[TLS] secdir review of draft-ietf-tls-ecdhe-psk-aead-03

2017-05-18 Thread Benjamin Kaduk
Hi all, I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments

Re: [TLS] WG Call for adoption of draft-rescorla-tls-subcerts

2017-05-18 Thread Sean Turner
All, During the WG call for adoption, a couple of questions were raised about comparison/analysis of sub-certs versus proxy and/or short-lived certificates. There is some discussion currently in the draft, but the chairs feel that these issues need further discussion (and elaboration in the

Re: [TLS] Last Call: (ECDHE_PSK with AES-GCM and AES-CCM Cipher Suites for Transport Layer Security (TLS)) to Proposed Standard

2017-05-18 Thread Viktor Dukhovni
> On May 18, 2017, at 5:30 PM, Eric Rescorla wrote: > > I don't much care, but we've moved to "forward secrecy" in TLS 1.3. That's increasingly the more appropriate term. Yes, historically the word "perfect" was there too, but these days we understand that it is only as perfect

Re: [TLS] Last Call: (ECDHE_PSK with AES-GCM and AES-CCM Cipher Suites for Transport Layer Security (TLS)) to Proposed Standard

2017-05-18 Thread Eric Rescorla
I don't much care, but we've moved to "forward secrecy" in TLS 1.3. -Ekr On Thu, May 18, 2017 at 5:17 PM, Daniel Migault wrote: > Hi, > > Thanks Tim and Uri for the comment. At least wikipedia considers them as > equivalent. I am fine either way, but leave it as

Re: [TLS] Last Call: (ECDHE_PSK with AES-GCM and AES-CCM Cipher Suites for Transport Layer Security (TLS)) to Proposed Standard

2017-05-18 Thread Blumenthal, Uri - 0553 - MITLL
Instead of our in addition to the Wiki, check scholarly references. E.g., Introduction to Modern Cryptography, Handbook of Applied Cryptography, etc. Regards, Uri Sent from my iPhone > On May 18, 2017, at 17:18, Daniel Migault wrote: > > Hi, > > Thanks Tim and

Re: [TLS] Last Call: (ECDHE_PSK with AES-GCM and AES-CCM Cipher Suites for Transport Layer Security (TLS)) to Proposed Standard

2017-05-18 Thread Blumenthal, Uri - 0553 - MITLL
It is a mathematical cryptographic term, and as such is incontrovertible. I say leave it in. Regards, Uri Sent from my iPhone > On May 18, 2017, at 16:58, Timothy Jackson wrote: > > One small nit. > >> ECDHE provides perfect forward secrecy > I thought we had

[TLS] I-D Action: draft-ietf-tls-exported-authenticator-00.txt

2017-05-18 Thread internet-drafts
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Transport Layer Security of the IETF. Title : Exported Authenticators in TLS Author : Nick Sullivan Filename:

Re: [TLS] Last Call: (ECDHE_PSK with AES-GCM and AES-CCM Cipher Suites for Transport Layer Security (TLS)) to Proposed Standard

2017-05-18 Thread Timothy Jackson
One small nit. > ECDHE provides perfect forward secrecy I thought we had decided to change “perfect forward secrecy” to just “forward secrecy” since “perfect” is such a difficult standard to reach? Tim — Tim Jackson | Product Security Architect | MobileIron, Inc. On 5/18/17, 10:45 AM, "TLS on

Re: [TLS] Genart last call review of draft-ietf-tls-ecdhe-psk-aead-03

2017-05-18 Thread Dan Romascanu
Hi Daniel, Thank you for your response, and for addressing my comment. Yes, the edits address my concern, this is exactly the kind of clarification text that IMO was missing. I suggest to publish the revised version as soon as you address all other comments. The document can be approved by the

Re: [TLS] Last Call: (ECDHE_PSK with AES-GCM and AES-CCM Cipher Suites for Transport Layer Security (TLS)) to Proposed Standard

2017-05-18 Thread Daniel Migault
Hi Simon, Thank you for the review. I believe we have addressed your comments in our version 04. Please see my comments inline. Yours, Daniel -Original Message- From: TLS [mailto:tls-boun...@ietf.org] On Behalf Of Simon Friedberger Sent: Thursday, May 04, 2017 5:59 PM To:

Re: [TLS] Genart last call review of draft-ietf-tls-ecdhe-psk-aead-03

2017-05-18 Thread Daniel Migault
Hi Dan, Thank you for your reviews and comments. I believe the following text provides more explanation on how the provided cipher suites are negotiated by TLS1.3 as well as why point codes defined in the document does not apply to TLS1.3. Feel free to let me know if that address your concern

Re: [TLS] AD Review of draft-ietf-tls-tls13

2017-05-18 Thread Martin Thomson
On 18 May 2017 at 09:08, Eric Rescorla wrote: > This works for me, does anyone object to my updating the PR in this fashion? Go ahead. ___ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls

Re: [TLS] AD Review of draft-ietf-tls-tls13

2017-05-18 Thread Eric Rescorla
This works for me, does anyone object to my updating the PR in this fashion? -Ekr On Thu, May 18, 2017 at 2:10 AM, Brian Smith wrote: > Kathleen Moriarty wrote: > > 4. Section 6.2 Error Alerts > > > > In addition to sending the error, I

Re: [TLS] AD Review of draft-ietf-tls-tls13

2017-05-18 Thread Brian Smith
Kathleen Moriarty wrote: > 4. Section 6.2 Error Alerts > > In addition to sending the error, I don't see any mention of the error > being logged on the server side, shouldn't that be specified? Logging > errors (at least in debug modes when needed) provides