Re: [TLS] External PSK design team

Mohit Sethi M <mohit.m.sethi@ericsson.com> Tue, 21 January 2020 11:26 UTC

Return-Path: <mohit.m.sethi@ericsson.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 253F8120091 for <tls@ietfa.amsl.com>; Tue, 21 Jan 2020 03:26:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xnDt90ZNJ6Gl for <tls@ietfa.amsl.com>; Tue, 21 Jan 2020 03:26:09 -0800 (PST)
Received: from EUR01-DB5-obe.outbound.protection.outlook.com (mail-eopbgr150083.outbound.protection.outlook.com [40.107.15.83]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 33E23120045 for <tls@ietf.org>; Tue, 21 Jan 2020 03:26:09 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=n9Sa4MFDTg83TjIuYMLDri8NpuFPy7lE18FsS1j3QutZ6H5vywW8V4kjw+f/MOpxFCUvJWZOhsGsCwZDDfPZ45fhZ9+x4/IxmVeB4t2/yqwFqtcBNVm6m6663mxezzEBebNCfHcVjVAOnFVz+tzfCbBrEMvobY0xnzvqVejOmM4ZfthUDkBCCogYCpbLDrYL9WN4nd7vQIOwyqNGx89fTDt7SLBGHZvssMtIDBOOweVlt7bqjFwlXaBNfIRx8rYTCPJepWboCGKRmpRugVGbcqjIgSqR1vrwEjFm8IAPpXa5v+PBYYRRJ62ZPIuFRkuHS+Wly21Mk/fkt/IsFNLz9Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=3JUYb3FfhnOAdeSoL76R5PddOKhXKmDx1iXzdUAMk0M=; b=chn5N946pNJQjSaVMGLPZXakPUD4EnahLRrZZbdcgzgdoRUdmqzMcm8qsJqSf812XYPxcAREazN6A7tanKrc6TIKAr0vz733qpEEA73CV/Yh3i4crStCQnXVXhAF9tiULSu3VQMc0R4NJjhsJtZvikSzr5pObgY+z9r/60i6Rgb4edDV3Vcu60l5y2sBg/Gw0+saZ26tD/HEm5rCqhOs7d8/Eupc+iG1xi6YsPsrGVOFrWkJA3J1bDIPIXlblLF+LJZGb42D3PWAT6f108czQHDtpWNZxQ16Jga915J2UxHbMXP6buGq7y3bj+E0MFkrT+9Nhm/bpA373YovV/KRdw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=3JUYb3FfhnOAdeSoL76R5PddOKhXKmDx1iXzdUAMk0M=; b=XiLbzxJKOI8BwZpq93IvXTVD1tvZu+Uh3+kS0Gn65VMxdqjeFiyPiEv4pY6FXoRi5vBMPYp+6lhOmDGfk3wcPP8/Qulevy5ngGtGjTjn0gMz1QNG+lKjRWKGHag3wNkcePFj5g4yAGcyEJu4LYx9f+XmO8ObD9Lrp0lZKFQ954w=
Received: from DB6PR0701MB2904.eurprd07.prod.outlook.com (10.168.84.145) by DB6PR0701MB2758.eurprd07.prod.outlook.com (10.169.214.140) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2665.13; Tue, 21 Jan 2020 11:26:07 +0000
Received: from DB6PR0701MB2904.eurprd07.prod.outlook.com ([fe80::69fa:e9b6:4a20:3ede]) by DB6PR0701MB2904.eurprd07.prod.outlook.com ([fe80::69fa:e9b6:4a20:3ede%8]) with mapi id 15.20.2665.015; Tue, 21 Jan 2020 11:26:07 +0000
From: Mohit Sethi M <mohit.m.sethi@ericsson.com>
To: Björn Haase <bjoern.haase@endress.com>
CC: TLS List <tls@ietf.org>
Thread-Topic: [TLS] External PSK design team
Thread-Index: AQHV0E2SjDmfjGvr+ki2tvSwyoIaSw==
Date: Tue, 21 Jan 2020 11:26:06 +0000
Message-ID: <36da7d3d-52df-7038-b647-de8ae8c3d14a@ericsson.com>
References: <VI1PR05MB6509A86BFF79E36F0185BAE6830D0@VI1PR05MB6509.eurprd05.prod.outlook.com>
In-Reply-To: <VI1PR05MB6509A86BFF79E36F0185BAE6830D0@VI1PR05MB6509.eurprd05.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.4.1
authentication-results: spf=none (sender IP is ) smtp.mailfrom=mohit.m.sethi@ericsson.com;
x-originating-ip: [2001:14bb:140:3307:cc1e:8406:7a73:dca9]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 57b83436-7398-4aef-c6cd-08d79e64b53e
x-ms-traffictypediagnostic: DB6PR0701MB2758:
x-microsoft-antispam-prvs: <DB6PR0701MB275826EFA995E871FB7C30C8D00D0@DB6PR0701MB2758.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0289B6431E
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(39860400002)(366004)(396003)(136003)(376002)(346002)(189003)(199004)(478600001)(8936002)(5660300002)(4326008)(81156014)(81166006)(186003)(36756003)(8676002)(66446008)(76116006)(66556008)(66476007)(66946007)(64756008)(6916009)(66574012)(966005)(31686004)(6506007)(53546011)(6512007)(2906002)(15974865002)(6486002)(86362001)(31696002)(2616005)(316002)(71200400001); DIR:OUT; SFP:1101; SCL:1; SRVR:DB6PR0701MB2758; H:DB6PR0701MB2904.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: hA5MecB28R9wwJBgr6IR7B0kNHmZwEtPqi1CQDgYeehKx00O+ZMWw989ifISMMbBSpANYoRiB2Td8r1Rw2uAk8J310cJo3L8/3gxxudSjLsW9ngSDRU6+QUEdp1HR3u9UpvBs8BtdozslnpXx+LtLIJhNwko1KZBr8Wj1XYVDwbxm51dgHA7RpFHhLQR17EiDBptbe8Q6j08jsmB1BZ8inTtHd0ktDwER4RBL9MEIy3t9wyDUje6y6zy06SrIaRQshuhsl3sBKdQMGxxUPmJ5+B4CeSOtN4FWSJNTkBPLeuwZ2IWGNkB06TiRrG5WCBhRIMpFfylwiTrVCD/3nEkso02t4W+xErKPRjnc4QptGgr+WTPaM3aqxFJV94Hn7lsu4OCvzaxW44uIu55fRCE2u5PCLc56PigMX8uvQFJ5qOYIBEtPzuh31/fMgdwRRGJRm/EEIOS3kdGIqiMo+APD302bxVXpuOXR+JBbmaUOCE5ED1Posuql456VImD5bUVpKYPTSwXAiXa/nwI7UlO1Q==
x-ms-exchange-antispam-messagedata: KFWQ3QReStYzqv+W/mYpjiJkYGOeqf5IyBFnypypXS8Fne4N0lR+l6J9jfQdfp7U51LJInRnVEJngip6BWP67JdUs2FRXibAaty1cUDQuJonTAoca2rCG024Si7YW98gAmUUV+iPSYo7fRMAuXa6ZFMcdPnJYfxRHXLwSwqJTEJ7wnOFkkYCGlH1blTV964zTsZDqg5rb8PuzshCXYaqdg==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <18A8AD89896F204CBAEE1B39B8187386@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 57b83436-7398-4aef-c6cd-08d79e64b53e
X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Jan 2020 11:26:06.9793 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: y8ykSn/plpyVKDURoAFv+TpQGmtKR5IROeOhuHJrpSU1nWjH4lVzG8kZJv0ZGD5uUvnQ9j7ZTX1pSAAgdXSF7G4zWVbmSOZQLwpmArJjyjI=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB6PR0701MB2758
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/eJEPffJuWztw5xMuUZqPUuxleWU>
Subject: Re: [TLS] External PSK design team
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Jan 2020 11:26:14 -0000

Thanks for clarifying. I would still like that this design team to have 
a narrow scope. As Sean said in his initial email:

> forming a design team to focus on external PSK management and usage for TLS

--Mohit

On 1/21/20 12:40 PM, Björn Haase wrote:
>> Mohit Sethi M <mohit.m.sethi@ericsson.com> wrote:
>> I would let CFRG deal with the PAKE selection process:
>> and not have this design team spend time and energy on designing PAKEs.
> That was not what I was suggesting. Instead, I was suggesting to *incorporate* the results of the selection process into TLS, such that there is an option allowing for security also in case of a "Low-Entropy"-PSK. Possibly, if the PAKE substep actually happens to be no more complex than Diffie-Hellmann, it might be worth to consider the PAKE as the default mechanism for any PSK-based key establishment that authenticates an ephemeral new session key with a PSK mechanism.?
>
> Yours,
>
> Björn.
>
>
> Mit freundlichen Grüßen I Best Regards
>
> Dr. Björn Haase
>
>
> Senior Expert Electronics | TGREH Electronics Hardware
> Endress+Hauser Conducta GmbH+Co.KG | Dieselstrasse 24 | 70839 Gerlingen | Germany
> Phone: +49 7156 209 377 | Fax: +49 7156 209 221
> bjoern.haase@endress.com |  www.conducta.endress.com
>
>
>
> Endress+Hauser Conducta GmbH+Co.KG
> Amtsgericht Stuttgart HRA 201908
> Sitz der Gesellschaft: Gerlingen
> Persönlich haftende Gesellschafterin:
> Endress+Hauser Conducta Verwaltungsgesellschaft mbH
> Sitz der Gesellschaft: Gerlingen
> Amtsgericht Stuttgart HRA 201929
> Geschäftsführer: Dr. Manfred Jagiella
>
>   
> Gemäss Datenschutzgrundverordnung sind wir verpflichtet, Sie zu informieren, wenn wir personenbezogene Daten von Ihnen erheben.
> Dieser Informationspflicht kommen wir mit folgendem Datenschutzhinweis (https://www.endress.com/de/cookies-endress+hauser-website) nach.
>
>   
>
> Disclaimer:
>
> The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential, proprietary, and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you receive this in error, please contact the sender and delete the material from any computer. This e-mail does not constitute a contract offer, a contract amendment, or an acceptance of a contract offer unless explicitly and conspicuously designated or stated as such.
>   
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls