Thanks. This clarifies now. Regards,
Dan Sent from my iPhone > On 25 May 2017, at 1:49, Daniel Migault <daniel.miga...@ericsson.com> wrote: > > Hi Dan, > > The major concern we have is that as a response to your comment I detailed > how the defined cipher suites are agreed with TLS1.3. The text we agreed on > has been updated, but I guess it still provides enough details. > > In addition, you are right, we have also clarified the text and make sure > there is not misunderstanding that the code points assigned are only valid > for TLS1.2. This includes specification of the version in the title, as well > as removal of most reference to TLS1.3 in the introduction. The only > remaining reference to TLS1.3 in the introduction is used to motivate the use > of AEAD algorithms. > > The current text for the introduction is as quoted below. > > Again thank you all for your reviews, > > Yours, > Daniel > > > > 2. Introduction > > This document defines new cipher suites that provide Pre-Shared Key > (PSK) authentication, Perfect Forward Secrecy (PFS), and > Authenticated Encryption with Associated Data (AEAD). The cipher > suites are defined for version 1.2 of the Transport Layer Security > (TLS) [RFC5246] protocol and version 1.2 of the Datagram Transport > Layer Security (DTLS) protocol [RFC6347]. > > Pre-Shared Key (PSK) Authentication is widely used in many scenarios. > One deployment is 3GPP networks where pre-shared keys are used to > authenticate both subscriber and network. Another deployment is > Internet of Things where PSK authentication is often preferred for > performance and energy efficiency reasons. In both scenarios the > endpoints are owned/controlled by a party that provisions the pre- > shared keys and makes sure that they provide a high level of entropy. > > Perfect Forward Secrecy (PFS) is a strongly recommended feature in > security protocol design and can be accomplished by using an > ephemeral Diffie-Hellman key exchange method. Ephemeral Elliptic > Curve Diffie-Hellman (ECDHE) provides PFS with excellent performance > and small key sizes. ECDHE is mandatory to implement in both HTTP/2 > [RFC7540] and CoAP [RFC7252]. > > AEAD algorithms that combine encryption and integrity protection are > strongly recommended for (D)TLS [RFC7525] and non-AEAD algorithms are > forbidden to use in TLS 1.3 [I-D.ietf-tls-tls13]. The AEAD > algorithms considered in this document are AES-GCM and AES-CCM. The > use of AES-GCM in TLS is defined in [RFC5288] and the use of AES-CCM > is defined in [RFC6655]. > > [RFC4279] defines Pre-Shared Key (PSK) cipher suites for TLS but does > not consider Elliptic Curve Cryptography. [RFC4492] introduces > Elliptic Curve Cryptography for TLS but does not consider PSK > authentication. [RFC5487] describes the use of AES-GCM in > combination with PSK authentication, but does not consider ECDHE. > [RFC5489] describes the use of PSK in combination with ECDHE but does > not consider AES-GCM or AES-CCM. > > >> On Wed, May 24, 2017 at 5:05 PM, Dan Romascanu <droma...@gmail.com> wrote: >> Hi Joe, >> >> Looks OK, but don't you need to also drop 'as well as version 1.3 of TLS' >> from the first paragraph in the Introduction? >> >> Regards, >> >> Dan >> >>> On Thu, May 25, 2017 at 12:29 AM, Joseph Salowey <j...@salowey.net> wrote: >>> Hi Dan and Alissa, >>> >>> There has been some churn in the text of the document due to my oversight >>> when sending the document to the IESG. The proposed new text provided >>> below show should also resolve your comment. Please let me know if you see >>> any issues with this approach. >>> >>> Thanks, >>> >>> Joe >>> >>> Replacing section 4: >>> >>> The cipher suites defined in this document MUST NOT be negotiated for >>> any version of (D)TLS other than TLS 1.2. Servers MUST NOT select >>> one of these cipher suites when selecting TLS version other than TLS >>> 1.2. A client MUST treat the selection of these cipher suites in >>> combination with a different version of TLS as an error and generate >>> a fatal 'illegal_parameter' TLS alert. >>> >>> Cipher suites TLS_AES_128_GCM_SHA256, TLS_AES_256_GCM_SHA384, >>> TLS_AES_128_CCM_8_SHA256 and TLS_AES_128_CCM_SHA256 are used to >>> support equivalent functionality in TLS 1.3 [I-D.ietf-tls-tls13]. >>> >>> >>> >>>> On Wed, May 24, 2017 at 8:15 AM, Alissa Cooper <ali...@cooperw.in> wrote: >>>> Dan, thank you for your reviews of this document and thanks to the authors >>>> for providing clarifications. I have balloted No Objection. >>>> >>>> Alissa >>>> >>>> > On May 19, 2017, at 6:43 PM, Dan Romascanu <droma...@gmail.com> wrote: >>>> > >>>> > Reviewer: Dan Romascanu >>>> > Review result: Ready >>>> > >>>> > I am the assigned Gen-ART reviewer for this draft. The General Area >>>> > Review Team (Gen-ART) reviews all IETF documents being processed >>>> > by the IESG for the IETF Chair. Please wait for direction from your >>>> > document shepherd or AD before posting a new version of the draft. >>>> > >>>> > For more information, please see the FAQ at >>>> > >>>> > <https://trac.ietf.org/trac/gen/wiki/GenArtfaq>. >>>> > >>>> > Document: draft-ietf-tls-ecdhe-psk-aead-?? >>>> > Reviewer: Dan Romascanu >>>> > Review Date: 2017-05-19 >>>> > IETF LC End Date: 2017-05-18 >>>> > IESG Telechat date: 2017-05-25 >>>> > >>>> > Summary: >>>> > >>>> > This is a straight-forward and clear document that defines several new >>>> > cipher suites for the Transport Layer Security (TLS) protocol version >>>> > 1.2 and higher, based on the Ephemeral Elliptic Curve Diffie-Hellman >>>> > with Pre-Shared Key (ECDHE_PSK) key exchange together with the >>>> > Authenticated Encryption with Associated Data (AEAD) algorithms >>>> > AES-GCM and AES-CCM. The document is well written and I appreciate the >>>> > effort to clarify in the Introduction the context, what was missing, >>>> > and why the document is necessary. One issue raised in my initial >>>> > review for draft-03 was addressed, discussed and draft-04 includes >>>> > useful clarification text. >>>> > >>>> > The document is Ready >>>> > >>>> > Major issues: >>>> > >>>> > Minor issues: >>>> > >>>> > Nits/editorial comments: >>>> > >>>> > >>>> > _______________________________________________ >>>> > Gen-art mailing list >>>> > gen-...@ietf.org >>>> > https://www.ietf.org/mailman/listinfo/gen-art >>>> >>> >> >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
