Re: [TLS] The future of external PSK in TLS 1.3

Peter Gutmann <> Thu, 24 September 2020 10:02 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 409373A09C0 for <>; Thu, 24 Sep 2020 03:02:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.917
X-Spam-Status: No, score=-1.917 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id D3XOuMjRyaC6 for <>; Thu, 24 Sep 2020 03:02:43 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 650AA3A09BD for <>; Thu, 24 Sep 2020 03:02:42 -0700 (PDT)
Received: from ( []) (Using TLS) by with ESMTP id au-mta-3-3-QmfaPVO6O3__h7-4mi5Q-1; Thu, 24 Sep 2020 20:02:37 +1000
X-MC-Unique: 3-QmfaPVO6O3__h7-4mi5Q-1
Received: from (2603:1096:3:2::18) by (2603:10c6:201:4::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3391.19; Thu, 24 Sep 2020 10:02:32 +0000
Received: from (2603:1096:3:2:cafe::ea) by (2603:1096:3:2::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3433.14 via Frontend Transport; Thu, 24 Sep 2020 10:02:31 +0000
X-MS-Exchange-Authentication-Results: spf=none (sender IP is;; dkim=none (message not signed) header.d=none;; dmarc=none action=none;
Received: from ( by ( with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.3412.21 via Frontend Transport; Thu, 24 Sep 2020 10:02:31 +0000
Received: from ( by ( with Microsoft SMTP Server (TLS) id 15.0.1497.2; Thu, 24 Sep 2020 22:02:29 +1200
Received: from ([]) by ([]) with mapi id 15.00.1497.006; Thu, 24 Sep 2020 22:02:29 +1200
From: Peter Gutmann <>
To: Filippo Valsorda <>, Hannes Tschofenig <>, Carrick Bartle <>
CC: "" <>
Thread-Topic: [TLS] The future of external PSK in TLS 1.3
Thread-Index: AQHWjng9Pwzr8fTsOkSjvpJZy/djPKlv2BqI//99pgCAAlNJgIAAYkuAgAB0dICAAtk+gIAAHrkAgAIetQc=
Date: Thu, 24 Sep 2020 10:02:29 +0000
Message-ID: <>
References: <> <> <> <> <> <> <>, <>
In-Reply-To: <>
Accept-Language: en-NZ, en-GB, en-US
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: []
MIME-Version: 1.0
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 11b3379c-2083-4e4d-7ed5-08d86070f3e5
X-MS-TrafficTypeDiagnostic: MEAPR01MB2791:
X-Microsoft-Antispam-PRVS: <>
X-MS-Oob-TLC-OOBClassifiers: OLM:2887;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 9SZzJHpuLjRRuqcFsa2eTrq3AL41QvJZCaNUzB+DJvzz7zBTzhqg/LtYcxvSZwL5hBhIYMkixdm5WqXQ0e1uM5KP3aR3/fLW8sTgxilLwHjM227RLEIQWl7ZVoctCJs5f9gR4G1BHd5yugTaIgiMiLCEjzSD2RJKOfqBmFdiOKmyM63NmIXpFthCKEaMIwz8fO3vZJuY+GLQUk5CjG3OWnbVLfgTIiseJPxw+g6+zl2jBSjrXLdA0A0XFcr7C/w0naeWkaoamQ3C9n6nL2pZi/RA3I9IlUnIQO2BaGW5W99vfwZJaWyKyGlM+zqgh8lyG8C6LoWBuZiaC9dAFf45K5/VsJRg04cWXFRmLN1Z4PhBu/sifDLsY6A+InQ42q751xMsLXnPKf6+mlVvwsEwxg==
X-Forefront-Antispam-Report: CIP:; CTRY:NZ; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM;;; CAT:NONE; SFS:(4636009)(346002)(136003)(396003)(39860400002)(376002)(46966005)(5660300002)(8936002)(4326008)(82740400003)(86362001)(82310400003)(356005)(316002)(70586007)(786003)(7636003)(8676002)(70206006)(47076004)(478600001)(36906005)(186003)(2616005)(336012)(110136005)(2906002)(26005); DIR:OUT; SFP:1101;
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 Sep 2020 10:02:31.4647 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 11b3379c-2083-4e4d-7ed5-08d86070f3e5
X-MS-Exchange-CrossTenant-Id: d1b36e95-0d50-42e9-958f-b63fa906beaa
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=d1b36e95-0d50-42e9-958f-b63fa906beaa; Ip=[]; Helo=[]
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MEAPR01MB2791
Authentication-Results:; auth=pass smtp.auth=CAU17A13
X-Mimecast-Spam-Score: 0
Content-Type: text/plain; charset="WINDOWS-1252"
Content-Transfer-Encoding: quoted-printable
Content-Language: en-NZ
Archived-At: <>
Subject: Re: [TLS] The future of external PSK in TLS 1.3
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 24 Sep 2020 10:02:45 -0000

Filippo Valsorda <> writes:

>The average user of OpenSSL or BoringSSL or LibreSSL or Go crypto/tls or NSS
>or Java doesn't do SCADA, doesn't do IoT, doesn't do smart cards

How do you know that?  I don't know of any data supporting that (I'd love to
see it if you've got it, non-web use of TLS is the submerged part of the
iceberg).  Taking "SCADA/IoT/etc" to be a placeholder for M2M or more
generally "non-web use", an awful lot of TLS gets done outside the web, which
uses it it completely different ways than web users do.  For example pretty
much all of the fancy features in TLS 1.3, both in the core protocol and the
endless add-ons, have no purpose or function in M2M communications.  So
perhaps the answer is to have two sets of requirements, one for web use, one
for everything else.  If you try for a one-size-fits-all approach you'll
either get the currently widespread "TLS == the web" or have to include two
mostly nonintersecting sets of options to cover web vs. M2M use.