Re: [TLS] tls-external-psk-guidance // Draft for a suggestion of string encoding for manually typing a PSK is available
Björn Haase <bjoern.m.haase@web.de> Mon, 09 March 2020 22:13 UTC
Return-Path: <bjoern.m.haase@web.de>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D9C603A085F for <tls@ietfa.amsl.com>; Mon, 9 Mar 2020 15:13:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=web.de
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id V-WYQZ1m46ee for <tls@ietfa.amsl.com>; Mon, 9 Mar 2020 15:13:22 -0700 (PDT)
Received: from mout.web.de (mout.web.de [212.227.15.3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D97713A0828 for <tls@ietf.org>; Mon, 9 Mar 2020 15:13:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=web.de; s=dbaedf251592; t=1583791999; bh=jJVa4xbBdg8a4T+7t1k51NAhlpDQSvNC2riXdEfOW98=; h=X-UI-Sender-Class:Subject:To:References:From:Date:In-Reply-To; b=LWChAkxdsjbRXL2ltObpPB0RGpYJMvTjJ9aPhinNGIJ7mBvo/mAfmycXb7nEyX/qs 8txfL6ByAjXNM0BVe3vCfq3uVG7qE5MDW0Uep0bobNsMtL1XPIpMonUf5MaNqbAX1W xsO+FI9asTQ8mOggXA3EGRIyB1cYfU0yQBDJitXk=
X-UI-Sender-Class: c548c8c5-30a9-4db5-a2e7-cb6cb037b8f9
Received: from [192.168.2.161] ([178.2.114.95]) by smtp.web.de (mrweb004 [213.165.67.108]) with ESMTPSA (Nemesis) id 0MM1eu-1jGtkp03P2-007lTU for <tls@ietf.org>; Mon, 09 Mar 2020 23:13:19 +0100
To: tls@ietf.org
References: <1df3aa66-f3c9-41e4-8bd1-e304566ffe71@www.fastmail.com>
From: Björn Haase <bjoern.m.haase@web.de>
Message-ID: <c89be13a-9881-091f-f2e5-de85ee146cdd@web.de>
Date: Mon, 09 Mar 2020 23:13:14 +0100
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.5.0
MIME-Version: 1.0
In-Reply-To: <1df3aa66-f3c9-41e4-8bd1-e304566ffe71@www.fastmail.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: quoted-printable
X-Provags-ID: V03:K1:vk6ipUA1nMJNH7hffEEbcL+sqppKFx5AcFc3E5YqfU59t0NzCev +sdamgZKAJJGxaMrx/OHRcw/A8hbdg3hssrVvN/sFxlJy23WwEVeNLkQlWE6ali8+FUJk8M aBLDagZmLOr+DSg6DaU9y4H+lJMTljNBT0uOGO1rTEXgIgE6pWFa2MWAH+XB35RXP8Y2ytu 8G9uAoe9pdrCfD2rdE7Lw==
X-UI-Out-Filterresults: notjunk:1;V03:K0:QHfoGNguqsE=:xD7Q//AI5rotGkzAbKVvmM c3fzSxhBvtq9ID13RK/JwCETh6GfPijT6p7T4GBUq2h/s9JoRO9Bj+MgpnUh/HX5tfcmsUjGH FcPT9Q7TmF1diDQa3kqHwyhbAaWuGtPjsdyCLHF7R1GrnAP/hpTUP/3vHEmoTEdWItnCPTMx1 XNpV9h6FwWP6t0ZRQtn4GByAEuQ5INk6HOFuubQ+AbRbH5MCMzwQ1paRH561hVWltqRC8ok2s tBCJLEyaezsUOUPs6ocNjuLgXJVfqTrgARFLCDnsH8Q84EJG8Qplpj2QXnMJ32lbUgjfguhP6 b+sq2CtfQQ11n01ZRuDnmSFWYGWH7sH2X1ATCKunwvWFHRsQvIVYwoK1L4aGaYV+qqhLktz8m PEOqHC4jlzAbG/A8F/3HMrWwUh4wl8fyWHPz43GTPLhVf8bqumQvP8I1pDldoLUggMzGKL7rG ZRFswIlEg8lL0wOrKg8oTRlr0Bt133omUG2ZpR9TR9yMABIy42oKVYXzzGTVciDw7gsrUg3bf f8IJBmfzRQUcATitYv15yW4y6Yqp0+Lpz2U4jJciDeyB7diXrUrgWV2ny5ONeDLqG5CAUHy+D Yq+ofy7QYE1KcliLB7Qt3ozoN9v3rV+Npac9WqjkBFFmXy8rRGR+t1DphAMIRusWbTvKcErqz 5Cyi6IkpV1grRMnMEM8JVqzrcN5XLxwzOPsAA7ogRayMM1Z2n8AA9RqlNkoCpTxxRwiz7mdga 1SOtbvvcHS1QglLwQAjoT/s1OO61syu76ErioDpn3O768VFw1xmSSyc7fRXTaYgtx7+DrurGj C1Y2gHlbViuryRUkMJhE2CBCopkGD7f7Idq5xZ+3js/I1NF09vIcbohcT2A2vc1prQJoAFh+v 5ImbuPDrA1F9+dZwJJW///NnSvSWdXj9IYHeXRpVYCkZWDfg/Tw+F54IOPBpyxzdmJk2421mN 3MHuNEc3AcZUuuef2QGxRqez10GxTi1I5/wy/YY19QfiMUVMjZLUfkIWiy9e/LwX+dORPPcKf Y1iZ5b2Es14Lts+eP+ngbG1mmgyTpLjn0Le9jCc/YPvlgS42+MUShKjZZrclKgWhNt6B6VIkx pbUbTbiftt6HMmq28zwi37FyVmN+Wufh+jiu5hck7D+4ZwuMmmXiDwHpgktQx6cTJE9JJcKKk Vade5wkN6vFFKANO2EA/asMxDwErCsWEfRsWQv26PN+3hUr3wPbuN2LONrS4VWT8+1u4Kiazx r8b0lAda9Bmhi6oBi
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/r1T8RxdsjeLpKJbvv5uPfZg1zd8>
Subject: Re: [TLS] tls-external-psk-guidance // Draft for a suggestion of string encoding for manually typing a PSK is available
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Mar 2020 22:13:30 -0000
Hello to all, in the process of the discussions of the external PSK guidance document, it was considered to suggest an encoding for PSK for applications that need to enter the key by manual typing. Presently such applications might be tempted to allow for strings such as "banana" as PSK which is considered to be a bad idea. I have prepared a very rough suggestion, on how an encoding could be defined that would require assistance from a tool and might enforce some minimum level of entropy. Moreover such an encoding might be more user friendly, since a certain level of typing errors could be distinguished from authentication failures. A first suggestion as basis for a discussion is now online at https://datatracker.ietf.org/doc/draft-haase-psk-encoding/ Yours, Björn. Am 09.03.2020 um 20:17 schrieb Christopher Wood: > This document is the first checkpoint for the External PSK design team started a few weeks back. Feedback in the form of comments, edits, or PRs [1] is welcome! > > Thanks, > Chris (no hat) > > [1] https://github.com/tlswg/external-psk-design-team > > ----- Original message ----- > From: internet-drafts@ietf.org > To: "Christopher A. Wood" <caw@heapingbits.net>, Mohit Sethi <mohit@piuha.net>, Jonathan Hoyland <jonathan.hoyland@gmail.com>, Christopher Wood <caw@heapingbits.net>, Russ Housley <housley@vigilsec.com> > Subject: New Version Notification for draft-dt-tls-external-psk-guidance-00.txt > Date: Monday, March 09, 2020 12:10 PM > > A new version of I-D, draft-dt-tls-external-psk-guidance-00.txt > has been successfully submitted by Christopher A. Wood and posted to the > IETF repository. > > Name: draft-dt-tls-external-psk-guidance > Revision: 00 > Title: Guidance for External PSK Usage in TLS > Document date: 2020-03-09 > Group: Individual Submission > Pages: 11 > URL: https://www.ietf.org/internet-drafts/draft-dt-tls-external-psk-guidance-00.txt > Status: https://datatracker.ietf.org/doc/draft-dt-tls-external-psk-guidance/ > Htmlized: https://tools.ietf.org/html/draft-dt-tls-external-psk-guidance-00 > Htmlized: https://datatracker.ietf.org/doc/html/draft-dt-tls-external-psk-guidance > > > Abstract: > This document provides usage guidance for external Pre-Shared Keys > (PSKs) in TLS. It lists TLS security properties provided by PSKs > under certain assumptions and demonstrates how violations of these > assumptions lead to attacks. This document also discusses PSK use > cases, provisioning processes, and TLS stack implementation support > in the context of these assumptions. It provides advice for > applications in various use cases to help meet these assumptions. > > > > > Please note that it may take a couple of minutes from the time of submission > until the htmlized version and diff are available at tools.ietf.org. > > The IETF Secretariat > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls
- [TLS] Fwd: New Version Notification for draft-dt-… Christopher Wood
- Re: [TLS] tls-external-psk-guidance // Draft for … Björn Haase