[TLS] New I-D draft-putman-tls13-preshared-dh-00.txt
Tony Putman <Tony.Putman@dyson.com> Wed, 31 January 2018 19:47 UTC
Return-Path: <prvs=562ba81ae=Tony.Putman@dyson.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5DE4E12F2AF for <tls@ietfa.amsl.com>; Wed, 31 Jan 2018 11:47:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OjtvO3fi0ceP for <tls@ietfa.amsl.com>; Wed, 31 Jan 2018 11:46:57 -0800 (PST)
Received: from esa3.dyson.c3s2.iphmx.com (esa3.dyson.c3s2.iphmx.com [68.232.139.42]) (using TLSv1.2 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 19BF412ECC5 for <tls@ietf.org>; Wed, 31 Jan 2018 11:46:56 -0800 (PST)
X-IronPort-SPF: SKIP
X-IronPort-AV: E=McAfee;i="5900,7806,8791"; a="28121600"
X-IronPort-AV: E=Sophos; i="5.46,441,1511827200"; d="scan'208,217"; a="28121600"
Received: from unknown (HELO uk-dlp-smtp-01.dyson.global.corp) ([62.189.202.16]) by esa3.dyson.c3s2.iphmx.com with ESMTP; 31 Jan 2018 20:01:37 +0000
Received: from uk-dlp-smtp-01.dyson.global.corp (uk-dlp-smtp-01.dyson.global.corp [127.0.0.1]) by uk-dlp-smtp-01.dyson.global.corp (Service) with ESMTP id EB81DFA10 for <tls@ietf.org>; Wed, 31 Jan 2018 18:19:04 +0000 (GMT)
Received: from UK-MAL-CAS-01.dyson.global.corp (unknown [10.1.108.2]) by uk-dlp-smtp-01.dyson.global.corp (Service) with ESMTP id D4A7AFA02 for <tls@ietf.org>; Wed, 31 Jan 2018 18:19:04 +0000 (GMT)
Received: from UK-MAL-MBOX-01.dyson.global.corp ([fe80::3975:cbc9:490b:523a]) by UK-MAL-CAS-01.dyson.global.corp ([fe80::ac29:a07c:fbf9:9f84%15]) with mapi id 14.03.0319.002; Wed, 31 Jan 2018 19:46:54 +0000
From: Tony Putman <Tony.Putman@dyson.com>
To: "tls@ietf.org" <tls@ietf.org>
Thread-Topic: New I-D draft-putman-tls13-preshared-dh-00.txt
Thread-Index: AdOaxypYeUAlD3H0SDSnRvCYy/jNhA==
Date: Wed, 31 Jan 2018 19:46:54 +0000
Message-ID: <140080C241BAA1419B58F093108F9EDC10B5AA3C@UK-MAL-MBOX-01.dyson.global.corp>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.1.108.27]
Content-Type: multipart/alternative; boundary="_000_140080C241BAA1419B58F093108F9EDC10B5AA3CUKMALMBOX01dyso_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/mTkmdVpTD0cb2p-0Hmrg0YDjkj0>
Subject: [TLS] New I-D draft-putman-tls13-preshared-dh-00.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 31 Jan 2018 19:47:00 -0000
Hi, I got little interest in my previous draft on using triple-DH authenticated key agreement for TLS 1.2. In case the reason was that everyone is focussed on TLS 1.3, I have now produced a new I-D which specifies how this same method would work for TLS 1.3. It is published at https://www.ietf.org/internet-drafts/draft-putman-tls13-preshared-dh-00.txt. As part of this update, I have introduced support for anonymous clients and I have shown how this would support 0-RTT. The primary purpose of this method (for me) is to support TLS on constrained devices. However, the fact that it supports 0-RTT may make it of interest to the wider TLS community. The combination of anonymous clients and 0-RTT means that if a client is able to discover a server public key (e.g. through DNSSEC) then it is immediately able to send 0-RTT data without having had a previous session (i.e. without a session resumption ticket). The draft contains a table comparing triple-DH with other authentication methods. The comparisons are: Versus PSK (excluding session resumption): Advantages: A server breach does not permit client impersonation; hardware protection for the server key is possible; the client identity is confidential. Disadvantages: Public-key computation(s) are needed. Versus Raw Keys: Advantages: Supports 0-RTT messages; only one public-key algorithm is used; the handshake message exchange is shorter. Disadvantages: The keypair needed is different to that needed for PKI (disadvantage only if the server supports both). Versus Certificate Authentication: Advantages: Supports 0-RTT messages; only one public-key algorithm is used; no certificate parsing is needed; the handshake message exchange is much shorter. Disadvantages: Out-of-band public key distribution is needed (e.g. pre-provisioning, DNSSEC). Comments welcome. Tony Dyson Technology Limited, company number 01959090, Tetbury Hill, Malmesbury, SN16 0RP, UK. This message is intended solely for the addressee and may contain confidential information. If you have received this message in error, please immediately and permanently delete it, and do not use, copy or disclose the information contained in this message or in any attachment. Dyson may monitor email traffic data and content for security & training.