TS 33128 CR0524 - Correction of ASN.1 for TLS AKMA IRI Rel-17 (!165) · Merge requests · SA3 / SA3 LI

naslundma requested to merge cr/33128/0524 into main Apr 03, 2023

The ASN.1 definition of the data structure carrying IRI-parameters to enable decryption of TLS1.2-protected AKMA-traffic is incorrect/ambiguous:

The TLS1.2 master/pre-master key(s) and client/server random values are always 48, respectively 32 octets in size, but the allocated ASN.1 fields can only fit 48 and 32 bits.
There are two sets of extensions present in the TLS handshake, one set of proposed extensions supplied by the client, and one set of chosen extensions selected by the server. There is however only one field in the ASN.1 allocated to carry TLS extensions, and it is not obvious which of the two that is intended to be carried in that field. While it is the server’s choice that defines which TLS extensions to actually use, the client’s proposed extensions could also be useful to LEA, e.g. for the purpose of “fingerprinting” of clients.
Fixing a typo in the comments.

TS 33128 CR0524 - Correction of ASN.1 for TLS AKMA IRI Rel-17