Re: [TLS] Last call comments and WG Chair review of draft-ietf-tls-ecdhe-psk-aead

[Martin Thomson]

On the interaction with TLS 1.3, we probably need a decision to be made:

1. strike TLS 1.3 from the document and only mention it in the way Joe
suggests, TLS 1.3 doesn't get the CCM suites (it already has the
equivalent of the GCM suites)

2. strike TLS 1.3 from the document, and add new TLS 1.3 CCM cipher
suites to TLS 1.3 proper

3. add new TLS 1.3 CCM cipher suites to the document

It seems like 1 is a no-go on the basis that this document wouldn't
exist if CCM suites weren't at least a little bit interesting.


On 22 February 2017 at 05:22, Joseph Salowey  wrote:
> Here are the open issues for draft-ietf-tls-ecdhe-psk-aead
>
> 1.  Why does TLS_ECDHE_PSK_WITH_AES_256_CCM_8_SHA256 use SHA256 instead of
> SHA384 like the other 256 bit cipher suites? (From Russ Housley)
>
> 2.  Since the security considerations mention passwords (human chosen
> secrets) it should mention dictionary attacks. (From Russ Housley)
>
> 3.  Section 2 and 3 of the document contains more detail about TLS 1.3 than
> necessary.
>
> Section 2: This document only defines cipher suites for TLS 1.2, not TLS 1.2
> or later.  A subset of equivalent cipher suites is defined in the TLS 1.3
> specification.
>
> Section 3 and 4: Maybe replace the last 2 paragraphs with an addition to
> section 4 that states:
>
> "TLS 1.3 and above name, negotiate and support a subset of these cipher
> suites in a different way."  (TLS 1.3 does not support
> TLS_ECDHE_PSK_WITH_AES_256_CCM_SHA384 and
> TLS_ECDHE_PSK_WITH_AES_256_CCM_8_SHA256)
>
> 4. Section 3 should contain a bit more detail about relationship to 4492 bis
> and RFC 4279:
>
> Something like the following may be enough.
>
> "This messages and pre-master secret construction in this document are based
> on [RFC4279].  The elliptic curve parameters used in in the Diffie-Hellman
> parameters are negotiated using extensions defined in [4492-bis]."
>
> Thanks,
>
> Joe
>
>
>
>
> ___
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>

___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

[TLS] Last call comments and WG Chair review of draft-ietf-tls-ecdhe-psk-aead

[Joseph Salowey]

Here are the open issues for draft-ietf-tls-ecdhe-psk-aead

1.  Why does TLS_ECDHE_PSK_WITH_AES_256_CCM_8_SHA256 use SHA256 instead of
SHA384 like the other 256 bit cipher suites? (From Russ Housley)

2.  Since the security considerations mention passwords (human chosen
secrets) it should mention dictionary attacks. (From Russ Housley)

3.  Section 2 and 3 of the document contains more detail about TLS 1.3 than
necessary.

Section 2: This document only defines cipher suites for TLS 1.2, not TLS
1.2 or later.  A subset of equivalent cipher suites is defined in the TLS
1.3 specification.

Section 3 and 4: Maybe replace the last 2 paragraphs with an addition to
section 4 that states:

"TLS 1.3 and above name, negotiate and support a subset of these cipher
suites in a different way."  (TLS 1.3 does not support
TLS_ECDHE_PSK_WITH_AES_256_CCM_SHA384
and TLS_ECDHE_PSK_WITH_AES_256_CCM_8_SHA256)

4. Section 3 should contain a bit more detail about relationship to 4492
bis and RFC 4279:

Something like the following may be enough.

"This messages and pre-master secret construction in this document are
based on [RFC4279].  The elliptic curve parameters used in in the
Diffie-Hellman parameters are negotiated using extensions defined in
[4492-bis]."

Thanks,

Joe
___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

[TLS] Typo error in TLS Working Group charter

[Mohit Batra]

Hello,

I just noticed a Typo error in TLS Working Group charter at
https://datatracker.ietf.org/wg/tls/charter/

The RFC number for TLS 1.2 is mentioned as:  RFC5346

However, the correct RFC number is:  RFC5246


Request to please correct the same.

-- 
Thanks & Regards,
Mohit Batra
IETF 95/98 fellow
___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls