Hi, The use of the semi-static in this document seems strange to me. The term "semi-static" is just describing the lifetime of the key, which could be measured in time or in the number of times the key is used.
Krawczyk defines a semi-static key as a short term cachable key "These choices mainly refer to the properties of g s , such as specifying the method for authenticating this key and whether it is static, semi-static or non-static key (roughly correspond to a long-term g s as in the case of DH certificate, a short term cacheable key, or a one-time key as discussed in the optimization section above and in more detail in Section 4.4)." https://eprint.iacr.org/2015/978.pdf Madded describes semi-static as the same thing as semi-ephemeral "Signal adopts a middle ground and has Bob publish a “semi-static” (or “semi-ephemeral” depending on your point of view) signed prekey along with a bundle of normal prekeys." https://neilmadden.blog/2021/04/08/from-kems-to-protocols/ Semi-static in draft-ietf-tls-semistatic-dh seems to describe how the key is used. Also the keys in draft-ietf-tls-semistatic-dh seems to be as static as the RSA/ECDSA keys used for authentication in TLS. I think the terminology should be changed. The term "semi-ephemeral" used by Madden would be a better term for the key shares in TLS 1.3 if TLS continues to allow reuse of key shares. Cheers, John Preuß Mattsson From: TLS <tls-boun...@ietf.org> on behalf of Christopher Wood <c...@heapingbits.net> Date: Sunday, 8 March 2020 at 00:57 To: tls@ietf.org <tls@ietf.org> Cc: i-d-annou...@ietf.org <i-d-annou...@ietf.org> Subject: Re: [TLS] I-D Action: draft-ietf-tls-semistatic-dh-01.txt Among editorial changes, this update removes key schedule injection. The resulting design still requires formal analysis, though we don’t expect much more to change at this point. Please have a look and provide feedback. Thanks! Chris (no hat) On 7 Mar 2020, at 15:45, internet-dra...@ietf.org wrote: > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This draft is a work item of the Transport Layer Security WG of the > IETF. > > Title : Semi-Static Diffie-Hellman Key Establishment > for TLS 1.3 > Authors : Eric Rescorla > Nick Sullivan > Christopher A. Wood > Filename : draft-ietf-tls-semistatic-dh-01.txt > Pages : 7 > Date : 2020-03-07 > > Abstract: > TLS 1.3 [RFC8446] specifies a signed Diffie-Hellman exchange > modelled > after SIGMA [SIGMA]. This design is suitable for endpoints whose > certified credential is a signing key, which is the common > situation > for current TLS servers. This document describes a mode of TLS 1.3 > in which one or both endpoints have a certified DH key which is > used > to authenticate the exchange. > > Note to Readers > > Source for this draft and an issue tracker can be found at > > https://protect2.fireeye.com/v1/url?k=a6a7efb5-fa2dcd5f-a6a7af2e-0cc47ad93e32-303b324aa958a9d1&q=1&e=d0bed61a-0ab1-4148-8d7b-c1a8b402b327&u=https%3A%2F%2Fgithub.com%2Fekr%2Fdraft-rescorla-tls13-semistatic-dh > > (https://protect2.fireeye.com/v1/url?k=b5703be7-e9fa190d-b5707b7c-0cc47ad93e32-757125fb0f4def0a&q=1&e=d0bed61a-0ab1-4148-8d7b-c1a8b402b327&u=https%3A%2F%2Fgithub.com%2Fekr%2Fdraft-rescorla-tls13-semistatic-dh). > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-tls-semistatic-dh/ > > There are also htmlized versions available at: > https://tools.ietf.org/html/draft-ietf-tls-semistatic-dh-01 > https://datatracker.ietf.org/doc/html/draft-ietf-tls-semistatic-dh-01 > > A diff from the previous version is available at: > https://www.ietf.org/rfcdiff?url2=draft-ietf-tls-semistatic-dh-01 > > > Please note that it may take a couple of minutes from the time of > submission > until the htmlized version and diff are available at tools.ietf.org. > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
