Re: [TLS] Binding imported PSKs to KDFs rather than hash functions
"Christopher Wood" <caw@heapingbits.net> Thu, 19 September 2019 13:41 UTC
Return-Path: <caw@heapingbits.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id 9D052120058
for <tls@ietfa.amsl.com>; Thu, 19 Sep 2019 06:41:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001]
autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key)
header.d=heapingbits.net header.b=b+IzOH2j;
dkim=pass (2048-bit key)
header.d=messagingengine.com header.b=aGXMd/H7
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id Oaa8GAt0kDA8 for <tls@ietfa.amsl.com>;
Thu, 19 Sep 2019 06:41:34 -0700 (PDT)
Received: from out5-smtp.messagingengine.com (out5-smtp.messagingengine.com
[66.111.4.29])
(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id 14D87120074
for <tls@ietf.org>; Thu, 19 Sep 2019 06:41:34 -0700 (PDT)
Received: from compute6.internal (compute6.nyi.internal [10.202.2.46])
by mailout.nyi.internal (Postfix) with ESMTP id 5E69D21391
for <tls@ietf.org>; Thu, 19 Sep 2019 09:41:33 -0400 (EDT)
Received: from imap4 ([10.202.2.54])
by compute6.internal (MEProxy); Thu, 19 Sep 2019 09:41:33 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=heapingbits.net;
h=mime-version:message-id:in-reply-to:references:date:from:to
:subject:content-type; s=fm2; bh=sqIbQj2Ifv6VTZjPCnGI4I/IZt8++j8
ObsIka0C2hSo=; b=b+IzOH2jJ0Td75jDUTEsqfu1ZGpvm/MZcMWsl6pzavLfhNJ
Cqb7PlsD3cLE+Jxf1NRrdxS2ik7UyhQUv7bNA8fP6+HeTB44E1FaBk0loOi/gF10
CVYUTsdPKofzdNsCQxmI4CtLxdW7BCgu+zcyIFSWlvHpNIyXdeUVUjLBAwV2DtTg
wB7htkvBanjQoCehStnPiHaXmafqoB+KgEE1zDRxfNCiJRq3sGaYqMcS4vA+VUOG
BK8FsuGmt/Tknd8Ctadi5UjzFEtOjRC6R5m9Bub3dnWyM9rc+F4PY/OoMIwo92rM
uKAVok2xGe0QDZp3Dk2ewQ4u4Hk/Dm6eP0ZYI0g==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
messagingengine.com; h=content-type:date:from:in-reply-to
:message-id:mime-version:references:subject:to:x-me-proxy
:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; bh=sqIbQj
2Ifv6VTZjPCnGI4I/IZt8++j8ObsIka0C2hSo=; b=aGXMd/H7oxWTeLSFLXLNby
OBUT/Qx3vqqApYdbIXL2S7HspHwNv5gvouIopdmTyGgYJ1DN9CzMu0SK7b8/wGqr
ltGsK0c9tWQB91ThArIDfZyP7XXNATx0yCURO2sNXhtoYNhl7nmJy4BfXpXYLHd6
rP7ZdS7yaUqkL8QfPiHGXSesiqrERT3gmfGKP7zlJUecAai7bsLE3i5jbu6u0ae6
r8sE+Ns973q7ifzpNXVWFFMYkffyTj5GCx8BXlVQEV/fRmQ+vPErqmNZl4uvvxam
TVTGdLRGJlfH7zUxtb/NvVgJsfExf5D3fq4wyhTBEhkIShT9oQrFXhGl0WwCgGQg
==
X-ME-Sender: <xms:jIWDXT1UasISKb7DCwAt7yburftFyoBRY6qQkI_fpwcEhknfK0nzSQ>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedufedrvddtgdeikecutefuodetggdotefrodftvf
curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu
uegrihhlohhuthemuceftddtnecunecujfgurhepofgfggfkjghffffhvffutgesthdtre
dtreertdenucfhrhhomhepfdevhhhrihhsthhophhhvghrucghohhougdfuceotggrfies
hhgvrghpihhnghgsihhtshdrnhgvtheqnecuffhomhgrihhnpehgihhthhhusgdrtghomh
enucfrrghrrghmpehmrghilhhfrhhomheptggrfieshhgvrghpihhnghgsihhtshdrnhgv
thenucevlhhushhtvghrufhiiigvpedt
X-ME-Proxy: <xmx:jYWDXWWhVX6n5tiCT2E1ajUxTKz2IpVjmH6MYq4FCvwhLlybOh8aZg>
<xmx:jYWDXe5iPdpIhtLnEEbtPg9dmJwGtHrfWVJCVr2gzSMZK1CqM3h2uQ>
<xmx:jYWDXdL8a7lh4nCYfFmXt2w8L035naCHdNLhc3kIYrrMaYI5ZiKFzA>
<xmx:jYWDXW8oXHosDPiX3baK96Tx81QJ_IDllcnLCYSu1J6atYDiQIeFZA>
Received: by mailuser.nyi.internal (Postfix, from userid 501)
id DAAAF3C00A2; Thu, 19 Sep 2019 09:41:32 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.1.7-238-g170a812-fmstable-20190913v1
Mime-Version: 1.0
Message-Id: <180387df-ef1b-4d81-8ecf-6f80bedc8439@www.fastmail.com>
In-Reply-To: <c3aac25a-bd7e-4ab6-9f5a-cb0a4548fdcb@www.fastmail.com>
References: <e484c148-d64b-4538-9145-85e0363b0cc9@www.fastmail.com>
<1f5dda7a-576c-4309-b465-7fa93c2d7662@www.fastmail.com>
<f0aa22d1-0461-47d6-b0c3-c26c664c0d50@www.fastmail.com>
<96018dee-e0a5-45c4-877b-447aa277494a@www.fastmail.com>
<93833d8a-76c5-4c0c-b5c7-ac39bcc1cb71@www.fastmail.com>
<c3aac25a-bd7e-4ab6-9f5a-cb0a4548fdcb@www.fastmail.com>
Date: Thu, 19 Sep 2019 06:41:12 -0700
From: "Christopher Wood" <caw@heapingbits.net>
To: "TLS@ietf.org" <tls@ietf.org>
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/mb9tAheUjQq6BCSrpP4w7aWuw8g>
Subject: Re: [TLS] Binding imported PSKs to KDFs rather than hash functions
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working
group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>,
<mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>,
<mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Sep 2019 13:41:36 -0000
On Wed, Sep 18, 2019, at 4:31 PM, Martin Thomson wrote: > On Thu, Sep 19, 2019, at 01:41, Christopher Wood wrote: > > Ah, so, I think this is where the miscommunication is happening! The > > target KDFs I've been envisioning are not protocol specific. > > As HKDF and the TLS 1.2 PRF are not the same function, wouldn't it be > better to have separate identifiers? Sure, we could rely on the > `protocol` field to diversify the output, but I think that we should be > applying the same principle throughout, namely that the one key is only > used with the one KDF instantiation. Agreed on the principle, especially if future versions of TLS define new KDFs and we want to avoid using the same imported key across both. I'll make that change after #18 (https://github.com/tlswg/draft-ietf-tls-external-psk-importer/pull/18) lands, at which point we should be able to close issues #15 and #16. Best, Chris
- [TLS] Binding imported PSKs to KDFs rather than h… Christopher Wood
- Re: [TLS] Binding imported PSKs to KDFs rather th… Martin Thomson
- Re: [TLS] Binding imported PSKs to KDFs rather th… Martin Thomson
- Re: [TLS] Binding imported PSKs to KDFs rather th… Christopher Wood
- Re: [TLS] Binding imported PSKs to KDFs rather th… Martin Thomson
- Re: [TLS] Binding imported PSKs to KDFs rather th… Christopher Wood
- Re: [TLS] Binding imported PSKs to KDFs rather th… Martin Thomson
- Re: [TLS] Binding imported PSKs to KDFs rather th… Christopher Wood
- Re: [TLS] Binding imported PSKs to KDFs rather th… Christopher Wood