Re: [TLS] Comments on PR #95

Watson Ladd <> Wed, 07 January 2015 23:36 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 20DA41A7D81 for <>; Wed, 7 Jan 2015 15:36:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id wHF_prkLLdFX for <>; Wed, 7 Jan 2015 15:36:23 -0800 (PST)
Received: from ( [IPv6:2607:f8b0:4002:c01::22c]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 2D55E1A7026 for <>; Wed, 7 Jan 2015 15:36:23 -0800 (PST)
Received: by with SMTP id c41so1128079yho.17 for <>; Wed, 07 Jan 2015 15:36:22 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=hHWRckVGkTvyvaN4RM69tOhJIj3AXkHicGdh54Npgvg=; b=Qu26+K5ecIc73xGoxHcTs6/ivZLSXNHSxVtMBRMQ2rA8Vj7FtKfbuuwe6cHwItnKdU EDX9HImVD7nR0cadZJRN6+fyxVBZhubVKEY01jP/rL05c9BtAd+yFLhsyPJrkqnH/NQW njKViLdTNu3KGNJRrftG7W8lds8FN3PsM8F2smqOqA982zUAOPjRFdiY+tTfpxH71uXF Ij3ctMpJgmg/3ZqiopkVmO8b/ayIF3nkv7l2X9F7PwLT79eoxKptK0KPFgq4M3/Zoxvn 0Zt+V9FCnks8XrIDHc38DspUII7Qpkf5INPbS4VBr8uikU+44OTu2z7wgKGhzIpvb6CP 9obQ==
MIME-Version: 1.0
X-Received: by with SMTP id g124mr4703742yka.24.1420673782341; Wed, 07 Jan 2015 15:36:22 -0800 (PST)
Received: by with HTTP; Wed, 7 Jan 2015 15:36:22 -0800 (PST)
In-Reply-To: <>
References: <> <>
Date: Wed, 07 Jan 2015 18:36:22 -0500
Message-ID: <>
From: Watson Ladd <>
To: Tom Wu <>
Content-Type: text/plain; charset="UTF-8"
Cc: "" <>
Subject: Re: [TLS] Comments on PR #95
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 07 Jan 2015 23:36:25 -0000

On Wed, Jan 7, 2015 at 4:40 PM, Tom Wu <> wrote:
>> Line 1912: Was anyone using SRP? The more generic we have to make TLS 1.3, and the more we > have to shoehorn in, the more complex it gets.
>> This open issue could get hairy.
> SRP is definitely useful, as it's the only PAKE ciphersuite available in TLS.  What exactly are the interactions that need to be worked out with PSK and SRP?

SRP in TLS is inherently 2-RTT as implemented now: the client sends a
username, the server a key exchange response, and the client its
response, at which point a key can be computed. But the server sends
parameters that client uses for the exchange in their message. It may
be possible to change this, having the client pick the group, send
identity and A in the first message, and server respond with
everything else for the PMS in the second message. Doesn't help with
identity hints.

Watson Ladd

> Tom