Reviewer: Al Morton
Review result: Has Nits
OPS-DIR Review of:
Importing External PSKs for TLS
draft-ietf-tls-external-psk-importer-05
Note that Brian Carpenter provided a useful review for GEN-ART, far beyond
general questions. Brian's comments on Section 6, Incremental Deployment, are
relevant
On Sat, Oct 10, 2020 at 12:14 AM Achim Kraus wrote:
> Hi Ben,
>
> >
> > To be frank, I'm actually surprised that this is even seen as a matter
> for
> > discussion.
>
> As developer, I'm surprised, that this discussion now spans a couple of
> years, starting on summer 2018 with:
>
>
> Hopefully https://tools.ietf.org/html/rfc8446#section-4.2.11.2
> makes it clear why the pre_shared_key extension must be at
> the end of the list.
I see what was done, but it still makes me a bit
sad that whatever security property was desired
couldn't have been done differently to avoid this
Hi Mike,
> in C:
>
> if (complex_value_a = complex_value_b) {
> // we're in trouble
> }
That's a pitfall of C ('=' is not '=='). You will be almost in trouble,
if the complex value is not 0.
But the discussion here is more about how often somethings should be
adapted
On Fri, Oct 9, 2020, at 17:22, Benjamin Kaduk wrote:
> [...] The behavior we should demand from our cryptographic
> constructions is that the cryptography itself correctly returns
> "valid" or "invalid" based on the input message, provided that
> the application inputs the correct key material.
Hi Ben,
To be frank, I'm actually surprised that this is even seen as a matter for
discussion.
As developer, I'm surprised, that this discussion now spans a couple of
years, starting on summer 2018 with:
https://github.com/tlswg/dtls-conn-id/issues/8
There are many (proposed) changes since