IETF Logo Mail Archive

Re: [TLS] secdir review of draft-ietf-tls-ecdhe-psk-aead-03

Benjamin Kaduk <bkaduk@akamai.com> Fri, 19 May 2017 14:40 UTC

Return-Path: <bkaduk@akamai.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1DB3512871F; Fri, 19 May 2017 07:40:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.101
X-Spam-Level:
X-Spam-Status: No, score=-0.101 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fwjujipgLvp8; Fri, 19 May 2017 07:40:03 -0700 (PDT)
Received: from mx0b-00190b01.pphosted.com (mx0b-00190b01.pphosted.com [IPv6:2620:100:9005:57f::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 151D6128616; Fri, 19 May 2017 07:40:02 -0700 (PDT)
Received: from pps.filterd (m0050096.ppops.net [127.0.0.1]) by m0050096.ppops.net-00190b01. (8.16.0.21/8.16.0.21) with SMTP id v4JEREhR018311; Fri, 19 May 2017 15:40:00 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=subject : to : cc : references : from : message-id : date : mime-version : in-reply-to : content-type; s=jan2016.eng; bh=nqaJ2c6f6nzUTZqHFNr++LfBDzLt1Zs6zhERmLXmwnM=; b=LSAimkt9tpudwA5d5o37bA9f3mwKATS8gWHvoVQG4FTxlYFVdEQbA4pMXNrUPVzQgS6d uxxFN3xzFw4TYbThRwtJK7uSUQ5qqdenPSutm0wp7PbjRHjiqG5Z47HJiqbp2m8G0Tgv J6kdGVpnCVm+1L7nNFYRz6Qq7KNetKVIz72O8lTs9Km/AckfMtIxEsZVLUdo0s9Fm4km QzpToK1goxFW+BMwGu+og5qjmmT91YvQq1oXuWKM57g+IEhFB8P+aj/hnV6urMCkR2DC oku68gECkN1USIWddNyGrDr+Kr0h2aO/sm7mDpEf+Fmpk+Uo0CbOjFP75TxVAKckHJdx eA==
Received: from prod-mail-ppoint2 (a184-51-33-19.deploy.static.akamaitechnologies.com [184.51.33.19] (may be forged)) by m0050096.ppops.net-00190b01. with ESMTP id 2ahya7h2ju-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 19 May 2017 15:39:59 +0100
Received: from pps.filterd (prod-mail-ppoint2.akamai.com [127.0.0.1]) by prod-mail-ppoint2.akamai.com (8.16.0.17/8.16.0.17) with SMTP id v4JEPUWZ028856; Fri, 19 May 2017 10:39:59 -0400
Received: from prod-mail-relay10.akamai.com ([172.27.118.251]) by prod-mail-ppoint2.akamai.com with ESMTP id 2adwfugd74-1; Fri, 19 May 2017 10:39:58 -0400
Received: from [172.19.17.86] (bos-lpczi.kendall.corp.akamai.com [172.19.17.86]) by prod-mail-relay10.akamai.com (Postfix) with ESMTP id 37EB01FC72; Fri, 19 May 2017 14:39:58 +0000 (GMT)
To: Dave Garrett <davemgarrett@gmail.com>, tls@ietf.org
Cc: draft-ietf-tls-ecdhe-psk-aead.all@ietf.org, secdir@ietf.org, ietf@ietf.org, Benjamin Kaduk <kaduk@mit.edu>, iesg@ietf.org
References: <20170519043827.GL39245@kduck.kaduk.org> <201705190316.33316.davemgarrett@gmail.com>
From: Benjamin Kaduk <bkaduk@akamai.com>
Message-ID: <010db57b-37a9-a543-d33c-cc0dd7a75fcf@akamai.com>
Date: Fri, 19 May 2017 09:39:57 -0500
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.1.1
MIME-Version: 1.0
In-Reply-To: <201705190316.33316.davemgarrett@gmail.com>
Content-Type: multipart/alternative; boundary="------------4C99548D51EF38DA6C013C38"
Content-Language: en-US
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-05-19_09:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 suspectscore=0 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1703280000 definitions=main-1705190092
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-05-19_09:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 impostorscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1703280000 definitions=main-1705190092
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/yzYrf0gc3omQQnPNmCV_Zl8dY9I>
Subject: Re: [TLS] secdir review of draft-ietf-tls-ecdhe-psk-aead-03
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 May 2017 14:40:09 -0000

On 05/19/2017 02:16 AM, Dave Garrett wrote:
> On Friday, May 19, 2017 12:38:27 am Benjamin Kaduk wrote:
>> In section 4, "these cipher suites MUST NOT be negotiated in TLS
>> versions prior to 1.2" should probably clarify that "these" cipher
>> suites are the new ones specified by this document.
> Probably should be: "the cipher suites defined in this document
> MUST NOT be negotiated for any version of TLS other than 1.2."
>
> The sentence mentioning TLS 1.3+ could be moved up to right after
> and just say: "TLS version 1.3 and later negotiate these features in
> a different manner."
>
>

That's probably best, yes.  The interaction between this document and
TLS 1.3 is a little weird, and it's not entirely clear to me that this
one needs to say much of anything about TLS 1.3, given that TLS 1.3
changes all the relevant messages and key hierarchy and such.

-Ben

v2.23.0 | Report a Bug | By Email