RE: [TLS] I-D ACTION:draft-ietf-tls-psk-null-00.txt

"Pasi Eronen" <pasi.eronen@nokia.com> Fri, 21 July 2006 12:04 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1G3tjh-00062t-9j; Fri, 21 Jul 2006 08:04:05 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1G3tjg-00062Y-M7 for tls@ietf.org; Fri, 21 Jul 2006 08:04:04 -0400
Received: from mgw-ext14.nokia.com ([131.228.20.173]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1G3tVK-0004Vp-L5 for tls@ietf.org; Fri, 21 Jul 2006 07:49:16 -0400
Received: from esebh107.NOE.Nokia.com (esebh107.ntc.nokia.com [172.21.143.143]) by mgw-ext14.nokia.com (Switch-3.1.8/Switch-3.1.7) with ESMTP id k6LBn603012917; Fri, 21 Jul 2006 14:49:10 +0300
Received: from esebh001.NOE.Nokia.com ([172.21.138.28]) by esebh107.NOE.Nokia.com with Microsoft SMTPSVC(6.0.3790.1830); Fri, 21 Jul 2006 14:49:05 +0300
Received: from 4FIL09356 ([172.21.41.214]) by esebh001.NOE.Nokia.com with Microsoft SMTPSVC(5.0.2195.6881); Fri, 21 Jul 2006 14:49:05 +0300
From: "Pasi Eronen" <pasi.eronen@nokia.com>
To: "'ext Bodo Moeller'" <bmoeller@acm.org>, <tls@ietf.org>
Subject: RE: [TLS] I-D ACTION:draft-ietf-tls-psk-null-00.txt
Date: Fri, 21 Jul 2006 14:49:06 +0300
Message-ID: <000101c6acbb$ab8d64f0$d62915ac@NOE.Nokia.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 11
Thread-Index: AcasqeGSFIQMnPbsRCynbVOqS3RLYQAEJJyA
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2869
In-Reply-To: <20060721093938.GA21125@iota.site>
X-OriginalArrivalTime: 21 Jul 2006 11:49:05.0279 (UTC) FILETIME=[AAE760F0:01C6ACBB]
X-Spam-Score: 0.0 (/)
X-Scan-Signature: ffa9dfbbe7cc58b3fa6b8ae3e57b0aa3
Cc:
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org

Bodo Moeller wrote:

> Is there a good case for definining a DHE_PSK ciphersuite with NULL
> encryption?  RSA_PSK involves server certificates, so it does not
> solely rely on pre-shared keys for authentication.  DHE_PSK, however,
> uses ephemeral Diffie-Hellman without certificate-based
> authentication.  This is very useful when the key exchange is used to
> obtain keys for symmetric encryption.  However, in these NULL
> encryption ciphersuites, the key exchange is only used to derive
> authentication keys, so there is only a very limited need for forward
> security.  (DHE_DSK, when using NULL encryption, provides protection
> against exposure of a pre-shared key if use of said key has been
> stopped, but TLS session based on the key remain active.)

With DHE_PSK, a passive eavesdropper doesn't get the information
required for a dictionary attack against the PSK.

So it might be useful even with NULL encryption in some environments
(where active MitM is not considered a significant threat, and the PSK
is not guaranteed to be "strong enough"). I'm not sure how common
those environments would be, but then again, I didn't think that
anyone would want NULL encryption either...

Best regards,
Pasi


_______________________________________________
TLS mailing list
TLS@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls