Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Recommend not using legible identities. Fixes #1308 #1325

Merged
merged 4 commits into from
Jul 27, 2023
Merged

Recommend not using legible identities. Fixes #1308 #1325

Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
1f4565e
Recommend not using legible identities. Fixes #1308
ekr Jul 10, 2023
a6dac32
Clarification
ekr Jul 10, 2023
f6e3344
Update draft-ietf-tls-rfc8446bis.md
chris-wood Jul 13, 2023
02cb675
Remove parenthetical
ekr Jul 13, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 9 additions & 0 deletions draft-ietf-tls-rfc8446bis.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5327,6 +5327,15 @@ Clients and Servers SHOULD NOT reuse a key share for multiple connections. Reuse
of a key share allows passive observers to correlate different connections. Reuse
of a client key share to the same server additionally allows the server to correlate different connections.

It is RECOMMENDED that the labels for external identities be selected so that they
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

FWIW, the actual protocol element is the "identity", which we describe as "a label for a key. For instance...a label for a pre-shared key established externally". We do use the phrasing "PSK identity" in the subsequent paragraph, so maybe "the identities used to identify (label) externally shared keys" if we want to increase consistency?

do not provide additional information about the identity of the
user. For instance, if the label includes an e-mail address, then
this trivially identifies the user to a passive attacker,
unlike the client's Certificate, which is encrypted. There are a number of potential
ways to avoid this risk, including (1) using random identity labels
(2) pre-encrypting the identity under a key known to the server or (3)
using the Encrypted Client Hello {{?I-D.ietf-tls-esni}} extension.

If an external PSK identity is used for multiple connections, then it
will generally be possible for an external observer to track
clients and/or servers across connections. Use of the
Expand Down
Loading