Re: [TLS] draft-ietf-tls-tls13-15

Ilari Liusvaara <ilariliusvaara@welho.com> Thu, 18 August 2016 05:26 UTC

Return-Path: <ilariliusvaara@welho.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 50D9412D53C for <tls@ietfa.amsl.com>; Wed, 17 Aug 2016 22:26:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.147
X-Spam-Level:
X-Spam-Status: No, score=-3.147 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-1.247] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TSqxN7RzJtNk for <tls@ietfa.amsl.com>; Wed, 17 Aug 2016 22:26:31 -0700 (PDT)
Received: from welho-filter3.welho.com (welho-filter3.welho.com [83.102.41.25]) by ietfa.amsl.com (Postfix) with ESMTP id B71AE12B015 for <tls@ietf.org>; Wed, 17 Aug 2016 22:26:31 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by welho-filter3.welho.com (Postfix) with ESMTP id 8415A102F0; Thu, 18 Aug 2016 08:26:30 +0300 (EEST)
X-Virus-Scanned: Debian amavisd-new at pp.htv.fi
Received: from welho-smtp1.welho.com ([IPv6:::ffff:83.102.41.84]) by localhost (welho-filter3.welho.com [::ffff:83.102.41.25]) (amavisd-new, port 10024) with ESMTP id PI3fl3wDq6oP; Thu, 18 Aug 2016 08:26:30 +0300 (EEST)
Received: from LK-Perkele-V2 (87-100-177-32.bb.dnainternet.fi [87.100.177.32]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by welho-smtp1.welho.com (Postfix) with ESMTPSA id 5A0ACC4; Thu, 18 Aug 2016 08:26:30 +0300 (EEST)
Date: Thu, 18 Aug 2016 08:26:22 +0300
From: Ilari Liusvaara <ilariliusvaara@welho.com>
To: Eric Rescorla <ekr@rtfm.com>
Message-ID: <20160818052622.zim6nxwwqw3hzmr6@LK-Perkele-V2.elisa-laajakaista.fi>
References: <CABcZeBMqykSnQp__TRaNmyhpcLPaU=eeuM120zgAoprwd0555w@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <CABcZeBMqykSnQp__TRaNmyhpcLPaU=eeuM120zgAoprwd0555w@mail.gmail.com>
User-Agent: Mutt/1.6.2-neo (2016-08-08)
Sender: ilariliusvaara@welho.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/fc0csd-hWG5n0lMEAt9FBBAKOFw>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] draft-ietf-tls-tls13-15
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Aug 2016 05:26:33 -0000

On Wed, Aug 17, 2016 at 02:49:52PM -0700, Eric Rescorla wrote:
> Folks,
> 
> I've just submitted draft-ietf-tls-tls13-15.

Doing brief review:

- Section 4.2.2 talks EdDSA using "ECDSA cipher suites". TLS 1.3 does
  not have those. However, this kind of information is very relevant
  for TLS 1.2 backward compatiblity: you need to assign TLS 1.2
  cipher suites for EdDSA in order to use it in TLS 1.2. TLS 1.3 does
  not care either way.

- I note that accepting PSK and selecting the auth mode seem to be
  in separate messages, which seems quite annoying implementation-
  wise..

- Can the server send arbitrary certificate in response to PSK or is
  it somehow restricted? The document does not seem to talk about it.

- The HelloRetryRequest is problematic in pure-PSK case[1].


[1] One way to do it would be to move the group to extension, which
would only be sent if new group was needed. Then one could always
require at least one extension (the field could also be renamed).
Also, one could make it so that HRR extensions don't have to 
correspond to CH extensions (and unsupported one is a fatal error).



-Ilari