Re: [TLS] The future of external PSK in TLS 1.3
Hannes Tschofenig <Hannes.Tschofenig@arm.com> Wed, 23 September 2020 14:44 UTC
Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C5F8D3A0E22 for <tls@ietfa.amsl.com>; Wed, 23 Sep 2020 07:44:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=HTz917ge; dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=HTz917ge
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gn1IdLSUe193 for <tls@ietfa.amsl.com>; Wed, 23 Sep 2020 07:44:28 -0700 (PDT)
Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05on2058.outbound.protection.outlook.com [40.107.22.58]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 42BF43A1033 for <tls@ietf.org>; Wed, 23 Sep 2020 07:44:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=jXF+/yvlptFEwGlOVVEL4cAxLrk6VUEqgzKZe0q1CBs=; b=HTz917geHEbYkiD6+W32yZm0Bm/ytK1GvPo1L1HfnYhq3HswUMgZyu7BDqj0FYeiCW1VqZSQrlVAhxvHQYVaxPJguSHyr2WvwTfNKeSt5fK61xz3yKTgZraw4u3V1YXUbvdhLvTFspUJJIhwjqewxvdVIXVh79ZjGKbRXH2E+pA=
Received: from MR2P264CA0184.FRAP264.PROD.OUTLOOK.COM (2603:10a6:501::23) by AM6PR08MB3496.eurprd08.prod.outlook.com (2603:10a6:20b:4e::31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3391.19; Wed, 23 Sep 2020 14:44:24 +0000
Received: from VE1EUR03FT062.eop-EUR03.prod.protection.outlook.com (2603:10a6:501:0:cafe::bd) by MR2P264CA0184.outlook.office365.com (2603:10a6:501::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3412.21 via Frontend Transport; Wed, 23 Sep 2020 14:44:24 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; ietf.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;ietf.org; dmarc=bestguesspass action=none header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com;
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by VE1EUR03FT062.mail.protection.outlook.com (10.152.18.252) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3412.21 via Frontend Transport; Wed, 23 Sep 2020 14:44:23 +0000
Received: ("Tessian outbound 7a6fb63c1e64:v64"); Wed, 23 Sep 2020 14:44:23 +0000
X-CR-MTA-TID: 64aa7808
Received: from 817cd3854d5b.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id D222856F-3743-4829-8D03-2427C7F8F1BF.1; Wed, 23 Sep 2020 14:44:18 +0000
Received: from EUR04-DB3-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 817cd3854d5b.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Wed, 23 Sep 2020 14:44:18 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=oZR6PK+UMmZqVYnFH9dYqqKwInucZzXHURKRVM4GfoRNwvB3IM8LbUpjHndNc7IeVhl+riBHm/tiLGmSTdPHOUdyzAbAT19jDAg37kTW4WiOqBrYlrfple+KHs+7IwfsbX1kL92wl0Z31bojMw/BNEND6We1JEM8OclsZR6fObnrWNd8cTWDPOPQKIqV1MxiMDZtPnhwc6zHMzk+DanYt6vuiu8dIDQx8g1FvqqFE4IpmMS/bDsudjTAjEg24wj5fUPvgPzsB4W0XvZBk1NiffbbJYnuMB/rBvUH111Pe2xCXYIHWKyjCrQrVYPTqPrCYtCNBSHb0n84kp3h9ZS4cQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=jXF+/yvlptFEwGlOVVEL4cAxLrk6VUEqgzKZe0q1CBs=; b=Ydz/Zs/7dNmqVMDXxBQm1QBfS4kFVSwrSSxLxk67zYjFgqVNVp28haZy1BIbpfyWNcruzQOlPGpGQJ5JX0BND9ELZmjsI0gzIowvRBOOYKbr7En6hZ8/JWe0m8bIcBmSBDXfRJOFDWVgBF+G9QSRuZcSJDDpM+gHEwRtwrauD9HtNBolNaw64Kg2xDMWkV6+XtgLbq4oX5h3lGL1Xm6ro9qg45bJ6QTJrw8I7/QqcGKxI+2bVd40wMIiXu5RCUFijp+A1q/njIG45ngzXu6xOndHe52TfL3JPWAPBuDvriT77ZSxFi+FKLekcJ6b/IznBQDD105rR+FDOdZqZMpp6Q==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=jXF+/yvlptFEwGlOVVEL4cAxLrk6VUEqgzKZe0q1CBs=; b=HTz917geHEbYkiD6+W32yZm0Bm/ytK1GvPo1L1HfnYhq3HswUMgZyu7BDqj0FYeiCW1VqZSQrlVAhxvHQYVaxPJguSHyr2WvwTfNKeSt5fK61xz3yKTgZraw4u3V1YXUbvdhLvTFspUJJIhwjqewxvdVIXVh79ZjGKbRXH2E+pA=
Received: from AM0PR08MB3716.eurprd08.prod.outlook.com (2603:10a6:208:106::13) by AM0PR08MB3459.eurprd08.prod.outlook.com (2603:10a6:208:e2::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3412.21; Wed, 23 Sep 2020 14:44:15 +0000
Received: from AM0PR08MB3716.eurprd08.prod.outlook.com ([fe80::900e:c64d:a006:4860]) by AM0PR08MB3716.eurprd08.prod.outlook.com ([fe80::900e:c64d:a006:4860%6]) with mapi id 15.20.3391.026; Wed, 23 Sep 2020 14:44:15 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: Filippo Valsorda <filippo@ml.filippo.io>, Carrick Bartle <cbartle891@icloud.com>
CC: "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] The future of external PSK in TLS 1.3
Thread-Index: AQHWjng9Pwzr8fTsOkSjvpJZy/djPKlv2BqIgABG0ACAAlNKgIAAVNSggACB6oCAAAGjAIAC9lQAgAAPjNA=
Date: Wed, 23 Sep 2020 14:44:15 +0000
Message-ID: <AM0PR08MB37168140C95EB4620ED0FE92FA380@AM0PR08MB3716.eurprd08.prod.outlook.com>
References: <77039F11-188E-4408-8B39-57B908DDCB80@ericsson.com> <1600516093048.75181@cs.auckland.ac.nz> <2f2ecb30-bef5-414a-8ff7-d707d773c7ea@www.fastmail.com> <FDD012C2-9B37-461D-BC81-854135EE994E@icloud.com> <AM0PR08MB3716861B782527DAB3C1EA1BFA3A0@AM0PR08MB3716.eurprd08.prod.outlook.com> <DF3B268F-2E80-4444-B643-D33BC0C7151E@icloud.com> <AM0PR08MB371678103D9EEB89C9AA44C1FA380@AM0PR08MB3716.eurprd08.prod.outlook.com> <ff5f77a9-ea45-4a72-b075-65c2d5e8ab45@www.fastmail.com>
In-Reply-To: <ff5f77a9-ea45-4a72-b075-65c2d5e8ab45@www.fastmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ts-tracking-id: 14D743D775E7534DB37EBE5F68F6BD86.0
x-checkrecipientchecked: true
Authentication-Results-Original: ml.filippo.io; dkim=none (message not signed) header.d=none; ml.filippo.io; dmarc=none action=none header.from=arm.com;
x-originating-ip: [80.92.122.149]
x-ms-publictraffictype: Email
X-MS-Office365-Filtering-HT: Tenant
X-MS-Office365-Filtering-Correlation-Id: d91d3fa0-9ea3-4a65-2bdd-08d85fcf29f9
x-ms-traffictypediagnostic: AM0PR08MB3459:|AM6PR08MB3496:
X-Microsoft-Antispam-PRVS: <AM6PR08MB3496584D016ED55A6CC57E46FA380@AM6PR08MB3496.eurprd08.prod.outlook.com>
x-checkrecipientrouted: true
nodisclaimer: true
x-ms-oob-tlc-oobclassifiers: OLM:9508;OLM:9508;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: okcmURbjC9z70w4CJURexYCpa+lkB05bfx/NcdoCK4lYZT8KccTWHKCrRzq+3+fdkXo/bK167WOVKIVpbr3qatmv/T8qso/uLZ1dXTd1mLUa/MSau5d1LigRDrxn9DFgwgDevPE3SD1XXy+BuldrscvtGANGIfu7AJu5HrXDJRqSrkCIwx4aH2PpqHVSUCVXf/F9rY1D8eNhCLoVP+NoTPGnkKbvR1e9Ji/PENbk8tydoRnRpzD03skbrasPOpjNA2FcHOqgOPEIpqtWnITzKFuvwd1oc0mH9aOdgqUvmlxNWM731lzQMeuMNPEERENHYCqdZvxXr3QLAw98Hhee2GKOog4Nf9vzjRXH1YE2jatV46JmZrRtib4UYZbql6QEQynkvEvavRMbFqeKcuGgSg==
X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM0PR08MB3716.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(39860400002)(346002)(376002)(366004)(396003)(136003)(9686003)(66946007)(64756008)(76116006)(66446008)(166002)(8936002)(186003)(86362001)(66574015)(71200400001)(2906002)(55016002)(83380400001)(33656002)(5660300002)(52536014)(66556008)(66476007)(316002)(7696005)(8676002)(110136005)(4326008)(9326002)(6506007)(26005)(966005)(53546011)(478600001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: wc/lvc0D0rLDTcBbjXwLMrx185CJ3kZnm3bIbmexefTJTSs/AZvz6EemPGME9FO4vmKE58etlYIncrDI9xlI9/vqn0juYrFwJcoVBROTs4Pijxgy9cxvXYJNN/Jc4cmFfDudNpl79bkmTB8fPD2PFB3xepL8ZfVbp684VkNrr3SPomFsKyiee2sKoWLTOk2q3teemZEr56paGAbS7nETM3HVmut3R1eo3zWY19rsMrEOsMcD/YGnALdpXBkQSkL8CbTNn9Cw7RD86UpSbRRe6TAnngLj8ddABES15hMq5Gmwe6bk42L+y3LOtApyRijCEOFtFxfujsok87lkOOjeU9Zv27DM40wEYWE1wW1FMgAc1f7w6Ma/drtxXCi9c2y4JVsjhRcvXY/W0QeLO8EAJ/fpwBFGe2ddIvF4S/sao/mdwMLU3aogu+6nimhm+gjtvcWbkNc3T/0+afPoN/Qb+V47z7xVboTKi0tdBsIR/3EekXd3Oj+WTgY/60YTV7T/Mx/KoJc8Lg1IO9jzGfmhU0L/U10nkjGEIaXHiyUteXF9KxiRuHjxWQWZ4WtRzbE2LAuPFtHJ8Y9+zh3jAJpHKmF4P39f+Sbx4O/KvgTv0cglVm2o8W4W1JOxohmcfADLPwxwv+IPnHbQGL6OXMLzOw==
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_AM0PR08MB37168140C95EB4620ED0FE92FA380AM0PR08MB3716eurp_"
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR08MB3459
Original-Authentication-Results: ml.filippo.io; dkim=none (message not signed) header.d=none; ml.filippo.io; dmarc=none action=none header.from=arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: VE1EUR03FT062.eop-EUR03.prod.protection.outlook.com
X-MS-Office365-Filtering-Correlation-Id-Prvs: 41d87bb6-60b3-48df-f326-08d85fcf24df
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: SuXmpbmCJGzhl7raZO8gxnvyYNIMzImYwLcWdoMFM6Eujt6zuIXPACJLTcVj2OROA8nBsKz1agk4fUMFKlcKtAF1PC1KAsJXulTTmyW1eug1MMsEkYWUi21OGdtbO91IO55qLv87Wk0tRpNrZdCe4Qp/9xtjspjyFdFM+zWjPZN/wgacQBaIAhot+U+JWXKTNM+rvR4MpXNYrIg393X7LborDIQCYFNUDkGbMIwDBzHya90n/8eQQ0EI9gvxIhgeM3u+gciHjXwvehjfFD+e3Vyy8avYZO7ITxL41OQVcxfOFF9sX94lcvDOc4iM4QXMuBiQvIFvTCrukpzQgSTsJTRTt8h7IWa+/G18xbNe4S2kjCcNKwEZOvOCCnLdgY1XCASSfPfLQ7nD5thwC2OfhoUsSzoOeAnuKHsmRVCtnbkXPhEyoFNp1Vb4KiiDQ2HFW2X8akkuDSC0u1fH6ybpA4ommbo+93BVA4X7iTrbCyeKLNYS7ljuYhe4ZoifgangwG3s/M8tuuV43fjlvjKMjQ==
X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFS:(4636009)(396003)(346002)(136003)(39860400002)(376002)(46966005)(82740400003)(70206006)(81166007)(478600001)(966005)(52536014)(47076004)(70586007)(2906002)(86362001)(5660300002)(356005)(4326008)(66574015)(6506007)(8676002)(166002)(26005)(53546011)(336012)(83380400001)(33964004)(82310400003)(186003)(9326002)(33656002)(8936002)(110136005)(36906005)(316002)(9686003)(7696005)(55016002)(30864003); DIR:OUT; SFP:1101;
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 23 Sep 2020 14:44:23.8472 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: d91d3fa0-9ea3-4a65-2bdd-08d85fcf29f9
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-AuthSource: VE1EUR03FT062.eop-EUR03.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR08MB3496
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/WDABKnnhbrK7KAcNp3J22NdFgsI>
Subject: Re: [TLS] The future of external PSK in TLS 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Sep 2020 14:44:32 -0000
Hi Filippo, I worry that labelling ciphersuites that is deployed in parts of the industry as “not recommended” will confuse those who look at the IANA website. Only those readers who look at the note will then learn that not recommended means three things, whereby the option "has not been through the IETF consensus process" should not give readers great confidence either. I hope this explains my concern. There is no problem with the use of these PSK ciphersuites, so why mark them as “not recommended”? Ciao Hannes From: Filippo Valsorda <filippo@ml.filippo.io> Sent: Wednesday, September 23, 2020 3:39 PM To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>; Carrick Bartle <cbartle891@icloud.com> Cc: tls@ietf.org Subject: Re: [TLS] The future of external PSK in TLS 1.3 2020-09-23 13:49 GMT+02:00 Hannes Tschofenig <Hannes.Tschofenig@arm.com<mailto:Hannes.Tschofenig@arm.com>>: Hi Carrick, you note that SCADA is a pretty specific use case. SCADA sounds specific but TLS is used widely in the IoT market. It is even used in devices that use smart cards, which use TLS with PSK to protect their provisioning protocol. I am worried that marking a ciphersuite as N with the meaning that it "has not been through the IETF consensus process, has limited applicability, or is intended only for specific use cases" is hard for readers to understand which of these three cases were actually the reason for marking it as “N”. The "has not been through the IETF consensus process" will scare off many people. For most people the web is the generic case and everything else is a “specific use case”. Sure, the web is very important but TLS is a generic protocol used in many environments. By this reasoning, what is a specific use case? My interpretation is "anything you shouldn't use unless you have specific requirements". Compatibility with smart cards is clearly a specific requirement, and you should definitely use an ECDH PSK if you can. What's your interpretation? The average user of OpenSSL or BoringSSL or LibreSSL or Go crypto/tls or NSS or Java doesn't do SCADA, doesn't do IoT, doesn't do smart cards, regardless of whether they talk to browsers or other services. I don’t understand John’s motivation. The LAKE group makes a decision to remove PSK support. That’s good for them. Does this imply that the TLS group also needs to make the same decision? (Again, no one is suggesting dropping anything, as far as I can tell.) Ciao Hannes From: Carrick Bartle <cbartle891@icloud.com<mailto:cbartle891@icloud.com>> Sent: Monday, September 21, 2020 6:19 PM To: Hannes Tschofenig <Hannes.Tschofenig@arm.com<mailto:Hannes.Tschofenig@arm.com>> Cc: Carrick Bartle <cbartle891=40icloud.com@dmarc.ietf.org<mailto:cbartle891=40icloud.com@dmarc.ietf.org>>; Filippo Valsorda <filippo@ml.filippo.io<mailto:filippo@ml.filippo.io>>; tls@ietf.org<mailto:tls@ietf.org> Subject: Re: [TLS] The future of external PSK in TLS 1.3 Can you justify your reasoning? Which part? On Sep 21, 2020, at 2:22 AM, Hannes Tschofenig <Hannes.Tschofenig@arm.com<mailto:Hannes.Tschofenig@arm.com>> wrote: Hi Carrick, Can you justify your reasoning? The challenge I have with the work on IoT in the IETF that the preferences for pretty much everything changes on a regular basis. I don’t see a problem that requires a change. In fact, I have just posted a mail to the UTA list that gives an overview of the implementation status of embedded TLS stacks and PSK-based ciphersuites are widely implemented. Ciao Hannes From: TLS <tls-bounces@ietf.org<mailto:tls-bounces@ietf.org>> On Behalf Of Carrick Bartle Sent: Monday, September 21, 2020 5:31 AM To: Filippo Valsorda <filippo@ml.filippo.io<mailto:filippo@ml.filippo.io>> Cc: tls@ietf.org<mailto:tls@ietf.org> Subject: Re: [TLS] The future of external PSK in TLS 1.3 I'm also fine with marking psk_ke as not recommended to be consistent with the non-PFS ciphers, but there are plenty of valid use cases that justify keeping dhe_psk_ke as recommended for external PSKs. Several of these use cases are detailed in draft-ietf-tls-external-psk-guidance-00. On Sep 19, 2020, at 9:00 AM, Filippo Valsorda <filippo@ml.filippo.io<mailto:filippo@ml.filippo.io>> wrote: 2020-09-19 13:48 GMT+02:00 Peter Gutmann <pgut001@cs.auckland.ac.nz<mailto:pgut001@cs.auckland.ac.nz>>: John Mattsson <john.mattsson=40ericsson.com@dmarc.ietf.org<mailto:40ericsson.com@dmarc.ietf.org>> writes: >Looking at the IANA TLS registry, I am surprised to see that psk_dhe_ke and >especially psk_ke are both marked as RECOMMENDED. If used in the initial >handshake, both modes have severe privacy problems, PSK is used a fair bit in SCADA. There are no privacy problems there. So just because there's a concern for one specific environment doesn't mean it should be banned for any use. In particular, I think if a specific industry has a particular concern, they should profile it for use in that industry but not require that everyone else change their behaviour. Indeed, if the SCADA industry has a particular need, they should profile TLS for use in that industry, and not require we change the recommendation for the open Internet. Setting Recommended to N is not "banning" anything, it's saying it "has not been through the IETF consensus process, has limited applicability, or is intended only for specific use cases". SCADA sounds like a pretty specific use case. I don't have a strong opinion on psk_dhe_ke, but I see no reason psk_ke wouldn't be marked N like all suites lacking PFS. _______________________________________________ TLS mailing list TLS@ietf.org<mailto:TLS@ietf.org> https://www.ietf.org/mailman/listinfo/tls IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. _______________________________________________ TLS mailing list TLS@ietf.org<mailto:TLS@ietf.org> https://www.ietf.org/mailman/listinfo/tls IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
- Re: [TLS] The future of external PSK in TLS 1.3 Peter Gutmann
- [TLS] The future of external PSK in TLS 1.3 John Mattsson
- Re: [TLS] The future of external PSK in TLS 1.3 Filippo Valsorda
- Re: [TLS] The future of external PSK in TLS 1.3 Viktor Dukhovni
- Re: [TLS] The future of external PSK in TLS 1.3 Hannes Tschofenig
- Re: [TLS] The future of external PSK in TLS 1.3 Carrick Bartle
- Re: [TLS] The future of external PSK in TLS 1.3 Hannes Tschofenig
- Re: [TLS] The future of external PSK in TLS 1.3 Hannes Tschofenig
- Re: [TLS] The future of external PSK in TLS 1.3 Pascal Urien
- Re: [TLS] The future of external PSK in TLS 1.3 Hannes Tschofenig
- Re: [TLS] The future of external PSK in TLS 1.3 Pascal Urien
- Re: [TLS] The future of external PSK in TLS 1.3 Hannes Tschofenig
- Re: [TLS] The future of external PSK in TLS 1.3 Pascal Urien
- Re: [TLS] The future of external PSK in TLS 1.3 Pascal Urien
- Re: [TLS] The future of external PSK in TLS 1.3 Carrick Bartle
- Re: [TLS] The future of external PSK in TLS 1.3 Achim Kraus
- Re: [TLS] The future of external PSK in TLS 1.3 Achim Kraus
- Re: [TLS] The future of external PSK in TLS 1.3 Pascal Urien
- Re: [TLS] The future of external PSK in TLS 1.3 Achim Kraus
- Re: [TLS] The future of external PSK in TLS 1.3 Hannes Tschofenig
- Re: [TLS] The future of external PSK in TLS 1.3 Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] The future of external PSK in TLS 1.3 Filippo Valsorda
- Re: [TLS] The future of external PSK in TLS 1.3 David Woodhouse
- Re: [TLS] The future of external PSK in TLS 1.3 Hannes Tschofenig
- Re: [TLS] The future of external PSK in TLS 1.3 Salz, Rich
- Re: [TLS] The future of external PSK in TLS 1.3 David Benjamin
- Re: [TLS] The future of external PSK in TLS 1.3 Hannes Tschofenig
- Re: [TLS] The future of external PSK in TLS 1.3 David Benjamin
- Re: [TLS] The future of external PSK in TLS 1.3 Carrick Bartle
- Re: [TLS] The future of external PSK in TLS 1.3 Lanlan Pan
- Re: [TLS] The future of external PSK in TLS 1.3 Peter Gutmann
- Re: [TLS] The future of external PSK in TLS 1.3 Hannes Tschofenig
- Re: [TLS] The future of external PSK in TLS 1.3 Filippo Valsorda
- Re: [TLS] The future of external PSK in TLS 1.3 Pascal Urien
- Re: [TLS] The future of external PSK in TLS 1.3 Salz, Rich
- Re: [TLS] The future of external PSK in TLS 1.3 Pascal Urien
- Re: [TLS] The future of external PSK in TLS 1.3 Achim Kraus
- Re: [TLS] The future of external PSK in TLS 1.3 Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] The future of external PSK in TLS 1.3 Watson Ladd
- Re: [TLS] The future of external PSK in TLS 1.3 Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] The future of external PSK in TLS 1.3 Carrick Bartle
- Re: [TLS] The future of external PSK in TLS 1.3 Achim Kraus
- Re: [TLS] The future of external PSK in TLS 1.3 Hannes Tschofenig
- Re: [TLS] The future of external PSK in TLS 1.3 Hannes Tschofenig
- Re: [TLS] The future of external PSK in TLS 1.3 Rob Sayre
- Re: [TLS] The future of external PSK in TLS 1.3 Achim Kraus
- Re: [TLS] The future of external PSK in TLS 1.3 Hannes Tschofenig
- Re: [TLS] The future of external PSK in TLS 1.3 Watson Ladd
- Re: [TLS] The future of external PSK in TLS 1.3 Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] The future of external PSK in TLS 1.3 Salz, Rich
- Re: [TLS] The future of external PSK in TLS 1.3 Rob Sayre