IETF Logo Mail Archive

Re: [TLS] WGLC for draft-ietf-tls-external-psk-importer

Eric Rescorla <ekr@rtfm.com> Fri, 21 February 2020 16:35 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 26A5312088E for <tls@ietfa.amsl.com>; Fri, 21 Feb 2020 08:35:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GYeeZCeZ9hzR for <tls@ietfa.amsl.com>; Fri, 21 Feb 2020 08:35:03 -0800 (PST)
Received: from mail-lj1-x22f.google.com (mail-lj1-x22f.google.com [IPv6:2a00:1450:4864:20::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 55888120888 for <tls@ietf.org>; Fri, 21 Feb 2020 08:35:03 -0800 (PST)
Received: by mail-lj1-x22f.google.com with SMTP id w1so2818136ljh.5 for <tls@ietf.org>; Fri, 21 Feb 2020 08:35:03 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=CWPhyKxybUbndxu2aDRYZHJknEi5VaAwo+4DU5igHx0=; b=aMv/oG2AB9qrcZBf1YqFtgNoIAqQI/BTezX9Olv4TKX8N8mZvrQ7pOVOaBQp9jHbWJ 2cSg0MFXGjxMS5QJTC/y0MHnFjt0pzDCqyezY2Bz8SjA3E3fz94gYqrWIVD78s2eNasR vnhUND0wKuu5YjBFYOWi2GZmbEc+CaZosZSaRgB5PfAlk1u0SSUC0iT+TsqZF2LH8ttd Q/4hRA+CoI7YiuJPLLx3LYxXi6z1bAkgJ4l0B8udXoHB2X4ULJBdIO+32FC/HCsXToAH MJcuFUw7kvHmNOMocaeV4LIuWeuF1d8ujqFAs6+qF9RNh1QHWrns0SGhuOgTcJHZElq5 FnMw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=CWPhyKxybUbndxu2aDRYZHJknEi5VaAwo+4DU5igHx0=; b=R87vfutEoaoIYKYkEoeH5Uugi51kUskmPpxCcyjG8Lhp9sqgLjoynVT6Zm+1hUw2Yu ocB9mlFwfwwAgYVYlBdE/JrUt/KbkicG7SxBHCY8d5KC+61aCzAfUcUMwpEpQRhf5E2+ 3xfHqMDMK2+EMuOkZQqB4SgUbO8coMq+ApYPvFBCnKHQtzLOMFNxBv0D/XXEjTAr0ndF 739t7DSHDdg8yq/HYrV1X31yL5U3oy4JeDaayR6CHHgLV9/A5TlrTaz5CIeIJL1wmdzB QfS0TyHSHt4h/XXRAz3ioVglpK+7u965zB59TeadVkZqWyyVsnndFD8EhKbC2LHPDeem Yufw==
X-Gm-Message-State: APjAAAUe2FpZoZTrhQ4vWcONHV/kiGK8zcIPG0DAl6gyiV+cybwhOd+4 hRea88YJ6nu89mIM5PRVGGBaXxAiJkuUKS2Isclj+Q==
X-Google-Smtp-Source: APXvYqztbS+uOXyzCl+gDuogyIcmwLBunhTM+d4MFkSEiHixRa4FUDNIbyPEchC9qW2qifTnkf7/Tunnqb+8aK+z4p0=
X-Received: by 2002:a2e:90f:: with SMTP id 15mr21466698ljj.120.1582302901512; Fri, 21 Feb 2020 08:35:01 -0800 (PST)
MIME-Version: 1.0
References: <CAOgPGoBnSsDDaWWRHjkdjVRWw_DtxFYSQS7G-NyeSUfTzmYbAw@mail.gmail.com> <CAChr6SyA05VTB1n5Dcc2WNP6rrpsvDGXuPQxDxM9-=3JiYYPLQ@mail.gmail.com>
In-Reply-To: <CAChr6SyA05VTB1n5Dcc2WNP6rrpsvDGXuPQxDxM9-=3JiYYPLQ@mail.gmail.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Fri, 21 Feb 2020 08:34:23 -0800
Message-ID: <CABcZeBOPaGZ1ZKWpXkhC05v3HcbSLNuXYD_Lzw0S6iaBQY0a9A@mail.gmail.com>
To: Rob Sayre <sayrer@gmail.com>
Cc: Joseph Salowey <joe@salowey.net>, "<tls@ietf.org>" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000005f4fed059f189a0d"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/lswP6nGPACeelvCYSYlmmC-Z81w>
Subject: Re: [TLS] WGLC for draft-ietf-tls-external-psk-importer
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Feb 2020 16:35:06 -0000

On Thu, Feb 20, 2020 at 7:08 PM Rob Sayre <sayrer@gmail.com> wrote:

> Hi,
>
> I'm not sure how violations of these requirements would result in
> poor interoperability:
>
>    Clients which import external keys TLS MUST NOT use these keys for
>    any other purpose.  Moreover, each external PSK MUST be associated
>    with at most one hash function.
>
> These seem like aspirational security goals. It would be better to
> describe the consequences of violating these conditions.
>

I don't agree. They are requirements in order to be able to make the
assertions we want to make about the security of the protocol.

This is consistent with the following text of RFC 2119 S 6
".. or to limit behavior which has potential for causing harm (e.g.,
limiting retransmisssions) "

I don't think it would be unreasonable.to explain the reason for these,
though this is already a requirement of 8446 S 4.2.11 (though without
justification).

-Ekr


> thanks,
> Rob
>
>
>
> On Thu, Feb 20, 2020 at 4:45 PM Joseph Salowey <joe@salowey.net> wrote:
>
>> Hi Folks,
>>
>> This is the working group last call for the "Importing External PSKs"
>> draft available at
>> https://datatracker.ietf.org/doc/draft-ietf-tls-external-psk-importer/.
>> Please review the document and send your comments to the list by 2359 UTC
>> on 6 March 2020.
>>
>> Note the the GH repo for this draft can be found at:
>> https://github.com/tlswg/draft-ietf-tls-external-psk-importer
>>
>> Thanks,
>>
>> Sean and Joe
>> _______________________________________________
>> TLS mailing list
>> TLS@ietf.org
>> https://www.ietf.org/mailman/listinfo/tls
>>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>

v2.23.0 | Report a Bug | By Email