Re: [TLS] WGLC for "Guidance for External PSK Usage in TLS"
Jonathan Hammell <jfhamme.cccs@gmail.com> Wed, 16 December 2020 19:14 UTC
Return-Path: <jfhamme.cccs@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9DA903A0B32 for <tls@ietfa.amsl.com>; Wed, 16 Dec 2020 11:14:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lSE9J6DC6WKo for <tls@ietfa.amsl.com>; Wed, 16 Dec 2020 11:14:19 -0800 (PST)
Received: from mail-oi1-x22a.google.com (mail-oi1-x22a.google.com [IPv6:2607:f8b0:4864:20::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E08DA3A0B2D for <tls@ietf.org>; Wed, 16 Dec 2020 11:14:18 -0800 (PST)
Received: by mail-oi1-x22a.google.com with SMTP id p126so28791683oif.7 for <tls@ietf.org>; Wed, 16 Dec 2020 11:14:18 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=9CjNrp02qxu5fZEpKjD5RVKQ/C6H5vZ/zCdxMhDgWD4=; b=bT9GV1r/r7xUC8hCsXGLTl/YG0+20B+oHr2dmtPZKqOqpeKQYdORYDPXXmLHmgqNNg vo/KfRrWPVPvrN3rMLCFZXVM0jLZD28CwMbgUaZKiAwZxAz2NamTA7Ope3xWA/OuLg+E ze6/v3syzMgmlY5QaX1pElV+2zYVTlhq4yEXJgGXFneM6Sw8HJP3tt5KOPUlGOIK3YJB qh4VzgucBOA9xmaDLZIjM1v2/kfz2ZGycLh45bSELALAbfyj4Gjkydf+46iupam3k22V b2ZAUFHb06JrEbbLKnhWckDXBf50VxRGBiHsN61tnq42liLM1auyHNz3RaFmQEJLa2bK UPeQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=9CjNrp02qxu5fZEpKjD5RVKQ/C6H5vZ/zCdxMhDgWD4=; b=MyOMV0jlkSH4VNxnsHmfDzw3B9hWJxoAiCowW3fjvBsSM7AbukXN1RbdKu2uPH1Shg YMWh2lQXfda1K4mYPWlFFfIO3QsuU1eZxtfhzV132J9bsULDyPxU4rcxXyS/IdggTd1N D72f5S9I3pP+5bSw41M3lCrsAjSVZN5an2kaFTC1ixGnZXKz594a9GoQfzVG1Jb/y/K7 zFoW515ohMFlVQenHaFXWJz6QKxP2PeDmFaCwTetGcNmxqENkGPcQ3rUZvq2Oz54OYxC +gaMO2Z/hfkAT17ZxOwWKB7/c7/sz1EFMCrtxk9QVLNA44H55WBTbXLBuDBX74ce+qxd x5VA==
X-Gm-Message-State: AOAM533m+OOOss39Zw3ou58+1Mxr28/MNIoK60Lnf+HaxYBGDCl6+vVS nZPX9Vv2Jdib+FSrlDFPMZIhmN4tekVA+D+TDPJwVTblizDUDg==
X-Google-Smtp-Source: ABdhPJx79MHJIDr/I5qv6cLIA1s2d8omZvUozwnN994c95oqY50p8AXVI67UWlO3gVHJ2/SOLlxwnLYFm8BiVfhiMis=
X-Received: by 2002:aca:dc54:: with SMTP id t81mr2762531oig.101.1608146058302; Wed, 16 Dec 2020 11:14:18 -0800 (PST)
MIME-Version: 1.0
References: <CAOgPGoADZ=0-VnpHmU4GO996DuFefyfb4ia7wAjZ7h-bZkyDzQ@mail.gmail.com>
In-Reply-To: <CAOgPGoADZ=0-VnpHmU4GO996DuFefyfb4ia7wAjZ7h-bZkyDzQ@mail.gmail.com>
From: Jonathan Hammell <jfhamme.cccs@gmail.com>
Date: Wed, 16 Dec 2020 14:14:07 -0500
Message-ID: <CALhKWghvD3yXTj5OcV9ENPwX=FdfJhUVHP3sCCgtq8bhxMYV0A@mail.gmail.com>
To: Joseph Salowey <joe@salowey.net>
Cc: "<tls@ietf.org>" <tls@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/mZLMl971C8uySaFRDCsABIzoWDM>
Subject: Re: [TLS] WGLC for "Guidance for External PSK Usage in TLS"
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Dec 2020 19:14:21 -0000
Here are my comments on the draft. 1. Section 4 covers a lot of ground and is difficult to follow. I suggest it be split into subsections (e.g. "4.1 PSKs Shared with Multiple Group Members" and "4.2 Weak Entropy PSKs") and move the attack description to an appendix. 2. In Section 4, para 2, the reference "As discussed in Section 6" refers to the use case of provisioning where multiple clients or servers share the same PSK, but Section 6 covers all use cases (and also provisioning). I suggest to create a couple more subsections for clarity and accurate referencing: "6.1 Use Cases for Pair-wise External PSKs" and "6.2 Use Cases for PSKs Shared with Multiple Entities", shifting the provisioning sections to 6.3 and 6.4. Then the Section 4 citation can refer to Section 6.2. 3. Section 7, item 4 is missing a word. s/This protects an attacker from/This protects against an attacker from/ 4. Since there is no mitigation against revealing PSK identity, it is more accurate to rename Section 5 "Privacy Concerns". 5. Section 4, para starting with "Finally, in addition to these...": s/may negatively affects deployments/may negatively affect deployments/ 6. Section 5, para 1: I don't think "oppress" is the right word to use here. Perhaps, "suppress" would be better. 7. In Section 6, the last paragraph refers to Section 7 as the final sentence. I assume this reference is for the recommendation to not share a PSK between more than one node, but it is not clear. The previous sentence says do not share PSKs "even if other accommodations are made", but this conflicts with item 2 of Section 7 which says do not share PSKs "unless other accommodations are made". 8. It is not clear why "client certificate authentication after PSK-based connection establishment", mentioned at the end of Section 6, is not a sufficient accommodation. Should it be added to Section 7, item 2? 9. Section 7.1.2, first para, s/clash/collide 10. Section 7.1.2 describes a possible concern regarding PSK identity collisions, but it does not provide a recommendation/mitigation for vendors or users. What should the reader do with this information? 11. Section 6, item 2: the term "logical nodes" is not defined. Jonathan On Thu, Dec 3, 2020 at 7:52 PM Joseph Salowey <joe@salowey.net> wrote: > > This email starts the working group last call for "Guidance for External PSK Usage in TLS", located here: > > https://tools.ietf.org/html/draft-ietf-tls-external-psk-guidance-01 > > Please review the document and send your comments to the list by December 18, 2020. > > Note the the GitHub repository for this draft can be found here: > > https://github.com/tlswg/external-psk-design-team > > Thanks, > Joe and Sean > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls
- [TLS] WGLC for "Guidance for External PSK Usage i… Joseph Salowey
- Re: [TLS] WGLC for "Guidance for External PSK Usa… Jonathan Hammell
- Re: [TLS] WGLC for "Guidance for External PSK Usa… Russ Housley
- Re: [TLS] WGLC for "Guidance for External PSK Usa… Jonathan Hammell
- Re: [TLS] WGLC for "Guidance for External PSK Usa… Russ Housley
- Re: [TLS] WGLC for "Guidance for External PSK Usa… Joseph Salowey
- Re: [TLS] WGLC for "Guidance for External PSK Usa… Ben Smyth
- Re: [TLS] WGLC for "Guidance for External PSK Usa… Russ Housley
- Re: [TLS] WGLC for "Guidance for External PSK Usa… Salz, Rich
- Re: [TLS] WGLC for "Guidance for External PSK Usa… Russ Housley
- Re: [TLS] WGLC for "Guidance for External PSK Usa… Sean Turner