IETF Logo Mail Archive

[TLS] draft-wood-tls-external-psk-importer-00

Subodh Iyengar <subodh@fb.com> Mon, 05 November 2018 17:56 UTC

Return-Path: <prvs=484742df05=subodh@fb.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5ED00130E0C for <tls@ietfa.amsl.com>; Mon, 5 Nov 2018 09:56:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.172
X-Spam-Level:
X-Spam-Status: No, score=-1.172 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.47, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, KHOP_DYNAMIC=1.999, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=fb.com header.b=lWcewdht; dkim=pass (1024-bit key) header.d=fb.onmicrosoft.com header.b=CDPFvezs
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hTKJuvYFz3J4 for <tls@ietfa.amsl.com>; Mon, 5 Nov 2018 09:56:22 -0800 (PST)
Received: from mx0a-00082601.pphosted.com (mx0b-00082601.pphosted.com [67.231.153.30]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 18D72130E00 for <tls@ietf.org>; Mon, 5 Nov 2018 09:56:21 -0800 (PST)
Received: from pps.filterd (m0001255.ppops.net [127.0.0.1]) by mx0b-00082601.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id wA5HqFWb013630 for <tls@ietf.org>; Mon, 5 Nov 2018 09:56:21 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fb.com; h=from : to : subject : date : message-id : content-type : mime-version; s=facebook; bh=J8SOuaUzbCTrxjggiiXdg44m7vY8vYfH04tTKLzi5BU=; b=lWcewdhteZOe8/HNognluFiQxDSLy/GoFbiKw0oQ3lqD/cZUdGuinoAaKuuoEK8CTGA/ LYntEPyBUAQ5Np/SYUN/WVSKAEzpZ+U0IA5SZ9MJSUga8B/lwuK8ny1PB50T+jfGXbEO 0KWWmwM+gi9ebWOCnW978VsA67k+qvXS7sk=
Received: from maileast.thefacebook.com ([199.201.65.23]) by mx0b-00082601.pphosted.com with ESMTP id 2njstb8a86-4 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT) for <tls@ietf.org>; Mon, 05 Nov 2018 09:56:21 -0800
Received: from frc-hub06.TheFacebook.com (2620:10d:c021:18::176) by frc-hub06.TheFacebook.com (2620:10d:c021:18::176) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.1.1531.3; Mon, 5 Nov 2018 09:55:56 -0800
Received: from FRC-CHUB05.TheFacebook.com (2620:10d:c021:18::24) by frc-hub06.TheFacebook.com (2620:10d:c021:18::176) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA) id 15.1.1531.3 via Frontend Transport; Mon, 5 Nov 2018 09:55:56 -0800
Received: from NAM03-DM3-obe.outbound.protection.outlook.com (192.168.183.28) by o365-in.thefacebook.com (192.168.177.25) with Microsoft SMTP Server (TLS) id 14.3.361.1; Mon, 5 Nov 2018 12:55:56 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fb.onmicrosoft.com; s=selector1-fb-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=J8SOuaUzbCTrxjggiiXdg44m7vY8vYfH04tTKLzi5BU=; b=CDPFvezsPyPHtn9HjG1vhE3DbkL5yhOIxbB5dstwbd3DYT/1aLnFE8DwUhnWmXlLGVdAhYFO0xc8GT6DNyayNjwvDqZ6Zyti0gRtl2pI2s7dux65D1RZg362sXucyIhb/RSQ4PEDwSMAF2VD7xkX79xYTV/5XAd3ABqAgXCXu1M=
Received: from MWHPR15MB1821.namprd15.prod.outlook.com (10.174.255.137) by MWHPR15MB1423.namprd15.prod.outlook.com (10.173.234.137) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1294.26; Mon, 5 Nov 2018 17:55:55 +0000
Received: from MWHPR15MB1821.namprd15.prod.outlook.com ([fe80::20a0:f378:6f76:1948]) by MWHPR15MB1821.namprd15.prod.outlook.com ([fe80::20a0:f378:6f76:1948%7]) with mapi id 15.20.1294.032; Mon, 5 Nov 2018 17:55:54 +0000
From: Subodh Iyengar <subodh@fb.com>
To: "tls@ietf.org" <tls@ietf.org>
Thread-Topic: draft-wood-tls-external-psk-importer-00
Thread-Index: AQHUdS9S9W+Q5eSekkSCXUrUFvN58g==
Date: Mon, 05 Nov 2018 17:55:54 +0000
Message-ID: <MWHPR15MB182113D79086E2E42B7E19E0B6CA0@MWHPR15MB1821.namprd15.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [2620:10d:c090:180::1:9c7f]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; MWHPR15MB1423; 20:UBJLhp4FvOBF7ZZDiKRPriwq5vvdsHcKVizdYIFdLG7k3naRWEaKRKRMBy5fnCstGG2+ugMDxPHiN8ATWLSdxEbWPrBkTXWJ5fq9PA5bSH+Rgh3mD6Ky8E8MKD+WMJa+65JXZKSGLJ2RAJq3MpxukBx6BusjGgvVzicXSsczBMk=
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: a874e2bf-b1e0-4f08-4e75-08d64347eef0
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600074)(711020)(2017052603328)(7153060)(7193020); SRVR:MWHPR15MB1423;
x-ms-traffictypediagnostic: MWHPR15MB1423:
x-microsoft-antispam-prvs: <MWHPR15MB1423F6B2C942DADCECAB4C77B6CA0@MWHPR15MB1423.namprd15.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(158342451672863);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(5005006)(8121501046)(93006095)(93001095)(10201501046)(3002001)(3231382)(11241501184)(944501410)(52105095)(148016)(149066)(150057)(6041310)(20161123558120)(20161123562045)(20161123560045)(20161123564045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(201708071742011)(7699051)(76991095); SRVR:MWHPR15MB1423; BCL:0; PCL:0; RULEID:; SRVR:MWHPR15MB1423;
x-forefront-prvs: 08476BC6EF
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39860400002)(346002)(376002)(396003)(136003)(366004)(189003)(199004)(68736007)(102836004)(105586002)(106356001)(14454004)(2351001)(6506007)(7696005)(5660300001)(97736004)(1730700003)(81166006)(2900100001)(81156014)(8936002)(2501003)(86362001)(99286004)(8676002)(33656002)(19627405001)(186003)(53936002)(6606003)(5640700003)(476003)(6116002)(6436002)(6916009)(486006)(9686003)(54896002)(7736002)(74316002)(71190400001)(71200400001)(55016002)(46003)(25786009)(2906002)(316002)(478600001)(14444005)(256004); DIR:OUT; SFP:1102; SCL:1; SRVR:MWHPR15MB1423; H:MWHPR15MB1821.namprd15.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: fb.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: ZosNSoqFGMVqc4TE/dnDJZ5DefPwM+GHCV/m2et6KiRPRwoGzTOc7XWVxjAUbxqQ861icA3/RmST1gZovW1M5VVKD1kduHoqU7XejuUtGuAD0su7DSaMaGZn+J6ATo4VjFLGqd1sDXsMxw8ZGPmvpjDGXjODeLwYmER6EXJYpN+gfZ6xHTvevnWQy6sFoQ7SFc+ap/woZJ1+NEJsKNNImlXdnsfiTuhZC41uOfKx+/KXO+8QThHsDyAln1zXt1/PlZMJN/Pb8UvbwQaQ6tgG5/+jJPLND+mZ6kCQZPlYNeFwl2yJpFiNCD4l4M+8w/igmJzd3wJN1oE1S9/0QGsiz2g6fVNgpn5RjPpvTzxI7aw=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_MWHPR15MB182113D79086E2E42B7E19E0B6CA0MWHPR15MB1821namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: a874e2bf-b1e0-4f08-4e75-08d64347eef0
X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Nov 2018 17:55:54.8347 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 8ae927fe-1255-47a7-a2af-5f3a069daaa2
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR15MB1423
X-OriginatorOrg: fb.com
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2018-11-05_10:, , signatures=0
X-Proofpoint-Spam-Reason: safe
X-FB-Internal: Safe
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/kHFbIp2sfNsE6GhO96R6yJ-FeOs>
Subject: [TLS] draft-wood-tls-external-psk-importer-00
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Nov 2018 17:56:23 -0000

I brought up an alternate construction in BKK for draft-wood-tls-external-psk-importer-00 which might have some potentially better properties. I didn't get time to explain then, so here it is:

One issue I think with the current construction in the draft with external psk is that if the client uses the external psk with a different hash function due to configuration error, then it turns into a fatal connection error because TLS endpoints are required to tear down the connections on binder mismatch. The client does not recover until it stops using the external psk.

An alternate approach to solve this could be to have a construction like:

[hash of (psk identity + ImportedIdentity)] [psk identity]

A server that uses the psk would perform the following steps during the resumption


  1.  Negotiate the cipher suite to use
  2.  If an external psk is used, strip off the first hash length of the psk identity where the hash length depends on the cipher suite.
  3.  Compute the hash of pskidentity + imported identity and compare it against (2)
  4.  If it doesn't match, don't use the PSK and fallback to full handshake.

I think this a subtle change, because if you treat this case as if you were not willing to use the PSK, then you can ignore the binder. This might be operationally easier to deploy and reason about than a hard failure.

Subodh

v2.23.0 | Report a Bug | By Email