Should the TLS 1.3 draft request a new registry for psk_key_exchange_modes? Initially, I thought that there was no way to extend it, but the email below from Martin Thomson suggests adding a new codepoint, so I thought it best to check that this wasn't an oversight in the draft. -- Tony
-----Original Message----- From: TLS [mailto:tls-boun...@ietf.org] On Behalf Of Martin Thomson Sent: 01 March 2018 21:55 To: Russ Housley Cc: IETF TLS Subject: Re: [TLS] New Internet-Draft: draft-housley-tls-tls13-cert-with-extern-psk-00 Hi Russ, This seems like a welcome addition. I'm not sure why you think that PQ needs are a good motivation for this work though. Managing external PSKs is so unwieldy that it almost seems like this would do more harm than good in that regard. I find this more interesting from the perspective of providing continuing proof of possession for keys while also permitting the use of 0-RTT (and session continuation more generally). FWIW, I don't see any reason that this approach would be a problem given that it is additive, the problem that Sam Scott et. al. from before was a result of important contextual information being omitted from the transcript. Why didn't you consider a new codepoint on psk_key_exchange_modes that permits/requires use of the certificate? The purpose of that extension is to signal that a) you want PSK, and b) what additional things are permitted alongside that PSK. It's not clear from your text on client certificate authentication whether your mode permits the server to omit its Certificate, but then send CertificateRequest. You should clarify that one way or other. --Martin On Fri, Mar 2, 2018 at 8:37 AM, Russ Housley <hous...@vigilsec.com> wrote: > I would like to get comments on this Internet-Draft. Once a round of > comments have been received and folded into -01, I would like to work with > folks that did the earlier proofs with Tamarin to make sure that the this > does not negatively impact the TLS 1.3 protocol changes that were made to > eliminate the man-in-the-middle attack that they found in 2015. > > Thanks, > Russ > > > From: internet-dra...@ietf.org > Subject: New Version Notification for > draft-housley-tls-tls13-cert-with-extern-psk-00.txt > Date: March 1, 2018 at 4:13:44 PM EST > To: "Russ Housley" <hous...@vigilsec.com> > > > A new version of I-D, draft-housley-tls-tls13-cert-with-extern-psk-00.txt > has been successfully submitted by Russ Housley and posted to the > IETF repository. > > Name: draft-housley-tls-tls13-cert-with-extern-psk > Revision: 00 > Title: TLS 1.3 Extension for Certificate-based Authentication with an > External Pre-Shared Key > Document date: 2018-03-01 > Group: Individual Submission > Pages: 9 > URL: > https://www.ietf.org/internet-drafts/draft-housley-tls-tls13-cert-with-extern-psk-00.txt > Status: > https://datatracker.ietf.org/doc/draft-housley-tls-tls13-cert-with-extern-psk/ > Htmlized: > https://tools.ietf.org/html/draft-housley-tls-tls13-cert-with-extern-psk-00 > Htmlized: > https://datatracker.ietf.org/doc/html/draft-housley-tls-tls13-cert-with-extern-psk-00 > > > Abstract: > This document specifies a TLS 1.3 extension that allows a server to > authenticate with a combination of a certificate and an external pre- > shared key (PSK). > > > > > Please note that it may take a couple of minutes from the time of submission > until the htmlized version and diff are available at tools.ietf.org. > > The IETF Secretariat > > > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls > _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls Dyson Technology Limited, company number 01959090, Tetbury Hill, Malmesbury, SN16 0RP, UK. This message is intended solely for the addressee and may contain confidential information. If you have received this message in error, please immediately and permanently delete it, and do not use, copy or disclose the information contained in this message or in any attachment. Dyson may monitor email traffic data and content for security & training. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
