OASIS PKCS 11 TC

 View Only

  • 1.  Proposed changes for 6.40 TLS 1.2 Mechanisms

    Posted 10-24-2024 10:23
    As agreed 2 weeks ago this is the text I propose to resolve the issues
    with the TLS spec in 6.40

    Highlighted in yellow is the new text.

    Note that the last paragraph was completely removed and replaced with a
    deprecation paragraph. This way we preserve the numbering as well as
    make clear that the 2 "duplicated" mechanisms are deprecated.


  • 2.  RE: Proposed changes for 6.40 TLS 1.2 Mechanisms

    Posted 11-05-2024 06:30
      |   view attached

    Hi Simo,

    thanks for your proposal. 

    During my review, I noticed a few more items which look outdated or inconsistent:

    1. Section 6.40.2 defines CK_TLS_PRF_PARAMS as "a structure, which provides the parameters to the CKM_TLS_PRF mechanism." But none of the PKCS#11 v3.x specifications define CKM_TLS_PRF, and the structure is not referenced anywhere in PKCS#11 v3.x specs. It thus looks like CK_TLS_PRF_PARAMS and CK_TLS_PRF_PARAMS_PTR is obsolete and can be removed?
    2. Section 6.40.6 mentions mechanism CKM_TLS_KEY_AND_MAC_DERIVE and parameters CK_SSL3_KEY_MAT_PARAMS and CK_SSL3_KEY_MAT_OUT. These are not defined anywhere. In addition, there is one sentence (line 281 in Simo's document) which links CKM_TLS12_KEY_AND_MAC_DERIVE with CK_SSL3_KEY_MAT_PARAMS. As there is no dedicated section talking about TLS 1.2 key and MAC derivation, I guess this section 6.40.6 must be updated to define TLS 1.2 key and MAC derivation.
    3. Various sections refer to CK_SSL3_RANDOM_DATA and CK_SSL3_KEY_MAT_OUT / CK_SSL3_KEY_MAT_OUT_PTR. These are not defined anywhere. I found those definitions back in PKCS#11 V3.0, they have been removed in PKCS#11 V3.1.

    I have updated Simo's proposal (leaving his highlighted updates in place) to fix the issues above. My updates are marked by Word tracks. As I am not so familiar with TLS protocol details, please review my updates thoroughly.

    Thanks,

    Dieter



    ------------------------------
    Dieter Bong
    Manager Standardization and Strategic Projects
    Utimaco IS GmbH
    ------------------------------

    Original Message


  • 3.  RE: Proposed changes for 6.40 TLS 1.2 Mechanisms

    Posted 11-05-2024 09:31
    On Tue, 2024-11-05 at 11:29 +0000, Dieter Bong via OASIS wrote:
    Hi Simo,


    thanks for your proposal. 


    During my review, I noticed a few more items which look outdated or inconsistent:



    Section 6.40.2 defines CK_TLS_PRF_PARAMS as "a structure, which provides the parameters to the CKM_TLS_PRF mechanism." But none of the PKCS#11 v3.x specifications define CKM_TLS_PRF, and the structure is not referenced anywhere in PKCS#11 v3.x specs. It thus looks like CK_TLS_PRF_PARAMS and CK_TLS_PRF_PARAMS_PTR is obsolete and can be removed?

    There is a reference to CKM_TLS_PRF in 6.40.3 and another in 6.40.8, they both imply it is a deprecated mechanism.
    I assume we can remove old stuff, people can always reference an older SPEC if they somehow had an implementation that supported it?
    I do not think anything going forward should really care about this mechanism.


    Section 6.40.6 mentions mechanism CKM_TLS_KEY_AND_MAC_DERIVE and parameters CK_SSL3_KEY_MAT_PARAMS and CK_SSL3_KEY_MAT_OUT. These are not defined anywhere. In addition, there is one sentence (line 281 in Simo's document) which links CKM_TLS12_KEY_AND_MAC_DERIVE with CK_SSL3_KEY_MAT_PARAMS. As there is no dedicated section talking about TLS 1.2 key and MAC derivation, I guess this section 6.40.6 must be updated to define TLS 1.2 key and MAC derivation.

    I had missed these ones:

    6.40.4 has CKM_TLS_MASTER_KEY_DERIVE but should mention CKM_TLS12_MASTER_KEY_DERIVE ??

    6.40.5 has CKM_TLS_MASTER_KEY_DERIVE_DH but should mention CKM_TLS12_MASTER_KEY_DERIVE_DH ??

    6.40.6 has CKM_TLS_KEY_AND_MAC_DERIVE but should mention CKM_TLS12_KEY_AND_MAC_DERIVE ??

    It is again unclear what is the right thing to do here, should we make all of these aliases?
    Should we keep the TLS12 variants in the Spec and mark all of the _TLS_ ones deprecated ?


    Various sections refer to CK_SSL3_RANDOM_DATA and CK_SSL3_KEY_MAT_OUT / CK_SSL3_KEY_MAT_OUT_PTR. These are not defined anywhere. I found those definitions back in PKCS#11 V3.0, they have been removed in PKCS#11 V3.1.

    They are still available in the 3.1 headers and are used by things like CK_TLS12_KEY_MAT_PARAMS which is used by CKM_TLS12_KEY_SAFE_DERIVE

    I think we need to bring them back.
    I assume someone wanted to rename them all and failed, left the work unfinished and we ended up with all this duplication :(


    I have updated Simo's proposal (leaving his highlighted updates in place) to fix the issues above. My updates are marked by Word tracks. As I am not so familiar with TLS protocol details, please review my updates thoroughly.


    Thanks,


    Dieter


    ------------------------------
    Dieter Bong
    Manager Standardization and Strategic Projects
    Utimaco IS GmbH
    ------------------------------
    -------------------------------------------
    Original Message:
    Sent: 10-24-2024 10:22



    Original Message


  • 4.  RE: Proposed changes for 6.40 TLS 1.2 Mechanisms

    Posted 11-06-2024 02:50

    I can easily add the "12" in any mechanism or structure name where it may still be missing, when integrating the proposal into the next working draft.

    Meanwhile I also found the CK_SSL3_... definitions in section 6.39.2. Not sure why I did not find them when searching the document yesterday. I may add a reference to section 6.39.2 in those sections that use such CK_SSL3_... structure.

    Which brings me to the question whether we should deprecate SSL3 mechanisms. But this is a different topic, and there are other mechanisms we might want to deprecate, thus this is probably an action for the next version.



    ------------------------------
    Dieter Bong
    Manager Standardization and Strategic Projects
    Utimaco IS GmbH
    ------------------------------

    Original Message


  • 5.  RE: Proposed changes for 6.40 TLS 1.2 Mechanisms

    Posted 11-18-2024 11:44
      |   view attached

    See attached an updated version for the updates of section 6.40.

    As discussed in our last TC meeting, I have checked all structure names against the header files and made sure that they fit with existing structures, i.e. no new structure names get introduced in the proposal. This includes CK_SSL3_... structures, and pointers to such structures, which are used in some CK_TLS[12]_... structures; where used, I have included a reference to section 6.39.2 where such CK_SSL3_... structures and pointers are defined.



    ------------------------------
    Dieter Bong
    Manager Standardization and Strategic Projects
    Utimaco IS GmbH
    ------------------------------

    Original Message


Related Content