IETF Logo Mail Archive

Re: [TLS] TLS 1.3 multiple PSKs (was session tickets) from the client?

Martin Thomson <martin.thomson@gmail.com> Fri, 11 May 2018 00:31 UTC

Return-Path: <martin.thomson@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 28D1212EBAF for <tls@ietfa.amsl.com>; Thu, 10 May 2018 17:31:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RzUMoxxQcx9P for <tls@ietfa.amsl.com>; Thu, 10 May 2018 17:31:19 -0700 (PDT)
Received: from mail-ot0-x233.google.com (mail-ot0-x233.google.com [IPv6:2607:f8b0:4003:c0f::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BFA7812E8C7 for <tls@ietf.org>; Thu, 10 May 2018 17:31:19 -0700 (PDT)
Received: by mail-ot0-x233.google.com with SMTP id m11-v6so4358900otf.3 for <tls@ietf.org>; Thu, 10 May 2018 17:31:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=RzVEowdJAfHWIqB7rfD1gP3cqvcGrbMOAYKNxjFkDTU=; b=msRNEwZvcEfqznfeSpRWbUM6WKJjjAcvW4pClZ22ucDPi6ljqI6McZ9yKgw8jk0f7Z Cc4EXfMhh9JtiIoewm3XZMlLcGTkl2Y1F5J1Gp7gF7pvoqVFjpa9/qYK/RhcDI3kt247 ufl+C+q65pBGo1/5BBtioIEClLMkR8XJ+nOSavaOWIZtcgFAjHLEeO+LeBX91/ZIv1AR IOvFOmIBGDPu7l+YVgkIoMurBpeIeCE730oNv4fqeuI3WJmlJsy00P41R4md6z43ZAKL 4c+f7g8yHfFe2aS7MzbO/U/nLYCLKCgNXXtT3cZAnICnExZjg/Uvoo+zvjvjHME1eb12 XHBQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=RzVEowdJAfHWIqB7rfD1gP3cqvcGrbMOAYKNxjFkDTU=; b=htBJR64cfjtTwxvausoA6RwgYxcpsMCha/kf8IjU+ZMzVd8EEZwGQ4sNn4nbhEUu0k 9w98NSffyUu2kzWNMDWjL8pWU6hRF75PAzecCW91h26LAogviErL3jYcy+2ogcbiq5eu sDYR48WACX5zzJnQadsTco5ZGk2cvJawA6DPvkT0vwF5oa3opDzPFnjivYZuNyGtZPfP T0uFEkc5wAbEh9pGYZAl7OQeof6p7wjFCQwrYuH4wBpvzlqPbEOs7/I0ZLHp2JmcmcYn wJuTIPDsBnxH4N8QQKwFUq3QZHBcKUqJwC/I8mjLAkNj1udEoh7OtCAnAYBBVc3f3Xyc d1Sw==
X-Gm-Message-State: ALKqPwfHTwZe945FpVyEG9MqpALN3UyqO657qFm6Zxl33chqZ4L52acm hs5WOPsofe/jfU7PtV6CDdP3lr10Xkarn3XpQ8o0CQ==
X-Google-Smtp-Source: AB8JxZobJCoV30Y3PN+MaqQJiNrmGtgsMXAx9oz5wki0nbjjeYtpuFS7x/2bFrkULehHnq3XlLqCuSx7I/bknUm6Bu0=
X-Received: by 2002:a9d:3a65:: with SMTP id j92-v6mr2608962otc.352.1525998678715; Thu, 10 May 2018 17:31:18 -0700 (PDT)
MIME-Version: 1.0
References: <773A6343-2978-4195-BF53-B5253E3B9129@dukhovni.org> <CABkgnnXNnheqdRBO_h6XVK5uvr-qoM9_xSMq4EEH5CgKLWqabw@mail.gmail.com> <CABcZeBPqVTWaZ5pXBf66jt+2m0rXA6LoqaddQB8onvwjE+39QQ@mail.gmail.com> <71974FFA-DEA4-4C66-BDAE-FAD7BF46463B@dukhovni.org> <CABcZeBN1gF7gtQbxKg_5xs4DSimKR1Gf=-0Pm9=b1D_M6rSY3A@mail.gmail.com> <BBFEDE28-AC26-4748-9F49-8B6EBF12F1F1@dukhovni.org> <2AF454E0-48F4-4C98-855D-B4BB342E4C47@dukhovni.org> <45BA18DD-AD60-4D15-B757-3DB4C35C3B3D@dukhovni.org>
In-Reply-To: <45BA18DD-AD60-4D15-B757-3DB4C35C3B3D@dukhovni.org>
From: Martin Thomson <martin.thomson@gmail.com>
Date: Fri, 11 May 2018 10:31:11 +1000
Message-ID: <CABkgnnXUs-LNKS0MfoDpjg7c9gVEXGMeN+m8VYZrq5eBzapa4w@mail.gmail.com>
To: "<tls@ietf.org>" <tls@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/hU__umd3gFoxXyBFdJx0rsEnvlA>
Subject: Re: [TLS] TLS 1.3 multiple PSKs (was session tickets) from the client?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 May 2018 00:31:21 -0000

On Fri, May 11, 2018 at 9:08 AM Viktor Dukhovni <ietf-dane@dukhovni.org>
wrote:
>   Should servers issue resumption tickets after an initial PSK handshake?
>   And if so, should resumption be preferred for any reason when the client
>   sends both a resumption ticket and the external PSK?

I don't think that we can codify anything here, but the angle I approach
this from is in terms of what safeguards are placed on keys.

Ticket keys are typically stored in volatile or temporary storage with
their relatively brief validity interval being the primary safeguard
against theft.  That makes them easy to use, but they are consequently
unusable over long periods of time.

If an external PSK has a need to be viable over longer periods, then
perhaps you want to use it less often.  That might be to avoid having to
load it into memory and risk it being readable, or it might be because the
controls on its use are more onerous.  For instance, some might require
user input (for a PIN or the like), or have a performance cost involved in
access.

All speculation, but there you go.

v2.23.0 | Report a Bug | By Email