Guidance for External Pre-Shared Key (PSK) Usage in TLS
draft-ietf-tls-external-psk-guidance-06
Revision differences
Document history
Date | Rev. | By | Action |
---|---|---|---|
2022-07-19
|
06 | (System) | RFC Editor state changed to AUTH48-DONE from AUTH48 |
2022-07-01
|
06 | (System) | RFC Editor state changed to AUTH48 |
2022-06-16
|
06 | (System) | RFC Editor state changed to RFC-EDITOR from EDIT |
2022-05-05
|
06 | (System) | RFC Editor state changed to EDIT from MISSREF |
2022-02-04
|
06 | Christopher Wood | New version available: draft-ietf-tls-external-psk-guidance-06.txt |
2022-02-04
|
06 | (System) | New version accepted (logged-in submitter: Christopher Wood) |
2022-02-04
|
06 | Christopher Wood | Uploaded new revision |
2022-02-04
|
05 | (System) | IANA Action state changed to No IANA Actions from In Progress |
2022-02-03
|
05 | (System) | RFC Editor state changed to MISSREF |
2022-02-03
|
05 | (System) | IESG state changed to RFC Ed Queue from Approved-announcement sent |
2022-02-03
|
05 | (System) | Announcement was received by RFC Editor |
2022-02-03
|
05 | (System) | IANA Action state changed to In Progress |
2022-02-03
|
05 | Cindy Morgan | IESG state changed to Approved-announcement sent from Approved-announcement to be sent |
2022-02-03
|
05 | Cindy Morgan | IESG has approved the document |
2022-02-03
|
05 | Cindy Morgan | Closed "Approve" ballot |
2022-02-03
|
05 | Cindy Morgan | Ballot approval text was generated |
2022-02-03
|
05 | Benjamin Kaduk | IESG state changed to Approved-announcement to be sent from Approved-announcement to be sent::AD Followup |
2022-01-11
|
05 | Christopher Wood | New version available: draft-ietf-tls-external-psk-guidance-05.txt |
2022-01-11
|
05 | (System) | New version accepted (logged-in submitter: Christopher Wood) |
2022-01-11
|
05 | Christopher Wood | Uploaded new revision |
2021-12-16
|
04 | (System) | Removed all action holders (IESG state changed) |
2021-12-16
|
04 | Cindy Morgan | IESG state changed to Approved-announcement to be sent::AD Followup from IESG Evaluation |
2021-12-16
|
04 | Jean Mahoney | Closed request for Last Call review by GENART with state 'Overtaken by Events' |
2021-12-16
|
04 | Jean Mahoney | Assignment of request for Last Call review by GENART to Suhas Nandakumar was marked no-response |
2021-12-16
|
04 | Francesca Palombini | [Ballot comment] Thank you for the work on this document. Many thanks to Martin Thomson for his careful review: https://mailarchive.ietf.org/arch/msg/art/6b5V1TEJL_PB2dc3Xfm62KFGqW8/ , and thanks to the … [Ballot comment] Thank you for the work on this document. Many thanks to Martin Thomson for his careful review: https://mailarchive.ietf.org/arch/msg/art/6b5V1TEJL_PB2dc3Xfm62KFGqW8/ , and thanks to the authors for addressing his comments. I only had time to scan the document, but did not find any major ART issues. Francesca |
2021-12-16
|
04 | Francesca Palombini | [Ballot Position Update] New position, No Objection, has been recorded for Francesca Palombini |
2021-12-15
|
04 | John Scudder | [Ballot Position Update] New position, No Objection, has been recorded for John Scudder |
2021-12-15
|
04 | Martin Duke | [Ballot Position Update] New position, No Objection, has been recorded for Martin Duke |
2021-12-15
|
04 | Alvaro Retana | [Ballot Position Update] New position, No Objection, has been recorded for Alvaro Retana |
2021-12-15
|
04 | Roman Danyliw | [Ballot comment] Thank you to Rich Salz for the SECDIR review. ** Section 6.1. Consider providing information references for OpenSSL, BoringSSL, mbedTLS, gnuTLS and wolfSSL … [Ballot comment] Thank you to Rich Salz for the SECDIR review. ** Section 6.1. Consider providing information references for OpenSSL, BoringSSL, mbedTLS, gnuTLS and wolfSSL ** Section 6.1. Should it be noted that some libraries (E.g., OpenSSL, BoringSSL, mbedTLS) support PSK lengths below the threshold recommend in this document (i.e., smaller than 128-bits per Section 6)? ** Editorial nits: -- Section 4.1. Typo. s/mitigiation/mitigation/ -- Section 6. Duplicate word. s/exchange exchange/exchange/ -- Section 8. Typo. s/beynond/beyond/ |
2021-12-15
|
04 | Roman Danyliw | [Ballot Position Update] New position, Yes, has been recorded for Roman Danyliw |
2021-12-15
|
04 | Robert Wilton | [Ballot comment] Thanks for this document. I find it always useful, and enlightening, when this sort of guidance is published. One minor nit/question on 7. … [Ballot comment] Thanks for this document. I find it always useful, and enlightening, when this sort of guidance is published. One minor nit/question on 7. Privacy Considerations TLS does little to keep PSK identity information private. For example, an adversary learns information about the external PSK or its identifier by virtue of it appearing in cleartext in a ClientHello. I wasn't sure what "it" in the last sentence refers to. I would potentially read that as being the external PSK, and hence the external PSK appears in cleartext in a ClientHello. I don't know TLS, but this seemed surprising. Hence you may want to consider whether this sentence should be tweaked to make it clearer. Thanks, Rob |
2021-12-15
|
04 | Robert Wilton | [Ballot Position Update] New position, No Objection, has been recorded for Robert Wilton |
2021-12-14
|
04 | Murray Kucherawy | [Ballot comment] Thanks to Martin Thomson for his ARTART review. A stylistic point: The Abstract is made up of five sentences all of which start … [Ballot comment] Thanks to Martin Thomson for his ARTART review. A stylistic point: The Abstract is made up of five sentences all of which start "This document". It's a bit of a rigid read. Maybe something like this? This document provides usage guidance for external Pre-Shared Keys (PSKs) in Transport Layer Security (TLS) 1.3 as defined in RFC 8446. It lists TLS security properties provided by PSKs under certain assumptions, and then demonstrates how violations of these assumptions lead to attacks. It also discusses PSK use cases and provisioning processes. Advice for applications to help meet these assumptions is provided. Finally, it lists the privacy and security properties that are not provided by TLS 1.3 when external PSKs are used. Section 4.1 contains this, which I can't quite parse: To illustrate the rerouting attack, consider the group of peers who know the PSK be A, B, and C. Should there be a "to" after "PSK"? In Section 8: Each endpoint SHOULD know the identifier of the other endpoint with which its wants to connect and SHOULD compare it with the other s/its/it/ |
2021-12-14
|
04 | Murray Kucherawy | [Ballot Position Update] New position, No Objection, has been recorded for Murray Kucherawy |
2021-12-14
|
04 | Zaheduzzaman Sarker | [Ballot comment] Thanks for working on this document. I read this document and didn't noticed any transport related issues. |
2021-12-14
|
04 | Zaheduzzaman Sarker | [Ballot Position Update] New position, No Objection, has been recorded for Zaheduzzaman Sarker |
2021-12-11
|
04 | Rich Salz | Request for Telechat review by SECDIR Completed: Ready. Reviewer: Rich Salz. Sent review to list. |
2021-12-11
|
04 | Erik Kline | [Ballot comment] [S4; nit] * s/quantum computes/quantum computers/? [S4.2; nit] * "including, for example, including ..." -> "including, for example, ..." [S5.2; nit] * "or … [Ballot comment] [S4; nit] * s/quantum computes/quantum computers/? [S4.2; nit] * "including, for example, including ..." -> "including, for example, ..." [S5.2; nit] * "or even less number of buttons" -> "or even fewer buttons", perhaps * "baked into or hardware or software" -> "baked into hardware or software" [S5.3; question] * What does "routable" mean in an identities context? Perhaps there is some simpler rewording that preserves the essential meaning (or maybe this is well-understood and I'm just not up to speed yet). I could not find "rout"-stemmed words in draft-mattsson-emu-eap-tls-psk. [S8; nit] * s/beynond/beyond/ |
2021-12-11
|
04 | Erik Kline | [Ballot Position Update] New position, No Objection, has been recorded for Erik Kline |
2021-12-11
|
04 | Tero Kivinen | Request for Telechat review by SECDIR is assigned to Rich Salz |
2021-12-11
|
04 | Tero Kivinen | Request for Telechat review by SECDIR is assigned to Rich Salz |
2021-12-10
|
04 | Éric Vyncke | [Ballot comment] [Sorry for duplicate email, I pressed the wrong button...] Thank you for the work put into this document. The document offers good guidances … [Ballot comment] [Sorry for duplicate email, I pressed the wrong button...] Thank you for the work put into this document. The document offers good guidances and is easy to read. Please find below some non-blocking COMMENT points (but replies would be appreciated even if only for my own education), and some nits. Special thanks to Sean Turner for the shepherd's write-up including the section about the WG consensus. I hope that this helps to improve the document, Regards, -éric == COMMENTS == -- Section 4.1 -- A wild guess (as I do not know the details of TLS 1.3), but if a group member is compromised and no ephemeral keys were used, then isn't the attacker able to read even the past/recorded traffic ? -- Section 5.1 -- Suggest to expand "PoP". Also wonder about the German eID use case... While the BSI specification allows for using PSK, it does not appear as the recommended mode by BSI. I.e., does this reference help the case for this I-D ? Suggest to remove it. I also wonder why quantum resistance is not at the top ;-) -- Section 5.2 -- About the IoT "UI", I would assume that some USB ports could also be used. Or are USB/bluetooth/... considered as UI ? -- Section 5.3 -- "each pair of nodes has a unique key pair" is puzzling as PSK usually consist of a unique key and not a key pair. What am I missing ? == NITS == Section 5.2 "among several node is" (plural ?) Section 8 "extend beynond proper identification" |
2021-12-10
|
04 | Éric Vyncke | [Ballot Position Update] Position for Éric Vyncke has been changed to No Objection from No Record |
2021-12-10
|
04 | Éric Vyncke | [Ballot comment] Thank you for the work put into this document. The document offers good guidances and is easy to read. Please find below some … [Ballot comment] Thank you for the work put into this document. The document offers good guidances and is easy to read. Please find below some non-blocking COMMENT points (but replies would be appreciated even if only for my own education), and some nits. Special thanks to Sean Turner for the shepherd's write-up including the section about the WG consensus. I hope that this helps to improve the document, Regards, -éric == COMMENTS == -- Section 4.1 -- A wild guess (as I do not know the details of TLS 1.3), but if a group member is compromised and no ephemeral keys were used, then isn't the attacker able to read even the past/recorded traffic ? -- Section 5.1 -- Suggest to expand "PoP". Also wonder about the German eID use case... While the BSI specification allows for using PSK, it does not appear as the recommended mode by BSI. I.e., does this reference help the case for this I-D ? Suggest to remove it. I also wonder why quantum resistance is not at the top ;-) -- Section 5.2 -- About the IoT "UI", I would assume that some USB ports could also be used. Or are USB/bluetooth/... considered as UI ? -- Section 5.3 -- "each pair of nodes has a unique key pair" is puzzling as PSK usually consist of a unique key and not a key pair. What am I missing ? == NITS == Section 5.2 "among several node is" (plural ?) Section 8 "extend beynond proper identification" |
2021-12-10
|
04 | Éric Vyncke | Ballot comment text updated for Éric Vyncke |
2021-12-09
|
04 | Amanda Baber | IANA Review state changed to IANA OK - No Actions Needed from Version Changed - Review Needed |
2021-12-09
|
04 | Cindy Morgan | Placed on agenda for telechat - 2021-12-16 |
2021-12-09
|
04 | Benjamin Kaduk | Ballot has been issued |
2021-12-09
|
04 | Benjamin Kaduk | [Ballot Position Update] New position, Yes, has been recorded for Benjamin Kaduk |
2021-12-09
|
04 | Benjamin Kaduk | Created "Approve" ballot |
2021-12-09
|
04 | Benjamin Kaduk | IESG state changed to IESG Evaluation from Waiting for Writeup::AD Followup |
2021-12-09
|
04 | Benjamin Kaduk | Ballot writeup was changed |
2021-12-09
|
04 | (System) | Changed action holders to Benjamin Kaduk (IESG state changed) |
2021-12-09
|
04 | (System) | Sub state has been changed to AD Followup from Revised ID Needed |
2021-12-09
|
04 | (System) | IANA Review state changed to Version Changed - Review Needed from IANA OK - No Actions Needed |
2021-12-09
|
04 | Christopher Wood | New version available: draft-ietf-tls-external-psk-guidance-04.txt |
2021-12-09
|
04 | (System) | New version accepted (logged-in submitter: Christopher Wood) |
2021-12-09
|
04 | Christopher Wood | Uploaded new revision |
2021-12-07
|
03 | (System) | Changed action holders to Russ Housley, Mohit Sethi, Benjamin Kaduk, Christopher Wood, Jonathan Hoyland (IESG state changed) |
2021-12-07
|
03 | Benjamin Kaduk | IESG state changed to Waiting for Writeup::Revised I-D Needed from Waiting for Writeup |
2021-11-19
|
03 | (System) | IESG state changed to Waiting for Writeup from In Last Call |
2021-11-15
|
03 | Scott Bradner | Request for Last Call review by OPSDIR Completed: Has Nits. Reviewer: Scott Bradner. Sent review to list. |
2021-11-15
|
03 | Rich Salz | Request for Last Call review by SECDIR Completed: Has Nits. Reviewer: Rich Salz. Sent review to list. |
2021-11-11
|
03 | (System) | IANA Review state changed to IANA OK - No Actions Needed from IANA - Review Needed |
2021-11-11
|
03 | Sabrina Tanamal | (Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs: The IANA Functions Operator has reviewed draft-ietf-tls-external-psk-guidance-03, which is currently in Last Call, and has the following comments: We … (Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs: The IANA Functions Operator has reviewed draft-ietf-tls-external-psk-guidance-03, which is currently in Last Call, and has the following comments: We understand that this document doesn't require any registry actions. While it's often helpful for a document's IANA Considerations section to remain in place upon publication even if there are no actions, if the authors strongly prefer to remove it, we do not object. If this assessment is not accurate, please respond as soon as possible. Thank you, Sabrina Tanamal Lead IANA Services Specialist |
2021-11-05
|
03 | Tero Kivinen | Request for Last Call review by SECDIR is assigned to Rich Salz |
2021-11-05
|
03 | Tero Kivinen | Request for Last Call review by SECDIR is assigned to Rich Salz |
2021-11-03
|
03 | Martin Thomson | Request for Last Call review by ARTART Completed: Ready with Issues. Reviewer: Martin Thomson. Sent review to list. |
2021-11-03
|
03 | Barry Leiba | Request for Last Call review by ARTART is assigned to Martin Thomson |
2021-11-03
|
03 | Barry Leiba | Request for Last Call review by ARTART is assigned to Martin Thomson |
2021-11-03
|
03 | Gunter Van de Velde | Request for Last Call review by OPSDIR is assigned to Scott Bradner |
2021-11-03
|
03 | Gunter Van de Velde | Request for Last Call review by OPSDIR is assigned to Scott Bradner |
2021-10-29
|
03 | Jean Mahoney | Request for Last Call review by GENART is assigned to Suhas Nandakumar |
2021-10-29
|
03 | Jean Mahoney | Request for Last Call review by GENART is assigned to Suhas Nandakumar |
2021-10-29
|
03 | Cindy Morgan | IANA Review state changed to IANA - Review Needed |
2021-10-29
|
03 | Cindy Morgan | The following Last Call announcement was sent out (ends 2021-11-19): From: The IESG To: IETF-Announce CC: draft-ietf-tls-external-psk-guidance@ietf.org, kaduk@mit.edu, sean@sn3rd.com, tls-chairs@ietf.org, tls@ietf.org … The following Last Call announcement was sent out (ends 2021-11-19): From: The IESG To: IETF-Announce CC: draft-ietf-tls-external-psk-guidance@ietf.org, kaduk@mit.edu, sean@sn3rd.com, tls-chairs@ietf.org, tls@ietf.org Reply-To: last-call@ietf.org Sender: Subject: Last Call: (Guidance for External PSK Usage in TLS) to Informational RFC The IESG has received a request from the Transport Layer Security WG (tls) to consider the following document: - 'Guidance for External PSK Usage in TLS' as Informational RFC The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the last-call@ietf.org mailing lists by 2021-11-19. Exceptionally, comments may be sent to iesg@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract This document provides usage guidance for external Pre-Shared Keys (PSKs) in Transport Layer Security (TLS) 1.3 as defined in RFC 8446. This document lists TLS security properties provided by PSKs under certain assumptions, and then demonstrates how violations of these assumptions lead to attacks. This document discusses PSK use cases and provisioning processes. This document provides advice for applications to help meet these assumptions. This document also lists the privacy and security properties that are not provided by TLS 1.3 when external PSKs are used. The file can be obtained via https://datatracker.ietf.org/doc/draft-ietf-tls-external-psk-guidance/ No IPR declarations have been submitted directly on this I-D. |
2021-10-29
|
03 | Cindy Morgan | IESG state changed to In Last Call from Last Call Requested |
2021-10-29
|
03 | Cindy Morgan | Last call announcement was changed |
2021-10-28
|
03 | Benjamin Kaduk | Last call was requested |
2021-10-28
|
03 | Benjamin Kaduk | Last call announcement was generated |
2021-10-28
|
03 | Benjamin Kaduk | Ballot approval text was generated |
2021-10-28
|
03 | Benjamin Kaduk | Ballot writeup was generated |
2021-10-28
|
03 | Benjamin Kaduk | IESG state changed to Last Call Requested from AD Evaluation::AD Followup |
2021-10-13
|
03 | (System) | Changed action holders to Benjamin Kaduk (IESG state changed) |
2021-10-13
|
03 | (System) | Sub state has been changed to AD Followup from Revised ID Needed |
2021-10-13
|
03 | Christopher Wood | New version available: draft-ietf-tls-external-psk-guidance-03.txt |
2021-10-13
|
03 | (System) | New version accepted (logged-in submitter: Christopher Wood) |
2021-10-13
|
03 | Christopher Wood | Uploaded new revision |
2021-08-20
|
02 | (System) | Changed action holders to Russ Housley, Mohit Sethi, Benjamin Kaduk, Christopher Wood, Jonathan Hoyland (IESG state changed) |
2021-08-20
|
02 | Benjamin Kaduk | IESG state changed to AD Evaluation::Revised I-D Needed from AD Evaluation |
2021-08-05
|
02 | (System) | Changed action holders to Benjamin Kaduk (IESG state changed) |
2021-08-05
|
02 | Benjamin Kaduk | IESG state changed to AD Evaluation from Publication Requested |
2021-02-26
|
02 | Sean Turner | Summary Sean Turner is the document Shepherd. Ben Kaduk is the responsible Area Director. This document was born from a DT (Design Team) formed after … Summary Sean Turner is the document Shepherd. Ben Kaduk is the responsible Area Director. This document was born from a DT (Design Team) formed after discussions at IETF 106 about draft-ietf-tls-external-psk-importer made it clear that some guidance was needed with respect to PSKs (Pre-Shared Keys). Including this to avoid a protracted Informational vs BCP discussion: The document is intended as Informational. The Shepherd did ask whether anyone remembered a "BCP discussion," but none did. Thoughts on Informational vs BCP ranged from “informational is fine” to “no strong opinion”. Since the WG has had over a year to request a change as it has not, decided to leave it as is. Review and Consensus The DT was comprised of the following participants: Benjamin Beurdouche, Bjoern Haase, Christopher Wood, Colm MacCarthaigh, Eric Rescorla, Jonathan Hoyland, Martin Thomson, Mohamad Badra, Mohit Sethi, Oleg Pekar, Owen Friel, and Russ Housley. In addition to this powerhouse DT providing input on the original version of the document, the document was also reviewed by the following people: Scott Hollenbeck, Jim Schaad, Carrick Bartle, Watson Ladd, John Mattsson, Ben Smyth, and Jonathan Hammell. The Shepherd has no concerns whatsoever about the breadth and depth of reviews. The DT’s output was presented at a virtual interim meeting. The remainder of the discussion occurred on the list. Intellectual Property The Shepherd has verified that all of the authors have already disclosed any IPR related to this document, as is required by BCPs 78 and 79. Other Points There are no DOWNREFs. There are no IANA considerations. |
2021-02-26
|
02 | Sean Turner | Responsible AD changed to Benjamin Kaduk |
2021-02-26
|
02 | Sean Turner | IETF WG state changed to Submitted to IESG for Publication from WG Consensus: Waiting for Write-Up |
2021-02-26
|
02 | Sean Turner | IESG state changed to Publication Requested from I-D Exists |
2021-02-26
|
02 | Sean Turner | IESG process started in state Publication Requested |
2021-02-26
|
02 | Sean Turner | Changed consensus to Yes from Unknown |
2021-02-26
|
02 | Sean Turner | Summary Sean Turner is the document Shepherd. Ben Kaduk is the responsible Area Director. This document was born from a DT (Design Team) formed after … Summary Sean Turner is the document Shepherd. Ben Kaduk is the responsible Area Director. This document was born from a DT (Design Team) formed after discussions at IETF 106 about draft-ietf-tls-external-psk-importer made it clear that some guidance was needed with respect to PSKs (Pre-Shared Keys). Including this to avoid a protracted Informational vs BCP discussion: The document is intended as Informational. The Shepherd did ask whether anyone remembered a "BCP discussion," but none did. Thoughts on Informational vs BCP ranged from “informational is fine” to “no strong opinion”. Since the WG has had over a year to request a change as it has not, decided to leave it as is. Review and Consensus The DT was comprised of the following participants: Benjamin Beurdouche, Bjoern Haase, Christopher Wood, Colm MacCarthaigh, Eric Rescorla, Jonathan Hoyland, Martin Thomson, Mohamad Badra, Mohit Sethi, Oleg Pekar, Owen Friel, and Russ Housley. In addition to this powerhouse DT providing input on the original version of the document, the document was also reviewed by the following people: Scott Hollenbeck, Jim Schaad, Carrick Bartle, Watson Ladd, John Mattsson, Ben Smyth, and Jonathan Hammell. The Shepherd has no concerns whatsoever about the breadth and depth of reviews. The DT’s output was presented at a virtual interim meeting. The remainder of the discussion occurred on the list. Intellectual Property The Shepherd has verified that all of the authors have already disclosed any IPR related to this document, as is required by BCPs 78 and 79. Other Points There are no DOWNREFs. There are no IANA considerations. |
2021-02-24
|
02 | Sean Turner | Tag Revised I-D Needed - Issue raised by WG cleared. |
2021-02-24
|
02 | Sean Turner | IETF WG state changed to WG Consensus: Waiting for Write-Up from Waiting for WG Chair Go-Ahead |
2021-02-20
|
02 | Russ Housley | New version available: draft-ietf-tls-external-psk-guidance-02.txt |
2021-02-20
|
02 | (System) | New version accepted (logged-in submitter: Russ Housley) |
2021-02-20
|
02 | Russ Housley | Uploaded new revision |
2021-01-21
|
01 | Sean Turner | Tag Revised I-D Needed - Issue raised by WG set. |
2021-01-21
|
01 | Sean Turner | IETF WG state changed to Waiting for WG Chair Go-Ahead from In WG Last Call |
2021-01-21
|
01 | Sean Turner | Intended Status changed to Informational from None |
2021-01-21
|
01 | Sean Turner | Notification list changed to sean@sn3rd.com because the document shepherd was set |
2021-01-21
|
01 | Sean Turner | Document shepherd changed to Sean Turner |
2020-12-09
|
01 | Sean Turner | IETF WG state changed to In WG Last Call from WG Document |
2020-11-02
|
01 | Christopher Wood | New version available: draft-ietf-tls-external-psk-guidance-01.txt |
2020-11-02
|
01 | (System) | New version accepted (logged-in submitter: Christopher Wood) |
2020-11-02
|
01 | Christopher Wood | Uploaded new revision |
2020-06-19
|
00 | Sean Turner | This document now replaces draft-dt-tls-external-psk-guidance instead of None |
2020-06-17
|
00 | Christopher Wood | New version available: draft-ietf-tls-external-psk-guidance-00.txt |
2020-06-17
|
00 | (System) | New version accepted (logged-in submitter: Christopher Wood) |
2020-06-17
|
00 | Christopher Wood | Uploaded new revision |