[TLS] I-D Action: draft-ietf-tls-tls13-cert-with-extern-psk-06.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Transport Layer Security WG of the IETF. Title : TLS 1.3 Extension for Certificate-based Authentication with an External Pre-Shared Key Author : Russ Housley Filename: draft-ietf-tls-tls13-cert-with-extern-psk-06.txt Pages : 12 Date: 2019-12-23 Abstract: This document specifies a TLS 1.3 extension that allows a server to authenticate with a combination of a certificate and an external pre- shared key (PSK). The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-tls-tls13-cert-with-extern-psk/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-tls-tls13-cert-with-extern-psk-06 https://datatracker.ietf.org/doc/html/draft-ietf-tls-tls13-cert-with-extern-psk-06 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-tls-tls13-cert-with-extern-psk-06 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
Re: [TLS] I-D Action: draft-ietf-tls-tls13-cert-with-extern-psk-06.txt
This update addresses a set of comments from IESG Evaluation that I inadvertently missed yesterday. Russ > On Dec 23, 2019, at 9:35 AM, internet-dra...@ietf.org wrote: > > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This draft is a work item of the Transport Layer Security WG of the IETF. > >Title : TLS 1.3 Extension for Certificate-based > Authentication with an External Pre-Shared Key >Author : Russ Housley > Filename: draft-ietf-tls-tls13-cert-with-extern-psk-06.txt > Pages : 12 > Date: 2019-12-23 > > Abstract: > This document specifies a TLS 1.3 extension that allows a server to > authenticate with a combination of a certificate and an external pre- > shared key (PSK). > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-tls-tls13-cert-with-extern-psk/ > > There are also htmlized versions available at: > https://tools.ietf.org/html/draft-ietf-tls-tls13-cert-with-extern-psk-06 > https://datatracker.ietf.org/doc/html/draft-ietf-tls-tls13-cert-with-extern-psk-06 > > A diff from the previous version is available at: > https://www.ietf.org/rfcdiff?url2=draft-ietf-tls-tls13-cert-with-extern-psk-06 > > > Please note that it may take a couple of minutes from the time of submission > until the htmlized version and diff are available at tools.ietf.org. > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ ___ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
Re: [TLS] Roman Danyliw's No Objection on draft-ietf-tls-tls13-cert-with-extern-psk-03: (with COMMENT)
Roman: Thanks for the careful read and the resulting comments. > -- > COMMENT: > -- > > * Section 7. The paragraphs that start with “In this extension, the external > PSK preserves secrecy if the EC(DH) key agreement” …” and “In the future, if > the (EC)DH key agreement ..” seem to be saying the same thing differently. Not really. The first one is talking about the PSK preserving secrecy (probably should say confidentiality). The second one is talking about forward secrecy. I will merge the two paragraphs: In this extension, the external PSK preserves confidentiality if the (EC)DH key agreement is ever broken by cryptanalysis or the future invention of a large-scale quantum computer. As long as the attacker does not know the PSK and the key derivation algorithm remains unbroken, the attacker cannot derive the session secrets even if they are able to compute the (EC)DH shared secret. Should the attacker be able compute the (EC)DH shared secret, the forward secrecy advantages traditionally associated with ephemeral (EC)DH keys will no longer be relevant. Although the ephemeral private keys used during a given TLS session are destroyed at the end of a session, preventing the attacker from later accessing them, these private keys would nevertheless be recoverable due to the break in the algorithm. However, a more general notion of "secrecy after key material is destroyed" would still be achievable using external PSKs, if they are managed in a way that ensures their destruction when they are no longer needed, and with the assumption that the algorithms that use the external PSKs remain quantum-safe. > * Section 7. It’s worth mentioning somewhere the obvious thing – how to > generate, distribute, manage the external PSKs is out of scope for this > specification. Gladly. I put it at the bottom of the third paragraph in Section 7, which now reads: Implementations must protect the external pre-shared key (PSK). Compromise of the external PSK will make the encrypted session content vulnerable to the future development of a large-scale quantum computer. However, the generation, distribution, and management of the external PSKs is out of scope for this specification. > * Section 7. Per “TLS 1.3 [RFC8446] has received careful security analysis, > and some informal reasoning shows that the addition of this extension does not > introduce any security defects”, is there a citation for this “informal > reasoning”? Otherwise, it’s a soft statement. The informal reasoning follows the paragraph, and I think the only reference would be my slides from IETF 104. To make this clear, I will change "some informal reasoning" to "the following informal reasoning". > * Editorial Nits: > - Section 3. Typo. s/inclue/include/ > > - Section 5.1. Typo. s/extension are/extensions are/ > > - Section 5.1. /Most of those extension are not impacted in any way. This > section discusses the impacts on the other extensions./Most of those extension > are not impacted in any way by this specification. However, this section > discusses the extensions that require additional consideration./ > > - Section 5.1. Typo. s/may be know to other partiers/may be known to other > parties/ > > - Section 5.1. Typo. s/know to other parties/known to other parties/ > > - Section 7. Typo. s/that external PSK/that the external PSK/ Two of these must have been fixed based on comments from others. Anyway, they are all fixed now. Russ ___ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
[TLS] I-D Action: draft-ietf-tls-tls13-cert-with-extern-psk-07.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Transport Layer Security WG of the IETF. Title : TLS 1.3 Extension for Certificate-based Authentication with an External Pre-Shared Key Author : Russ Housley Filename: draft-ietf-tls-tls13-cert-with-extern-psk-07.txt Pages : 12 Date: 2019-12-23 Abstract: This document specifies a TLS 1.3 extension that allows a server to authenticate with a combination of a certificate and an external pre- shared key (PSK). The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-tls-tls13-cert-with-extern-psk/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-tls-tls13-cert-with-extern-psk-07 https://datatracker.ietf.org/doc/html/draft-ietf-tls-tls13-cert-with-extern-psk-07 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-tls-tls13-cert-with-extern-psk-07 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
Re: [TLS] I-D Action: draft-ietf-tls-tls13-cert-with-extern-psk-07.txt
Apparently I ran xml2rfc for -06 with a few unsaved changes still in my edit buffer. Here are the rest of the changes. Russ > On Dec 23, 2019, at 9:50 AM, internet-dra...@ietf.org wrote: > > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This draft is a work item of the Transport Layer Security WG of the IETF. > >Title : TLS 1.3 Extension for Certificate-based > Authentication with an External Pre-Shared Key >Author : Russ Housley > Filename: draft-ietf-tls-tls13-cert-with-extern-psk-07.txt > Pages : 12 > Date: 2019-12-23 > > Abstract: > This document specifies a TLS 1.3 extension that allows a server to > authenticate with a combination of a certificate and an external pre- > shared key (PSK). > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-tls-tls13-cert-with-extern-psk/ > > There are also htmlized versions available at: > https://tools.ietf.org/html/draft-ietf-tls-tls13-cert-with-extern-psk-07 > https://datatracker.ietf.org/doc/html/draft-ietf-tls-tls13-cert-with-extern-psk-07 > > A diff from the previous version is available at: > https://www.ietf.org/rfcdiff?url2=draft-ietf-tls-tls13-cert-with-extern-psk-07 > > > Please note that it may take a couple of minutes from the time of submission > until the htmlized version and diff are available at tools.ietf.org. > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ ___ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
[TLS] I-D Action: draft-ietf-tls-certificate-compression-09.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Transport Layer Security WG of the IETF. Title : TLS Certificate Compression Authors : Alessandro Ghedini Victor Vasiliev Filename: draft-ietf-tls-certificate-compression-09.txt Pages : 8 Date: 2019-12-23 Abstract: In TLS handshakes, certificate chains often take up the majority of the bytes transmitted. This document describes how certificate chains can be compressed to reduce the amount of data transmitted and avoid some round trips. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-tls-certificate-compression/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-tls-certificate-compression-09 https://datatracker.ietf.org/doc/html/draft-ietf-tls-certificate-compression-09 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-tls-certificate-compression-09 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
Re: [TLS] I-D Action: draft-ietf-tls-certificate-compression-09.txt
On Mon, Dec 23, 2019 at 11:03:17AM -0800, internet-dra...@ietf.org wrote: > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This draft is a work item of the Transport Layer Security WG of the IETF. > > Title : TLS Certificate Compression > Authors : Alessandro Ghedini > Victor Vasiliev > Filename: draft-ietf-tls-certificate-compression-09.txt > Pages : 8 > Date: 2019-12-23 > > Abstract: >In TLS handshakes, certificate chains often take up the majority of >the bytes transmitted. > >This document describes how certificate chains can be compressed to >reduce the amount of data transmitted and avoid some round trips. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-tls-certificate-compression/ > > There are also htmlized versions available at: > https://tools.ietf.org/html/draft-ietf-tls-certificate-compression-09 > https://datatracker.ietf.org/doc/html/draft-ietf-tls-certificate-compression-09 > > A diff from the previous version is available at: > https://www.ietf.org/rfcdiff?url2=draft-ietf-tls-certificate-compression-09 This addresses some comments from IESG review. Cheers ___ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
[TLS] Document Action: 'TLS 1.3 Extension for Certificate-based Authentication with an External Pre-Shared Key' to Experimental RFC (draft-ietf-tls-tls13-cert-with-extern-psk-07.txt)
The IESG has approved the following document: - 'TLS 1.3 Extension for Certificate-based Authentication with an External Pre-Shared Key' (draft-ietf-tls-tls13-cert-with-extern-psk-07.txt) as Experimental RFC This document is the product of the Transport Layer Security Working Group. The IESG contact persons are Benjamin Kaduk and Roman Danyliw. A URL of this Internet Draft is: https://datatracker.ietf.org/doc/draft-ietf-tls-tls13-cert-with-extern-psk/ Technical Summary This document specifies a TLS 1.3 extension that allows a server to authenticate with a combination of a certificate and an external pre- shared key (PSK). Working Group Summary The document has strong support from a small number of participants in the working group. Concerns have been raised about the lack of implementation plans, but there was enough support to move this experimental draft forward. Document Quality Implementation plans are unknown, but the core of the proposal involves using a "joint in the protocol" in a usage that was envisioned in the original design; the main work is to record the specific semantics and signaling involved, to ensure interoperability. Personnel Joe Salowey is the document shepherd. Benjamin Kaduk is the responsible AD. ___ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
[TLS] Protocol Action: 'TLS Certificate Compression' to Proposed Standard (draft-ietf-tls-certificate-compression-09.txt)
The IESG has approved the following document: - 'TLS Certificate Compression' (draft-ietf-tls-certificate-compression-09.txt) as Proposed Standard This document is the product of the Transport Layer Security Working Group. The IESG contact persons are Benjamin Kaduk and Roman Danyliw. A URL of this Internet Draft is: https://datatracker.ietf.org/doc/draft-ietf-tls-certificate-compression/ Technical Summary This draft defines a TLS extension to compress certificate chains to reduce the amount of data transmitted and avoid some round trips. The compression algorithms defined, zlib, brotli, and zstd, are all documented in RFCs. Working Group Summary The WG process was unremarkable; the document has been around and stable for a couple years, and the idea around before that. Document Quality Google, Cloudflare, Apple, and FaceBook have implemented this extension. Firefox has also indicated they intend to prototype it. It should also be noted that others. eg., the EMU WG, are interested in this feature. Personnel Sean Turner is the document shepherd. Ben Kaduk is the responsible Area Director. ___ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
