Re: [TLS] external PSK identity enumeration Re: UPDATED Last Call: (The Transport Layer Security (TLS) Protocol Version 1.3) to Proposed Standard

On Wednesday, 21 February 2018 15:31:33 CET Eric Rescorla wrote: > i think your general point is sound here, but I'll nitpick the statement > that > "if the server recognises an identity but is unable to verify corresponding > binder". > > 1. The server only picks one identity so you if you send

Re: [TLS] external PSK identity enumeration Re: UPDATED Last Call: (The Transport Layer Security (TLS) Protocol Version 1.3) to Proposed Standard

On Thursday, 22 February 2018 00:22:35 CET Martin Thomson wrote: > I think that the current behavior is fine, but we might add text to > suggest that identities be self-authenticating to avoid this sort of > enumeration. Note that in common practice, this sort of enumeration > would be over an

Re: [TLS] external PSK identity enumeration Re: UPDATED Last Call: (The Transport Layer Security (TLS) Protocol Version 1.3) to Proposed Standard

-tl...@ietf.org; <tls@ietf.org>; IETF discussion list Subject: Re: [TLS] external PSK identity enumeration Re: UPDATED Last Call: (The Transport Layer Security (TLS) Protocol Version 1.3) to Proposed Standard I think that the current behavior is fine, but we might add text to s

Re: [TLS] external PSK identity enumeration Re: UPDATED Last Call: (The Transport Layer Security (TLS) Protocol Version 1.3) to Proposed Standard

I think that the current behavior is fine, but we might add text to suggest that identities be self-authenticating to avoid this sort of enumeration. Note that in common practice, this sort of enumeration would be over an infeasibly large space, it's only where identities are more easily

Re: [TLS] external PSK identity enumeration Re: UPDATED Last Call: (The Transport Layer Security (TLS) Protocol Version 1.3) to Proposed Standard

i think your general point is sound here, but I'll nitpick the statement that "if the server recognises an identity but is unable to verify corresponding binder". 1. The server only picks one identity so you if you send A, B, and C and you get an abort, you don't know if it recognized one or all.

Re: [TLS] external PSK identity enumeration Re: UPDATED Last Call: (The Transport Layer Security (TLS) Protocol Version 1.3) to Proposed Standard

On Wednesday, 21 February 2018 15:21:58 CET Eric Rescorla wrote: > On Wed, Feb 21, 2018 at 6:13 AM, Hubert Kario wrote: > > On Friday, 16 February 2018 18:06:41 CET The IESG wrote: > > > The IESG has received a request from the Transport Layer Security WG > > > > (tls) > > >

[TLS] external PSK identity enumeration Re: UPDATED Last Call: (The Transport Layer Security (TLS) Protocol Version 1.3) to Proposed Standard

(fixing missed i...@ietf.org) On Friday, 16 February 2018 18:06:41 CET The IESG wrote: > The IESG has received a request from the Transport Layer Security WG (tls) > to consider the following document: - 'The Transport Layer Security (TLS) > Protocol Version 1.3' >as Proposed Standard The

Re: [TLS] external PSK identity enumeration Re: UPDATED Last Call: (The Transport Layer Security (TLS) Protocol Version 1.3) to Proposed Standard

On Wed, Feb 21, 2018 at 6:13 AM, Hubert Kario wrote: > On Friday, 16 February 2018 18:06:41 CET The IESG wrote: > > The IESG has received a request from the Transport Layer Security WG > (tls) > > to consider the following document: - 'The Transport Layer Security (TLS) > >

[TLS] external PSK identity enumeration Re: UPDATED Last Call: (The Transport Layer Security (TLS) Protocol Version 1.3) to Proposed Standard

On Friday, 16 February 2018 18:06:41 CET The IESG wrote: > The IESG has received a request from the Transport Layer Security WG (tls) > to consider the following document: - 'The Transport Layer Security (TLS) > Protocol Version 1.3' >as Proposed Standard The current draft states that if the