Re: [TLS] The future of external PSK in TLS 1.3
Hannes Tschofenig <Hannes.Tschofenig@arm.com> Mon, 21 September 2020 12:36 UTC
Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E66033A0DCB for <tls@ietfa.amsl.com>; Mon, 21 Sep 2020 05:36:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=0hnv547j; dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=0hnv547j
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ddcGHS_Hy3od for <tls@ietfa.amsl.com>; Mon, 21 Sep 2020 05:36:02 -0700 (PDT)
Received: from EUR04-HE1-obe.outbound.protection.outlook.com (mail-eopbgr70040.outbound.protection.outlook.com [40.107.7.40]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1A19F3A0BA8 for <tls@ietf.org>; Mon, 21 Sep 2020 05:36:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/4NFzSRC+znT/3Msn/NJYHE+kKyJujG+mhjbXAufQ6g=; b=0hnv547jjelqiNQuihRbzQp+Dwu/h2QqQazDVrxoehRbwC2xaNGvRr0XhtFZUxTlFRz9t9qA8nYGc/UmNTBI6Ln6hCy4FQTRdq5mdfHkxLwedEuQEDSz4Tz4xTKJr3YbNEZ/Vu6sqkQofo2BawkEkyKPWenn9MbGJzHPFfyFh5U=
Received: from AM5PR04CA0024.eurprd04.prod.outlook.com (2603:10a6:206:1::37) by AM4PR0802MB2371.eurprd08.prod.outlook.com (2603:10a6:200:5d::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3391.11; Mon, 21 Sep 2020 12:35:58 +0000
Received: from VE1EUR03FT018.eop-EUR03.prod.protection.outlook.com (2603:10a6:206:1:cafe::91) by AM5PR04CA0024.outlook.office365.com (2603:10a6:206:1::37) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3391.11 via Frontend Transport; Mon, 21 Sep 2020 12:35:58 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; ietf.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;ietf.org; dmarc=bestguesspass action=none header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com;
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by VE1EUR03FT018.mail.protection.outlook.com (10.152.18.135) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3391.15 via Frontend Transport; Mon, 21 Sep 2020 12:35:58 +0000
Received: ("Tessian outbound a0bffebca527:v64"); Mon, 21 Sep 2020 12:35:57 +0000
X-CR-MTA-TID: 64aa7808
Received: from 7a9225055295.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id 67E01385-DC54-45A7-AEE2-CB4C975E6121.1; Mon, 21 Sep 2020 12:35:52 +0000
Received: from EUR01-HE1-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 7a9225055295.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Mon, 21 Sep 2020 12:35:52 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=g7t2dS03m9nDaR1XzFEm5v5BTgpeaFxZiliq9p2ZWrGg5n3YIK/i0/cVaeMjMlcRILDqHs+oD1XnT/DDl4RlEgVY1pMuKTcyNOlh0iA5mlivh1iySTsgYMRcGmaPS8evKUxBm9RSpNKVjFNNNKIT3rfnh66aQ1vdyQmnsdwm1cZQcnfEIurPIfgqrjBPHhZgH57qHRWjKB10pL2JF6oX42WYJPMQDv0/3z648gVv96Is4JVxI5conBVx/WcjoLljbxW/DK5qOr2cNrpw2VDh3shgkckUMMIXCAP/v5x5MSz64TkrQFtzE2rZchNZx2VpMteezr7VP1yMfTt4nIqHBg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/4NFzSRC+znT/3Msn/NJYHE+kKyJujG+mhjbXAufQ6g=; b=FsLqXdWc+ZMUeiATkJl7SL4lszriMQcJX36EhBUBuM0nCgMbk/a0YoMRMygLn2VNA8X7U/FAMvc/WLwM1mWAR9jQEm/Navvzu2MBXtkmyNac0qakjNbIb95aoWlDIV7Gx0TFRsgO0b+WFT/pw6NyF69TcszNFOdT02dsPVLF6oxenc4pQpoOftacqgjIjLsZd56Fh2yCs6USOdBIoCuYPKwJ04KuVKUJZ4wYaQzdl10pOPsWmCW8u/rIIzzfSCa/qqCVDG9AUjIXiOfOieP4t/x9zo3FigkkSctsoB0qLIOMHjqMXnkZKdaiXjXyo2DC5BwVJPGuOA5nYRcstCjNdA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/4NFzSRC+znT/3Msn/NJYHE+kKyJujG+mhjbXAufQ6g=; b=0hnv547jjelqiNQuihRbzQp+Dwu/h2QqQazDVrxoehRbwC2xaNGvRr0XhtFZUxTlFRz9t9qA8nYGc/UmNTBI6Ln6hCy4FQTRdq5mdfHkxLwedEuQEDSz4Tz4xTKJr3YbNEZ/Vu6sqkQofo2BawkEkyKPWenn9MbGJzHPFfyFh5U=
Received: from AM0PR08MB3716.eurprd08.prod.outlook.com (2603:10a6:208:106::13) by AM8PR08MB5620.eurprd08.prod.outlook.com (2603:10a6:20b:1c6::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3391.14; Mon, 21 Sep 2020 12:35:50 +0000
Received: from AM0PR08MB3716.eurprd08.prod.outlook.com ([fe80::900e:c64d:a006:4860]) by AM0PR08MB3716.eurprd08.prod.outlook.com ([fe80::900e:c64d:a006:4860%6]) with mapi id 15.20.3391.026; Mon, 21 Sep 2020 12:35:50 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: Pascal Urien <pascal.urien@gmail.com>
CC: Filippo Valsorda <filippo@ml.filippo.io>, "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] The future of external PSK in TLS 1.3
Thread-Index: AQHWjng9Pwzr8fTsOkSjvpJZy/djPKlv2BqIgABG0ACAArYqkIAABVSAgAAN+cCAABiIgIAABC8g
Date: Mon, 21 Sep 2020 12:35:50 +0000
Message-ID: <AM0PR08MB3716239A095ED0F7D6072CE4FA3A0@AM0PR08MB3716.eurprd08.prod.outlook.com>
References: <77039F11-188E-4408-8B39-57B908DDCB80@ericsson.com> <1600516093048.75181@cs.auckland.ac.nz> <2f2ecb30-bef5-414a-8ff7-d707d773c7ea@www.fastmail.com> <AM0PR08MB3716AAADBE7D2A6F3E29664BFA3A0@AM0PR08MB3716.eurprd08.prod.outlook.com> <CAEQGKXQdVO_SAVT1kciiH1EgQqenaYDeXnFD9gfa3BKTNFBjig@mail.gmail.com> <AM0PR08MB3716D1CD8D13C68C91ADE322FA3A0@AM0PR08MB3716.eurprd08.prod.outlook.com> <CAEQGKXS-HyESGOU9iiYCXKdJk-wMkDnO4eYK2iVs21E3gtVOPQ@mail.gmail.com>
In-Reply-To: <CAEQGKXS-HyESGOU9iiYCXKdJk-wMkDnO4eYK2iVs21E3gtVOPQ@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ts-tracking-id: 3067B1F6E0413540BC087C95A9C4C5D2.0
x-checkrecipientchecked: true
Authentication-Results-Original: gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=none action=none header.from=arm.com;
x-originating-ip: [80.92.122.149]
x-ms-publictraffictype: Email
X-MS-Office365-Filtering-HT: Tenant
X-MS-Office365-Filtering-Correlation-Id: 36c1804a-8b05-407f-f493-08d85e2ae422
x-ms-traffictypediagnostic: AM8PR08MB5620:|AM4PR0802MB2371:
X-Microsoft-Antispam-PRVS: <AM4PR0802MB2371F2BDD03C20A8E75A78A7FA3A0@AM4PR0802MB2371.eurprd08.prod.outlook.com>
x-checkrecipientrouted: true
nodisclaimer: true
x-ms-oob-tlc-oobclassifiers: OLM:10000;OLM:10000;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: SvhrIPNLxJzqMWIGji0PDOpwXlBLNirqy3pYq2mjIKZVf7jCq470MncAHF/1kcnvb9Q6NbwvlLiVCEp7nMjO4hSqtmwGanu6zToc5p0ROVNGOLTfHcMFIott+eWmMkD5Ly2qtPjNeJFRcH/UqzzPS0P3OlR7rakswPtjHdAkepx5sXurn3o/q0ukIbVyPPZRN7508YfXM1ixir/rX8RNtP5hTp1y9aGEQIEtkY6Opr6qgIMf8Wiv2RAfOe1VH2oYCb1SISff8yUjkrnjxF2N8gx7Ae5v3CvlNvs2TOLPHmv+a8de5TZHSM51jpShWsAuyzCm4u0IIPkyAeJukge7mTeu6svwgVRd5yEHy54V3/cGoJH1TGTS/N51aPO0mwG6lELnXSQCnCDbkXX7IfmILA==
X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM0PR08MB3716.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(396003)(39860400002)(366004)(136003)(346002)(376002)(8676002)(7696005)(54906003)(6916009)(76116006)(316002)(478600001)(64756008)(86362001)(2906002)(66446008)(6506007)(53546011)(966005)(66476007)(66556008)(66946007)(55016002)(71200400001)(8936002)(33656002)(9686003)(166002)(26005)(5660300002)(52536014)(186003)(9326002)(4326008)(66574015)(83380400001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: uecybRvO+MQklHSEYV7NCQmeJDh32qkLB2aDLkcRzfCW/WVmPY+qfI66uju0Y8ctTwCuX8EF2GTOOGRvb5SaNVnwv6rpJfuCQBEjaG8x58n16TDLdrcmbyTkNadNT79IXkMejEc5QwQQAhQdIfTIEmPiQ/jsrAWY9WpaKM4wEfGLNd/fkFtqjpN6znnx6mkmU0DmKnDOdS8EZaqGz5A3450cMKnLkQ+PbrX96GaRSR/BU7pKEVSyDE6M1lQzJjrIsL0laMwzVV/CuYl/OZop6Jhe15xrQqfyJKRYPgyF6mvcSshQTJKzqjTHdjkDC+LUK2dynlOZmtxQETFZFgKI+6G7jjsjojoWcOs5F1si8xcOb9XNrA3bVR+umqt+VT7wC+aPQR5KgGElP/LtOApdNUrwzpaf0a9aaOHjhFygKSdPbjLqXnJpF60/D9BXNpB4dEWmaxzqkGutmQiYCGe9KyV33v9iOTtf9YEUrsRNHx39WCNbGIrI/n1ykiBgnf98nzeVokibD4EN5269Vat/rV3/gwJZadZHqxYv8U7DATi9ns7gjX+j+uVt5L+5RuPn8GSiIet6hkDZy386jL9rEkL+fPUZphunB1uVGCCv8ONJACniETEZ+HXqMJwu5SzDd3K24nyiGjyW3Pegkn8oSg==
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_AM0PR08MB3716239A095ED0F7D6072CE4FA3A0AM0PR08MB3716eurp_"
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM8PR08MB5620
Original-Authentication-Results: gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=none action=none header.from=arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: VE1EUR03FT018.eop-EUR03.prod.protection.outlook.com
X-MS-Office365-Filtering-Correlation-Id-Prvs: 22927718-fc9f-44fc-c6e0-08d85e2adfd3
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: IHh3TqHJwBQtx9DKpqMdX7BA1OXYXua6yv2GjdqpkUClLKECABVWX9gWdU9hplvtM81GsySxPXgsl/L/Qag5EX3gFhIPUaVVNmdHtccjTVDYRLhEY8MqeePLsQAqqplJQgz3q9Pf7PLAMyI58/Fqb9fjLolQEj+WXIZj7EQ7bFpq/l46s+e647dCAbc9f7w4+578MhI4ctw6vfqB1fjOJNWmi7Dq2HfWYmX+3rlCGbQ1lIRls6JR1nYnNkbM8LrDZaeUcT3iZ7TXJMRvri4XSpnTdgr7GT3sfJ32V/kVG9WRItIYd1Fyq04gBqavIEZhz1sH+xdJ5a0PGTA9ddqOTfGTLtF2tM/Ye6hnzozRxT+j38IdAQj+VyhU7w09/IbRDVQLSFCkLxd8MHunPgIe+XcvnDZ2rKmEFiq+3XgWOMvj4AXqiAFbEUJv9/xm+SHTo+6xeTOFC62xpWjsRaTMJFpucEZatNQWQKK45O1sXts=
X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFS:(4636009)(39860400002)(396003)(346002)(136003)(376002)(46966005)(9326002)(2906002)(6862004)(52536014)(47076004)(316002)(36906005)(166002)(70206006)(82740400003)(54906003)(9686003)(4326008)(55016002)(8676002)(356005)(7696005)(6506007)(33964004)(53546011)(70586007)(33656002)(336012)(8936002)(82310400003)(83380400001)(86362001)(81166007)(26005)(66574015)(5660300002)(186003)(478600001)(966005); DIR:OUT; SFP:1101;
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Sep 2020 12:35:58.0529 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 36c1804a-8b05-407f-f493-08d85e2ae422
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-AuthSource: VE1EUR03FT018.eop-EUR03.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4PR0802MB2371
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/h5-ICzl-QI_cY3OpdysLAOy1HYY>
Subject: Re: [TLS] The future of external PSK in TLS 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Sep 2020 12:36:06 -0000
Hi Pascal, are you saying that the stack on the secure element uses WolfSSL or OpenSSL? I am sure that WolfSSL works well but for code size reasons I doubt OpenSSL is possible. Can you confirm? In case of WolfSSL, you have multiple options for credentials, including plain PSK, PSK-ECDHE, raw public keys, and certificates as I noted in my mail to the UTA list: https://mailarchive.ietf.org/arch/msg/uta/RJ4wU77D6f7qslfwrc16jkrPTew/ Ciao Hannes From: Pascal Urien <pascal.urien@gmail.com> Sent: Monday, September 21, 2020 2:01 PM To: Hannes Tschofenig <Hannes.Tschofenig@arm.com> Cc: Filippo Valsorda <filippo@ml.filippo.io>; tls@ietf.org Subject: Re: [TLS] The future of external PSK in TLS 1.3 Hi Hannes Yes it has been tested with several 3.04 Javacards commercially available In the draft https://tools.ietf.org/html/draft-urien-tls-se-00 Section 5-ISO 7816 Use Case, the exchanges are done with the existing implementation TLS-SE TLS1.3 PSK+ECDH server works with ESP8266 or Arduino+Ethernet boards For client software we use OPENSSL or WolfSSL Pascal Le lun. 21 sept. 2020 à 12:35, Hannes Tschofenig <Hannes.Tschofenig@arm.com<mailto:Hannes.Tschofenig@arm.com>> a écrit : Hi Pascal, Thanks for the pointer to the draft. Since I am surveying implementations for the update of RFC 7925 (see https://datatracker.ietf.org/doc/draft-ietf-uta-tls13-iot-profile/) I was wondering whether there is an implementation of this approach. Ciao Hannes From: Pascal Urien <pascal.urien@gmail.com<mailto:pascal.urien@gmail.com>> Sent: Monday, September 21, 2020 11:44 AM To: Hannes Tschofenig <Hannes.Tschofenig@arm.com<mailto:Hannes.Tschofenig@arm.com>> Cc: Filippo Valsorda <filippo@ml.filippo.io<mailto:filippo@ml.filippo.io>>; tls@ietf.org<mailto:tls@ietf.org> Subject: Re: [TLS] The future of external PSK in TLS 1.3 Hi All Here is an example of PSK+ECDHE for IoT https://tools.ietf.org/html/draft-urien-tls-se-00 uses TLS1.3 server PSK+ECDHE for secure elements The security level in these devices is as high as EAL5+ The computing time is about 1.4s for a PSK+ECDHE session (AES-128-CCM, + secp256r1) The real critical resource is the required RAM size, less than 1KB in our experiments The secure element only needs a classical TCP/IP interface (i.e. sockets like) Trusted PSK should avoid selfie attacks Pascal Le lun. 21 sept. 2020 à 11:29, Hannes Tschofenig <mailto:Hannes.Tschofenig@arm.com<mailto:Hannes.Tschofenig@arm.com>> a écrit : Hi Filippo, • Indeed, if the SCADA industry has a particular need, they should profile TLS for use in that industry, and not require we change the recommendation for the open Internet. We have an IoT profile for TLS and it talks about the use of PSK, see https://tools.ietf.org/html/rfc7925 On the “open Internet” (probably referring to the Web usage) you are not going to use PSKs in TLS. There is a separate RFC that provides recommendations for that environmnent, see RFC 752. That RFC is currently being revised, see https://datatracker.ietf.org/doc/draft-sheffer-uta-rfc7525bis/ Ciao Hannes IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. _______________________________________________ TLS mailing list mailto:TLS@ietf.org<mailto:TLS@ietf.org> https://www.ietf.org/mailman/listinfo/tls IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
- [TLS] The future of external PSK in TLS 1.3 John Mattsson
- Re: [TLS] The future of external PSK in TLS 1.3 Peter Gutmann
- Re: [TLS] The future of external PSK in TLS 1.3 Filippo Valsorda
- Re: [TLS] The future of external PSK in TLS 1.3 Viktor Dukhovni
- Re: [TLS] The future of external PSK in TLS 1.3 Hannes Tschofenig
- Re: [TLS] The future of external PSK in TLS 1.3 Carrick Bartle
- Re: [TLS] The future of external PSK in TLS 1.3 Hannes Tschofenig
- Re: [TLS] The future of external PSK in TLS 1.3 Hannes Tschofenig
- Re: [TLS] The future of external PSK in TLS 1.3 Pascal Urien
- Re: [TLS] The future of external PSK in TLS 1.3 Hannes Tschofenig
- Re: [TLS] The future of external PSK in TLS 1.3 Pascal Urien
- Re: [TLS] The future of external PSK in TLS 1.3 Hannes Tschofenig
- Re: [TLS] The future of external PSK in TLS 1.3 Pascal Urien
- Re: [TLS] The future of external PSK in TLS 1.3 Pascal Urien
- Re: [TLS] The future of external PSK in TLS 1.3 Carrick Bartle
- Re: [TLS] The future of external PSK in TLS 1.3 Achim Kraus
- Re: [TLS] The future of external PSK in TLS 1.3 Achim Kraus
- Re: [TLS] The future of external PSK in TLS 1.3 Pascal Urien
- Re: [TLS] The future of external PSK in TLS 1.3 Achim Kraus
- Re: [TLS] The future of external PSK in TLS 1.3 Hannes Tschofenig
- Re: [TLS] The future of external PSK in TLS 1.3 Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] The future of external PSK in TLS 1.3 Filippo Valsorda
- Re: [TLS] The future of external PSK in TLS 1.3 David Woodhouse
- Re: [TLS] The future of external PSK in TLS 1.3 Hannes Tschofenig
- Re: [TLS] The future of external PSK in TLS 1.3 Salz, Rich
- Re: [TLS] The future of external PSK in TLS 1.3 David Benjamin
- Re: [TLS] The future of external PSK in TLS 1.3 Hannes Tschofenig
- Re: [TLS] The future of external PSK in TLS 1.3 David Benjamin
- Re: [TLS] The future of external PSK in TLS 1.3 Carrick Bartle
- Re: [TLS] The future of external PSK in TLS 1.3 Lanlan Pan
- Re: [TLS] The future of external PSK in TLS 1.3 Peter Gutmann
- Re: [TLS] The future of external PSK in TLS 1.3 Hannes Tschofenig
- Re: [TLS] The future of external PSK in TLS 1.3 Filippo Valsorda
- Re: [TLS] The future of external PSK in TLS 1.3 Pascal Urien
- Re: [TLS] The future of external PSK in TLS 1.3 Salz, Rich
- Re: [TLS] The future of external PSK in TLS 1.3 Pascal Urien
- Re: [TLS] The future of external PSK in TLS 1.3 Achim Kraus
- Re: [TLS] The future of external PSK in TLS 1.3 Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] The future of external PSK in TLS 1.3 Watson Ladd
- Re: [TLS] The future of external PSK in TLS 1.3 Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] The future of external PSK in TLS 1.3 Carrick Bartle
- Re: [TLS] The future of external PSK in TLS 1.3 Achim Kraus
- Re: [TLS] The future of external PSK in TLS 1.3 Hannes Tschofenig
- Re: [TLS] The future of external PSK in TLS 1.3 Hannes Tschofenig
- Re: [TLS] The future of external PSK in TLS 1.3 Rob Sayre
- Re: [TLS] The future of external PSK in TLS 1.3 Achim Kraus
- Re: [TLS] The future of external PSK in TLS 1.3 Hannes Tschofenig
- Re: [TLS] The future of external PSK in TLS 1.3 Watson Ladd
- Re: [TLS] The future of external PSK in TLS 1.3 Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] The future of external PSK in TLS 1.3 Salz, Rich
- Re: [TLS] The future of external PSK in TLS 1.3 Rob Sayre