Re: [TLS] I-D Action: draft-ietf-tls-external-psk-importer-01.txt
"Christopher Wood" <caw@heapingbits.net> Wed, 02 October 2019 13:54 UTC
Return-Path: <caw@heapingbits.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8A8A6120048 for <tls@ietfa.amsl.com>; Wed, 2 Oct 2019 06:54:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=heapingbits.net header.b=kUzIL43r; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=frNSxYCC
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 11TP949OobyI for <tls@ietfa.amsl.com>; Wed, 2 Oct 2019 06:54:56 -0700 (PDT)
Received: from wout2-smtp.messagingengine.com (wout2-smtp.messagingengine.com [64.147.123.25]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ACBA1120020 for <tls@ietf.org>; Wed, 2 Oct 2019 06:54:56 -0700 (PDT)
Received: from compute6.internal (compute6.nyi.internal [10.202.2.46]) by mailout.west.internal (Postfix) with ESMTP id EA6B962D for <tls@ietf.org>; Wed, 2 Oct 2019 09:54:55 -0400 (EDT)
Received: from imap4 ([10.202.2.54]) by compute6.internal (MEProxy); Wed, 02 Oct 2019 09:54:56 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=heapingbits.net; h=mime-version:message-id:in-reply-to:references:date:from:to :subject:content-type; s=fm2; bh=toYlxxsXkARbEJm2MW1N4rSbkmr2uYh 0S+vJ3sY6s20=; b=kUzIL43rJ/Osz20MT43azxsa3WkaUlByYpZuzlyOCn1qJwH gP0zrKhsGGvn1PPQAK5kTkEi5WSqhiYm1nxpuh1QHzDsrrWCVsoPOXKN7aU7IVwp CDTVpHneZ3NCQEBq24x5C5VpEkZogRozKfEWgYeCgoXSocXjyMvQ3lhUBAz8jhgS g6nt48h28zTO5+5PUEIqln9s3o3E/7i4KQ543oekIU5m4Azz3nVpRCEQzQx9YV0n IGbaM/Qwj0MDUiPgCJU9Yjg3TFSNrTOYSeVsBrdIFqZIQA7IZqFoKeGbGZRc2xNy wxXJoJZJ3guO+TcZ88lElBIUdFcdMxPgLooI4Gw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; bh=toYlxx sXkARbEJm2MW1N4rSbkmr2uYh0S+vJ3sY6s20=; b=frNSxYCC0Y5TPAfvwlflTc ZBirlmNnAzxtXoVwY8X0R/tEzbtSXUO0TCUbtXh0jHQU3HI2f9b/gUErcVac4qFB /olJGwQGYUEC3KT9aynquxXWQQiIuiWL7aJeAqfHjhC7nEAFBiTenfLHLYIrIkl1 ct8TPcWETv1SWVeeC3cW0aoSW8Wi/mSC5SFjnxmHoR9MIxjM9JYGYm1ZhtBW3Idf LxF+tk42ASrmd1uDUEk381zLolA6DQDpruU0SospBcwPNIEOjkano9yuibfEawN3 gMejDSfwlDDg0Yirz9ZdTU5/UX9A5FWlrNYsod4UjjCO3lBquImLE3CD5oHidIjA ==
X-ME-Sender: <xms:L6yUXYx-Ek5kQm3cTWUg0-lRsA9Ldtx1p7hwdqPYtEJjqJSBErFCfw>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedufedrgeeigdejtdcutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhepofgfggfkjghffffhvffutgesthdtre dtreertdenucfhrhhomhepfdevhhhrihhsthhophhhvghrucghohhougdfuceotggrfies hhgvrghpihhnghgsihhtshdrnhgvtheqnecuffhomhgrihhnpehivghtfhdrohhrghenuc frrghrrghmpehmrghilhhfrhhomheptggrfieshhgvrghpihhnghgsihhtshdrnhgvthen ucevlhhushhtvghrufhiiigvpedt
X-ME-Proxy: <xmx:L6yUXRcCqlN03V6IfaJtMyWUZHwZuTSzrzHcK0rzAhbBR1Z9NZnJYA> <xmx:L6yUXa5kxNe-LY0vDLdykBugOxvotsaQ9moSCVvJV8VwMGIbCXJ4Ag> <xmx:L6yUXRYq7dEOQaq7e-Gb6M12sKp33DIZ1UhgPqCvt9m1RbpslstKbQ> <xmx:L6yUXQbcY9nNyZLA32c-ctSxVTm3v97otLOUBpGRvICJVoD7yqPJBA>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 4AF833C00A1; Wed, 2 Oct 2019 09:54:55 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.1.7-359-g64bf1af-fmstable-20191002v2
Mime-Version: 1.0
Message-Id: <3ad6ba75-4aee-48b2-b8eb-5d43d37f7153@www.fastmail.com>
In-Reply-To: <157002388954.8989.1895500690796679305@ietfa.amsl.com>
References: <157002388954.8989.1895500690796679305@ietfa.amsl.com>
Date: Wed, 02 Oct 2019 06:54:35 -0700
From: Christopher Wood <caw@heapingbits.net>
To: "TLS@ietf.org" <tls@ietf.org>
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/smkJwUiuRhECwMI82uzknfRnwFA>
Subject: Re: [TLS] I-D Action: draft-ietf-tls-external-psk-importer-01.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Oct 2019 13:54:59 -0000
This update includes recent feedback received on the list and GitHub. There are three major changes: - Target KDFs instead of hash algorithms when importing external PSKs - Add an opaque "context" slot to the ImportedIdentity struct and describe its use for Selfie mitigations - Remove backwards compatibility ((D)TLS 1.2 and earlier) cruft (There's a silly formatting issue with the KDF table. We'll fix that in the next version.) Please have a look and provide feedback. PRs are welcome and highly encouraged. Looking ahead, there is one outstanding PR [1] that discussion. It deviates from an original goal of the importer, which was to not make any changes to TLS. There's also an issue to better document the importer security requirements and goals [2]. We are working on analyzing the importer and should be complete before Singapore, at which point we'll update the draft again. Best, Chris (no hat) On Wed, Oct 2, 2019, at 6:44 AM, internet-drafts@ietf.org wrote: > > A New Internet-Draft is available from the on-line Internet-Drafts directories. > This draft is a work item of the Transport Layer Security WG of the IETF. > > Title : Importing External PSKs for TLS > Authors : David Benjamin > Christopher A. Wood > Filename : draft-ietf-tls-external-psk-importer-01.txt > Pages : 9 > Date : 2019-10-02 > > Abstract: > This document describes an interface for importing external PSK (Pre- > Shared Key) into TLS 1.3. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-tls-external-psk-importer/ > > There are also htmlized versions available at: > https://tools.ietf.org/html/draft-ietf-tls-external-psk-importer-01 > https://datatracker.ietf.org/doc/html/draft-ietf-tls-external-psk-importer-01 > > A diff from the previous version is available at: > https://www.ietf.org/rfcdiff?url2=draft-ietf-tls-external-psk-importer-01 > > > Please note that it may take a couple of minutes from the time of submission > until the htmlized version and diff are available at tools.ietf.org. > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
- [TLS] I-D Action: draft-ietf-tls-external-psk-imp… internet-drafts
- Re: [TLS] I-D Action: draft-ietf-tls-external-psk… Christopher Wood
- Re: [TLS] I-D Action: draft-ietf-tls-external-psk… Christopher Wood