Re: [TLS] Genart last call review of draft-ietf-tls-ecdhe-psk-aead-03

Daniel Migault <> Thu, 18 May 2017 17:50 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 6AA82129B53; Thu, 18 May 2017 10:50:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 32qQ9BFtPnn6; Thu, 18 May 2017 10:49:59 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 6E2AC129C51; Thu, 18 May 2017 10:44:28 -0700 (PDT)
X-AuditID: c6180641-361ff700000037f2-91-591d971b2e2a
Received: from (Unknown_Domain []) by (Symantec Mail Security) with SMTP id 3D.19.14322.B179D195; Thu, 18 May 2017 14:44:14 +0200 (CEST)
Received: from ([]) by ([]) with mapi id 14.03.0319.002; Thu, 18 May 2017 13:44:24 -0400
From: Daniel Migault <>
To: Dan Romascanu <>, "" <>
CC: "" <>, "" <>, "" <>
Thread-Topic: Genart last call review of draft-ietf-tls-ecdhe-psk-aead-03
Thread-Index: AQHSzWiJWERoq289gk+axe0Pcf3PPqH6RMuw
Date: Thu, 18 May 2017 17:44:24 +0000
Message-ID: <>
References: <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
x-originating-ip: []
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrDLMWRmVeSWpSXmKPExsUyuXRPiK7cdNlIgyu3rSzeLNvEZNH4WMvi 6qvPLBbPNs5nsfh0vovRgdVj56y77B5LlvxkCmCK4rJJSc3JLEst0rdL4Mq4cPwKW8EC5YqP 18+wNzCuUepi5OCQEDCRePXSsYuRi0NI4CijxOk9HawQznJGiZ7jD9i6GDk52ASMJNoO9bOD 2CICvhLXT09iByliFljIKNG+aAIzSEJYwENi9/M2qCJPiVMtx5ggbCOJR2+/gtksAqoSK/7/ YgSxeYEGLbu/GiwuJOAoce3MMlYQm1PASWLb/NdgixkFxCS+n1oDVsMsIC5x68l8MFtCQEBi yZ7zzBC2qMTLx/9YIWwliUlLz7GCfMYsoCmxfpc+RKuixJTuh+wQawUlTs58wjKBUXQWkqmz EDpmIemYhaRjASPLKkaO0uKCnNx0I8NNjMA4OSbB5riDcW+v5yFGAQ5GJR7e7i7ZSCHWxLLi ytxDjBIczEoivF/OAYV4UxIrq1KL8uOLSnNSiw8xSnOwKInzviu/ECEkkJ5YkpqdmlqQWgST ZeLglGpglGQpfavM+f9vZGwto0Rz0dTKAtkZFnOnLej061senP3GzIJ3o5POw2VzNm5hTZu2 XmTFhBdqG9fmbn99padTsjD2w5SVd846buI+zMO1NK0sci6zQZMEy9MC21Ua5zWXH+rPZOfg PKd2Nzte3Omf2k7V6aznfyhleR7telc2ie03R8Shf/P3K7EUZyQaajEXFScCAAaWn0GPAgAA
Archived-At: <>
Subject: Re: [TLS] Genart last call review of draft-ietf-tls-ecdhe-psk-aead-03
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 18 May 2017 17:50:01 -0000

Hi Dan, 

Thank you for your reviews and comments. I believe the following text provides more explanation on how the provided cipher suites are negotiated by TLS1.3 as well as why point codes defined in the document does not apply to TLS1.3. Feel free to let me know if that address your concern and I can publish version 04 with the text below.

Unlike TLS1.2, TLS1.3 separates authentication and cipher suite negotiation <xref target="I-D.ietf-tls-tls13"/> Section 1.2. TLS1.3 supports PSK with ECDHE key exchange and the cipher suites TLS_AES_128_GCM_SHA256, TLS_AES_256_GCM_SHA384, TLS_AES_128_CCM_8_SHA256 and  TLS_AES_128_CCM_SHA256 are part of the specification. As a result, TLS 1.3 and higher versions, negotiate and support these cipher suites in a different way.

I am not sure we  have to wait for the publication of TLS1.3 as changes on TLS1.3 are unlikely to impact the code point assigned. However, we currently have TLS1.3 as a normative reference. 

-----Original Message-----
From: Dan Romascanu [] 
Sent: Monday, May 15, 2017 6:47 AM
Subject: Genart last call review of draft-ietf-tls-ecdhe-psk-aead-03

Reviewer: Dan Romascanu
Review result: Ready with Issues

I am the assigned Gen-ART reviewer for this draft. The General Area Review Team (Gen-ART) reviews all IETF documents being processed by the IESG for the IETF Chair.  Please treat these comments just like any other last call comments.

For more information, please see the FAQ at


Document: draft-ietf-tls-ecdhe-psk-aead-??
Reviewer: Dan Romascanu
Review Date: 2017-05-15
IETF LC End Date: 2017-05-18
IESG Telechat date: 2017-05-25


This is a straight-forward and clear document that defines several new cipher suites for the Transport Layer Security (TLS) protocol version
1.2 and higher, based on the Ephemeral Elliptic Curve Diffie-Hellman with Pre-Shared Key (ECDHE_PSK) key exchange together with the Authenticated Encryption with Associated Data (AEAD) algorithms AES-GCM and AES-CCM. The document is well written and I appreciate the effort to clarify in the Introduction the context, what was missing, and why the document is necessary. The document is Ready, there is one issue about support for TLS version 1.3 and higher that may need some text clarification. 

Major issues:

Minor issues:

Section 4 ('Applicable TLS Versions') describes in details how the cipher suites defined in the document make use of the authenticated encryption with additional data (AEAD) defined in TLS 1.2 [RFC5246] and DTLS 1.2 [RFC6347]. About TLS 1.3 it just says: 

' TLS 1.3 and above version, negotiate and support these cipher suites in a different way.'

This may raise some concerns as 'in a different way' is ambiguous, especially compared to the details included for TLS 1.2. Moreover, TLS
1.3 is still work-in-progress, and I believe that this document when approved needs to wait for TLS 1.3 to be approved for publication.
Will anything change, or need to be added? Some better clarification text would help IMO. 

Nits/editorial comments: