Re: [TLS] Adding an additional step to exporters
Felix Günther <guenther@cs.tu-darmstadt.de> Fri, 24 February 2017 05:09 UTC
Return-Path: <guenther@cs.tu-darmstadt.de>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5533E129973 for <tls@ietfa.amsl.com>; Thu, 23 Feb 2017 21:09:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OS2Vxo1JVC_2 for <tls@ietfa.amsl.com>; Thu, 23 Feb 2017 21:09:40 -0800 (PST)
Received: from lnx500.hrz.tu-darmstadt.de (lnx500.hrz.tu-darmstadt.de [130.83.156.225]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0B5C31294D1 for <tls@ietf.org>; Thu, 23 Feb 2017 21:09:39 -0800 (PST)
Received: from smtp.tu-darmstadt.de (lnx504.hrz.tu-darmstadt.de [130.83.156.233]) by lnx500.hrz.tu-darmstadt.de (8.14.4/8.14.4/HRZ/PMX) with ESMTP id v1O59a00011964 for <tls@ietf.org>; Fri, 24 Feb 2017 06:09:37 +0100 (envelope-from guenther@cs.tu-darmstadt.de)
Received: from [173.164.156.6] (helo=[10.248.43.51]) by smtp.tu-darmstadt.de with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.69) (envelope-from <guenther@cs.tu-darmstadt.de>) id 1ch88O-0004DQ-Il for tls@ietf.org; Fri, 24 Feb 2017 06:09:36 +0100
References: <CABkgnnVo0gU=jaR-qV4hypmsjVW6Vdu1RizVD0OPh0ry6vzKfQ@mail.gmail.com>
From: Felix Günther <guenther@cs.tu-darmstadt.de>
To: tls@ietf.org
Openpgp: id=2BAE4A6F7946461B700161B352AF0200D3F1700E; url=http://www.felixguenther.info/publickey.asc
Message-ID: <04431852-c05f-7db8-faf1-7aa622c01b75@cs.tu-darmstadt.de>
Date: Thu, 23 Feb 2017 21:09:34 -0800
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.7.0
MIME-Version: 1.0
In-Reply-To: <CABkgnnVo0gU=jaR-qV4hypmsjVW6Vdu1RizVD0OPh0ry6vzKfQ@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
X-PMX-TU: seen v1.2 by 5.6.1.2065439, Antispam-Engine: 2.7.2.376379, Antispam-Data: 2017.2.24.50317
X-PMX-RELAY: outgoing
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/pgTtlnwUZ3prWuOQojVQWsLQbTQ>
Subject: Re: [TLS] Adding an additional step to exporters
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Feb 2017 05:09:42 -0000
Hi Martin, just to clarify: you add an additional HKDF.Expand step, not HKDF.Extract, right? You mentioned extract in the email and PR text, but in code it's a second expand---which makes sense, as only expand allows to add context (here: label). Cheers, Felix On 23/02/2017 20:30 -0800, Martin Thomson wrote: > https://github.com/tlswg/tls13-spec/pull/882 contains the longer description. > > In short, the existence of an exporter secret threatens the forward > secrecy of any exported secret. This is a problem for QUIC and is > likely to be a more general problem. > > The proposed fix is small: separate exporters into two steps > (extract+expand) where the first step allows for separation based on > exporter type and the second on context. That allows an endpoint to > keep separate secrets for each exporter type and discard those that it > no longer needs, thus gaining forward secrecy if it likes. > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
- [TLS] Adding an additional step to exporters Martin Thomson
- Re: [TLS] Adding an additional step to exporters Sean Turner
- Re: [TLS] Adding an additional step to exporters Felix Günther
- Re: [TLS] Adding an additional step to exporters Martin Thomson
- Re: [TLS] Adding an additional step to exporters Ilari Liusvaara
- Re: [TLS] Adding an additional step to exporters Hugo Krawczyk
- Re: [TLS] Adding an additional step to exporters Ilari Liusvaara
- Re: [TLS] Adding an additional step to exporters Martin Thomson
- Re: [TLS] Adding an additional step to exporters Martin Thomson