Re: [TLS] TLS 1.3 servers and psk_key_exchange_modes == [psk_ke]?
Peter Gutmann <pgut001@cs.auckland.ac.nz> Wed, 08 March 2023 08:06 UTC
Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AE5EDC14CE22 for <tls@ietfa.amsl.com>; Wed, 8 Mar 2023 00:06:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rZ-_klD42nWM for <tls@ietfa.amsl.com>; Wed, 8 Mar 2023 00:06:19 -0800 (PST)
Received: from au-smtp-delivery-117.mimecast.com (au-smtp-delivery-117.mimecast.com [103.96.21.117]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EF383C14CF18 for <tls@ietf.org>; Wed, 8 Mar 2023 00:06:17 -0800 (PST)
Received: from AUS01-SY4-obe.outbound.protection.outlook.com (mail-sy4aus01lp2169.outbound.protection.outlook.com [104.47.71.169]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id au-mta-63-PBTn4GiFPaSiz6Z7gfuhOQ-1; Wed, 08 Mar 2023 19:06:14 +1100
X-MC-Unique: PBTn4GiFPaSiz6Z7gfuhOQ-1
Received: from SY4PR01MB6251.ausprd01.prod.outlook.com (2603:10c6:10:10b::10) by MEYPR01MB6792.ausprd01.prod.outlook.com (2603:10c6:220:116::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6178.16; Wed, 8 Mar 2023 08:06:10 +0000
Received: from SY4PR01MB6251.ausprd01.prod.outlook.com ([fe80::d897:3340:611b:bc0c]) by SY4PR01MB6251.ausprd01.prod.outlook.com ([fe80::d897:3340:611b:bc0c%6]) with mapi id 15.20.6156.029; Wed, 8 Mar 2023 08:06:10 +0000
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] TLS 1.3 servers and psk_key_exchange_modes == [psk_ke]?
Thread-Index: AQHZSxzeBLBHoqXA7E6nunRaj84TNa7ujYtVgABIBwCAAYwHdIAAIj2AgAAPb7s=
Date: Wed, 08 Mar 2023 08:06:10 +0000
Message-ID: <SY4PR01MB6251696FE2F50295C82CD107EEB49@SY4PR01MB6251.ausprd01.prod.outlook.com>
References: <Y/1ngz1ITlYds2WP@straasha.imrryr.org> <SY4PR01MB6251E03AE8A05E38FA8A3F0DEEB79@SY4PR01MB6251.ausprd01.prod.outlook.com> <ZAbL6AP8uzgb60NB@straasha.imrryr.org> <SY4PR01MB62513F1EC6DC284DCFB4E96FEEB49@SY4PR01MB6251.ausprd01.prod.outlook.com> <ZAg014P+2+4jWdsl@straasha.imrryr.org>
In-Reply-To: <ZAg014P+2+4jWdsl@straasha.imrryr.org>
Accept-Language: en-NZ, en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: SY4PR01MB6251:EE_|MEYPR01MB6792:EE_
x-ms-office365-filtering-correlation-id: 69a15d91-19cb-4502-d60a-08db1fabfa83
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0
x-microsoft-antispam-message-info: czPq+4+6luHMRbFOoJWRbPuutowtSXKVboJkBSInt+o27OihaxWkjmcwb+GWfly+hvpnodrptB4ezlSZllVUyz2lxMA18eAYQjwYvuqo4oI38VtesxEwijS0gb7GxAlVXRJjk5jJP0LtSx+rMshICOH+7zOTrPMDTwAID2MK22A9LFnyIvNlKKYstIv8fpY7koNEXHrT5Z4wGnNONso3lNcoKE96A8tssOMYbuMWkxdQNiQ0eG2JmtVwOHN3Gktiz/xUXz6Be8dgjD239few76U62HhudY9+yfLyrnIoM+CvFxlvPIvyU2i9A/FbaA/z9Y9mkuG8RcIg8kx5bWLtQO65d/DgxYFw8fNyhy8YZKDMyl6rZyXJy1c6oTb2D/iASKDq+Og7ed5luTioG4zCuDTcXA9uyOR+2BY+VK9PWOj2g/lFgzf3Ny6ZUpXA5Ddz45bgLIB3YpxqKTD4ngcxYXXRo0SnZVB2W5MkqMKDQ7K0lvnu2HMdsTckeXbgh1gQFZCrtCibSPh9+NmbJuMtO5ocjTtKO8cGpuG7N0X0HU8AM9zR/l3jdwUucW8bAryiCHnidJxMQqtvQlpq8rzjReq4xtUcoEWl5JNLpPFs0BhyVo04YRCMLF6086qm40hT+sxoStOhdeI+j/xOhlrBnbaveDG4PALUWhNfLoRiN7dETI452oXWaZ1on/6TOBCqEfM3iwFLqLnEHstwKDNeNg==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SY4PR01MB6251.ausprd01.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230025)(4636009)(136003)(39860400002)(376002)(396003)(366004)(346002)(451199018)(9686003)(55016003)(38070700005)(66899018)(41300700001)(186003)(316002)(8676002)(786003)(66556008)(64756008)(66446008)(66476007)(66946007)(76116006)(26005)(6506007)(7696005)(122000001)(86362001)(83380400001)(71200400001)(38100700002)(33656002)(6916009)(2906002)(5660300002)(52536014)(478600001)(8936002); DIR:OUT; SFP:1101
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: t+4cJvr8egg0Zu/FPjGJuA6fiBTpV+aDWDFkPWiMfhELpQOWM48AF7Mib098ntdAnBMEz+2rbkDi8PgKd2xXi9d/EuLsrLJDaDnV3uCQAcwKwirgzp3PnyYbyH1DEIg+92kDM9ZCH6uXKlOxmKiNZvDD+oZApUG2JJyN97jTFWfy6qr5G7upw4H1iUJ6EUHOaOUKnz7ORjMQDTgwI27c7E6XzcKsVZ66WakG4DqLLlzBv13U4sNkwT2IiM+cptRrRGOglKvKZx/1R6wz3XhUxtY7CzKG3taAbK+9v7rnL+l+CZ0C7MVpPDr82G4O0VmMPVKsJnSgy99gav0k0iLmvT1tZWnM/4bmTMz+xQmfgepkEG7Sk7A+dMj6apde04sSCPdIsAP6WB9GBFjQl5zsJwYRYUwJFhKCXVQ8eBZbl4feleZv06k9zMefeV3lABbs+FA35f1G97XogE2yDLh+O1qydhzRyNtMnWUgMEdBmBbGxZc4mntFPJ+qbWiCusi+KqZ4zcIDQvm9UNduRJz9AiCpHGNRRLsAX7WQ0RGp9E/X9zC1z0UFkJRGwb4Chillf9WocPAXQO3GFtsw5Ms63hBu5emSV7LrMQuLd8rlp5zsH5el8eiFQ68e/vVdl7eoIMdkQV8S727y0KlZ3o+DCMTt155td17WhSkyRjDdoZbHYnQw6P75cyB6HdLPoTClhuk4yjggH4+oZKPZzjaAyydN+jKPKZrROAxsZWKmeUdzpz1YgTHCmUAtaxOQXVJsXetylSIWvvSDWaKxk/pTbkjU/zhMwjrdxTniFddeNdgfvU1pCZG4vpKToEWZ+0MqkFgdhuPDI454XOlEFHMquXZ5UVJernIv2NOSddcxAh/Q2CsvY2ma8ENwFZUlJIMRD7jI9Tbfe7IBIvJhj81DYvZOR11s/hfhiNdcIIuT68m0SDgjuYVqpktD89rqFYa1UnjVaDu62MTJQ1wliHNl5CcF3lCI3j3c1IGbCvFNvvgVDIu7x55H1mUWPOyRlPJr0NfKIaiLXfH6p9jbMIAzupT87mS71vLgRyEfCWHfY7dhZqFRQEFsTQLDtu3fgN+rTdMR4fYXiDmA/svO3F+GF+P+vGNT+5D58d2PSEvUnluw1So5pSjANJO959906LlsFySoeoz/r7Iqnyu8xLxWQlJlgNNLVy3WSksM7zuixH/PGTdoVpXHPfH2QEmKpkVyzzfe0NMeYctv8OhXKz/Zd0pTpXIDcJdLtYIHooxFagjptB5fJyRqXMmBnySL5K/u5LLsXX46V2nD8AN2gg06cZZ+1u9gpcdtXMfKv3AR2j2wBJqkJHoe0t+D9QiE4n9MomvSyyg+xmBcPFnXanoNDtDQDWhyilsqmaUoCpeSkZ+5biV1xFIMjMIrJlTjSL5IB9yRlPaHrde0cmFYOqUH7oNrzssoaqLx9NqJmc/SR6GwFY1RzbB1fkfJO3LVRw8alDD2Y3iIT58wuQXUAxvMOoHnVnyJAlljGFxY2vQHXjc7Q4oiLQeNfJaiLbQenpLat7Aqv9txh83VNRt+OvOC2OALNjwKsc0kJd5lw280hrKHOQTbU0Fnaef0CxI9XxdLFfpmtIkrlBFkY24b+zqWLQ==
MIME-Version: 1.0
X-OriginatorOrg: cs.auckland.ac.nz
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SY4PR01MB6251.ausprd01.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 69a15d91-19cb-4502-d60a-08db1fabfa83
X-MS-Exchange-CrossTenant-originalarrivaltime: 08 Mar 2023 08:06:10.5401 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: d1b36e95-0d50-42e9-958f-b63fa906beaa
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Yzkmgegk7lfahv981YC2c3w+mYSCFdigNoM72LsxIJaslCXm46za9YoJmdvRK4glKTAkE9UERnP5/T22n5Vawhj9OusBf4EaxYYkuUw0ksk=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MEYPR01MB6792
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: cs.auckland.ac.nz
Content-Language: en-NZ
Content-Type: text/plain; charset="WINDOWS-1252"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/ojknl3-K0uUlybNUodX2jcgu_Uc>
Subject: Re: [TLS] TLS 1.3 servers and psk_key_exchange_modes == [psk_ke]?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Mar 2023 08:06:21 -0000
Viktor Dukhovni <ietf-dane@dukhovni.org> writes: >I am tacitly assuming that the implementation community might be somewhat >more pragmatic than the WG, and be willing to improve the behaviour of the >current extension, or perhaps the "silent majority" of the WG would in fact >be willing be more pragmatic on resumption, but haven't chosen to engage in >this thread, and we could ideally even reach some language in an update that >recommends more liberal settings in general, with punishment set aside only >for the faithful who believe they're sure to never stray, in case they do. It really depends on what the best way forward is for getting it working. The problem with adding even more conditions to the existing ones for the two PSK extensions (and I'll ask again, can anyone explain why a single function is split across two extensions?) is that "Errata exist" on the RFC's IETF page is really "Errata exist in the bottom of a locked filing cabinet stuck in a disused lavatory with a sign on the door saying 'Beware of the Leopard'", while having a new standards-track RFC with "Updated by RFC xxxx" added to RFC 8446 means it'll actually get noticed and used. Peter.
- [TLS] TLS 1.3 servers and psk_key_exchange_modes … Viktor Dukhovni
- Re: [TLS] TLS 1.3 servers and psk_key_exchange_mo… Peter Gutmann
- Re: [TLS] TLS 1.3 servers and psk_key_exchange_mo… Viktor Dukhovni
- Re: [TLS] TLS 1.3 servers and psk_key_exchange_mo… Nick Harper
- Re: [TLS] TLS 1.3 servers and psk_key_exchange_mo… Viktor Dukhovni
- Re: [TLS] TLS 1.3 servers and psk_key_exchange_mo… Nick Harper
- Re: [TLS] TLS 1.3 servers and psk_key_exchange_mo… Viktor Dukhovni
- Re: [TLS] TLS 1.3 servers and psk_key_exchange_mo… Nick Harper
- Re: [TLS] TLS 1.3 servers and psk_key_exchange_mo… Peter Gutmann
- Re: [TLS] TLS 1.3 servers and psk_key_exchange_mo… Viktor Dukhovni
- Re: [TLS] TLS 1.3 servers and psk_key_exchange_mo… Peter Gutmann