Re: [TLS] The future of external PSK in TLS 1.3
Pascal Urien <pascal.urien@gmail.com> Mon, 21 September 2020 09:43 UTC
Return-Path: <pascal.urien@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DAE743A0B68 for <tls@ietfa.amsl.com>; Mon, 21 Sep 2020 02:43:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KWrKPec09Yz9 for <tls@ietfa.amsl.com>; Mon, 21 Sep 2020 02:43:49 -0700 (PDT)
Received: from mail-vs1-xe35.google.com (mail-vs1-xe35.google.com [IPv6:2607:f8b0:4864:20::e35]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 53AF43A0B66 for <tls@ietf.org>; Mon, 21 Sep 2020 02:43:49 -0700 (PDT)
Received: by mail-vs1-xe35.google.com with SMTP id e2so7705891vsr.7 for <tls@ietf.org>; Mon, 21 Sep 2020 02:43:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Gjm66ZA0aUrIyb6yBMp8vYlDvhTU4vWrXvb69wcfNAQ=; b=tP2xnvWYPA330YCaRKgGiXHN97i34stDjHY7GzlXeAb9lsWMRt9eiWeGPspoyjQQhp yjHJWUvPfdHoCAua6wMvnXE0Cjw++fQk3cQn6IJ6plv1aKcz4hUamnBp1LpyBunX44rQ 95hksMfH64uPlDq09glYfDhwrFXWYZA/fSWiBPNkYuubhUZ0DvTSzT9mglfCQphoZ1I7 Aq3z0LECQNgbYmAnl3JWM4GxszNmaUNg6Adml4xwCPqPvkS63thcWwZk5OhYBoOhn4hf VoeA6t0zacvM5aRGgk5iDXSkqS/LMsbhv5dt0IW0Daj1NUZrlqokecbpar6ZfRUUL8/9 f/Cg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Gjm66ZA0aUrIyb6yBMp8vYlDvhTU4vWrXvb69wcfNAQ=; b=fMTXmg+C7ic7W1Jke1eZemA3RsHN7ZZpXE5AA3NbeaYY3B7/OiuO8JzDJnVyp/CYQ0 ssOd/BeS1eMukR2rMuCsYB4AK/MSMpeVP8Sm5qTFgPcEyJE85eyJDxGtggXL+GHmEuda qS+77bImMlEa3wAx1KE1sDS0pHXUQlI9prXHoBYTn/yYcAGCDQzGPgAe2BMpeJEkop/W 635Mm909/ULlh+DiqwG4tCdN9y9CiKeUu5QmgEjIQOj2rf5Lu1JB5ecq/K/tVyInFo+X cLYyfPGk5QvjozguMrepXrklm1ATXAqHkpDI3Luus6RaoYvnMo/0k7GG44+bO9eGCSLm 29aQ==
X-Gm-Message-State: AOAM531nu/uf4XtAOmEH9HOcE2B8sFzww+FlHh6I9TX2WmRF3gt38nDf KHxtVVkimka+08H0tVqGX5XxfG4NxVcQW276d9M=
X-Google-Smtp-Source: ABdhPJyNwGUjfvGvYYLOZtYypwh1bRk6X4FnGuB1qfMhj3G5KTuobobyx5cGzNuUHhqm/smWtJjYUmfTG61KvSN3zmE=
X-Received: by 2002:a05:6102:2261:: with SMTP id v1mr14790233vsd.28.1600681428303; Mon, 21 Sep 2020 02:43:48 -0700 (PDT)
MIME-Version: 1.0
References: <77039F11-188E-4408-8B39-57B908DDCB80@ericsson.com> <1600516093048.75181@cs.auckland.ac.nz> <2f2ecb30-bef5-414a-8ff7-d707d773c7ea@www.fastmail.com> <AM0PR08MB3716AAADBE7D2A6F3E29664BFA3A0@AM0PR08MB3716.eurprd08.prod.outlook.com>
In-Reply-To: <AM0PR08MB3716AAADBE7D2A6F3E29664BFA3A0@AM0PR08MB3716.eurprd08.prod.outlook.com>
From: Pascal Urien <pascal.urien@gmail.com>
Date: Mon, 21 Sep 2020 11:43:35 +0200
Message-ID: <CAEQGKXQdVO_SAVT1kciiH1EgQqenaYDeXnFD9gfa3BKTNFBjig@mail.gmail.com>
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
Cc: Filippo Valsorda <filippo@ml.filippo.io>, "tls@ietf.org" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000eec2b205afcfafc0"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/YGLuGX9AH52VYgO1KKjIXtS5s4s>
Subject: Re: [TLS] The future of external PSK in TLS 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Sep 2020 09:43:51 -0000
Hi All Here is an example of PSK+ECDHE for IoT https://tools.ietf.org/html/draft-urien-tls-se-00 uses TLS1.3 server PSK+ECDHE for secure elements The security level in these devices is as high as EAL5+ The computing time is about 1.4s for a PSK+ECDHE session (AES-128-CCM, + secp256r1) The real critical resource is the required RAM size, less than 1KB in our experiments The secure element only needs a classical TCP/IP interface (i.e. sockets like) Trusted PSK should avoid selfie attacks Pascal Le lun. 21 sept. 2020 à 11:29, Hannes Tschofenig <Hannes.Tschofenig@arm.com> a écrit : > Hi Filippo, > > > > - Indeed, if the SCADA industry has a particular need, they should > profile TLS for use in that industry, and not require we change the > recommendation for the open Internet. > > > > We have an IoT profile for TLS and it talks about the use of PSK, see > https://tools.ietf.org/html/rfc7925 > > > > On the “open Internet” (probably referring to the Web usage) you are not > going to use PSKs in TLS. There is a separate RFC that provides > recommendations for that environmnent, see RFC 752. That RFC is currently > being revised, see draft-sheffer-uta-rfc7525bis-00 > <https://datatracker.ietf.org/doc/draft-sheffer-uta-rfc7525bis/> > > > > Ciao > > Hannes > > > IMPORTANT NOTICE: The contents of this email and any attachments are > confidential and may also be privileged. If you are not the intended > recipient, please notify the sender immediately and do not disclose the > contents to any other person, use it for any purpose, or store or copy the > information in any medium. Thank you. > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
- Re: [TLS] The future of external PSK in TLS 1.3 Peter Gutmann
- [TLS] The future of external PSK in TLS 1.3 John Mattsson
- Re: [TLS] The future of external PSK in TLS 1.3 Filippo Valsorda
- Re: [TLS] The future of external PSK in TLS 1.3 Viktor Dukhovni
- Re: [TLS] The future of external PSK in TLS 1.3 Hannes Tschofenig
- Re: [TLS] The future of external PSK in TLS 1.3 Carrick Bartle
- Re: [TLS] The future of external PSK in TLS 1.3 Hannes Tschofenig
- Re: [TLS] The future of external PSK in TLS 1.3 Hannes Tschofenig
- Re: [TLS] The future of external PSK in TLS 1.3 Pascal Urien
- Re: [TLS] The future of external PSK in TLS 1.3 Hannes Tschofenig
- Re: [TLS] The future of external PSK in TLS 1.3 Pascal Urien
- Re: [TLS] The future of external PSK in TLS 1.3 Hannes Tschofenig
- Re: [TLS] The future of external PSK in TLS 1.3 Pascal Urien
- Re: [TLS] The future of external PSK in TLS 1.3 Pascal Urien
- Re: [TLS] The future of external PSK in TLS 1.3 Carrick Bartle
- Re: [TLS] The future of external PSK in TLS 1.3 Achim Kraus
- Re: [TLS] The future of external PSK in TLS 1.3 Achim Kraus
- Re: [TLS] The future of external PSK in TLS 1.3 Pascal Urien
- Re: [TLS] The future of external PSK in TLS 1.3 Achim Kraus
- Re: [TLS] The future of external PSK in TLS 1.3 Hannes Tschofenig
- Re: [TLS] The future of external PSK in TLS 1.3 Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] The future of external PSK in TLS 1.3 Filippo Valsorda
- Re: [TLS] The future of external PSK in TLS 1.3 David Woodhouse
- Re: [TLS] The future of external PSK in TLS 1.3 Hannes Tschofenig
- Re: [TLS] The future of external PSK in TLS 1.3 Salz, Rich
- Re: [TLS] The future of external PSK in TLS 1.3 David Benjamin
- Re: [TLS] The future of external PSK in TLS 1.3 Hannes Tschofenig
- Re: [TLS] The future of external PSK in TLS 1.3 David Benjamin
- Re: [TLS] The future of external PSK in TLS 1.3 Carrick Bartle
- Re: [TLS] The future of external PSK in TLS 1.3 Lanlan Pan
- Re: [TLS] The future of external PSK in TLS 1.3 Peter Gutmann
- Re: [TLS] The future of external PSK in TLS 1.3 Hannes Tschofenig
- Re: [TLS] The future of external PSK in TLS 1.3 Filippo Valsorda
- Re: [TLS] The future of external PSK in TLS 1.3 Pascal Urien
- Re: [TLS] The future of external PSK in TLS 1.3 Salz, Rich
- Re: [TLS] The future of external PSK in TLS 1.3 Pascal Urien
- Re: [TLS] The future of external PSK in TLS 1.3 Achim Kraus
- Re: [TLS] The future of external PSK in TLS 1.3 Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] The future of external PSK in TLS 1.3 Watson Ladd
- Re: [TLS] The future of external PSK in TLS 1.3 Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] The future of external PSK in TLS 1.3 Carrick Bartle
- Re: [TLS] The future of external PSK in TLS 1.3 Achim Kraus
- Re: [TLS] The future of external PSK in TLS 1.3 Hannes Tschofenig
- Re: [TLS] The future of external PSK in TLS 1.3 Hannes Tschofenig
- Re: [TLS] The future of external PSK in TLS 1.3 Rob Sayre
- Re: [TLS] The future of external PSK in TLS 1.3 Achim Kraus
- Re: [TLS] The future of external PSK in TLS 1.3 Hannes Tschofenig
- Re: [TLS] The future of external PSK in TLS 1.3 Watson Ladd
- Re: [TLS] The future of external PSK in TLS 1.3 Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] The future of external PSK in TLS 1.3 Salz, Rich
- Re: [TLS] The future of external PSK in TLS 1.3 Rob Sayre