Re: [TLS] The future of external PSK in TLS 1.3

Achim Kraus <achimkraus@gmx.net> Mon, 21 September 2020 17:57 UTC

Return-Path: <achimkraus@gmx.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AF1E83A0A36 for <tls@ietfa.amsl.com>; Mon, 21 Sep 2020 10:57:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.1
X-Spam-Level:
X-Spam-Status: No, score=-1.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, FREEMAIL_REPLY=1, NICE_REPLY_A=-0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=gmx.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9_nSfI0Ohveo for <tls@ietfa.amsl.com>; Mon, 21 Sep 2020 10:57:20 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.17.22]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 708FB3A09CF for <tls@ietf.org>; Mon, 21 Sep 2020 10:57:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net; s=badeba3b8450; t=1600711036; bh=QF72yQUHYt8U8C4sTcO6IOxyW6BdYpDa93spEbjDwnQ=; h=X-UI-Sender-Class:Subject:To:Cc:References:From:Date:In-Reply-To; b=gIbbjCyblWkW6hR6TqDyioSWahRwf9448tUoI3Iy6Fo6axq5rr8jRVEmKCJ5Nymae WKXVSJXetu+mJq/ddNZbHnbviwryUP+foFy6PfDE7Ar3aJALky1zi/8icAozkwIsRA g+alMMI4HP6fgmWbaPIlXx2Bs7pLwLWA+sSJIswg=
X-UI-Sender-Class: 01bb95c1-4bf8-414a-932a-4f6e2808ef9c
Received: from [192.168.178.45] ([178.2.233.174]) by mail.gmx.com (mrgmx104 [212.227.17.168]) with ESMTPSA (Nemesis) id 1MpUUm-1knxVX33qm-00ptG8; Mon, 21 Sep 2020 19:57:15 +0200
To: Pascal Urien <pascal.urien@gmail.com>
Cc: Hannes Tschofenig <Hannes.Tschofenig@arm.com>, tls@ietf.org
References: <77039F11-188E-4408-8B39-57B908DDCB80@ericsson.com> <1600516093048.75181@cs.auckland.ac.nz> <2f2ecb30-bef5-414a-8ff7-d707d773c7ea@www.fastmail.com> <AM0PR08MB3716AAADBE7D2A6F3E29664BFA3A0@AM0PR08MB3716.eurprd08.prod.outlook.com> <CAEQGKXQdVO_SAVT1kciiH1EgQqenaYDeXnFD9gfa3BKTNFBjig@mail.gmail.com> <AM0PR08MB3716D1CD8D13C68C91ADE322FA3A0@AM0PR08MB3716.eurprd08.prod.outlook.com> <CAEQGKXS-HyESGOU9iiYCXKdJk-wMkDnO4eYK2iVs21E3gtVOPQ@mail.gmail.com> <AM0PR08MB3716239A095ED0F7D6072CE4FA3A0@AM0PR08MB3716.eurprd08.prod.outlook.com> <CAEQGKXQ9aNOYtRT8ZUbWT81wjYeqZzQOx_McSefTedG6Lpbr_A@mail.gmail.com> <CAEQGKXSA6SgGqxUbwik3twesNC+zFm+ek3f+5rjbAQBm_bz0Zg@mail.gmail.com>
From: Achim Kraus <achimkraus@gmx.net>
Message-ID: <89e3b32e-82d6-3a44-7b48-1cc8d0c12496@gmx.net>
Date: Mon, 21 Sep 2020 19:57:13 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0
MIME-Version: 1.0
In-Reply-To: <CAEQGKXSA6SgGqxUbwik3twesNC+zFm+ek3f+5rjbAQBm_bz0Zg@mail.gmail.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: de-AT-frami
Content-Transfer-Encoding: quoted-printable
X-Provags-ID: V03:K1:OB1OhsGOs2LL3wTqgSzwbq3+Mva3LqQSekYF8xDPZUWaYDK1Zn+ O136NyJ48DKaZAXVz9GTKbrdFBLQgKW6zpQQ/+qGr3kAS58GOsIIIDPfPMnvQOa7sScaBjY UyA1rEB1V++3gs8OHS36PJhWBZ1DUUM50cmxgvA9W+oI7ZuyxE45NkPzXvZPEqzXrYPH0gD l9zavzCxnv4fYa8GiKVSQ==
X-UI-Out-Filterresults: notjunk:1;V03:K0:e4Wht8muTHU=:Xbpti1JpcQ/4TloQMz7eqm FRpPA9O9nYiIDYUW0gKlJPchyL1vB1XwrpfPcPisdKNG3CkxXRAs8DZg+xCrS8ghunNLuNJaH meePmokuw8Tc8N3vcR/wkd+k9jqSAmo1lS7U14NYmr9iD6UBFSvxHjwLggVOGUPqAj4FgmeUD ULxt85fdHraex/moL1wEMeVDAT+yS5doJWDpct+zzqlRQcND7FjQBujBDkxiOty1c1BlFTHbf 6ctUFNwNI8teIvwX+zhHBvrIEwfatIkPsdRM8Q8qW5o7/0BA3dXGM4DH8p0x4nLs2xPMnpCqI uWscsfFHG5J+szK6sCUMitKEEvPOLxYVRfZbG6ncVJqXINxDE49YNh78MKVKxUnVKTl1x2gGO BEDWLP+SExKWnBjFgu6xoW9BczelXHWNtc5oh632dQz9aT6K+gImtqvQfngTmwXwqTzyOtlcC 022A8ANMusjMOen2yOCPtqZHLJiwg3IHF5RvuOK6cDQBvdLjJKuZsQd7bli75TobSgKLiVoO3 efB7GiKSu+PSI7JqVfaBl03igNj4+LTS4CufoIb03Op4DL8cK1Em8Z22IyORISwZ1r5Pi3kBH 7tO2skaX+ARxAv6jXTUpq5473jG9SbeMScq1cHQv0LNe2wpJdnjbJZnetoyAKcLExUCU58v8B 2C3ssSzZ8GM8yfng2zmZs8obZoRA+Zq9wYLTQWB0s5hUWvq9AgKQ4Ob4bGnsuUFUGoCFdRmIE /spB+5zYzOER/yEMbuy6VCSrqPmh08ZbGIZ5CAl0POXtLQe9HeUfACcpeFpDJCqQO851SqHoB nPoOEEthniKwLEOYblOwoUHU27lzfuxDVkfTiFReyB1JVS+CeTWsPg3EHdnzDJk4VEIwvh9Pj 79lv387+QRVxgZIq1yewIIMiro0BfHDKQQ7LSRyhKqMQZNRR6TtPlvylvArVoZgFfDzulW6jm RQymA98+tD5uH/U6Bz9epPivjtw4rdDCFrFdpq+qUY+Sb7Uxn03bYEy/j11ZF8n2cUnPDK+BB CzPihlZ27/Ojqt0J0hNAHoeo+PYvow8cFNK9GlsTlyUabvJq3OUmWGYbufUJIgTQraY4+PehM fpEwri0IGwen2UwqbNJ/6P38el8onuA2t7rWuF8ykMUtoQwY0693ikkUGZnlGF6SRmFnJjq2R GXEmvaCoOOJI80IPKHBQ5mnUaUjc65HyEWhQskdyBUICiRQQSEruV7pAqFQvP1kxcXyZYWDdf ixhoml/6XEbZBaNJbL2PQaDp8RJOx2lBxJFxO2Q==
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/ZN0TVDnVYYiRbrmybevb0R0TvdU>
Subject: Re: [TLS] The future of external PSK in TLS 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Sep 2020 17:57:23 -0000

Hi Pascal,

that using these ISO 7816 card is fast and save, doesn't say too much
about the use-case without that card, or? For sure, there are
micro-controller, which are also equipped with hw-ecc or hw-rsa. And
there are more secure-devices protecting credentials. But there are also
still ones without.
I'm not sure, if I want spend too much money in my local network "light
bulb". Isn't it always a question of what to protect in which environment?

best regards
Achim

Am 21.09.20 um 14:53 schrieb Pascal Urien:
> tls-se memory footprint is
> flash 《 40KB
> ram   《 1KB
>
> time to open a tls session 1.4 seconds
>
>
> Le lun. 21 sept. 2020 à 14:47, Pascal Urien <pascal.urien@gmail.com
> <mailto:pascal.urien@gmail.com>> a écrit :
>
>     hi Hannes
>
>     no openssl or wolfssl are used as client in order to check
>     interoperability with tls-se server
>
>     tls-se is of course a specific implémentation for tls13 server in
>     javacard..it is written in java but an ôter implémentation is
>     written in c for constraint notes. as written in the draft tls-se
>     implementation has three software blocks: crypto lib, tls state
>     machine, and tls lib
>
>
>
>     Le lun. 21 sept. 2020 à 14:36, Hannes Tschofenig
>     <Hannes.Tschofenig@arm.com <mailto:Hannes.Tschofenig@arm.com>> a écrit :
>
>         Hi Pascal, ____
>
>         __ __
>
>         are you saying that the stack on the secure element uses WolfSSL
>         or OpenSSL? I am sure that WolfSSL works well but for code size
>         reasons I doubt OpenSSL is possible. Can you confirm? ____
>
>         __ __
>
>         In case of WolfSSL, you have multiple options for credentials,
>         including plain PSK, PSK-ECDHE, raw public keys, and
>         certificates as I noted in my mail to the UTA list: ____
>
>         https://mailarchive.ietf.org/arch/msg/uta/RJ4wU77D6f7qslfwrc16jkrPTew/____
>
>         __ __
>
>         Ciao____
>
>         Hannes____
>
>         __ __
>
>         *From:* Pascal Urien <pascal.urien@gmail.com
>         <mailto:pascal.urien@gmail.com>>
>         *Sent:* Monday, September 21, 2020 2:01 PM
>         *To:* Hannes Tschofenig <Hannes.Tschofenig@arm.com
>         <mailto:Hannes.Tschofenig@arm.com>>
>         *Cc:* Filippo Valsorda <filippo@ml.filippo.io
>         <mailto:filippo@ml.filippo.io>>; tls@ietf.org <mailto:tls@ietf.org>
>         *Subject:* Re: [TLS] The future of external PSK in TLS 1.3____
>
>         __ __
>
>         Hi Hannes____
>
>         __ __
>
>         Yes it has been tested with several  3.04 Javacards
>         commercially available____
>
>         __ __
>
>         In the draft https://tools.ietf.org/html/draft-urien-tls-se-00
>           Section 5-ISO 7816 Use Case, the exchanges are done with the
>         existing implementation____
>
>         __ __
>
>         TLS-SE TLS1.3 PSK+ECDH server works with ESP8266 or
>         Arduino+Ethernet boards ____
>
>         __ __
>
>         For client software we use OPENSSL or WolfSSL____
>
>         __ __
>
>         Pascal____
>
>         __ __
>
>         __ __
>
>         __ __
>
>         __ __
>
>         Le lun. 21 sept. 2020 à 12:35, Hannes Tschofenig
>         <Hannes.Tschofenig@arm.com <mailto:Hannes.Tschofenig@arm.com>> a
>         écrit :____
>
>             Hi Pascal,
>
>             Thanks for the pointer to the draft.
>
>             Since I am surveying implementations for the update of RFC
>             7925 (see
>             https://datatracker.ietf.org/doc/draft-ietf-uta-tls13-iot-profile/)
>             I was wondering whether there is an implementation of this
>             approach.
>
>             Ciao
>             Hannes
>
>
>             From: Pascal Urien <pascal.urien@gmail.com
>             <mailto:pascal.urien@gmail.com>>
>             Sent: Monday, September 21, 2020 11:44 AM
>             To: Hannes Tschofenig <Hannes.Tschofenig@arm.com
>             <mailto:Hannes.Tschofenig@arm.com>>
>             Cc: Filippo Valsorda <filippo@ml.filippo.io
>             <mailto:filippo@ml.filippo.io>>; tls@ietf.org
>             <mailto:tls@ietf.org>
>             Subject: Re: [TLS] The future of external PSK in TLS 1.3
>
>             Hi All
>
>             Here is an example of PSK+ECDHE for IoT
>
>             https://tools.ietf.org/html/draft-urien-tls-se-00  uses
>             TLS1.3 server  PSK+ECDHE for secure elements
>
>             The security level in these devices is as high as EAL5+
>
>             The computing time is about 1.4s for a PSK+ECDHE session
>             (AES-128-CCM, + secp256r1)
>
>             The real critical resource is the required RAM size, less
>             than 1KB in our experiments
>
>             The secure element  only needs a classical TCP/IP interface
>             (i.e. sockets like)
>
>             Trusted PSK should avoid selfie attacks
>
>             Pascal
>
>
>
>             Le lun. 21 sept. 2020 à 11:29, Hannes Tschofenig
>             <mailto:Hannes.Tschofenig@arm.com
>             <mailto:Hannes.Tschofenig@arm.com>> a écrit :
>             Hi Filippo,
>
>             • Indeed, if the SCADA industry has a particular need, they
>             should profile TLS for use in that industry, and not require
>             we change the recommendation for the open Internet.
>
>             We have an IoT profile for TLS and it talks about the use of
>             PSK, see https://tools.ietf.org/html/rfc7925
>
>             On the “open Internet” (probably referring to the Web usage)
>             you are not going to use PSKs in TLS. There is a separate
>             RFC that provides recommendations for that environmnent, see
>             RFC 752. That RFC is currently being revised, see
>             https://datatracker.ietf.org/doc/draft-sheffer-uta-rfc7525bis/
>
>             Ciao
>             Hannes
>
>             IMPORTANT NOTICE: The contents of this email and any
>             attachments are confidential and may also be privileged. If
>             you are not the intended recipient, please notify the sender
>             immediately and do not disclose the contents to any other
>             person, use it for any purpose, or store or copy the
>             information in any medium. Thank you.
>             _______________________________________________
>             TLS mailing list
>             mailto:TLS@ietf.org <mailto:TLS@ietf.org>
>             https://www.ietf.org/mailman/listinfo/tls
>             IMPORTANT NOTICE: The contents of this email and any
>             attachments are confidential and may also be privileged. If
>             you are not the intended recipient, please notify the sender
>             immediately and do not disclose the contents to any other
>             person, use it for any purpose, or store or copy the
>             information in any medium. Thank you.____
>
>         IMPORTANT NOTICE: The contents of this email and any attachments
>         are confidential and may also be privileged. If you are not the
>         intended recipient, please notify the sender immediately and do
>         not disclose the contents to any other person, use it for any
>         purpose, or store or copy the information in any medium. Thank you.
>
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>