IETF Logo Mail Archive

Re: [TLS] Universal PSKs

"Salz, Rich" <rsalz@akamai.com> Fri, 15 June 2018 14:25 UTC

Return-Path: <rsalz@akamai.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D25BE130EEF for <tls@ietfa.amsl.com>; Fri, 15 Jun 2018 07:25:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.711
X-Spam-Level:
X-Spam-Status: No, score=-2.711 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hvaid1wgXvZb for <tls@ietfa.amsl.com>; Fri, 15 Jun 2018 07:25:03 -0700 (PDT)
Received: from mx0b-00190b01.pphosted.com (mx0b-00190b01.pphosted.com [IPv6:2620:100:9005:57f::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2B9CA130ED9 for <tls@ietf.org>; Fri, 15 Jun 2018 07:25:02 -0700 (PDT)
Received: from pps.filterd (m0050102.ppops.net [127.0.0.1]) by m0050102.ppops.net-00190b01. (8.16.0.22/8.16.0.22) with SMTP id w5FEM6VX026833; Fri, 15 Jun 2018 15:25:01 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=jan2016.eng; bh=MUBwwICl1N77+pgVPZ0R0RDaHzjcQ0wXFyYPnpUtL5g=; b=CNclfr/N2PcIDyVyrTSURseNVpdjF9JlVxtmu/va4/l0pIcaJ6rOC1BBosAoXQXQjtlZ yA7wz/VDo5k31FiRl1OyGeox9K3Ot44DvC9WsufLYcAo2SgJ5+0qehSHO5hBLZTFx0Kg n7QQnzk5fvS2wknS2jbF0yVQqM7RCHA64+bf6ZcYOO2kNGvTy5ecqwBl/ITWg8CBaxz1 UhIx2LliDnIqxGobA4BagW0J3peqD8mBS34KuaG4yf1g4KKsgZ2GSao6tcx9jTDiC/bD 2rO8vI3EN50ZGR94rGFgU/X2UVpfjPBA7/wsk/y3JtzCsRXLwzf112ivLVpG3Asbehlj FA==
Received: from prod-mail-ppoint3 (a96-6-114-86.deploy.static.akamaitechnologies.com [96.6.114.86] (may be forged)) by m0050102.ppops.net-00190b01. with ESMTP id 2jmc2f8fry-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 15 Jun 2018 15:25:01 +0100
Received: from pps.filterd (prod-mail-ppoint3.akamai.com [127.0.0.1]) by prod-mail-ppoint3.akamai.com (8.16.0.21/8.16.0.21) with SMTP id w5FEKlJ9026183; Fri, 15 Jun 2018 10:25:00 -0400
Received: from email.msg.corp.akamai.com ([172.27.27.25]) by prod-mail-ppoint3.akamai.com with ESMTP id 2jjp74sxes-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Fri, 15 Jun 2018 10:24:59 -0400
Received: from USTX2EX-DAG1MB1.msg.corp.akamai.com (172.27.27.101) by ustx2ex-dag1mb5.msg.corp.akamai.com (172.27.27.105) with Microsoft SMTP Server (TLS) id 15.0.1365.1; Fri, 15 Jun 2018 09:24:58 -0500
Received: from USTX2EX-DAG1MB1.msg.corp.akamai.com ([172.27.6.131]) by ustx2ex-dag1mb1.msg.corp.akamai.com ([172.27.6.131]) with mapi id 15.00.1365.000; Fri, 15 Jun 2018 09:24:59 -0500
From: "Salz, Rich" <rsalz@akamai.com>
To: Hubert Kario <hkario@redhat.com>, "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] Universal PSKs
Thread-Index: AQHUBBh4BxbQy0Pd9U2EE9VtJVDpdaRhf5aA///yQwA=
Date: Fri, 15 Jun 2018 14:24:58 +0000
Message-ID: <7BE4BC91-5324-42A6-8AB7-084439ED9527@akamai.com>
References: <CAF8qwaB3GH8WbXD=snEwjA==Jx02gtWejyNTXXO6nVW0Cp1YHA@mail.gmail.com> <2132206.KQKFhKinhY@pintsize.usersys.redhat.com>
In-Reply-To: <2132206.KQKFhKinhY@pintsize.usersys.redhat.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.e.1.180613
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [172.19.43.3]
Content-Type: text/plain; charset="utf-8"
Content-ID: <E2930EF1818766418FA9C3D84C1B0776@akamai.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2018-06-15_09:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=787 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1805220000 definitions=main-1806150154
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2018-06-15_09:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=709 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1805220000 definitions=main-1806150155
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/p8_fV1Whsvw3eT8YihZz4iS-Q6M>
Subject: Re: [TLS] Universal PSKs
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Jun 2018 14:25:05 -0000

>    that's not workable.
  
It's not great, however
  
>    the reason why implementations chose to use old API to provision TLS 1.3 PSKs 
    was to make the upgrade process as smooth as possible, disabling TLS 1.3 is 
    quite antithetical to that
  
Disabling TLS 1.3 for those using 1.2 PSK's is unlikely to affect most uses, and seems the only way forward.

Do you have an alternative solution?

v2.23.0 | Report a Bug | By Email