[TLS] Subject: Re: I-D Action: draft-ietf-tls-rfc8447bis-02.txt - Space & Aviation & Shipping & GSM https://datatracker.ietf.org/doc/draft-mattsson-tls-psk-ke-dont-dont-dont/
Duke Abbaddon <duke.abbaddon@gmail.com> Sat, 28 January 2023 20:27 UTC
Return-Path: <duke.abbaddon@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E56CFC14CF01 for <tls@ietfa.amsl.com>; Sat, 28 Jan 2023 12:27:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.274
X-Spam-Level:
X-Spam-Status: No, score=-5.274 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, GB_FAKE_RF_SHORT=1.822, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cLXOuK6fdjda for <tls@ietfa.amsl.com>; Sat, 28 Jan 2023 12:27:00 -0800 (PST)
Received: from mail-qt1-x843.google.com (mail-qt1-x843.google.com [IPv6:2607:f8b0:4864:20::843]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A7FCAC14F749 for <tls@ietf.org>; Sat, 28 Jan 2023 12:27:00 -0800 (PST)
Received: by mail-qt1-x843.google.com with SMTP id h24so6959656qta.12 for <tls@ietf.org>; Sat, 28 Jan 2023 12:27:00 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=tTaDJ212WwqmZR4LgDpgKw3L3F/12ZEwgMctOW4tc4o=; b=MQ5+I0fMWiC6WOp93GFKr6t8f1LN5ZJxFks4Vet0F+ktVbjB+DzyMgwH9TvX8hktpm juB6HqVAORl/kyUnKnCxP6HKa5VcIetSE2PmTAyp3ngcgowEouC9TFHnnFm7GtLH6oVG s2+FBFolOgeYhyhqkEzRsU7mt+qP1E8iA8Dtv7Cy2/tiFRJ5HIlWxnwyfBNH5y6ott3N NrqSPRG6lAiEAU1l9jQuy7fzrz3xpqwcze7S90oqFcMU5TKKJv90tezjl9t73NnrwmT5 tiZWDkRCZ0zaJJBsX4f8x5fCjSao8VP7rgQRT9Eb9r/IjTX5LcWZyPrcnvOCasHgA6rO 8lvg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=tTaDJ212WwqmZR4LgDpgKw3L3F/12ZEwgMctOW4tc4o=; b=N/lbgvMrIU5PCU309mvks/F/xoooPRpc+B+8vBKUoGxs20UzfV4SuQamLGn8VBU99w gkbWe+wLw9YXwMPFFr1fiSO7HcG1UQX7UwTth2fYEp6ivRvLpNvG3F3DuEo0mPEAdmgV MBCowwxn6l17SqHCaQAPpXwU8CKiTujjaJyJ+YfC3CPDEOtX56tCpIFJAiUoHDs/5/VU S0VHF0WsZhJ/XyKcprnjGgZWvXoeqmZUmh4T2wqupJfQ3ZjUpV7VpE5okVyvMtVc7IhW 7YkdkNslUuA6CTsnWZPjr1OAWkniRYwYav86LSCOCVbefT1esarXjf984gCOdgZ/EEba jlbQ==
X-Gm-Message-State: AFqh2ko6kI5gmuGXAnEHHYBRcOaSogz5AuO/94k9eyf/oLMM2/jYN+ML LhoYwOm9l8Ip3n3mVN/Nrs+NWOLheMWW3ZQZAxv+HDUfRuLzuQ==
X-Google-Smtp-Source: AMrXdXt+o+/F7dKo7JN6NyBA8YlntGeMIoIlJiU92d4YLQ26uaH0q9+dnvIwuG2sHgTwkeEZXBjaCHiOJhlQX77WXj0=
X-Received: by 2002:ac8:73cf:0:b0:3a7:f4ca:c2d1 with SMTP id v15-20020ac873cf000000b003a7f4cac2d1mr2388766qtp.368.1674937619052; Sat, 28 Jan 2023 12:26:59 -0800 (PST)
MIME-Version: 1.0
From: Duke Abbaddon <duke.abbaddon@gmail.com>
Date: Sat, 28 Jan 2023 20:26:48 +0000
Message-ID: <CAHpNFcMy-Bigg2=3c25nMG4p52ONTYUxhrMrNAkO1q35XDphkQ@mail.gmail.com>
To: tls@ietf.org
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/wzslPDuQ39Dmzn_A0Su4x0aiogE>
Subject: [TLS] Subject: Re: I-D Action: draft-ietf-tls-rfc8447bis-02.txt - Space & Aviation & Shipping & GSM https://datatracker.ietf.org/doc/draft-mattsson-tls-psk-ke-dont-dont-dont/
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 28 Jan 2023 20:27:05 -0000
Subject: Re: [TLS] I-D Action: draft-ietf-tls-rfc8447bis-02.txt - Space & Aviation & Shipping & GSM https://datatracker.ietf.org/doc/draft-mattsson-tls-psk-ke-dont-dont-dont/ I would like to point out that : PSK_PSK could use Elliptic PSK for PSK1(encapsulation : EEC, AES, GCM) & PSK as a certificate replacement (the PSK would have to be a HASH:RSA, AES For example) There are two fundamental uses for PSK; Voyager is an example (NASA); Where a long voyage in space does not allow a long range high latency connection to verify certificate chain & Certificate verification is not recommended (7Years)! Shipping Radio and GSM & Global positioning : Open PSK from space The use of Registered Certificates for these jobs helps; When making a Sub-Certificate verify depends on reliable certificate verification & distance counts in Aviation (can work though but must not verify with an offsite server for secrecy) Static (Self updated by firmware) Certificates work for the ECDHE_CERT pairing or the PSK_DHE/ECDHE (certificate) pairing, However verification on first initiation is Local (c)Rupert S ***** Reference : Subject: [TLS] Security of using same cert for TLS client and server Message-ID:1, Commenting on {PSK : SHA3 'various'} : RS PSK AnonyCRT (c)RS PSK & AnonySecureCERT & TPM Client CRT & Anonymous Identity Email/Site Cert Identity (Replace PSK with one of them) PSK is usable for initial Key exchange if the PSK ID is loaded from the certificate provider, The cloud Provider or the Source Server; If the initial PSK is for example 8 Characters sent compressed & encoded with an Open EEC Certificate that the Browser or application uses.... One may be thinking; what the hell? Well the idea is to provide a list of PSK's with a time function &or a message count (so the next PSK can be loaded.. The reasoning is, We can use the PSK from the Client/Server side to guarantee & Secure sent data, So essentially if a PSK is regarded as an elliptic curve initiator code; We can use any EEC we like from a PSK, We can for example use a certificate-less TLS by initiating 2 PSK per round (segment of time), We can check NTP Sync with Time Protocol on send & receive of PSK/CERT/EEC 1 PSK is EEC Curve 2 PSK is CERT HASH (EEC, RSA, AES, PolySHA, GEA) This provides a time limited window to decode & anonymity. PSK AnonySecureCERT TPM Client CRT Anonymous Identity Email/Site Cert The idea being the Server can verify the correct receiver of TDP / UDP / DNS / NTP & other internet protocols such as Ethernet routing Initiate an identity of Hash Classifiers : SHA2, SHA3 & use the best with the same bit rate listed as supported? Blake is linux approved in the /dev/rnd RNG Rupert S Reference : Subject: [TLS] Security of using same cert for TLS client and server Message-ID:1 "Message: 1 Date: Fri, 27 Jan 2023 18:01:04 +0000 From: John Mattsson <john.mattsson@ericsson.com> To: "TLS@ietf.org" <tls@ietf.org> Subject: [TLS] Security of using same cert for TLS client and server Message-ID: <HE1PR0701MB3050757CF419D92331DE371189CC9@HE1PR0701MB3050.eurprd07.prod.outlook.com> Content-Type: text/plain; charset="windows-1252" Hi, TLS WG went through a lot of work (RFC 9258) to make sure that PSKs only be used with a single hash function. But as far as I can see the RFC8446(bis) does not say anything about: * Using the same cert for TLS client and TLS server * Using the same public key cert for TLS and another protocol (JOSE, COSE, SMIME, IKE, etc, ?.) * Using the external PSK for TLS and another protocol. I think it should. - Using the same signature key or PSK for TLS and another protocol is obviously unsecure in the worst case. But probably practically secure in many cases even if nobody has proved it. - Did any of the formal analysis prove that using the same key for TLS client and server is secure? It is quite common that the same node is a TLS server and client. Cheers, John" ***** For easy testing and advantage, the following setups & software are provided PQS & TLS Reference material, In reference to this document tls-parameters, This is my potential parameters list for the group to work on # https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml Rupert S https://science.n-helix.com/2022/03/ice-ssrtp.html Code Speed https://science.n-helix.com/2022/08/simd.html https://science.n-helix.com/2022/09/ovccans.html Chaos https://science.n-helix.com/2022/02/interrupt-entropy.html https://science.n-helix.com/2022/02/rdseed.html https://science.n-helix.com/2020/06/cryptoseed.html When it comes to pure security, We are grateful https://is.gd/SecurityHSM https://is.gd/WebPKI TLS Optimised https://drive.google.com/file/d/10XL19eGjxdCGj0tK8MULKlgWhHa9_5v9/view?usp=share_link Ethernet Security https://drive.google.com/file/d/18LNDcRSbqN7ubEzaO0pCsWaJHX68xCxf/view?usp=share_link These are the addresses directly of some good ones; DNS & NTP & PTP 2600:c05:3010:50:47::1 2607:fca8:b000:1::3 2607:fca8:b000:1::4 2a06:98c1:54::c12b 142.202.190.19 172.64.36.1 172.64.36.2 38.17.55.196 38.17.55.111
- [TLS] Subject: Re: I-D Action: draft-ietf-tls-rfc… Duke Abbaddon