Re: [TLS] Genart last call review of draft-ietf-tls-ecdhe-psk-aead-03

Dan Romascanu <> Thu, 18 May 2017 20:54 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 7D876129B55; Thu, 18 May 2017 13:54:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id AuFAi7Ey_ya0; Thu, 18 May 2017 13:54:05 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:400d:c0d::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id BCBB2129BDA; Thu, 18 May 2017 13:48:08 -0700 (PDT)
Received: by with SMTP id c13so44357435qtc.1; Thu, 18 May 2017 13:48:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=iMx3OZGOhgrQiAN7fV+Jcg3bGsPXOS4n792xRPXdOsU=; b=XpoYHqBcc/PN0YYBdSf2VDx0a7/t1YgIJjeMbzdmlZQhgSHLxBGTJFO00MqVgHISGd JM4DGPPuIbbxhl4dtZQf1BP9aNrHFh8sUOb/237opM8skoXjuEwKIE+A1pCrzt3R3V0D etCsTwNwF1XMMhB7sKLZXvzptQ9Yfh1Ad0Dd6yAA+4qaA6QP460dqQfo3rs693keYd2Z kLYdcfPPmybwWoDwCNltag81+P1xQKvGes5B5BuRYT3IbTKI3mIFgfxDiJ+GUnoD2Gia hud7zUOE8YzKOBlyb0lrGSBzfR/t6j567u2uOF/c/YwX0pHE1XqyOGPn0tDnjBIkC/Si Tfkw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=iMx3OZGOhgrQiAN7fV+Jcg3bGsPXOS4n792xRPXdOsU=; b=p1/AwDtDyfM961KHUs52xmljZ4/KdvNdHb2d0gXAqhGOqwtk6WGATB1683bvMUU4o2 HUCLHWzvyTMpOxd6VA+XZGBym6MurGC9v4ujqY8cHgoTNJs6z72O3dAyDuzqt7CFBc3N cx5yr0DxxbVc9eZUV8o5+KEZ9t7ij9gacMwwwVnAUUaEuQG6d7fWWS/y13f3b/J1lfta IkmJ9aiv9P7d9iO8bOS4I0yc5hiLqRYAl+4g6BN9BSQGIH27OhOcQNVO6WnsdxkEqlSk 10lRTpO7SgDIYA+fq+8j5gBOipsUnq5L1Ar0IP/d0QJ00OQSDr+uUTcNPGiI/E/lV8w+ k7wQ==
X-Gm-Message-State: AODbwcC5lC7eZJzKtNJNUaLxRhJVzecTHTGGpccYTdsrUGOyNiQHgG+2 yyQp4qJ/u3EhQjNGIMHqbGlWar5U6Q==
X-Received: by with SMTP id r3mr6285091qtc.200.1495140487931; Thu, 18 May 2017 13:48:07 -0700 (PDT)
MIME-Version: 1.0
Received: by with HTTP; Thu, 18 May 2017 13:48:07 -0700 (PDT)
In-Reply-To: <>
References: <> <>
From: Dan Romascanu <>
Date: Thu, 18 May 2017 23:48:07 +0300
Message-ID: <>
To: Daniel Migault <>
Cc: "" <>, "" <>, "" <>, "" <>
Content-Type: multipart/alternative; boundary="001a114385c8ac2ac6054fd285ed"
Archived-At: <>
Subject: Re: [TLS] Genart last call review of draft-ietf-tls-ecdhe-psk-aead-03
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 18 May 2017 20:54:08 -0000

Hi Daniel,

Thank you for your response, and for addressing my comment. Yes, the edits
address my concern, this is exactly the kind of clarification text that IMO
was missing. I suggest to publish the revised version as soon as you
address all other comments. The document can be approved by the IESG if
they believe it's ready and will wait in the RFC Editor Queue because of
the dependency on TLS 1.3.



On Thu, May 18, 2017 at 8:44 PM, Daniel Migault <
> wrote:

> Hi Dan,
> Thank you for your reviews and comments. I believe the following text
> provides more explanation on how the provided cipher suites are negotiated
> by TLS1.3 as well as why point codes defined in the document does not apply
> to TLS1.3. Feel free to let me know if that address your concern and I can
> publish version 04 with the text below.
> Unlike TLS1.2, TLS1.3 separates authentication and cipher suite
> negotiation <xref target="I-D.ietf-tls-tls13"/> Section 1.2. TLS1.3
> supports PSK with ECDHE key exchange and the cipher suites
> TLS_AES_128_GCM_SHA256, TLS_AES_256_GCM_SHA384, TLS_AES_128_CCM_8_SHA256
> and  TLS_AES_128_CCM_SHA256 are part of the specification. As a result, TLS
> 1.3 and higher versions, negotiate and support these cipher suites in a
> different way.
> I am not sure we  have to wait for the publication of TLS1.3 as changes on
> TLS1.3 are unlikely to impact the code point assigned. However, we
> currently have TLS1.3 as a normative reference.
> Yours,
> Daniel
> -----Original Message-----
> From: Dan Romascanu []
> Sent: Monday, May 15, 2017 6:47 AM
> To:
> Cc:;;
> Subject: Genart last call review of draft-ietf-tls-ecdhe-psk-aead-03
> Reviewer: Dan Romascanu
> Review result: Ready with Issues
> I am the assigned Gen-ART reviewer for this draft. The General Area Review
> Team (Gen-ART) reviews all IETF documents being processed by the IESG for
> the IETF Chair.  Please treat these comments just like any other last call
> comments.
> For more information, please see the FAQ at
> <>.
> Document: draft-ietf-tls-ecdhe-psk-aead-??
> Reviewer: Dan Romascanu
> Review Date: 2017-05-15
> IETF LC End Date: 2017-05-18
> IESG Telechat date: 2017-05-25
> Summary:
> This is a straight-forward and clear document that defines several new
> cipher suites for the Transport Layer Security (TLS) protocol version
> 1.2 and higher, based on the Ephemeral Elliptic Curve Diffie-Hellman with
> Pre-Shared Key (ECDHE_PSK) key exchange together with the Authenticated
> Encryption with Associated Data (AEAD) algorithms AES-GCM and AES-CCM. The
> document is well written and I appreciate the effort to clarify in the
> Introduction the context, what was missing, and why the document is
> necessary. The document is Ready, there is one issue about support for TLS
> version 1.3 and higher that may need some text clarification.
> Major issues:
> Minor issues:
> Section 4 ('Applicable TLS Versions') describes in details how the cipher
> suites defined in the document make use of the authenticated encryption
> with additional data (AEAD) defined in TLS 1.2 [RFC5246] and DTLS 1.2
> [RFC6347]. About TLS 1.3 it just says:
> ' TLS 1.3 and above version, negotiate and support these cipher suites in
> a different way.'
> This may raise some concerns as 'in a different way' is ambiguous,
> especially compared to the details included for TLS 1.2. Moreover, TLS
> 1.3 is still work-in-progress, and I believe that this document when
> approved needs to wait for TLS 1.3 to be approved for publication.
> Will anything change, or need to be added? Some better clarification text
> would help IMO.
> Nits/editorial comments: