IETF Logo Mail Archive

Re: [TLS] The future of external PSK in TLS 1.3

Hannes Tschofenig <Hannes.Tschofenig@arm.com> Wed, 30 September 2020 08:08 UTC

Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 14BF83A12D1 for <tls@ietfa.amsl.com>; Wed, 30 Sep 2020 01:08:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.9
X-Spam-Level:
X-Spam-Status: No, score=-0.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, GB_AFFORDABLE=1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=lZldPezD; dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=lZldPezD
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id X2-m9f2oUSrM for <tls@ietfa.amsl.com>; Wed, 30 Sep 2020 01:08:43 -0700 (PDT)
Received: from EUR03-DB5-obe.outbound.protection.outlook.com (mail-eopbgr40087.outbound.protection.outlook.com [40.107.4.87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 14E5B3A12CF for <tls@ietf.org>; Wed, 30 Sep 2020 01:08:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=27V3fbTZPU98DdRJ7HwPdqCWd3MD16JOjiS0CZYOAZU=; b=lZldPezDZlk62RJUTcIWHJLeWueeVZhtka+vf+O9dTnyuY+IRF96z273x7ZH0H3f5pnsujAD/ZzFq1Htdxg4Njg7vpJMflJA32gcIOdDN2d2V2MsuLCrnwjO+XsHPiHoTe/JTh1FlhPYPSh2qP/nXLG1/1udXKXycJGZIIpzc7E=
Received: from DB6PR07CA0093.eurprd07.prod.outlook.com (2603:10a6:6:2b::31) by VI1PR08MB2894.eurprd08.prod.outlook.com (2603:10a6:802:1c::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3412.29; Wed, 30 Sep 2020 08:08:40 +0000
Received: from DB5EUR03FT038.eop-EUR03.prod.protection.outlook.com (2603:10a6:6:2b:cafe::33) by DB6PR07CA0093.outlook.office365.com (2603:10a6:6:2b::31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3433.20 via Frontend Transport; Wed, 30 Sep 2020 08:08:40 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; ietf.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;ietf.org; dmarc=pass action=none header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com;
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by DB5EUR03FT038.mail.protection.outlook.com (10.152.21.84) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3433.34 via Frontend Transport; Wed, 30 Sep 2020 08:08:40 +0000
Received: ("Tessian outbound e8cdb8c6f386:v64"); Wed, 30 Sep 2020 08:08:39 +0000
X-CR-MTA-TID: 64aa7808
Received: from ca13d7f21f8c.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id 6F837F29-7A39-43C4-9F03-0F3CA8795265.1; Wed, 30 Sep 2020 08:08:34 +0000
Received: from EUR05-VI1-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id ca13d7f21f8c.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Wed, 30 Sep 2020 08:08:34 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ikMn3rDNZMXFxKKN3WSFgO99X76BeoFmjEeVrs+2GIzWsGrgIXRYaMIIJ17OA9iyND+DHaLjM9RvYUkadGzP3REEg1Uu4wkzJckg5GDx6OWKkk+80B9ZVZj3FAvD+XXkD7mXbdsqBegtxug4Q98lrv1u/UyoaqxLHlThXVlD77UvNUpA+qku0kr5tXAtpXWhAQiTm9hLZGSI4YCpZvUWbuTRIS117XsQ5GzBVHdgtQvb51kWJsKHB2ZpUbnEdKbYE7ro8cp7doRrEk8wZol6OYYhOyFfN3xT7GJ1prGjs+pdN1D+Ad+1ji9m5Q0Zt4l0540wL22yx1uMYFTESRc4mw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=27V3fbTZPU98DdRJ7HwPdqCWd3MD16JOjiS0CZYOAZU=; b=d4z7bO0oq645B/fj0r/V2UCxvdzDUz7TaybjJV/9C449rxY6M4eOYeVK+OLXUD3jXTDocFYSzr/Ci7zETUB1Qg6lJCFebEbPoXOCqoOK/lSrZKqLHQ/LyQdlqBweq9mmjshnxiy4Up020V5dCUP8le0UwslLQpkrFomEdJfuWbcYDtp1C1TNrvyv+FRC1Vz30FwcZ6X1he9SkCDEZtLElBE5cCslLJJ0Zhx683SQiO0i5CExez9wpUXUa1/qKzU7T2mNcrfiLu6R4jkdacj+z5cUt+9t4ep8CRl+b63QKlbF5itjaOmv99aorQRKBMYYtbMSJkY1/Nv2dIVpUx5RHQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=27V3fbTZPU98DdRJ7HwPdqCWd3MD16JOjiS0CZYOAZU=; b=lZldPezDZlk62RJUTcIWHJLeWueeVZhtka+vf+O9dTnyuY+IRF96z273x7ZH0H3f5pnsujAD/ZzFq1Htdxg4Njg7vpJMflJA32gcIOdDN2d2V2MsuLCrnwjO+XsHPiHoTe/JTh1FlhPYPSh2qP/nXLG1/1udXKXycJGZIIpzc7E=
Received: from AM0PR08MB3716.eurprd08.prod.outlook.com (2603:10a6:208:106::13) by AM8PR08MB5668.eurprd08.prod.outlook.com (2603:10a6:20b:1d0::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3433.34; Wed, 30 Sep 2020 08:08:33 +0000
Received: from AM0PR08MB3716.eurprd08.prod.outlook.com ([fe80::900e:c64d:a006:4860]) by AM0PR08MB3716.eurprd08.prod.outlook.com ([fe80::900e:c64d:a006:4860%6]) with mapi id 15.20.3433.034; Wed, 30 Sep 2020 08:08:33 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>, Watson Ladd <watsonbladd@gmail.com>
CC: "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] The future of external PSK in TLS 1.3
Thread-Index: AQHWln4VHm8aBPo9hUiwZ/cCzj40W6l/0+QAgACAn4CAAAVTAIAAcM2g
Date: Wed, 30 Sep 2020 08:08:33 +0000
Message-ID: <AM0PR08MB3716F0E07B5BC2EF1D26DA21FA330@AM0PR08MB3716.eurprd08.prod.outlook.com>
References: <CACsn0c=5gsp0ivVmB-prBMXg=Ot9mo8YVzFgt-bW3G6osveggg@mail.gmail.com> <8EE5C9C0-8C51-4148-916D-54017101B2B5@ll.mit.edu>
In-Reply-To: <8EE5C9C0-8C51-4148-916D-54017101B2B5@ll.mit.edu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ts-tracking-id: EDF20C95C70DD04390444CEA12BEB538.0
x-checkrecipientchecked: true
Authentication-Results-Original: ll.mit.edu; dkim=none (message not signed) header.d=none;ll.mit.edu; dmarc=none action=none header.from=arm.com;
x-originating-ip: [185.176.157.144]
x-ms-publictraffictype: Email
X-MS-Office365-Filtering-HT: Tenant
X-MS-Office365-Filtering-Correlation-Id: 89811bb5-a41f-40ba-d574-08d865180a5e
x-ms-traffictypediagnostic: AM8PR08MB5668:|VI1PR08MB2894:
X-Microsoft-Antispam-PRVS: <VI1PR08MB289412A83EC508DBE527731DFA330@VI1PR08MB2894.eurprd08.prod.outlook.com>
x-checkrecipientrouted: true
nodisclaimer: true
x-ms-oob-tlc-oobclassifiers: OLM:7691;OLM:9508;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: CWfNmfVO625nf8+UaIEFJPiD19qms5Ab7Jug2RYrvSCUUqFqB2YZLXj51TBERduxucHE0a+HC7ehfECPJ9FDJQPiTbyUjSs6NGUmkJR+D2aoULm+gOh8Z0I7eJH27DbUbuAt8ZVNY2dkYToKkYTVPTTXR7c/in0dfFlHs1ADG2debypKJZnX3Nzmbvc1gH7Ef7hEgj4LfWEt+TWK1XoT2rXM8wmTyymmYBm/hr4TRa4pVDkUuKhv8o+BOzqEjdZPgXJnYAWVB/B/N6M/lPanvQ/yVIhsr8Gcln6myATKpGZa8N3UM0oCH4EJCDvDIi+rthnusZZ8rNQiXeAwTPmizQ==
X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM0PR08MB3716.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(136003)(39860400002)(366004)(346002)(376002)(396003)(8936002)(83380400001)(76116006)(71200400001)(66476007)(64756008)(66946007)(66446008)(33656002)(66556008)(52536014)(86362001)(5660300002)(7696005)(186003)(55016002)(2906002)(4326008)(110136005)(8676002)(316002)(26005)(53546011)(9686003)(6506007)(478600001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: SdFhGVpbwwqmAWXW2dXp6prsSUzhNKjZIDBgh4Zm0FLl1skLcbtIyXI080gDc0BXk47xPBBPXB4V985ks54YIOD8Jz798mZW+XOqMwztzJab5yXj8Z9LQeN3oQa9UIfak+184ueV2m1kvMJEz3olO4wu5SeAS7OWKKKqE4Mqwavck6cENZmJuF899pNvlbz4cu1dXi1df8hZQHzo1FHdzifGL3plv4wuYPPYlFsYU3AZm1zrT/JvqfwU3a2LN5S4qBiCsKGGsLHFpp/1lrvmYA7/NRKrzWhyeJIudbVskTD68VFHi5k38CDmWEayRDf/aVfj1sSoOFKXzi693/IaOlsvT90Uf2PvXSXP5USyKsNhOvNkQ7EHgf84C3+obg+4WIULn3ZhzcWrBesMMkqL+msBxQa3SrIEujDCy6ft31oJIaBgyuCjrrRBnqCuYHYREbe4n8XfNt2O8SisTrqnL2XitVGZyb0nmk+IpfZIhYLnEOeawGxb8n0oXIeNcBQIh8yEjSHt2eEr8tohtpiYGrOpQRZmxvQJJOOO8oevkc03YGCgOzILccOIHk0pDe8Ktq3ICMsLG0c/fIj09rl6z5sq/qW8TT8cfcG2PHvLtnnlyfqUlnLC/zLM5mYN49TBEXzKsTzYJ46IxibNwpXFjQ==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM8PR08MB5668
Original-Authentication-Results: ll.mit.edu; dkim=none (message not signed) header.d=none;ll.mit.edu; dmarc=none action=none header.from=arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: DB5EUR03FT038.eop-EUR03.prod.protection.outlook.com
X-MS-Office365-Filtering-Correlation-Id-Prvs: 35010fb9-7f3e-4c5f-4803-08d865180665
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: xR4FsbVkfGPazqrUKav0wATDdqj6Pr4kms4xD0/U5Xsri+hKzXi81/qrXSQe/FChl1cyVcyb5uNpotVlAxCZ1zkGYmKfoR5PLheFFJbmJImNEcI7vS2uYQ14IiiiOlu56bFHQSpprPO2HYcIavQNFEdepZpEs5lvpA/jcDjlVT8RN0C2SnmYnFKaD8msk/7h1KQBU1xh5ZIRN3exH1TtuJHGMR+m4nN90j3PrIx8J9Su4NUyufpYVmicXQ9Egl+eZQwZ3PtdLyBN558SE2qezcmkse9m045+twCmfmoHs8rgZkS95N1Z54ozS+z61QqcePNGGx7C9kryN4liupuAV9F1dCKLNAOQQ+ue76Jap4Jwd88Q7SB+0xCxKy/lSpEZrGUDmW6flgRw+OXRcLWwFzHZxrDOEhx46PlTc3d84tD5/7k9E2mJkHHdjD2SJtm2
X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFS:(4636009)(346002)(39860400002)(376002)(136003)(396003)(46966005)(316002)(33656002)(110136005)(4326008)(356005)(26005)(81166007)(70206006)(336012)(83380400001)(82740400003)(47076004)(70586007)(86362001)(9686003)(82310400003)(6506007)(53546011)(186003)(8676002)(55016002)(7696005)(478600001)(8936002)(2906002)(52536014)(5660300002); DIR:OUT; SFP:1101;
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Sep 2020 08:08:40.0467 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 89811bb5-a41f-40ba-d574-08d865180a5e
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-AuthSource: DB5EUR03FT038.eop-EUR03.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR08MB2894
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/7BrdP7Spo5ZXizxFDfQ6Vb_4fG0>
Subject: Re: [TLS] The future of external PSK in TLS 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Sep 2020 08:08:45 -0000

Hi Uri,

I would even argue that key management is less challenging for IoT deployments because devices typically talk to a single device management server only.
So, the communication patterns are pretty simplistic compared to a generic computing device.
RFC 7452 talks about this topic (see the device-to-cloud and device-to-gateway pattern).

Ciao
Hannes

-----Original Message-----
From: TLS <tls-bounces@ietf.org> On Behalf Of Blumenthal, Uri - 0553 - MITLL
Sent: Wednesday, September 30, 2020 2:48 AM
To: Watson Ladd <watsonbladd@gmail.com>
Cc: tls@ietf.org
Subject: Re: [TLS] The future of external PSK in TLS 1.3

Because PSK is one of the affordable and reliable quantum-resistant key exchanges that work *today*? And done environments do not wish to do any EC operations.

Yes, key management issues are real. Those who need it, understand the implications.

Regards,
Uri

> On Sep 29, 2020, at 20:30, Watson Ladd <watsonbladd@gmail.com> wrote:
>
> On Tue, Sep 29, 2020 at 12:49 PM Blumenthal, Uri - 0553 - MITLL
> <uri@ll.mit.edu> wrote:
>>
>> I share Achim's concerns.
>>
>> But I believe the explanations will turn out mostly useless in the real world, as the "lawyers" of the industry are guaranteed to steer away from something "not recommended".
>>
>> In one word: bad.
>
> Why is PSK so necessary? There are very few devices that can't handle
> the occasional ECC operation.  The key management and forward secrecy
> issues with TLS-PSK are real. Steering applications that can afford
> the CPU away from PSK and toward hybrid modes is a good thing and why
> this registry exists imho.
>
>
> --
> Astra mortemque praestare gradatim
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

v2.23.0 | Report a Bug | By Email