Re: [TLS] Review of draft-ietf-tls-external-psk-guidance

Christopher Wood <caw@heapingbits.net> Tue, 18 August 2020 23:46 UTC

Return-Path: <caw@heapingbits.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CB84D3A0F5E for <tls@ietfa.amsl.com>; Tue, 18 Aug 2020 16:46:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=heapingbits.net header.b=2N2uucM+; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=lSDCTrIs
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YWzP6nUP6hC0 for <tls@ietfa.amsl.com>; Tue, 18 Aug 2020 16:46:00 -0700 (PDT)
Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com [66.111.4.25]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A85E73A0F5D for <tls@ietf.org>; Tue, 18 Aug 2020 16:46:00 -0700 (PDT)
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.nyi.internal (Postfix) with ESMTP id 07A5E5C0144 for <tls@ietf.org>; Tue, 18 Aug 2020 19:46:00 -0400 (EDT)
Received: from imap4 ([10.202.2.54]) by compute1.internal (MEProxy); Tue, 18 Aug 2020 19:46:00 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=heapingbits.net; h=mime-version:message-id:in-reply-to:references:date:from:to :subject:content-type; s=fm2; bh=33cqMtgBtH31JsAAJ8TR5Fnaa4Qd2NL z6IJDAy95i0g=; b=2N2uucM+tFkqRq/Wvs21lqv4UFckG1vhxcQK+tCEN3Ai77s Po/wacRKJDh6SaeGWNLDrWJ2fgPKhTF3YwPB04gBa7Y13PPMlOnrdx0wBXWzgKBG zxw6FQbx0bA3Y5/pYJIeFdOYHSMtJeAwr6aa1wuNj6mOzcAeNQ2CjWSKT9liatLX ya/d5zs1MTdV1+sPh7kk3F5uXRjP61qb1IarWIG/iik9J7vuGNCs+xP63ArgHfZm TNTQR/x69oRR45Dqi+BHRgowiEEtldH4EaeMNzJdD4Gr/RHxb66tz4wLOcROqJiG PWtv8aeOzfDNUBkx5n7Y8dt2dRfk0qKLUw+kpxA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; bh=33cqMt gBtH31JsAAJ8TR5Fnaa4Qd2NLz6IJDAy95i0g=; b=lSDCTrIs1Ez5kpfySCioVY 1bC50+fgOe4yGUAb8DgPZs7gvUy99LgudeMdr1ZJiOJA9um+Bb3AxCGOHJu/3/Tb yFSAm2vQYpPLA+fSkAgTHgYvWc91Lehok1MtaThAjglU3sh1pa3Oo6KwNKht5TQz d6wGU6Y1ej0vy6iyw9PUHboAdZZlE3jGIHn/HwjNI1/kox2syQDQdIpsxRfRzySa DcFPuFhoHfdVYQ39WXpWGhNKk3J32yeUlFCms1uBztybd8VowFf4XNLS9hm8jk41 7hapZSWlNEzIhEdl2DrCHrGcr1W752Emk02k307WdUkifgRDY/7Zs4O5hOOKXCgA ==
X-ME-Sender: <xms:N2g8X4G-wHtyl9yhfvO5xZSUDlYuclGpIt0tR5qToOgNRYp5rLjUig>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduiedruddtjedgvdefucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefofgggkfgjfhffhffvufgtsehttd ertderredtnecuhfhrohhmpedfvehhrhhishhtohhphhgvrhcuhghoohgufdcuoegtrgif sehhvggrphhinhhgsghithhsrdhnvghtqeenucggtffrrghtthgvrhhnpedtffeuleevfe elheelffffgfelffejhfekteduhfeuleehteejhedvfffghfeuleenucffohhmrghinhep ghhithhhuhgsrdgtohhmpdhivghtfhdrohhrghenucevlhhushhtvghrufhiiigvpedtne curfgrrhgrmhepmhgrihhlfhhrohhmpegtrgifsehhvggrphhinhhgsghithhsrdhnvght
X-ME-Proxy: <xmx:N2g8XxUfG6EG6kK0PPBmLJJEcJXwzuAUzegMzqIZCz96V9hUvX8pSg> <xmx:N2g8XyJyNcs0u0YsU-62Bq-9oYdcOpMIlYF63JPyXDH1nFS3w0Cm6w> <xmx:N2g8X6GQh4LweN4RlWWHo56L_vF165w_UZhLeMmZEaIpIKitzVCBPw> <xmx:OGg8X3UEhbfhb1-SA7_4TwGbiOTuMvGgNEgmIEwUXIUsCDB4A7YHzg>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id BF43A3C00A1; Tue, 18 Aug 2020 19:45:59 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.3.0-191-gef79d59-fm-20200818.001-gef79d590
Mime-Version: 1.0
Message-Id: <adb7f3c3-fba9-44c0-9dec-d79b97de25d8@www.fastmail.com>
In-Reply-To: <CACsn0cnutp3LJokruYaCSteZiNdMOe8het-2p1jvmLUYGimKqg@mail.gmail.com>
References: <CACsn0cnutp3LJokruYaCSteZiNdMOe8het-2p1jvmLUYGimKqg@mail.gmail.com>
Date: Tue, 18 Aug 2020 16:45:38 -0700
From: "Christopher Wood" <caw@heapingbits.net>
To: "TLS@ietf.org" <tls@ietf.org>
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/jadLOQFq5fmF2wqpS1OdJ-k_RpQ>
Subject: Re: [TLS] Review of draft-ietf-tls-external-psk-guidance
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Aug 2020 23:46:05 -0000

Hi Watson,

Apologies for the delay. I filed this issue to track your feedback: 

   https://github.com/tlswg/external-psk-design-team/issues/41

I think the issues and editorial suggestions you make are sound. I'll propose some text soon.

Best,
Chris 

On Mon, Jul 6, 2020, at 12:47 PM, Watson Ladd wrote:
> Dear WG,
> 
> I've taken a look at the draft and I think while its discussion of the
> properties and limitations of the external PSKs are good, I think the
> recommendations in section 7 could use some minor editorial work.
> 
> In particular  "SHOULD be combined with a DH exchange for forward
> secrecy." I would like to see rephrased to make clear that this is
> about the TLS PSK Key Exchange Mode. It wasn't immediately clear to me
> on first read, especially given the next sentence is (maybe) about key
> establishment outside of TLS.
> 
> "If only low-entropy keys are available, then key establishment
> mechanisms such as Password Authenticated Key Exchange (PAKE) that
> mitigate the risk of offline dictionary attacks SHOULD be employed".
> I have some questions about the meaning of this sentence. If it's
> about potential future additions to TLS ciphersuites, then it should
> be more clear that this doesn't currently exist and will in the
> future.  If it's about designing an ad-hoc key distribution mechanism
> to be run one time ahead of PSK TLS, then I think we should say so
> more clearly and provide guidance on how to do this and think through
> the implications.
> 
> Section 7.1.1. While it's a good idea to compare byte by byte, humans
> entering PSK identifiers may run into trouble due to all the ways
> visually identical strings may not actually be identical. It might be
> worth calling this out as a consideration.
> 
> Sincerely,
> Watson Ladd
> 
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>