Hi All I submitted the draft https://www.ietf.org/archive/id/draft-urien-tls-se-xauth-00.txt, which introduces recursive authentication for TLS1.3 pre-shared-key servers. Let me know if you are interested to work on this idea Pascal
A TLS1.3 pre-shared-key handshake occurs as follows: Client sends client-hello message, including PSK-binder (=HMAC(FEK, transcript hash), PSK-binder is computed with a procedure that we call binder. Server sends server-hello message Client receives the server-hello message, and computes HandshakeSecret(= HKDF-Extract(salt=DSK,(EC)DHE ) with a procedure that we call derive Server sends encrypted-options message Server sends encrypted-finished message Client Sends encrypted-finished message A secure AEAD channel is established between server and client. The server may provide on the top of record layer procedures binder and derive needed for another TLS1.3 pre-shared-key server According to the TLS-SE IETF draft architecture based on TLS 1.3 Pre-Shared Key (TLS-PSK), servers are hosted inside secure elements. To establish a connection to a TLS-SE server the client uses two PSK-based procedures binder (PSK-binder =HMAC(FEK, transcript hash) and derive (HandshakeSecret(= HKDF-Extract(salt=DSK,(EC)DHE ). These procedures (i.e binder and derive) can themselves be provided by another TLS-SE server. This creates a recursive authentication model: one TLS-SE instance can be used to compute the binder and derive HandshakeSecret operations required to access another TLS-SE server. Each TLS-SE server manages its own pre-shared-key but the client uses binder and derive procedures computed by another TLS-SE server.
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
