Re: [TLS] The future of external PSK in TLS 1.3

"Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu> Wed, 30 September 2020 00:48 UTC

Return-Path: <prvs=7542662279=uri@ll.mit.edu>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6C8563A0140 for <tls@ietfa.amsl.com>; Tue, 29 Sep 2020 17:48:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.897
X-Spam-Level:
X-Spam-Status: No, score=-0.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, GB_AFFORDABLE=1, SPF_HELO_NONE=0.001, SPF_NONE=0.001, UNPARSEABLE_RELAY=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PyH0_ae9Tr4h for <tls@ietfa.amsl.com>; Tue, 29 Sep 2020 17:48:37 -0700 (PDT)
Received: from llmx3.ll.mit.edu (LLMX3.LL.MIT.EDU [129.55.12.49]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B5E1A3A011D for <tls@ietf.org>; Tue, 29 Sep 2020 17:48:37 -0700 (PDT)
Received: from LLE2K16-MBX02.mitll.ad.local (LLE2K16-MBX02.mitll.ad.local) by llmx3.ll.mit.edu (unknown) with ESMTPS id 08U0mXo8010437; Tue, 29 Sep 2020 20:48:33 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector5401; d=microsoft.com; cv=none; b=w8rDLJCP6XZ84VaCo04uvgJWNLUHxmrUdQ0J9x890OBZ7EkBVh36pYXNPRDBr/iTL9PO57TDbRRljVGtY3Hwosn6bbDYfIPCzIlqHMjd9Syt8nMSBus34D797E1k73yTgGgpQLh4pecM9nQqrJ/0O6rN2r4y3SHcaM6aVduQz9IclBY01R2ldoivQ9hnXnT5BlBKgx/m00dtCzidYMhgY8DsRE3c1OwucoHQ8ShdbykFaSliMIKqG1V0QUGOg/zalV5O1aJkhhudm7jwNe2AfEwOP00DkBoiOxl2DxgvvWeXzUUYR16gCtdTZL62L7LTioNEn4Wzq6uGLEwCDSxISQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector5401; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=LgMfYZ5XLV1Bf0gsPf5Rv1UTCHiIdednuzeDLO12gXU=; b=1Fo5vm9ftR7a3rubqlzWEMxUzGXtYlExQSuQMvzgIMLMebTjMbBd/BT8CquxaxaKi5CWoDyK8ZixHgxvRO43NDoliTq9KZsM7FmYgwvBhsXyILO60aQ3bYFd0cU/JCoM6LTcemvgZJw+kYOB/pUySe3OTiiJ76flippYKg+mcFQrLEpXAVQbGXYAZa+z8AS3wTnpozNJpoiaNUyE0hq5eDshIBT5CJ7LFOA0x7wyZdI/zqr0yyf1tKrZj7Z8WlPCgasp2RM8rqIhBmgTT2SpovRq4YL8Zf6//thsvRUo/J8KAOqIvRx3RdNW8dvV5sPu1EcX6PIlDTBPFHp+6sEElw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ll.mit.edu; dmarc=pass action=none header.from=ll.mit.edu; dkim=pass header.d=ll.mit.edu; arc=none
From: "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>
To: Watson Ladd <watsonbladd@gmail.com>
CC: "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] The future of external PSK in TLS 1.3
Thread-Index: AQHWln4J7ZaqYmyU4UKtYjPn2cuI8Kl/kNWAgADDroCAAAVRgA==
Date: Wed, 30 Sep 2020 00:48:28 +0000
Message-ID: <8EE5C9C0-8C51-4148-916D-54017101B2B5@ll.mit.edu>
References: <CACsn0c=5gsp0ivVmB-prBMXg=Ot9mo8YVzFgt-bW3G6osveggg@mail.gmail.com>
In-Reply-To: <CACsn0c=5gsp0ivVmB-prBMXg=Ot9mo8YVzFgt-bW3G6osveggg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=ll.mit.edu;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 7fdeb211-5d5f-4f0a-e921-08d864da8c1e
x-ms-traffictypediagnostic: BN3P110MB0481:
x-microsoft-antispam-prvs: <BN3P110MB0481AD50EB1D80A9C3CE28C890330@BN3P110MB0481.NAMP110.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN3P110MB0241.NAMP110.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(4636009)(366004)(4326008)(5660300002)(66446008)(64756008)(66556008)(66476007)(66616009)(99936003)(76116006)(6916009)(86362001)(83380400001)(66946007)(6512007)(75432002)(6486002)(4744005)(26005)(186003)(53546011)(6506007)(498600001)(8676002)(8936002)(33656002)(71200400001)(2906002)(956004)(2616005); DIR:OUT; SFP:1102;
x-ms-exchange-transport-forked: True
Content-Type: multipart/signed; boundary="Apple-Mail-AF088EB8-702C-4C19-9686-7A6E8062715A"; protocol="application/pkcs7-signature"; micalg=sha-256
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BN3P110MB0241.NAMP110.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 7fdeb211-5d5f-4f0a-e921-08d864da8c1e
X-MS-Exchange-CrossTenant-originalarrivaltime: 30 Sep 2020 00:48:28.7260 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 83d1efe3-698e-4819-911b-0a8fbe79d01c
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN3P110MB0481
X-OriginatorOrg: ll.mit.edu
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687 definitions=2020-09-29_14:2020-09-29, 2020-09-29 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-2006250000 definitions=main-2009300001
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/CRgcGOMXP79UUTZOSJqegrymPxA>
Subject: Re: [TLS] The future of external PSK in TLS 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Sep 2020 00:48:39 -0000

Because PSK is one of the affordable and reliable quantum-resistant key exchanges that work *today*? And done environments do not wish to do any EC operations.

Yes, key management issues are real. Those who need it, understand the implications.

Regards,
Uri

> On Sep 29, 2020, at 20:30, Watson Ladd <watsonbladd@gmail.com> wrote:
> 
> ´╗┐On Tue, Sep 29, 2020 at 12:49 PM Blumenthal, Uri - 0553 - MITLL
> <uri@ll.mit.edu> wrote:
>> 
>> I share Achim's concerns.
>> 
>> But I believe the explanations will turn out mostly useless in the real world, as the "lawyers" of the industry are guaranteed to steer away from something "not recommended".
>> 
>> In one word: bad.
> 
> Why is PSK so necessary? There are very few devices that can't handle
> the occasional ECC operation.  The key management and forward secrecy
> issues with TLS-PSK are real. Steering applications that can afford
> the CPU away from PSK and toward hybrid modes is a good thing and why
> this registry exists imho.
> 
> 
> -- 
> Astra mortemque praestare gradatim