Re: [TLS] WGLC for draft-ietf-tls-tls13-cert-with-extern-psk

Mon, 20 May 2019 13:58:36 -0700 

On 5/20/2019 3:41 PM, Blumenthal, Uri - 0553 - MITLL wrote:



I reviewed this draft (“browsed through” would be a more honest 
statement). I didn’t spot an obvious problem with it.



One question that I have after reading it: I understand why one wants 
to implement this extension, but I don’t see how the two endpoints 
would arrive at that external PSK.



Sadly - we're back to the 1980's in terms of key management. The obvious 
answers are a) they meet to exchange keys, b) they're given a key 
through a KDC, c) they get them in the mail. (and I'm really not kidding 
about (c))


Mike



*From: *TLS <tls-boun...@ietf.org> on behalf of Russ Housley 
<hous...@vigilsec.com>

*Date: *Monday, May 20, 2019 at 3:21 PM
*To: *Joe Salowey <j...@salowey.net>
*Cc: *IETF TLS <tls@ietf.org>
*Subject: *Re: [TLS] WGLC for draft-ietf-tls-tls13-cert-with-extern-psk


TLS 1.3 Extension for Certificate-based Authentication with an 
External PSK ensures the US Government has a quantum-resistant option 
for TLS in the interim years until post-quantum algorithms emerge from 
the NIST process. For this reason, there is an intent to specify this 
extension in future procurements.


Russ



    On May 15, 2019, at 9:20 AM, Joseph Salowey <j...@salowey.net
    <mailto:j...@salowey.net>> wrote:

    The last call has come and gone without any comment.  Please
    indicate if you have reviewed the draft even if you do not have
    issues to raise so the chairs can see who has reviewed it.  Also
    indicate if you have any plans to implement the draft.

    On Tue, Apr 9, 2019 at 8:51 PM Joseph Salowey <j...@salowey.net
    <mailto:j...@salowey.net>> wrote:

        This is the working group last call for the "TLS 1.3 Extension
        for Certificate-based Authentication with an External
        Pre-Shared Key” draft available at
        
https://datatracker.ietf.org/doc/draft-ietf-tls-tls13-cert-with-extern-psk/.
        Please review the document and send your comments to the list
        by 2359 UTC on 23 April 2019.

        Thanks,
        Chris, Joe, and Sean




_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls




_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls






















					Reply via email to