IETF Logo Mail Archive

Re: [TLS] Premaster/Master convention

"Gero, Charlie" <cgero@akamai.com> Wed, 30 July 2014 16:27 UTC

Return-Path: <cgero@akamai.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 92E1A1A027C for <tls@ietfa.amsl.com>; Wed, 30 Jul 2014 09:27:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eCQS1Fdsazzp for <tls@ietfa.amsl.com>; Wed, 30 Jul 2014 09:27:56 -0700 (PDT)
Received: from prod-mail-xrelay06.akamai.com (prod-mail-xrelay06.akamai.com [96.6.114.98]) by ietfa.amsl.com (Postfix) with ESMTP id 04EBA1A0273 for <tls@ietf.org>; Wed, 30 Jul 2014 09:27:55 -0700 (PDT)
Received: from prod-mail-xrelay06.akamai.com (localhost.localdomain [127.0.0.1]) by postfix.imss70 (Postfix) with ESMTP id 8D0451657AB; Wed, 30 Jul 2014 16:27:55 +0000 (GMT)
Received: from prod-mail-relay09.akamai.com (prod-mail-relay09.akamai.com [172.27.22.68]) by prod-mail-xrelay06.akamai.com (Postfix) with ESMTP id 82664165667; Wed, 30 Jul 2014 16:27:55 +0000 (GMT)
Received: from usma1ex-cashub.kendall.corp.akamai.com (usma1ex-cashub7.kendall.corp.akamai.com [172.27.105.23]) by prod-mail-relay09.akamai.com (Postfix) with ESMTP id 69ED71E045; Wed, 30 Jul 2014 16:27:55 +0000 (GMT)
Received: from USMBX1.msg.corp.akamai.com ([172.27.107.26]) by usma1ex-cashub7.kendall.corp.akamai.com ([172.27.105.23]) with mapi; Wed, 30 Jul 2014 12:27:54 -0400
From: "Gero, Charlie" <cgero@akamai.com>
To: 'Michael StJohns' <msj@nthpermutation.com>, "tls@ietf.org" <tls@ietf.org>
Date: Wed, 30 Jul 2014 12:27:54 -0400
Thread-Topic: [TLS] Premaster/Master convention
Thread-Index: Ac+sDVyy0wcwqIUbSoKWRULtWugFAAABa3Ww
Message-ID: <D40A7DE25C5AA54195F82EA553F2446033900BFC15@USMBX1.msg.corp.akamai.com>
References: <53D907B0.3000006@nthpermutation.com> <D40A7DE25C5AA54195F82EA553F2446033900BFC0A@USMBX1.msg.corp.akamai.com> <53D91332.9070103@nthpermutation.com>
In-Reply-To: <53D91332.9070103@nthpermutation.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/l_raoFvDOb527W2Rn3661Zmc3ho
Subject: Re: [TLS] Premaster/Master convention
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Jul 2014 16:27:57 -0000

I can't go into details around it at this time.  Suffice to say, we definitely do rely on the two being split.

-----Original Message-----
From: Michael StJohns [mailto:msj@nthpermutation.com] 
Sent: Wednesday, July 30, 2014 11:46 AM
To: Gero, Charlie; tls@ietf.org
Subject: Re: [TLS] Premaster/Master convention

On 7/30/2014 11:02 AM, Gero, Charlie wrote:
> We have a number of technologies at Akamai that utilize the fact that the PMS is split from the MS and that MS is produced in conjunction with the randoms.  It allows us to do splitting between machines that have keys and those that don't (machines in safe locales and those which are simply terminators).  I don't think we could use the same methods we use today without that sub step.  It would make it very difficult for Akamai to adopt 1.3.

So you send the master secret from the handshaker machine out to several other machines which then do what with it?  Couldn't you send the traffic keys instead?

I'm not sure I understand the constraints you're working under. Could you expand on that?

Thanks - Mike


>
> -----Original Message-----
> From: Michael StJohns [mailto:msj@nthpermutation.com]
> Sent: Wednesday, July 30, 2014 10:57 AM
> To: tls@ietf.org
> Subject: [TLS] Premaster/Master convention
>
> Given that TLS1.3 only does KeyAgreement, is there still any reason for the premaster -> master_secret derivation step?  We do (KA)->premaster
> and then premaster -> master and then master->(session keys).   We could
> probably do (KA)->master->(session keys) where the master secret is now the KA shared secret rather than premaster.
>
> 1) Is there any security reason for retaining the extra step given there is no longer a KeyTransport mechanism in TLS1.3?
> 2) Are there other *good* - non-security - reasons for retaining the extra step?
>
> Mike
>
>
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>
>

v2.23.0 | Report a Bug | By Email