Hi Russ, This seems like a welcome addition. I'm not sure why you think that PQ needs are a good motivation for this work though. Managing external PSKs is so unwieldy that it almost seems like this would do more harm than good in that regard. I find this more interesting from the perspective of providing continuing proof of possession for keys while also permitting the use of 0-RTT (and session continuation more generally).
FWIW, I don't see any reason that this approach would be a problem given that it is additive, the problem that Sam Scott et. al. from before was a result of important contextual information being omitted from the transcript. Why didn't you consider a new codepoint on psk_key_exchange_modes that permits/requires use of the certificate? The purpose of that extension is to signal that a) you want PSK, and b) what additional things are permitted alongside that PSK. It's not clear from your text on client certificate authentication whether your mode permits the server to omit its Certificate, but then send CertificateRequest. You should clarify that one way or other. --Martin On Fri, Mar 2, 2018 at 8:37 AM, Russ Housley <[email protected]> wrote: > I would like to get comments on this Internet-Draft. Once a round of > comments have been received and folded into -01, I would like to work with > folks that did the earlier proofs with Tamarin to make sure that the this > does not negatively impact the TLS 1.3 protocol changes that were made to > eliminate the man-in-the-middle attack that they found in 2015. > > Thanks, > Russ > > > From: [email protected] > Subject: New Version Notification for > draft-housley-tls-tls13-cert-with-extern-psk-00.txt > Date: March 1, 2018 at 4:13:44 PM EST > To: "Russ Housley" <[email protected]> > > > A new version of I-D, draft-housley-tls-tls13-cert-with-extern-psk-00.txt > has been successfully submitted by Russ Housley and posted to the > IETF repository. > > Name: draft-housley-tls-tls13-cert-with-extern-psk > Revision: 00 > Title: TLS 1.3 Extension for Certificate-based Authentication with an > External Pre-Shared Key > Document date: 2018-03-01 > Group: Individual Submission > Pages: 9 > URL: > https://www.ietf.org/internet-drafts/draft-housley-tls-tls13-cert-with-extern-psk-00.txt > Status: > https://datatracker.ietf.org/doc/draft-housley-tls-tls13-cert-with-extern-psk/ > Htmlized: > https://tools.ietf.org/html/draft-housley-tls-tls13-cert-with-extern-psk-00 > Htmlized: > https://datatracker.ietf.org/doc/html/draft-housley-tls-tls13-cert-with-extern-psk-00 > > > Abstract: > This document specifies a TLS 1.3 extension that allows a server to > authenticate with a combination of a certificate and an external pre- > shared key (PSK). > > > > > Please note that it may take a couple of minutes from the time of submission > until the htmlized version and diff are available at tools.ietf.org. > > The IETF Secretariat > > > > _______________________________________________ > TLS mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/tls > _______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
