If you add the fourth (static-static) DH, you should be protected against poor generation of ephemeral keys.
(For example, IoT devices might have a long-term DH key provisioned in the factory, but broken RNGs. If two of them talk to each other using triple DH no security is achieved, but if the static-static is included then the connection will still be secure) Katriel On Thu, 30 Nov 2017, at 05:43 PM, Tony Putman wrote: > Hi, > > I've fleshed out my ideas on the use of triple-ECDH authentication for > TLS 1.2 into the I-D referenced below. While working on this I came to > some new conclusions: > - PFS may not be important for IoT, so I included cipher suites using > Double-ECDH as well > - Protecting the PSK Identity is really easy, so I added that as well > - I added the static public keys into the premaster calculation to match > the security proof; I don't know if this is necessary > > I suppose that the next step is to find out if anyone else is interested > in this approach. I'd appreciate it if people could suggest other mailing > lists who might show an interest (ACE?). Other questions and suggestions > are welcome. > -- > Tony > > -----Original Message----- > From: internet-dra...@ietf.org [mailto:internet-dra...@ietf.org] > Sent: 30 November 2017 17:01 > To: Tony Putman > Subject: New Version Notification for > draft-putman-tls-preshared-ecdh-00.txt > > > A new version of I-D, draft-putman-tls-preshared-ecdh-00.txt > has been successfully submitted by Tony Putman and posted to the > IETF repository. > > Name: draft-putman-tls-preshared-ecdh > Revision: 00 > Title: ECDH-based Authentication using Pre-Shared Asymmetric > Keypairs for (Datagram) Transport Layer Security ((D)TLS) Protocol > version 1.2 > Document date: 2017-11-30 > Group: Individual Submission > Pages: 17 > URL: > https://www.ietf.org/internet-drafts/draft-putman-tls-preshared-ecdh-00.txt > Status: > https://datatracker.ietf.org/doc/draft-putman-tls-preshared-ecdh/ > Htmlized: > https://tools.ietf.org/html/draft-putman-tls-preshared-ecdh-00 > Htmlized: > https://datatracker.ietf.org/doc/html/draft-putman-tls-preshared-ecdh-00 > > > Abstract: > This document defines a new mutual authentication method for the > Transport Layer Security (TLS) protocol version 1.2. The > authentication method requires that the client and server are each > pre-provisioned with a unique asymmetric Elliptic Curve Diffie- > Hellman (ECDH) keypair and with the public ECDH key of the peer. The > handshake provides ephemeral ECDH keys, and a premaster key is agreed > using Double- or Triple-ECDH; confirmation of possession of this key > provides mutual authentication. Multiple new cipher suites which use > this authentication method are specified. > > > > > > Please note that it may take a couple of minutes from the time of > submission > until the htmlized version and diff are available at tools.ietf.org. > > The IETF Secretariat > > > Dyson Technology Limited, company number 01959090, Tetbury Hill, > Malmesbury, SN16 0RP, UK. > This message is intended solely for the addressee and may contain > confidential information. If you have received this message in error, > please immediately and permanently delete it, and do not use, copy or > disclose the information contained in this message or in any attachment. > Dyson may monitor email traffic data and content for security & training. > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls