IETF Logo Mail Archive

Re: [TLS] I-D Action: draft-ietf-tls-semistatic-dh-01.txt

John Mattsson <john.mattsson@ericsson.com> Sat, 24 February 2024 10:50 UTC

Return-Path: <john.mattsson@ericsson.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 48EDEC14F5F1 for <tls@ietfa.amsl.com>; Sat, 24 Feb 2024 02:50:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.109
X-Spam-Level:
X-Spam-Status: No, score=-2.109 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Nr_Trpak9_6t for <tls@ietfa.amsl.com>; Sat, 24 Feb 2024 02:50:37 -0800 (PST)
Received: from EUR04-HE1-obe.outbound.protection.outlook.com (mail-he1eur04on2059.outbound.protection.outlook.com [40.107.7.59]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8D044C14F5EC for <tls@ietf.org>; Sat, 24 Feb 2024 02:50:37 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=UOxil+4VnY0W4GMsoaoDM3wQE7quaXQz2rb7NdvZi8BeuWLD0ZL0+nBfBLqUESPsh4hOjBJAahNm8vqGWoGO63fxSiMj3RjmpB3Mmmzo+BBxFlmK8mFz7vXzKCpisC8f0F8YFw3zKDmgIQv+glzxs71bnLTfI3VDZGgPKdJu1NdH6lWZV/6xiCsHYhcyDeYwRf7uJeCHpv0SORv2/dt38+3prf9YU9ZIOnBgR9SKLchGRLbfdj2Y1tAXUQFE2vafk97wn+5S2nba6dVUYS2lPSMLAgU5cHMuPwr7iM/dMjW/VDLyFM5ydgFTTEy2rPgmdzziSF24ReyKZd89KWw1Kg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Ov5PvSHLZt/X9HmB2FUWRN5Y9g8w8T+PBnu1VtAwJiw=; b=A9MZp2ANmqtKCzHxwaLissO6ZKdDmX0iMAu89crgRzB1sDN1UoKCjB/SxAI8IS9FooPNvTJRtDGDsaPIOKC6lm9ncekgWwsriVrTh8mJY5hV2PENjH+RMiavqLzfT5rtLMxPAgYRevHb4H8GHzIPy0VcVwL/Wwhg1u1iEXmSQOqh2fijxu0qHts/WJXJMC8Va9pZGBnKtU0CZQmkSdYRqB327Wgf+QKzIW0eToM0CKBvzurjnDTWZ4NWtSwG90MvTylYqzl2QxdMc16Pw9hoU3t5Nc2dTrDy00x04W0YnRVwUCSRfIwRry+5H5DbztsYLjNO8wPIe21qVY7LJFs/8w==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Ov5PvSHLZt/X9HmB2FUWRN5Y9g8w8T+PBnu1VtAwJiw=; b=sMpDIdJ8DWKTM96ESSV68tkdwbqxfHKyBPJHj7Ope7I8dXd5qzbLd2C+8kYpTgi4igiwCFILaQY3vSMp3XiliyYQSLLhOJYZOxILmfGdvhdcD0LmxgGR1xJuJx66fHn0lPpa3Apz6mMiVCzRANic9mnkWB9L8tHNmSek6CNG4WKaVJD/vMLeqqWlWLNr9PKpTvMCW/Ws8/3Fx2TfJtbQKkOCQPTlrmXEd3s5Zf+cGucZzCqQCTiznbpWitYvtb3zIl1VA/5URRhj0D8hJCLp1JcZ49rWeT18qRPuuYXFgu5QRiMo8stbJ4U4wk7eMQZUKiIa1DabUamrsE2SZ6039A==
Received: from GVXPR07MB9678.eurprd07.prod.outlook.com (2603:10a6:150:114::10) by AS2PR07MB9373.eurprd07.prod.outlook.com (2603:10a6:20b:60b::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7316.24; Sat, 24 Feb 2024 10:50:33 +0000
Received: from GVXPR07MB9678.eurprd07.prod.outlook.com ([fe80::5052:f515:10db:3c95]) by GVXPR07MB9678.eurprd07.prod.outlook.com ([fe80::5052:f515:10db:3c95%3]) with mapi id 15.20.7316.031; Sat, 24 Feb 2024 10:50:32 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] I-D Action: draft-ietf-tls-semistatic-dh-01.txt
Thread-Index: AQHV9NqK4qKOnQJvukWPtz+KA5fTDqg9zooAiORe/Wk=
Date: Sat, 24 Feb 2024 10:50:32 +0000
Message-ID: <GVXPR07MB96785E1A9C9AED825FEDEF9189542@GVXPR07MB9678.eurprd07.prod.outlook.com>
References: <158362472726.18234.5264810685870724141@ietfa.amsl.com> <FCDB9455-47AC-4E9E-ABE1-4D8BBA22F782@heapingbits.net>
In-Reply-To: <FCDB9455-47AC-4E9E-ABE1-4D8BBA22F782@heapingbits.net>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: GVXPR07MB9678:EE_|AS2PR07MB9373:EE_
x-ms-office365-filtering-correlation-id: 78be0a27-d5fd-401c-67f5-08dc35266c54
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: LO9XwX4iycslz6UMF/aQIUhZyRkDgQNyOzXmuMUfcb6c0nngJpNDd+Z7wtopY+mO1wVwsksQIAxvmQG64vahUb4RiPJwql6J/TS3qnIjQIrWXDzohs8DqyrU2HgT3BLIdiH4LOBF4isVTKqVxvKxgZDaXg1MdkNdZXFhH9ZljWgzJmggGdBf5WtiIRSQ7AwS8DBSd6HVHd1/VyTNaRvwRJ2i/lwmHr997iYPiswadiVkFTi7dt0+n6DLNZ3cJFtWi7Hcq8Pvsts046kDg7LuMi1QXS0lMw/e1upPbt0BmvvJOlAUDRJ/NGwCWHsoQEhhl4/samSmfgz7Ix5JXHACGgifRxZ7cQJ34iObfuLWFn7hHFZSdMYCjcVey0GiE6qlEb+/fbr3x9Cg68ewDVoKygDDBjE9hDCNiXZx5EYR3hPCPTN4RPsvEVTrZxtP+INttSwsmDOXdRdMdxVYTxtglQ59m43CbbJE3sKYX3fho0ZMTILtPaAfz5EEw61vn9x6Cr+fPKpmKRwHcwgLLE1/moWqssa9uSDuxcHGQPSiL+ZdGLXIEGT6vYNUibrvaeLcFIbvBKOBzZhIy9qIfxe3I7EoywSIsadrpK0eNpzb2q6gKgZyooLu6xj5FVvdcEx3eaf2QGtivHKlC/2B12NfzA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:GVXPR07MB9678.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(38070700009); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: YmP55vr2kFHZSrxwuP/mLHvV7nInstV51ClFt63w0tgEljkyAaj+yBaURMwjbiuAO1NFrHqCc88V/vrokpI0G/xDD2Lc+tRbOSfkG5CwZaSRlL7uAoK+WWyNiFdt/kLUHx6QuAvuuxtmnYHduBSJT4KCCBWdlfyWoRIxTtNHcPP9Bb6skLRgBz4gNTONPoX/YuqSJsPCPsRto2XDeRnk8ZzcheUUC5njw9vTAIQTG17Nr2qTq5lwSHGRsv2/YUaNeSPbvb9hBRuX73/94XtrrCI4j6/tcH6XjulLeo5YQZjQ6IE6HrlzaWW+JpMlC+caEPnA4ak9ePmy5TQcLku39eSXZYHsdFzHfLvyMvJ5MnEhLnoZb6QmEqE9oyW0FBGm0vEkyKn22ArGJvs1vfhN/3BRs0O/cCFUePKiiwnwxLRkwziJqvgP52PlmMreCy/lubh8ZxOW4fuE8zP2y31ElcfIDzWwMmMLBhwXuzYdwGEOW85KSFPLoLk1YqssKrnhFNKiuGjDzLel7Fm6u9ajh56BcXMPe7oNbG1KQz4R/gmH50dmfgI7AA+ZJK85DdH5R33MVsHroJeVooWN4RrOiouloSjoG0y9k/TzEofQwambrBnnmZ/qlPY9wlu/CBVxGjY7HjlZSxLEmh7MFI1dgZWcxvof09wPI5mn5qYSRxxmc/9r/PxA+uycP7EeijatzEDvCMkI4Y6Xk9j421xx82nvEj271I3na0ZfxW7wyP7cEHk5TLB7RtQMqJqn52p+NmnT+X/8/h/JaMaun+6MdDG3nWwrvnftnyMmBqmwr3Pvuz+XsoNEEYgiP2qf8SyjIlSUQFUh+zuN3NKeJpmmCJ0U7Pcr2hjyJYStUrNyk6xNrws9LVArqaG8hxl0eNYQ5+/e+HBV/HVvFaMPBmBs1mLgUMqOvbzsysDq5iW4GnXAXLYeYM907/P9wWwODfmzXx5AEnC3hYOuzgqgL67GoOZ//XWpchEdSVa0yhfzWfAse8Po0ajEecUhNBQSjfznSxXdBuEq/x54modNRKhqQXI7LdEaPF1XEsHMdLVSnxGmMrKICzW6K1TQsxMjMe7Jn5DSRO3mp+VgXqyD61a8g9BC7Kvtj5mlbMwijiQPfQIkcvqw+qPy+Q2+2w+c1Wp3ENVL95uvGXyCIheHTJdHMsWpg1tqxp7WzMZQUx4RSYJQMC7Ae60814PTZLZTHdRNHG/8uJf3QTYiLqZbmqvNFKBr6ABjmwfDgeyQ7t8Ob+0GCTQ+U97d6lMBTt+caucPBHoScZfWYvUFyTZ1KZYEPYED7j+wGWSVWZoy4PqxmG1nsD7JvIGFfrWvXz3mx18KB4NX08HQMcAAOR7lUdzqoj3l4++oMy/Q7tdQBRoCK8BzVr6X052hU/GAis1134cPzPt03PKEDKGBR1AkS0O7fnTiGLRQFW/2q4CjEE/3A4mTFvPJfvzDwwJ4u4aBFChv5h7bsn9LfgsCUTTnJ6aWdZEfMxK2aSCi+dKrh14r7EhC1z3sVu/YE4xHxqMCrW9JuArxa1dvC+h+ZIzZN9SFHBOOB3rfBFg+1W1we7nU3kzzumsQNd/AeQLpbGHneMO3psUjOAHoClJf4UM3+t1c/1B9AMThwZzi2kP1kGJBXXU=
Content-Type: multipart/alternative; boundary="_000_GVXPR07MB96785E1A9C9AED825FEDEF9189542GVXPR07MB9678eurp_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: GVXPR07MB9678.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 78be0a27-d5fd-401c-67f5-08dc35266c54
X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Feb 2024 10:50:32.1899 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: KLzLIw01PPH6t0/vKinFiHpDyvVEh4+pVwnJKuPgFPoqR2dAx4tGDQ5QOkUw5r26n2/jDdT9RASENymRNevDkTBX2L0cm6oqwyKLOIIb3v8=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS2PR07MB9373
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/ncjmc-1Y1hohDpd-hEYUWianOpM>
Subject: Re: [TLS] I-D Action: draft-ietf-tls-semistatic-dh-01.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 24 Feb 2024 10:50:42 -0000

Hi,

The use of the semi-static in this document seems strange to me. The term "semi-static" is just describing the lifetime of the key, which could be measured in time or in the number of times the key is used.

Krawczyk defines a semi-static key as a short term cachable key
"These choices mainly refer to the properties of g s , such as specifying the method for authenticating this key and whether it is static, semi-static or non-static key (roughly correspond to a long-term g s as in the case of DH certificate, a short term cacheable key, or a one-time key as discussed in the optimization section above and in more detail in Section 4.4)."
https://eprint.iacr.org/2015/978.pdf

Madded describes semi-static as the same thing as semi-ephemeral
"Signal adopts a middle ground and has Bob publish a “semi-static” (or “semi-ephemeral” depending on your point of view) signed prekey along with a bundle of normal prekeys."
https://neilmadden.blog/2021/04/08/from-kems-to-protocols/

Semi-static in draft-ietf-tls-semistatic-dh seems to describe how the key is used. Also the keys in draft-ietf-tls-semistatic-dh seems to be as static as the RSA/ECDSA keys used for authentication in TLS. I think the terminology should be changed.

The term "semi-ephemeral" used by Madden would be a better term for the key shares in TLS 1.3 if TLS continues to allow reuse of key shares.

Cheers,
John Preuß Mattsson

From: TLS <tls-bounces@ietf.org> on behalf of Christopher Wood <caw@heapingbits.net>
Date: Sunday, 8 March 2020 at 00:57
To: tls@ietf.org <tls@ietf.org>
Cc: i-d-announce@ietf.org <i-d-announce@ietf.org>
Subject: Re: [TLS] I-D Action: draft-ietf-tls-semistatic-dh-01.txt
Among editorial changes, this update removes key schedule injection. The
resulting design still requires formal analysis, though we don’t
expect much more to change at this point. Please have a look and provide
feedback.

Thanks!
Chris (no hat)

On 7 Mar 2020, at 15:45, internet-drafts@ietf.org wrote:

> A New Internet-Draft is available from the on-line Internet-Drafts
> directories.
> This draft is a work item of the Transport Layer Security WG of the
> IETF.
>
>         Title           : Semi-Static Diffie-Hellman Key Establishment
> for TLS 1.3
>         Authors         : Eric Rescorla
>                           Nick Sullivan
>                           Christopher A. Wood
>        Filename        : draft-ietf-tls-semistatic-dh-01.txt
>        Pages           : 7
>        Date            : 2020-03-07
>
> Abstract:
>    TLS 1.3 [RFC8446] specifies a signed Diffie-Hellman exchange
> modelled
>    after SIGMA [SIGMA].  This design is suitable for endpoints whose
>    certified credential is a signing key, which is the common
> situation
>    for current TLS servers.  This document describes a mode of TLS 1.3
>    in which one or both endpoints have a certified DH key which is
> used
>    to authenticate the exchange.
>
> Note to Readers
>
>    Source for this draft and an issue tracker can be found at
>    https://protect2.fireeye.com/v1/url?k=a6a7efb5-fa2dcd5f-a6a7af2e-0cc47ad93e32-303b324aa958a9d1&q=1&e=d0bed61a-0ab1-4148-8d7b-c1a8b402b327&u=https%3A%2F%2Fgithub.com%2Fekr%2Fdraft-rescorla-tls13-semistatic-dh
>    (https://protect2.fireeye.com/v1/url?k=b5703be7-e9fa190d-b5707b7c-0cc47ad93e32-757125fb0f4def0a&q=1&e=d0bed61a-0ab1-4148-8d7b-c1a8b402b327&u=https%3A%2F%2Fgithub.com%2Fekr%2Fdraft-rescorla-tls13-semistatic-dh).
>
>
> The IETF datatracker status page for this draft is:
> https://datatracker.ietf.org/doc/draft-ietf-tls-semistatic-dh/
>
> There are also htmlized versions available at:
> https://tools.ietf.org/html/draft-ietf-tls-semistatic-dh-01
> https://datatracker.ietf.org/doc/html/draft-ietf-tls-semistatic-dh-01
>
> A diff from the previous version is available at:
> https://www.ietf.org/rfcdiff?url2=draft-ietf-tls-semistatic-dh-01
>
>
> Please note that it may take a couple of minutes from the time of
> submission
> until the htmlized version and diff are available at tools.ietf.org.
>
> Internet-Drafts are also available by anonymous FTP at:
> ftp://ftp.ietf.org/internet-drafts/
>
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls

_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

v2.23.0 | Report a Bug | By Email