Re: [TLS] WGLC for draft-ietf-tls-tls13-cert-with-extern-psk

Russ Housley <housley@vigilsec.com> Tue, 21 May 2019 13:37 UTC

Return-Path: <housley@vigilsec.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1F28112012D for <tls@ietfa.amsl.com>; Tue, 21 May 2019 06:37:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QODq9TwJLSDx for <tls@ietfa.amsl.com>; Tue, 21 May 2019 06:37:31 -0700 (PDT)
Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 15408120141 for <tls@ietf.org>; Tue, 21 May 2019 06:37:31 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id A4B7E3005AB for <tls@ietf.org>; Tue, 21 May 2019 09:18:12 -0400 (EDT)
X-Virus-Scanned: amavisd-new at mail.smeinc.net
Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id WEsSEAtduxzd for <tls@ietf.org>; Tue, 21 May 2019 09:18:10 -0400 (EDT)
Received: from a860b60074bd.fios-router.home (unknown [138.88.156.37]) by mail.smeinc.net (Postfix) with ESMTPSA id B1863300A46; Tue, 21 May 2019 09:18:10 -0400 (EDT)
From: Russ Housley <housley@vigilsec.com>
Message-Id: <D0590FCB-2760-418D-BC69-621AC2481485@vigilsec.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_9EE031DC-2A34-41A7-BF1F-4D932209FC8C"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
Date: Tue, 21 May 2019 09:37:28 -0400
In-Reply-To: <71EB9B8A-C410-4A35-A0FE-3E2BE89E7C65@ll.mit.edu>
Cc: IETF TLS <tls@ietf.org>
To: Uri Blumenthal <uri@ll.mit.edu>
References: <CAOgPGoBA8KykyHmLxqSEp51jyXO673Wb==O9KVx+U23k3h1=Tg@mail.gmail.com> <CAOgPGoDArfcX09bXVT58VgsyXspG76Cm9TNaBUmGgaqUB=ULUA@mail.gmail.com> <623BD5EA-1D76-494C-B87D-55FD1156EBD6@vigilsec.com> <71EB9B8A-C410-4A35-A0FE-3E2BE89E7C65@ll.mit.edu>
X-Mailer: Apple Mail (2.3445.104.11)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/jZam_sHR2TxjmhBc5NzVzIM6A30>
Subject: Re: [TLS] WGLC for draft-ietf-tls-tls13-cert-with-extern-psk
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 May 2019 13:37:34 -0000

Uri:

Out-of-band distribution is used.  This draft makes no attempt at picking one of the many ways to do that.

Russ


> On May 20, 2019, at 3:41 PM, Blumenthal, Uri - 0553 - MITLL <uri@ll.mit.edu> wrote:
> 
> I reviewed this draft (“browsed through” would be a more honest statement). I didn’t spot an obvious problem with it.
>  
> One question that I have after reading it: I understand why one wants to implement this extension, but I don’t see how the two endpoints would arrive at that external PSK.
>  
> From: TLS <tls-bounces@ietf.org <mailto:tls-bounces@ietf.org>> on behalf of Russ Housley <housley@vigilsec.com <mailto:housley@vigilsec.com>>
> Date: Monday, May 20, 2019 at 3:21 PM
> To: Joe Salowey <joe@salowey.net <mailto:joe@salowey.net>>
> Cc: IETF TLS <tls@ietf.org <mailto:tls@ietf.org>>
> Subject: Re: [TLS] WGLC for draft-ietf-tls-tls13-cert-with-extern-psk
>  
> TLS 1.3 Extension for Certificate-based Authentication with an External PSK ensures the US Government has a quantum-resistant option for TLS in the interim years until post-quantum algorithms emerge from the NIST process. For this reason, there is an intent to specify this extension in future procurements.
>  
> Russ
>  
> 
> 
>> On May 15, 2019, at 9:20 AM, Joseph Salowey <joe@salowey.net <mailto:joe@salowey.net>> wrote:
>>  
>> The last call has come and gone without any comment.  Please indicate if you have reviewed the draft even if you do not have issues to raise so the chairs can see who has reviewed it.  Also indicate if you have any plans to implement the draft. 
>>  
>> On Tue, Apr 9, 2019 at 8:51 PM Joseph Salowey <joe@salowey.net <mailto:joe@salowey.net>> wrote:
>>> This is the working group last call for the "TLS 1.3 Extension for Certificate-based Authentication with an External Pre-Shared Key” draft available at https://datatracker.ietf.org/doc/draft-ietf-tls-tls13-cert-with-extern-psk/ <https://datatracker.ietf.org/doc/draft-ietf-tls-tls13-cert-with-extern-psk/>. Please review the document and send your comments to the list by 2359 UTC on 23 April 2019.
>>>  
>>> Thanks,
>>> Chris, Joe, and Sean
> 
> 
> 
> _______________________________________________
> TLS mailing list
> TLS@ietf.org <mailto:TLS@ietf.org>
> https://www.ietf.org/mailman/listinfo/tls <https://www.ietf.org/mailman/listinfo/tls>