Ma J;
Rich Salz; Sanjay Mishra; Daniel Migault
Subject: New Version Notification for draft-mglt-lurk-tls-use-cases-01.txt
A new version of I-D, draft-mglt-lurk-tls-use-cases-01.txt
has been successfully submitted by Daniel Migault and posted to the IETF
repository.
Name: draft-mglt
Hi,
I can briefly present the use case / show advancement of the protocol design.
BR,
Daniel
-Original Message-
From: Lurk [mailto:lurk-boun...@ietf.org] On Behalf Of Eric Burger
Sent: Monday, May 30, 2016 12:13 PM
To: LURK BoF
Subject: [Lurk] Reminder: LURK Interim
A reminder, the L
Hi Jianjie,
Thank you for bringing a potential new use case. Currently LURK aims at
providing an interface between Edge Servers and the Key Server in a context of
TLS. If I am correct, the use case you provide introduces an additional element
designated as a Key Manager. From the description i
provider / content owner use case.
I will add some text to cover this use case more precisely. Thanks for
submitting the use case!
BR,
Daniel
From: Lurk [mailto:lurk-boun...@ietf.org] On Behalf Of Youjianjie
Sent: Thursday, June 16, 2016 10:42 PM
To: Daniel Migault; Fossati, Thomas (Nokia - GB); lurk
car Gonzales de Dios; Oscar Gonzalez de Dios; Kevin Ma J;
Rich Salz; Sanjay Mishra; Daniel Migault
Subject: New Version Notification for draft-mglt-lurk-tls-use-cases-02.txt
A new version of I-D, draft-mglt-lurk-tls-use-cases-02.txt
has been successfully submitted by Daniel Migault and posted to
[mailto:internet-dra...@ietf.org]
Sent: Friday, July 08, 2016 11:34 AM
To: Daniel Migault
Subject: New Version Notification for draft-mglt-lurk-tls-00.txt
A new version of I-D, draft-mglt-lurk-tls-00.txt has been successfully
submitted by Daniel Migault and posted to the IETF repository.
Name: draft
12, 2016 5:30 AM
To: Daniel Migault
Cc: lurk@ietf.org
Subject: Re: [Lurk] FW: New Version Notification for draft-mglt-lurk-tls-00.txt
Dear Daniel,
Thank you for your work!
We need also a possibility to check whether the Key Server has the necessary
Private Key. IRL we can meet
Hi,
If I understand correctly, to prevent a generic signing oracle, some mechanisms
or operations should be defined so the signed public key can be believed to be
part of legitimate ECDHE exchange instead of some random data. This includes
checking the public key belongs to the curve or proving
Hi,
Following the discussions of the BoF in Berlin, I agree that the generic
principle for all TLS use cases mentioned in the BoF can be designated as
providing means to delegate TLS authentication.
Currently delegating a TLS service to a third party or multiple edge nodes
is mostly based on
t;
> On Wed 2016-10-12 13:10:04 -0400, Daniel Migault wrote:
>
> > Currently delegating a TLS service to a third party or multiple edge
> nodes
> > is mostly based on distributing the full private key to multiple edge
> nodes
> > that may even be in a different domai
Hi,
It seems the presented mechanism can be used to mitigate the signing oracle
issue. Unless someone opposes this I am encline to consider that the
signing oracle issue is closed.
BR,
Daniel
On Wed, Oct 12, 2016 at 11:00 AM, Daniel Migault <
daniel.miga...@ericsson.com> wrote:
]
https://www.internetsociety.org/sites/default/files/blogs-media/cdn-on-demand-affordable-ddos-defense-via-untrusted-clouds.pdf
From: sanjay.mis...@verizon.com [mailto:sanjay.mis...@verizon.com]
Sent: Wednesday, October 19, 2016 11:20 AM
To: Daniel Migault
Cc: lurk@ietf.org; Daniel Kahn Gillmor
Message-
From: internet-dra...@ietf.org [mailto:internet-dra...@ietf.org]
Sent: Saturday, March 11, 2017 8:39 AM
To: Daniel Migault
Subject: New Version Notification for draft-mglt-lurk-tls-01.txt
A new version of I-D, draft-mglt-lurk-tls-01.txt has been successfully
submitted by Daniel
Hi,
I am in favor of adoption of the draft. This is an important issue we need
to address.
Yours,
Daniel
On Wed, Apr 12, 2017 at 3:31 PM, Sean Turner wrote:
> All,
>
> At our IETF 98 session, there was support in the room to adopt
> draft-rescorla-tls-subcerts [0]. We need to confirm this sup
Thanks for posting this paper Dimitry. I went through the paper on my way to
Chicago. It would be great people have a look at it and provide feed back
regarding the current proposal for LURK. I will definitively revise the
security consideration and clarify text according to this paper. An exten
Hi,
Please find the updated version of the drafts draft-mglt-lurk-lurk-00 [1] and
draft-mglt-lurk-tls12 [2].
draft-mglt-lurk-lurk-00 describes the Limited Usage of Remote Key (LURK)
Architecture, the LURK Protocol as well as the LURK Extensions that enables
remote interactions with cryptograph
Lurk met during the Hackathon 101 in London. Feel free to have a look at the
presentation [1].
We worked on pyLurk to implement [2] and have it integrated with openssl to
perform an rsa authentication. Our next step for Hackathon 102 is to have a
complete implementation of pylurk integrated wit
Hi Jesus Albertot,
You are more than welcome to intergate LURK with OpenSSL and NGINX. We
discussed this during the hachathon in London, so feel free to share your
thoughts or questions on the mailing list. I am sure you will get some
interesting feed backs.
If I understand correctly your questio
Hi Jesus Alberto,
There have been some discussions regarding the integration of lurk with
openssl during the hackathon, so feel free to share your concerns on the
mailing list.
Here are some links you might find of interest:
https://www.agwa.name/blog/post/protecting_the_openssl_private_key_in_a
// see RFC5246 section 7.4.7.1
}TLS12ExtendedMasterRSARequestPayload;
]]>
From: Jesús Alberto Polo [mailto:i...@jesusalberto.me]
Sent: Tuesday, April 24, 2018 11:11 AM
To: Dmitry Kravkov ; Daniel Migault
Cc: LURK BoF
Subject: Re: [Lurk] lurk integr
Hi,
In order to ease comments and feed backs from implementations,
draft-mglt-lurk-tls12 is available on github[1]. Feel free to comment or
propose text via github.
Yours,
Daniel
[1]
https://github.com/mglt/draft-mglt-lurk-tls12/blob/master/draft-mglt-lurk-tls12.mkd
_
Hi,
We are happy to let you know that we have been able to publish our
implementation of pylurk on github [1] as well as on pypi [2].
This is an early implementation of draft-mglt-lurk-lurk [3] and
draft-mglt-lurk-tls12 [4]. We expect to update the drafts to reflects our
findings while implementi
>
> I’ll share the GitHub link as soon as it is ready and also provide more
> details.
>
> Best,
>
> Jesús Alberto
>
>
> On 2018-04-24 17:34, Daniel Migault wrote:
>
>> Thanks for the feed back! Yes absolutely for ecdhe, the sig_and_hash
>> is miss
implementation related questions.
>
>
>
> -Sanjay
>
>
>
> *From:* Lurk [mailto:lurk-boun...@ietf.org] *On Behalf Of *Daniel Migault
> *Sent:* Friday, May 18, 2018 11:12 AM
> *To:* LURK BoF
> *Subject:* [E] [Lurk] pylurk
>
>
>
> Hi,
>
>
>
ver_random and the session hash.
Thanks you for your feed backs!
Yours,
Daniel
On Thu, May 24, 2018 at 10:39 AM,
wrote:
> Dear all,
>
> I’ve had a look at a draft of Lurk that Daniel Migault sent me a while
> back; it was dated February 2018.
> Here come a mix of comments:
>
on github!
Yours,
Daniel
On Sat, May 26, 2018 at 6:25 AM,
wrote:
> Hi Daniel,
>
>
>
> Thanks for this.
> Please see my answers below.
>
>
> On 26 May 2018, at 01:08, Daniel Migault
> wrote:
>
> Hi Ioana,
>
> Thanks for the feed back. I agree with
Hi,
The working version is available on github:
https://github.com/mglt/draft-mglt-lurk-tls12/blob/master/draft-mglt-lurk-tls12.txt
Please find below my thoughts as well as how the working version has been
updated. Feed backs or comments are appreciated ;-)
Yours,
Daniel
a) tls version
I beli
construct.readthedocs.io/en/latest/compilation.html
[3] http://kaitai.io/
> Thanks,
> Ori
>
> On Wed, May 23, 2018 at 8:28 PM, Daniel Migault <
> daniel.miga...@ericsson.com> wrote:
>
>> Thanks Sanjay for raising this point.
>>
>> Since we now have at least
safe. I am wondering how much the security of
the Finished message relies on the security of the hash function.
> *@also (in any case, and almost irrespective of these attacks):*
> *4.* At the step where *S*, *encrypted pmk* etc are sent from the
> edge-server to the key-server, we
m* that it sent some milliseconds
> before.
>
> In other words, this point *3 *of mine, just above equates still what I
> said on the 24th in terms of solutions to the pb.
> You can revisit that as well, further down in this email.
>
>
> *@also (in any case, and almost irrespec
Hi,
TLS 1.2 uses sha256 as the prf hash function. When sha256 will not be
considered secured, I am wondering if we can reasonably envision
deprecating sha256 for TLS 1.2 or if TLS 1.2 will at that time be
deprecated in favor of TLS 1.X X>= 3 ?
In other words, I am wondering how much we can assume
r work item you would like to
> be added.
>
>
>
> https://trac.ietf.org/trac/ietf/meeting/wiki/102hackathon
>
>
>
> Thanks
>
> -Sanjay
>
>
>
>
>
> *From:* Ori Finkelman [mailto:o...@qwilt.com]
> *Sent:* Thursday, June 07, 2018 5:15 AM
> *
ypted pmk* etc are sent from the
>> edge-server to the key-server, we should have the *edge-server send the
>> *Client
>> Finished message* to the key-server* too, so that the key-server can
>> verify the *Client Finished message* against the *client_random* too.
>>
&
Hi Iona,
Please find my responses below.
Yours,
Daniel
From: i.boure...@surrey.ac.uk
Sent: Friday, June 15, 2018 1:05 PM
To: Daniel Migault
Cc: Stere Preda ; lurk@ietf.org
Subject: Re: [Lurk] lurk -- February 2018 draft; comments
Hi Daniel,
Thanks for this.
@ your question
1. So, in the
Hi,
Please find an update of the document available on github:
https://github.com/mglt/draft-mglt-lurk-tls12
The rsa_extended_master includes now the necessary parameters to generate
the session_hash. It does not include anymore the session_hash. As a
result, randoms are available which enables a
:
https://github.com/mglt/draft-mglt-lurk-tls12/blob/master/draft-mglt-lurk-tls12.mkd
Yours
Daniel
On Tue, Jun 26, 2018 at 12:58 PM, Daniel Migault <
daniel.miga...@ericsson.com> wrote:
> Hi,
>
> Please find an update of the document available on github:
> https://github.com/mglt/dra
lable at https://github.com/jesusalber1/clurk.
>
> Best,
>
> Jesús Alberto
>
>
> On 2018-05-23 19:19, Daniel Migault wrote:
>
>> Hi Jesus,
>>
>> That is really great to have two implementations! In addition the c
>> implementation integrated with open
t; Please see in details in the mkd.
>
> I will do another run tomorrow, on the appendices, but please see if you
> accept this first.
>
> Best,
> Ioana
>
>
>
>
> On 28 Jun 2018, at 00:08, Daniel Migault
> wrote:
>
> Hi,
>
> I finally removed the
To: Daniel Migault ; Ioana Boureanu
Subject: New Version Notification for draft-mglt-lurk-tls12-01.txt
A new version of I-D, draft-mglt-lurk-tls12-01.txt has been successfully
submitted by Daniel Migault and posted to the IETF repository.
Name: draft-mglt-lurk-tls12
Revision
-
From: internet-dra...@ietf.org
Sent: Monday, July 02, 2018 11:42 AM
To: Daniel Migault
Subject: New Version Notification for draft-mglt-lurk-tls13-00.txt
A new version of I-D, draft-mglt-lurk-tls13-00.txt has been successfully
submitted by Daniel Migault and posted to the IETF repository
No, checking the finished message has not been introduced. They are also some
minor updates. I am planning to work on aligning pylurk with the draft during
the hackathon.
Yours,
Daniel
From: Dmitry Kravkov
Sent: Tuesday, July 03, 2018 9:08 AM
To: Daniel Migault
Cc: lurk@ietf.org
Subject: Re
Thanks Scott for the feed back, that is very well appreciated.
I agree that having a proof that is actually a proof is definitively
better, especially when that seems feasible. We could however argue that bG
is an ephemeral secret and at that time is only know to the client and
server, but let's d
42 matches
Mail list logo