Re: [TLS] A la carte handshake negotiation

Daniel Kahn Gillmor <dkg@fifthhorseman.net> Sun, 28 June 2015 22:38 UTC

Return-Path: <dkg@fifthhorseman.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EA8DD1B2FCD for <tls@ietfa.amsl.com>; Sun, 28 Jun 2015 15:38:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.199
X-Spam-Level: *
X-Spam-Status: No, score=1.199 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, J_CHICKENPOX_34=0.6, J_CHICKENPOX_74=0.6] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IQnOtOd7XX8b for <tls@ietfa.amsl.com>; Sun, 28 Jun 2015 15:38:42 -0700 (PDT)
Received: from che.mayfirst.org (che.mayfirst.org [209.234.253.108]) by ietfa.amsl.com (Postfix) with ESMTP id E0E2D1B2FCC for <tls@ietf.org>; Sun, 28 Jun 2015 15:38:41 -0700 (PDT)
Received: from fifthhorseman.net (ool-6c3a0662.static.optonline.net [108.58.6.98]) by che.mayfirst.org (Postfix) with ESMTPSA id CF6E4F984 for <tls@ietf.org>; Sun, 28 Jun 2015 18:38:38 -0400 (EDT)
Received: by fifthhorseman.net (Postfix, from userid 1000) id 52F492030B; Sun, 28 Jun 2015 18:38:28 -0400 (EDT)
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: tls@ietf.org
In-Reply-To: <20150628074403.GA13633@LK-Perkele-VII>
References: <201506111558.21577.davemgarrett@gmail.com> <20150626221456.GK6117@localhost> <CAF8qwaAkBAXDkhd3zU=uO1t-dv7iu0bhb9bH28JHROrWp98SEA@mail.gmail.com> <201506261924.24454.davemgarrett@gmail.com> <20150627014034.GL6117@localhost> <20150627080928.GA7886@LK-Perkele-VII> <20150628050607.GN6117@localhost> <20150628074403.GA13633@LK-Perkele-VII>
User-Agent: Notmuch/0.20.1 (http://notmuchmail.org) Emacs/24.4.1 (x86_64-pc-linux-gnu)
Date: Sun, 28 Jun 2015 18:38:28 -0400
Message-ID: <87bnfz4fx7.fsf@alice.fifthhorseman.net>
MIME-Version: 1.0
Content-Type: text/plain
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/e1hIfYos8p_VsC8KAtqIqs_2zes>
Subject: Re: [TLS] A la carte handshake negotiation
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 28 Jun 2015 22:38:43 -0000

On Sun 2015-06-28 03:44:03 -0400, Ilari Liusvaara wrote:
> Also, out of 6 points for kex/aux

I think you mean kex/auth here, right?  i'm just asking for the sake of
clarity; this conversation has lots of slightly divergent shorthand
notation thrown around.

> (after unifying DH, adding PSK and renaming PKIX to CERT), only 4 seem
> sane:
>
> GDH+CERT
> GDH+PSK
> GDH+ANON
> PSK+PSK
>
> KEY_TRANSPORT doesn't lead to anything sane without greatly different
> key exchange.
>
> If new PAKE KEX would be added, it would add 2 combinations
> fooPAKE+CERT and fooPAKE+ANON (6 for 7).

Doesn't PAKE provide authentication mechanism as well?  shouldn't at
least one of these be fooPAKE+fooPAKE ?

      --dkg