On 5/20/2019 3:41 PM, Blumenthal, Uri - 0553 - MITLL wrote:
I reviewed this draft (“browsed through” would be a more honest
statement). I didn’t spot an obvious problem with it.
One question that I have after reading it: I understand why one wants
to implement this extension, but I don’t see how the two endpoints
would arrive at that external PSK.
Sadly - we're back to the 1980's in terms of key management. The obvious
answers are a) they meet to exchange keys, b) they're given a key
through a KDC, c) they get them in the mail. (and I'm really not kidding
about (c))
Mike
*From: *TLS <tls-boun...@ietf.org> on behalf of Russ Housley
<hous...@vigilsec.com>
*Date: *Monday, May 20, 2019 at 3:21 PM
*To: *Joe Salowey <j...@salowey.net>
*Cc: *IETF TLS <tls@ietf.org>
*Subject: *Re: [TLS] WGLC for draft-ietf-tls-tls13-cert-with-extern-psk
TLS 1.3 Extension for Certificate-based Authentication with an
External PSK ensures the US Government has a quantum-resistant option
for TLS in the interim years until post-quantum algorithms emerge from
the NIST process. For this reason, there is an intent to specify this
extension in future procurements.
Russ
On May 15, 2019, at 9:20 AM, Joseph Salowey <j...@salowey.net
<mailto:j...@salowey.net>> wrote:
The last call has come and gone without any comment. Please
indicate if you have reviewed the draft even if you do not have
issues to raise so the chairs can see who has reviewed it. Also
indicate if you have any plans to implement the draft.
On Tue, Apr 9, 2019 at 8:51 PM Joseph Salowey <j...@salowey.net
<mailto:j...@salowey.net>> wrote:
This is the working group last call for the "TLS 1.3 Extension
for Certificate-based Authentication with an External
Pre-Shared Key” draft available at
https://datatracker.ietf.org/doc/draft-ietf-tls-tls13-cert-with-extern-psk/.
Please review the document and send your comments to the list
by 2359 UTC on 23 April 2019.
Thanks,
Chris, Joe, and Sean
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls