On Thu, Feb 20, 2020 at 7:08 PM Rob Sayre <say...@gmail.com> wrote: > Hi, > > I'm not sure how violations of these requirements would result in > poor interoperability: > > Clients which import external keys TLS MUST NOT use these keys for > any other purpose. Moreover, each external PSK MUST be associated > with at most one hash function. > > These seem like aspirational security goals. It would be better to > describe the consequences of violating these conditions. >
I don't agree. They are requirements in order to be able to make the assertions we want to make about the security of the protocol. This is consistent with the following text of RFC 2119 S 6 ".. or to limit behavior which has potential for causing harm (e.g., limiting retransmisssions) " I don't think it would be unreasonable.to explain the reason for these, though this is already a requirement of 8446 S 4.2.11 (though without justification). -Ekr > thanks, > Rob > > > > On Thu, Feb 20, 2020 at 4:45 PM Joseph Salowey <j...@salowey.net> wrote: > >> Hi Folks, >> >> This is the working group last call for the "Importing External PSKs" >> draft available at >> https://datatracker.ietf.org/doc/draft-ietf-tls-external-psk-importer/. >> Please review the document and send your comments to the list by 2359 UTC >> on 6 March 2020. >> >> Note the the GH repo for this draft can be found at: >> https://github.com/tlswg/draft-ietf-tls-external-psk-importer >> >> Thanks, >> >> Sean and Joe >> _______________________________________________ >> TLS mailing list >> TLS@ietf.org >> https://www.ietf.org/mailman/listinfo/tls >> > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
