IETF Logo Mail Archive

Re: [TLS] Eric Rescorla's Discuss on draft-ietf-tls-ecdhe-psk-aead-04: (with DISCUSS and COMMENT)

Martin Thomson <martin.thomson@gmail.com> Wed, 24 May 2017 20:13 UTC

Return-Path: <martin.thomson@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 605FA127B52; Wed, 24 May 2017 13:13:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wBs26BcO8OtJ; Wed, 24 May 2017 13:13:26 -0700 (PDT)
Received: from mail-lf0-x22e.google.com (mail-lf0-x22e.google.com [IPv6:2a00:1450:4010:c07::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9B710127419; Wed, 24 May 2017 13:13:25 -0700 (PDT)
Received: by mail-lf0-x22e.google.com with SMTP id a5so60104669lfh.2; Wed, 24 May 2017 13:13:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=zp1eUfJVsE6CUyxmP97ocD/AKZ8W9acSn41sZy5nRc8=; b=JF6V58o0/Jo7+fPTgmqmBGWvENBxJ3wAPHPzmcugYM1uTDGS7wUVjOdIZIOwja60uO EV7DQChpmSpdEnvCjtzzryIj3rvHHSsXtH0d9VAsbRu1fcA4QZfOjC7LfscoqEPQz50D GuHIfALdcz+Qeg5wQnrFdPP/ucRW3pCerU9Bodx1LB/63q6RJmrPw80itKWRihuAICQF kpE5o1LHdnQAikvuJ+G8kBxWHbj8GuHrJNWuRIUfU5zCMYaL0qjwf90pSc9jl7bZW6PF 8hGyHZZ1zb0tv2vT5v1U1CJw8k0CuoXywBiORPc7VPzjkWKssMdU1k4cGKa9URbb5OI0 Rh1g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=zp1eUfJVsE6CUyxmP97ocD/AKZ8W9acSn41sZy5nRc8=; b=K1vEVFP6PM+oOlOj/a5tXwW8wu+qfb+kVlfnarCl4A2r+/qBFaIkFDq09GbrlN4diR O/GWAW9o/vYuzWDBQWotWveP3YWeA4j7NH05umCEtQjZFdIsBqAYoP+bBCFPkSz9Eqml rKMXXJO5vhwYT2m4Ur/qnaCTmdaaUap7tS8N4VtWXrvrL4AV7QCO7bkZ87cFuqE6jlRK 5tj6+Exf+AV6jNpk0KJ1FPv6wqI1RhaW3yYSFoB34HtZTgv3SALT6/C8u9IhbyMCXlwg Pky8LN/vbZoMn/X6KtoSaYwveUVZ16jdTK7++kOLfCRQQKhGJczQpe6mLr1yFZWW9t1Z Q9NQ==
X-Gm-Message-State: AODbwcD4jGfJbFFWd5DRXO0bpQieEsVMAihOnkAuL5Iru1NOwH51HcCn 3o37/yA8iC7rVVW7GtHT1ZFs2Z/nmg==
X-Received: by 10.25.215.198 with SMTP id q67mr8964367lfi.76.1495656803706; Wed, 24 May 2017 13:13:23 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.46.22.73 with HTTP; Wed, 24 May 2017 13:13:23 -0700 (PDT)
In-Reply-To: <CADZyTknBzV6Z_wwBtPw-=9VOw1Z0X8UQPRorwvg_cRQuRNFQLw@mail.gmail.com>
References: <149550551972.4974.3201248950751611020.idtracker@ietfa.amsl.com> <CADZyTknOk=skkKXFtrvVWuKVU_PLV3tecaeo9kdLe77a9YxkNQ@mail.gmail.com> <CABcZeBM-4_xqBOum3vCd2Sb5327CYpU08kxadqYwW+qh0W3eJw@mail.gmail.com> <CADZyTknmXE6UW5e9SbSwwSUZWU-wHw_+9sTB_xnYUmo8KBOJxg@mail.gmail.com> <CADZyTk=K8dzYaEL3TBjHMzsHnF+X52RvZiUsSBJQmNi0CkH=CA@mail.gmail.com> <CABkgnnVq8N+vEXZ-=yU+EWR9GYTh9K64D8MP0Yu7Pn0enE=iRQ@mail.gmail.com> <CADZyTknBzV6Z_wwBtPw-=9VOw1Z0X8UQPRorwvg_cRQuRNFQLw@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
Date: Thu, 25 May 2017 06:13:23 +1000
Message-ID: <CABkgnnX_U7DW-+Pq+32-Z3eQB-ZR_C8GM6XUBDDeSAxJqkZ8ng@mail.gmail.com>
To: Daniel Migault <daniel.migault@ericsson.com>
Cc: Eric Rescorla <ekr@rtfm.com>, tls-chairs <tls-chairs@ietf.org>, The IESG <iesg@ietf.org>, tls <tls@ietf.org>, draft-ietf-tls-ecdhe-psk-aead@ietf.org
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/iJjevzdtH0YH5pmYsz-8uguwcQE>
Subject: Re: [TLS] Eric Rescorla's Discuss on draft-ietf-tls-ecdhe-psk-aead-04: (with DISCUSS and COMMENT)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 May 2017 20:13:27 -0000

On 25 May 2017 at 00:04, Daniel Migault <daniel.migault@ericsson.com> wrote:

> B) It is not true as TLS1.3 enables these cipher suites to be negotiated
> with TLS1.3.

You can't negotiate the new suites with 1.3, but you can offer them in
case the server picks 1.2.

Joe's proposal fixes this and other errors.


>> You don't anywhere state that TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256
>> means to use AEAD_AES_128_GCM (and the same for the other
>> ciphersuites).  I mention this because the order in which the AEAD
>> algorithms are mentioned is different to the order of the ciphersuites
>> in the list.
>>
>
> Unless I miss your comment, I believe the section 3 already addresses it. If
> not please let me knoe what text you would like to see.
>
> """
> 3.  ECDHE_PSK with AES-GCM and AES-CCM Cipher Suites
>
>    The cipher suites defined in this document are based on the AES-GCM
>    and AES-CCM Authenticated Encryption with Associated Data (AEAD)
>    algorithms AEAD_AES_128_GCM, AEAD_AES_256_GCM and AEAD_AES_128_CCM
>    defined in [RFC5116], and AEAD_AES_128_CCM_8 defined in [RFC6655].
>
> """

You miss my comment.  This does not prevent someone from deciding that
TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256 should use AEAD_AES_128_CCM_8.

v2.23.0 | Report a Bug | By Email