Re: [TLS] Binding imported PSKs to KDFs rather than hash functions

"Christopher Wood" <caw@heapingbits.net> Thu, 19 September 2019 13:41 UTC

Return-Path: <caw@heapingbits.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9D052120058 for <tls@ietfa.amsl.com>; Thu, 19 Sep 2019 06:41:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=heapingbits.net header.b=b+IzOH2j; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=aGXMd/H7
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Oaa8GAt0kDA8 for <tls@ietfa.amsl.com>; Thu, 19 Sep 2019 06:41:34 -0700 (PDT)
Received: from out5-smtp.messagingengine.com (out5-smtp.messagingengine.com [66.111.4.29]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 14D87120074 for <tls@ietf.org>; Thu, 19 Sep 2019 06:41:34 -0700 (PDT)
Received: from compute6.internal (compute6.nyi.internal [10.202.2.46]) by mailout.nyi.internal (Postfix) with ESMTP id 5E69D21391 for <tls@ietf.org>; Thu, 19 Sep 2019 09:41:33 -0400 (EDT)
Received: from imap4 ([10.202.2.54]) by compute6.internal (MEProxy); Thu, 19 Sep 2019 09:41:33 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=heapingbits.net; h=mime-version:message-id:in-reply-to:references:date:from:to :subject:content-type; s=fm2; bh=sqIbQj2Ifv6VTZjPCnGI4I/IZt8++j8 ObsIka0C2hSo=; b=b+IzOH2jJ0Td75jDUTEsqfu1ZGpvm/MZcMWsl6pzavLfhNJ Cqb7PlsD3cLE+Jxf1NRrdxS2ik7UyhQUv7bNA8fP6+HeTB44E1FaBk0loOi/gF10 CVYUTsdPKofzdNsCQxmI4CtLxdW7BCgu+zcyIFSWlvHpNIyXdeUVUjLBAwV2DtTg wB7htkvBanjQoCehStnPiHaXmafqoB+KgEE1zDRxfNCiJRq3sGaYqMcS4vA+VUOG BK8FsuGmt/Tknd8Ctadi5UjzFEtOjRC6R5m9Bub3dnWyM9rc+F4PY/OoMIwo92rM uKAVok2xGe0QDZp3Dk2ewQ4u4Hk/Dm6eP0ZYI0g==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; bh=sqIbQj 2Ifv6VTZjPCnGI4I/IZt8++j8ObsIka0C2hSo=; b=aGXMd/H7oxWTeLSFLXLNby OBUT/Qx3vqqApYdbIXL2S7HspHwNv5gvouIopdmTyGgYJ1DN9CzMu0SK7b8/wGqr ltGsK0c9tWQB91ThArIDfZyP7XXNATx0yCURO2sNXhtoYNhl7nmJy4BfXpXYLHd6 rP7ZdS7yaUqkL8QfPiHGXSesiqrERT3gmfGKP7zlJUecAai7bsLE3i5jbu6u0ae6 r8sE+Ns973q7ifzpNXVWFFMYkffyTj5GCx8BXlVQEV/fRmQ+vPErqmNZl4uvvxam TVTGdLRGJlfH7zUxtb/NvVgJsfExf5D3fq4wyhTBEhkIShT9oQrFXhGl0WwCgGQg ==
X-ME-Sender: <xms:jIWDXT1UasISKb7DCwAt7yburftFyoBRY6qQkI_fpwcEhknfK0nzSQ>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedufedrvddtgdeikecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhepofgfggfkjghffffhvffutgesthdtre dtreertdenucfhrhhomhepfdevhhhrihhsthhophhhvghrucghohhougdfuceotggrfies hhgvrghpihhnghgsihhtshdrnhgvtheqnecuffhomhgrihhnpehgihhthhhusgdrtghomh enucfrrghrrghmpehmrghilhhfrhhomheptggrfieshhgvrghpihhnghgsihhtshdrnhgv thenucevlhhushhtvghrufhiiigvpedt
X-ME-Proxy: <xmx:jYWDXWWhVX6n5tiCT2E1ajUxTKz2IpVjmH6MYq4FCvwhLlybOh8aZg> <xmx:jYWDXe5iPdpIhtLnEEbtPg9dmJwGtHrfWVJCVr2gzSMZK1CqM3h2uQ> <xmx:jYWDXdL8a7lh4nCYfFmXt2w8L035naCHdNLhc3kIYrrMaYI5ZiKFzA> <xmx:jYWDXW8oXHosDPiX3baK96Tx81QJ_IDllcnLCYSu1J6atYDiQIeFZA>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id DAAAF3C00A2; Thu, 19 Sep 2019 09:41:32 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.1.7-238-g170a812-fmstable-20190913v1
Mime-Version: 1.0
Message-Id: <180387df-ef1b-4d81-8ecf-6f80bedc8439@www.fastmail.com>
In-Reply-To: <c3aac25a-bd7e-4ab6-9f5a-cb0a4548fdcb@www.fastmail.com>
References: <e484c148-d64b-4538-9145-85e0363b0cc9@www.fastmail.com> <1f5dda7a-576c-4309-b465-7fa93c2d7662@www.fastmail.com> <f0aa22d1-0461-47d6-b0c3-c26c664c0d50@www.fastmail.com> <96018dee-e0a5-45c4-877b-447aa277494a@www.fastmail.com> <93833d8a-76c5-4c0c-b5c7-ac39bcc1cb71@www.fastmail.com> <c3aac25a-bd7e-4ab6-9f5a-cb0a4548fdcb@www.fastmail.com>
Date: Thu, 19 Sep 2019 06:41:12 -0700
From: "Christopher Wood" <caw@heapingbits.net>
To: "TLS@ietf.org" <tls@ietf.org>
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/mb9tAheUjQq6BCSrpP4w7aWuw8g>
Subject: Re: [TLS] Binding imported PSKs to KDFs rather than hash functions
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Sep 2019 13:41:36 -0000

On Wed, Sep 18, 2019, at 4:31 PM, Martin Thomson wrote:
> On Thu, Sep 19, 2019, at 01:41, Christopher Wood wrote:
> > Ah, so, I think this is where the miscommunication is happening! The 
> > target KDFs I've been envisioning are not protocol specific. 
> 
> As HKDF and the TLS 1.2 PRF are not the same function, wouldn't it be 
> better to have separate identifiers?  Sure, we could rely on the 
> `protocol` field to diversify the output, but I think that we should be 
> applying the same principle throughout, namely that the one key is only 
> used with the one KDF instantiation.

Agreed on the principle, especially if future versions of TLS define new KDFs and we want to avoid using the same imported key across both.

I'll make that change after #18 (https://github.com/tlswg/draft-ietf-tls-external-psk-importer/pull/18) lands, at which point we should be able to close issues #15 and #16. 

Best,
Chris