[TLS] Merging pre_shared_key and psk_key_exchange_modes extensions
Russ Housley <housley@vigilsec.com> Mon, 28 November 2016 16:54 UTC
Return-Path: <housley@vigilsec.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B2C83129EA5 for <tls@ietfa.amsl.com>; Mon, 28 Nov 2016 08:54:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.9
X-Spam-Level:
X-Spam-Status: No, score=-101.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, USER_IN_WHITELIST=-100] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KntxJIjqhSpf for <tls@ietfa.amsl.com>; Mon, 28 Nov 2016 08:54:03 -0800 (PST)
Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 677DC129EA2 for <tls@ietf.org>; Mon, 28 Nov 2016 08:54:03 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id C8ADC300AEF for <tls@ietf.org>; Mon, 28 Nov 2016 11:43:45 -0500 (EST)
X-Virus-Scanned: amavisd-new at mail.smeinc.net
Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id ZKbaLE4kjolc for <tls@ietf.org>; Mon, 28 Nov 2016 11:43:45 -0500 (EST)
Received: from [10.85.3.71] (wsip-98-172-24-238.dc.dc.cox.net [98.172.24.238]) by mail.smeinc.net (Postfix) with ESMTPSA id 98F08300687 for <tls@ietf.org>; Mon, 28 Nov 2016 11:43:44 -0500 (EST)
From: Russ Housley <housley@vigilsec.com>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: quoted-printable
Message-Id: <43DF7E42-E6D3-4E12-BDFE-0FEEBB738818@vigilsec.com>
Date: Mon, 28 Nov 2016 11:53:44 -0500
To: IETF TLS <tls@ietf.org>
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
X-Mailer: Apple Mail (2.1878.6)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/liCdfTjyPgZAQZ_8pu-AKYJvwhA>
Subject: [TLS] Merging pre_shared_key and psk_key_exchange_modes extensions
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Nov 2016 16:54:04 -0000
Only the client ever sends the "psk_key_exchange_modes” extension. In fact, the server MUST NOT send a "psk_key_exchange_modes" extension.
The "pre_shared_key” extension is already divided into the structures used by the client and the server. Why not add the ke_modes to the client part of the "pre_shared_key” extension?
This would have the advantage that the ke_modes would be integrity protected by the HMAC carried in the PskBinderEntry.
If I am not missing something, then the following would be one way to accomplish this change:
enum { psk_ke(0), psk_dhe_ke(1), (255) } PskKeyExchangeMode;
struct {
opaque identity<0..2^16-1>;
PskKeyExchangeMode ke_modes<1..255>;
uint32 obfuscated_ticket_age;
} PskIdentity;
opaque PskBinderEntry<32..255>;
struct {
select (Handshake.msg_type) {
case client_hello:
PskIdentity identities<6..2^16-1>;
PskBinderEntry binders<33..2^16-1>;
case server_hello:
uint16 selected_identity;
};
} PreSharedKeyExtension;
- [TLS] Merging pre_shared_key and psk_key_exchange… Russ Housley
- Re: [TLS] Merging pre_shared_key and psk_key_exch… Eric Rescorla
- Re: [TLS] Merging pre_shared_key and psk_key_exch… Russ Housley