Re: [TLS] secdir review of draft-ietf-tls-ecdhe-psk-aead-03

Benjamin Kaduk <> Mon, 22 May 2017 17:35 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id CB0BC12EB31; Mon, 22 May 2017 10:35:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.303
X-Spam-Status: No, score=-2.303 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id gjJkW-SRmM2z; Mon, 22 May 2017 10:35:43 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 2F54B1200ED; Mon, 22 May 2017 10:35:43 -0700 (PDT)
X-AuditID: 1209190c-07dff70000001ef4-ff-5923216d00d9
Received: from ( []) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by (Symantec Messaging Gateway) with SMTP id A1.FB.07924.D6123295; Mon, 22 May 2017 13:35:42 -0400 (EDT)
Received: from ( []) by (8.13.8/8.9.2) with ESMTP id v4MHZei6031223; Mon, 22 May 2017 13:35:40 -0400
Received: from ( []) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by (8.13.8/8.12.4) with ESMTP id v4MHZZb2025266 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Mon, 22 May 2017 13:35:38 -0400
Date: Mon, 22 May 2017 12:35:35 -0500
From: Benjamin Kaduk <>
To: Daniel Migault <>
Cc: tls <>,, "" <>, The IESG <>,
Message-ID: <>
References: <> <> <> <>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <>
User-Agent: Mutt/1.7.1 (2016-10-04)
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrHIsWRmVeSWpSXmKPExsUixG6nopunqBxpcP8Yq8WU6XvYLN4s28Rk MePPRGaLZxvns1h8WPiQxeLT+S5GBzaPX1+vsnksWfKTKYApissmJTUnsyy1SN8ugSvj748D zAXTOSqeLLnA2sC4na2LkZNDQsBEYmXvW8YuRi4OIYHFTBKTbx9hBEkICWxklJjRVwCRuMok 8WD7dCaQBIuAqsS/W+9YQGw2ARWJhu7LzCC2iICBxMsJO9lAGpgFFjBK7GtqAysSFnCRWNG3 BKyIF2hdz45+qA1vGSU2PqiHiAtKnJz5BKyeWUBL4sa/l0DLOIBsaYnl/zhATE6BQIn76/hB KkQFlCX+Hr7HMoFRYBaS5llImmchNC9gZF7FKJuSW6Wbm5iZU5yarFucnJiXl1qka6iXm1mi l5pSuokRFMyckjw7GM+88TrEKMDBqMTDq/FYKVKINbGsuDL3EKMkB5OSKO/RN0AhvqT8lMqM xOKM+KLSnNTiQ4wSHMxKIrx57MqRQrwpiZVVqUX5MClpDhYlcV4JjcYIIYH0xJLU7NTUgtQi mKwMB4eSBO9kBaBGwaLU9NSKtMycEoQ0EwcnyHAeoOGzQWp4iwsSc4sz0yHypxgVpcR5d4Ak BEASGaV5cL2gZCORvb/mFaM40CvCvGUgVTzARAXX/QpoMBPQYOtn8iCDSxIRUlINjK3n5JZk O9V/1Uyc16yopM53cm3Gju8rp1x86aW/YM6es7tXVxm6s6s+0NtTHdWen6ZwnW3R6ndZK55x GlZwLnddckukpXz6S1ed3U7M0rv33v/+TZ7plczSvV6OqRuZZrYp5J+b5dXKnbnRwEmUhana KiFD0VJ5+p5rV+PzL+7oWpqRsVg8UYmlOCPRUIu5qDgRAHMN/G0RAwAA
Archived-At: <>
Subject: Re: [TLS] secdir review of draft-ietf-tls-ecdhe-psk-aead-03
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 22 May 2017 17:35:45 -0000

Sorry for the slow reply.

On Fri, May 19, 2017 at 12:58:07PM -0400, Daniel Migault wrote:
> Thank you,
> Your comments have all been addressed. I have one remaining clarification.
> In my text the SHOULD NOT was intended to the ECDHE_PSK in general, and not
> only for the cipher suites of the draft. In your opinion do we clarify
> this, and should we use something else than SHOULD NOT ?

It's somewhat awkward, as what we really want to do is Update RFC
5489 to add this prohibition there.  But, that's more process to
jump through and this document is already at a late stage, so I do
not actually propose doing that.  I would be okay saying

  As such, all ECDHE_PSK ciphers, including those defined outside
  this document, SHOULD NOT be negotiated in TLS versions prior to

to match up with the MUST NOT text we have for these new ciphers.
(Taking into account Martin's text that the prohibition is on
negotiating them, but offering them in a ClientHello that also
offers the old version is okay.)