[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [TLS] draft-urien-tls-keygen-00.txt

To: Simon Josefsson <simon@xxxxxxxxxxxxx>
Subject: Re: [TLS] draft-urien-tls-keygen-00.txt
From: Pascal Urien <Pascal.Urien@xxxxxxx>
Date: Mon, 23 Jun 2008 18:11:09 +0200
Cc: tls@xxxxxxxx
Delivered-to: tls@xxxxxxxxxxxxxx
In-reply-to: <877icg1gx2.fsf@xxxxxxxxxxxxxxxxxxx>
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
References: <20080622180956.ED82BB83AF@xxxxxxxxxxxxx> <485E98EF.3020204@xxxxxxxxx> <20080623082005.22D48B839F@xxxxxxxxxxxxx> <877icg1gx2.fsf@xxxxxxxxxxxxxxxxxxx>
Sender: tls-bounces@xxxxxxxx

Hi All,

- There is a common point between the two proposals, i.e. use ofTLS for key generation


 - In draft-ietf-tls-extractor-01.txt the TLS PRF function is used
 - In draft-urien-tls-keygen-00.txt a separate KDF function is used.

Krawczyk, H (one of the HMAC designer) wrote a very interestingpaper about tthe design of KDF functions"On Extract-then-Expand Key Derivation Functions and an HMAC-basedKDF", http://www.ee.technion.ac.il/~hugo/kdf/, March 2008

- The point that is not addressed bydraft-ietf-tls-extractor-01.txt, is the case for which keys arepushed by server and not computed by

    both parties (client and server)

Pascal




At 14:20 23/06/2008, Simon Josefsson wrote:

It is a good idea to use different labels for different key usage.
Further, I would consider interactions between your document and the
following WG document:

http://www.ietf.org/internet-drafts/draft-ietf-tls-extractor-01.txt

You could refer to this for key label discussions.

/Simon

Pascal Urien <Pascal.Urien@xxxxxxx> writes:

> Hi Mike,
>
>   I agree on that point.
>
>    Maybe the label used with KDF could be different according
>   to different uses
>
> Pascal
>
> At 20:24 22/06/2008, Mike wrote:
>>It might be better to use a label other than "key expansion" in the KDF
>>since that is already used in TLS.
>>
>>Mike
>>
>>
>>Pascal Urien wrote:
>>>Dear all,

>>>The drafthttp://www.ietf.org/internet-drafts/draft-urien-tls-keygen-00.txt

>>>  proposes a  keying infrastructure based on the TLS protocol.
>>>  It suggests defining an additional Key Distribution Function (KDF)
>>>  in order to deliver a set of cryptographic keys.
>>>   In a peer to peer mode keys are directly produced as inputs of
>>> the KDF functions.
>>>   For centralized architectures they are delivered through containers,
>>>   secured with keys derived from the KDF function.
>>>   I will attend to the next IETF meeting in Dublin, and i hope to present
>>>   more precisely the scope of this proposal
>>>Best Regards
>>>Pascal
>>_______________________________________________
>>TLS mailing list
>>TLS@xxxxxxxx
>>https://www.ietf.org/mailman/listinfo/tls



_______________________________________________
TLS mailing list
TLS@xxxxxxxx
https://www.ietf.org/mailman/listinfo/tls

Follow-Ups:
- Re: [TLS] draft-urien-tls-keygen-00.txt
  - From: Blumenthal, Uri

References:
- [TLS] draft-urien-tls-keygen-00.txt
  - From: Pascal Urien
- Re: [TLS] draft-urien-tls-keygen-00.txt
  - From: Mike
- Re: [TLS] draft-urien-tls-keygen-00.txt
  - From: Pascal Urien
- Re: [TLS] draft-urien-tls-keygen-00.txt
  - From: Simon Josefsson

Prev by Date: Re: [TLS] draft-urien-tls-keygen-00.txt
Next by Date: [TLS] Protocol Action: 'AES-GCM Cipher Suites for TLS' to Proposed Standard
Previous by thread: Re: [TLS] draft-urien-tls-keygen-00.txt
Next by thread: Re: [TLS] draft-urien-tls-keygen-00.txt
Index(es):
- Date
- Thread