Re: [TLS] Comments on draft-ietf-tls-tls13-cert-with-extern-psk-02

Russ Housley <housley@vigilsec.com> Thu, 18 July 2019 19:39 UTC

Return-Path: <housley@vigilsec.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A16C31205CC for <tls@ietfa.amsl.com>; Thu, 18 Jul 2019 12:39:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pENhGcfZbI6E for <tls@ietfa.amsl.com>; Thu, 18 Jul 2019 12:39:17 -0700 (PDT)
Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5924B1200C4 for <tls@ietf.org>; Thu, 18 Jul 2019 12:39:17 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id 615DB300AFF for <tls@ietf.org>; Thu, 18 Jul 2019 15:19:59 -0400 (EDT)
X-Virus-Scanned: amavisd-new at mail.smeinc.net
Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id nVZqp20Ok2aq for <tls@ietf.org>; Thu, 18 Jul 2019 15:19:57 -0400 (EDT)
Received: from [5.5.33.74] (unknown [204.194.23.17]) by mail.smeinc.net (Postfix) with ESMTPSA id 40C933005D8; Thu, 18 Jul 2019 15:19:57 -0400 (EDT)
From: Russ Housley <housley@vigilsec.com>
Message-Id: <50C20275-C247-46AD-8CC1-FCF6CCDCBADB@vigilsec.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_625A3BCC-C2FC-4D45-9A88-E1620DB28E8D"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
Date: Thu, 18 Jul 2019 15:39:13 -0400
In-Reply-To: <20190718160114.75DBF120806@ietfa.amsl.com>
Cc: IETF TLS <tls@ietf.org>
To: "Hammell, Jonathan F" <Jonathan.Hammell@cyber.gc.ca>
References: <20190718160114.75DBF120806@ietfa.amsl.com>
X-Mailer: Apple Mail (2.3445.104.11)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/ftoTmltQo6TN371E2oH6yoo17iE>
Subject: Re: [TLS] Comments on draft-ietf-tls-tls13-cert-with-extern-psk-02
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Jul 2019 19:39:21 -0000

The document s with the IESG, and it should soon be in IETF Last Call.  I will address these as early IETF Last Call comments when that happens.

Russ


> On Jul 18, 2019, at 12:01 PM, Hammell, Jonathan F <Jonathan.Hammell@cyber.gc.ca> wrote:
> 
>  <>Classification: UNCLASSIFIED
>  
> I realize publication has been requested for this draft, but I have a few comments that the author might want to address, if still possible.
>  
> 1. The draft says that if none of the PSKs provided by the client are acceptable to the server, then the extension must be omitted from the ServerHello message.  Nothing is said about how the client should behave if it receives this: continue or abort with what error code?
>  
> 2. It can be detected if two PSK identifiers sent in the same ClientHello have the same PSK value by observing the binder values.  Granted, I can't think why this would occur, but it might be important to point this out in the Security Considerations in order for implementers to be clear about security guarantees.
>  
> 3. Section 4, paragraph 3 states that "If none of the external
>    PSKs in the list provided by the client is acceptable to the server,
>    then the "tls_cert_with_extern_psk" extension is omitted from the
>    ServerHello message."
>  
> Section 5 has a similar statement but using the word "MUST": "If none of the
>    offered external PSKs in the list provided by the client are
>    acceptable to the server, then the "tls_cert_with_extern_psk"
>    extension MUST be omitted from the ServerHello message."
>  
> These statements should be consistent in the requirement language.
>  
> 4. Section 5, paragraph starting with "The identities are a list of external PSK identities...": s/identities may be know to other parties/identities may be known to other parties
>  
>  
> Best regards,
> Jonathan
>  
> --
> Jonathan Hammell
> Canadian Centre for Cyber Security
> Jonathan.Hammell@cyber.gc.ca <mailto:Jonathan.Hammell@cyber.gc.ca>
>  
>  
>  
> _______________________________________________
> TLS mailing list
> TLS@ietf.org <mailto:TLS@ietf.org>
> https://www.ietf.org/mailman/listinfo/tls <https://www.ietf.org/mailman/listinfo/tls>