Re: [TLS] New Version Notification for draft-jay-tls-psk-identity-extension-02.txt
Russ Housley <housley@vigilsec.com> Tue, 17 January 2017 21:46 UTC
Return-Path: <housley@vigilsec.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4A94D129495 for <tls@ietfa.amsl.com>; Tue, 17 Jan 2017 13:46:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Kgswt4Gmd5zr for <tls@ietfa.amsl.com>; Tue, 17 Jan 2017 13:46:34 -0800 (PST)
Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8350D129422 for <tls@ietf.org>; Tue, 17 Jan 2017 13:46:34 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id 4A1A0300278 for <tls@ietf.org>; Tue, 17 Jan 2017 16:36:18 -0500 (EST)
X-Virus-Scanned: amavisd-new at mail.smeinc.net
Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id rNckJ5WjKfph for <tls@ietf.org>; Tue, 17 Jan 2017 16:36:16 -0500 (EST)
Received: from [192.168.2.100] (pool-108-45-101-150.washdc.fios.verizon.net [108.45.101.150]) by mail.smeinc.net (Postfix) with ESMTPSA id 7C636300157; Tue, 17 Jan 2017 16:36:16 -0500 (EST)
Content-Type: multipart/alternative; boundary="Apple-Mail=_D756CE78-FE32-4E68-8EE0-11A1AF7144B1"
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <CAOxcgchtd_9cDjBebiOKAk2QtWa0s0ny+Y1ieu7K1rXMMoMvnQ@mail.gmail.com>
Date: Tue, 17 Jan 2017 16:46:31 -0500
Message-Id: <227A868E-7430-48BB-B65B-F15E1CCC39AB@vigilsec.com>
References: <FDFEA8C9B9B6BD4685DCC959079C81F5E1918C90@BLREML509-MBX.china.huawei.com> <5877AE7B020000AC00125968@gwia2.rz.hs-offenburg.de> <CAOxcgchjznu_mKwERfY6vzV+mFNupvWV8ebJ5_zA-x1hE1pm1g@mail.gmail.com> <587CD706020000AC00125EDA@gwia2.rz.hs-offenburg.de> <CAOxcgchtd_9cDjBebiOKAk2QtWa0s0ny+Y1ieu7K1rXMMoMvnQ@mail.gmail.com>
To: Jayaraghavendran Kuppannan <jayaraghavendran.ietf@gmail.com>
X-Mailer: Apple Mail (2.1878.6)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/u9WF-NkZDJrHfbD_wP0ONfxpzHA>
Cc: IETF TLS <tls@ietf.org>
Subject: Re: [TLS] New Version Notification for draft-jay-tls-psk-identity-extension-02.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Jan 2017 21:46:37 -0000
I think there are two very different scenarios where an identity needs to be associated with an external PSK, that is a PSK that is not produced by a previous handshake. This draft only addresses one of them, and I would rather see a way forward that considers both. This draft considers the scenario where the PSK is used to avoid the use of (EC)DHE altogether. The other scenario is where the PSK is combined with the (EC)DHE shared secret as protection against a quantum computer. In this case the identity associated with the PSK must be compatible with the identity in the certificate. We have not had any discussion about the meaning of compatible in this context. I believe the TLS WG wants to wrap up the core TLS 1.3 specification before delving into that topic. For that reason, I think that the topic of this draft must also wait until the core TLS 1.3 specification is in the hands of the IESG. Russ From: internet-drafts@ietf.org [mailto:internet-drafts@ietf.org] Sent: 17 December 2016 04:11 To: Raja ashok; Raja ashok; Jayaraghavendran Kuppannan Subject: New Version Notification for draft-jay-tls-psk-identity-extension-02.txt A new version of I-D, draft-jay-tls-psk-identity-extension-02.txt has been successfully submitted by Raja Ashok V K and posted to the IETF repository. Name: draft-jay-tls-psk-identity-extension Revision: 02 Title: TLS/DTLS PSK Identity Extension Document date: 2016-12-15 Group: Individual Submission Pages: 10 URL: https://www.ietf.org/internet-drafts/draft-jay-tls-psk-identity-extension-02.txt Status: https://datatracker.ietf.org/doc/draft-jay-tls-psk-identity-extension/ Htmlized: https://tools.ietf.org/html/draft-jay-tls-psk-identity-extension-02 Diff: https://www.ietf.org/rfcdiff?url2=draft-jay-tls-psk-identity-extension-02 Abstract: Pre-Shared Key (PSK) based Key Exchange Mechanism is primarily used in constrained environments where resource intensive Asymmetric Cryptography cannot be used. In the Internet of Things (IoT) deployments, constrained devices are commonly used for collecting data via sensors for use in home automation, smart energy etc. In this context, DTLS is being considered as the primary protocol for communication security at the application layer and in some cases, it is also being considered for network access authentication. This document provides a specification for a new extension for Optimizing DTLS and TLS Handshake when the Pre-Shared Key (PSK) based Key Exchange is used. This extension is aimed at reducing the number of messages exchanged and the RTT of the TLS & DTLS Handshakes. Hi, I am submitting my 3rd version of our draft(draft-jay-tls-psk-identity-extension) in TLS working group. Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. The IETF Secretariat
- [TLS] FW: New Version Notification for draft-jay-… Raja ashok
- Re: [TLS] FW: New Version Notification for draft-… Andreas Walz
- Re: [TLS] FW: New Version Notification for draft-… Jayaraghavendran Kuppannan
- Re: [TLS] FW: New Version Notification for draft-… Andreas Walz
- Re: [TLS] FW: New Version Notification for draft-… Jayaraghavendran Kuppannan
- Re: [TLS] New Version Notification for draft-jay-… Russ Housley