On Mon, Oct 29, 2018 at 11:17 AM Aaron Falk <aaron.f...@gmail.com> wrote: > > In preface, I almost know enough about transport security to be dangerous so > I'm hoping someone more knowledgeable will clarify for me... > > In section 5.3.1 of draft-ietf-taps-interface-02 a number of different > security parameters are proposed: > > SecurityParameters.AddIdentity(identity) > SecurityParameters.AddPrivateKey(privateKey, publicKey) > > SecurityParameters.AddSupportedGroup(secp256k1) > > SecurityParameters.AddCiphersuite(TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256) > SecurityParameters.AddSignatureAlgorithm(ed25519) > > SecurityParameters.SetSessionCacheCapacity(MAX_CACHE_ELEMENTS) > SecurityParameters.SetSessionCacheLifetime(SECONDS_PER_DAY) > SecurityParameters.SetSessionCachePolicy(CachePolicyOneTimeUse) > > SecurityParameters.AddPreSharedKey(key, identity) > > Aren't there relationships between them? Like you might have some support for > multiple identities, cyphersuites, and pre-shared keys but they don't all > work with each other. In other words, maybe this is more of a tree than a > flat space.
Yes, this is true. For example, depending on the type of identity (and private key) available, certain ciphersuites are not permitted. Describing these relationships is very protocol (TLS) specific, and thus it seems inappropriate to capture them here. I would rather add text simply noting the possible dependencies. The implementation draft can then expand on how certain configurations are not possible. Best, Chris _______________________________________________ Taps mailing list Taps@ietf.org https://www.ietf.org/mailman/listinfo/taps
