPAaXoCvIBzgK7wwjMCy3Ob9UPcyYqQQIPtQUgpEWvpTUQCJhyDHSXOF5ZlNu5gUv2Tbx/ol5HXs36jMrYn9yGR56b2qImARBI5e3YDPYFRQr6FproW7J/S0n4jVygCAZzn9lT+OXhU9hua+/SB2YvvhWGy5j7mZXjajxJsdgrXRYn9dPwwy6iwW/olbKdY/voxaA1r1nI6G8U1f6nfDc6t6WEOpecdaO5zgMDZfaIwPk9M7nEcbz9tAzHmp/6NbCYN3w==
X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM0PR08MB3716.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(396003)(39860400002)(136003)(366004)(376002)(346002)(110136005)(9686003)(186003)(71200400001)(7696005)(76116006)(4326008)(166002)(64756008)(55016002)(966005)(26005)(478600001)(66556008)(66574015)(66946007)(8936002)(316002)(66476007)(2906002)(9326002)(52536014)(83380400001)(66446008)(8676002)(5660300002)(53546011)(86362001)(6506007)(33656002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: 8N/qgdS59JsYATfqpt0z7cMmiIu0vepPAmf8Ihf5U0J0sNxF/4wuKgN672sBt1+K4jf8zbBObX0PzpfP04LRauhBdwDKq44et8Ru6o0gQPEocYjrbaLitmRxB/7/XeYLstBU3MLexxpcmmstVOuC5h5lpfYn7w1DdeW9QYWeyVl7ereCCx6nwtlpk3IPZQ8ZQvQGuJRFZcmG0eVzYCpikeEPVn8D6Ppl6rtm5KLaHxMjtCBWa+2aZPmuL0QhMKXpI3Tzvfh2S75XXQ9CoRpfL5tXnXXCcltkOxF7UnBM7UF7j83DAGA/M6GceruyhV/vYZlYC5lFWujyVFM7OrV7uqYUV70Ra/B7nvzt35e2mL4k0bFFGs8mCMpnsoNXYdH5g13usW38HWxbosjBt4ELwBR8vZsfWbPeMbL1uuBeAu0Bhh4K48IhrWdaVpmspYbKF1kz0AM9cCu8qqtJLmDXqfu1zR/c/v3JbRQ3WJ9wTPVlCY3KvqIsu8Y0C0e8GVwEjfZwTjJXTQMfVgOJjM64WPa5STVEXGRAjSLs12pnrbSKxrwi39YUQPprtQBoEu7ZXYJYl/MrLt+uIbaHZAT0kcArqoxWURIA6c0WsGs5EjapcWOG10oGpEzGKXcyp8+gI/DIzK6IIO6cuX4oDa6oOg==
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_AM0PR08MB3716861B782527DAB3C1EA1BFA3A0AM0PR08MB3716eurp_"
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR08MB5169
Original-Authentication-Results: dmarc.ietf.org; dkim=none (message not signed) header.d=none; dmarc.ietf.org; dmarc=none action=none header.from=arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: AM5EUR03FT003.eop-EUR03.prod.protection.outlook.com
X-MS-Office365-Filtering-Correlation-Id-Prvs: 992ae491-132d-4768-5c09-08d85e0fda4e
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: RYHsbY+Bt9/SjNnjl91pqENgxenaLURsMz8afK+FwhvryXnvPRI73goF+6tJfccwpNG1PC/7ph3Bl9QLR7RRNBsaRq+D6LjeHgUC0p+aV0QCo4kNqiUS/Q/a1R1wCYVf2ZPy7e/2TpO+TDzXeOHriu9zFPt1SmIBs6zdcKNZ502TB+v8LW7YZlJ2NNcVGgSHEBDHQFEYwiEL8Ns2w0z6ETiWGNkZh874qSvyPJAU3QlOejPc8u39mrW5Sd3oznZ4k585j6j12DhjsUPLVP/LTHa8NDZzUWyxByve91R1bxLdD0cNSkVyc+MG4AogBzkkaLfJBKbEqa2nVrmttI9MnTQmAZQxABg0ecWSaWM8Z1AE19mJBWBd6KMFq6VsrdPblJovSKixAQKpwFtPcc+YyzoumZiLUApOdqs3Hiiwq3dAD/ANBc+ul0an2eQifPUQWHXQcS3wVSGSbORXy8s056LD711RLc4jfsCwBp8hN18dX4XuvPQXufrrI37Y+XCw2ye4CvGTBqFj5xaO5uMbUA==
X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFS:(4636009)(346002)(396003)(136003)(376002)(39860400002)(46966005)(356005)(316002)(36906005)(33656002)(86362001)(7696005)(110136005)(26005)(66574015)(81166007)(47076004)(5660300002)(83380400001)(478600001)(82740400003)(166002)(2906002)(6506007)(53546011)(9686003)(9326002)(336012)(8936002)(55016002)(8676002)(966005)(52536014)(186003)(82310400003)(70586007)(70206006)(4326008); DIR:OUT; SFP:1101;
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Sep 2020 09:22:34.1212 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 6c93f6ad-a04e-4514-292d-08d85e0fdf99
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-AuthSource: AM5EUR03FT003.eop-EUR03.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR08MB4194
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/VHcrKxXwmw3penDmFoeUbPiSu-s>
Subject: Re: [TLS] The future of external PSK in TLS 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Sep 2020 09:22:40 -0000

Hi Carrick,

Can you justify your reasoning?

The challenge I have with the work on IoT in the IETF that the preferences for pretty much everything changes on a regular basis.

I don't see a problem that requires a change. In fact, I have just posted a mail to the UTA list that gives an overview of the implementation status of embedded TLS stacks and PSK-based ciphersuites are widely implemented.

Ciao
Hannes

From: TLS <tls-bounces@ietf.org> On Behalf Of Carrick Bartle
Sent: Monday, September 21, 2020 5:31 AM
To: Filippo Valsorda <filippo@ml.filippo.io>
Cc: tls@ietf.org
Subject: Re: [TLS] The future of external PSK in TLS 1.3

I'm also fine with marking psk_ke as not recommended to be consistent with the non-PFS ciphers, but there are plenty of valid use cases that justify keeping dhe_psk_ke as recommended for external PSKs. Several of these use cases are detailed in draft-ietf-tls-external-psk-guidance-00.



On Sep 19, 2020, at 9:00 AM, Filippo Valsorda <filippo@ml.filippo.io<mailto:filippo@ml.filippo.io>> wrote:

2020-09-19 13:48 GMT+02:00 Peter Gutmann <pgut001@cs.auckland.ac.nz<mailto:pgut001@cs.auckland.ac.nz>>:
John Mattsson <john.mattsson=40ericsson.com@dmarc.ietf.org<mailto:40ericsson.com@dmarc.ietf.org>> writes:

>Looking at the IANA TLS registry, I am surprised to see that psk_dhe_ke and
>especially psk_ke are both marked as RECOMMENDED. If used in the initial
>handshake, both modes have severe privacy problems,

PSK is used a fair bit in SCADA.  There are no privacy problems there.  So
just because there's a concern for one specific environment doesn't mean it
should be banned for any use.  In particular, I think if a specific industry
has a particular concern, they should profile it for use in that industry but
not require that everyone else change their behaviour.

Indeed, if the SCADA industry has a particular need, they should profile TLS for use in that industry, and not require we change the recommendation for the open Internet.

Setting Recommended to N is not "banning" anything, it's saying it "has not been through the IETF consensus process, has limited applicability, or is intended only for specific use cases". SCADA sounds like a pretty specific use case.

I don't have a strong opinion on psk_dhe_ke, but I see no reason psk_ke wouldn't be marked N like all suites lacking PFS.
_______________________________________________
TLS mailing list
TLS@ietf.org<mailto:TLS@ietf.org>
https://www.ietf.org/mailman/listinfo/tls

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

v2.23.0 | Report a Bug | By Email