Re: [TLS] The future of external PSK in TLS 1.3

Pascal Urien <pascal.urien@gmail.com> Mon, 21 September 2020 12:01 UTC

Return-Path: <pascal.urien@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BAA0C3A0D08 for <tls@ietfa.amsl.com>; Mon, 21 Sep 2020 05:01:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id j2M6eM2xluRt for <tls@ietfa.amsl.com>; Mon, 21 Sep 2020 05:01:36 -0700 (PDT)
Received: from mail-vs1-xe35.google.com (mail-vs1-xe35.google.com [IPv6:2607:f8b0:4864:20::e35]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E52783A0D06 for <tls@ietf.org>; Mon, 21 Sep 2020 05:01:35 -0700 (PDT)
Received: by mail-vs1-xe35.google.com with SMTP id 7so7945596vsp.6 for <tls@ietf.org>; Mon, 21 Sep 2020 05:01:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=yOnhVW2l9FsLpdA6GG2J5LpYKOTDuApDloYvc3AB0zY=; b=KNDDG/XhGjWdE5wJ2IJ6cycqPZXXVI/09l5lEOqgc0jYFLXDN7tb5nd/11rvPUBT7g eZxATMbTKvt67U5icnmblhCWHcMGfXDFXGa3jMCgqnSU41eBeHgpsb+4ea6OGhtCKehW JJoeA4sAqLb1JQOaCkblfwTBOjvU5prIgiHeMXxk4SI9swUVqMdBnOUxDnEKvdmf0Fkj MIFBbC7mumi07dXf2A5rYBz6Vxnt05KVDcJ6PKQDfUrKWxST26BvRZPJMysJe/hWro+n 8LBz9ffQtypt9BG+acktV7969wv4t9uutE209Svh/4p+xnpE96CFHXIjtgVKcBYUzQgC C0PA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=yOnhVW2l9FsLpdA6GG2J5LpYKOTDuApDloYvc3AB0zY=; b=RwsIJiF6gU15KdYmDLiqs1pDUp/pzcaoe0RbNRWzoQu2uWMErui2AjY9it59ItN+58 WsvMOF9LBAbMvajKq/us1UPZv6HeRTBvU2/rGc6KCsWb68wrTGFdVxzl5evg6RSkUDEv 0Fagbhn/Y8qpxCwiBAmdpO/wXDhrhsMFMpcbI6vx/6jE9CZ+CMPTUBOMI0wMWvnsbDWe dtjJyP5VRLmIJE0dpHdmBwqjv8e5d0TXZA9X2TS/Mc06A7eA9DBo2VJry6Wgt58hzX9C ++p+QvL6ktcwHw3POg3eW52c5tBBJ9WS3V7J6icikf2amUnHVCpFwp6lS7FsgRNF3bmT 5rDg==
X-Gm-Message-State: AOAM533Lw6jZ2yotHAHxPBJibEtiDGNLKBzqn7+IRs9L8pGdbmkxKqN8 XZs2YvP3qZk4zOHMge40akmvXkXO6YnnEQbIdfo=
X-Google-Smtp-Source: ABdhPJzkluEaAh+aDgBUM2shiHiqNOQgNhKm8tMRxtdZcaWMC0QXcD5ZPV6ZDfLh+vF3D5uA94alj3LX6gNd1WRGSPU=
X-Received: by 2002:a67:2d48:: with SMTP id t69mr27198074vst.27.1600689694851; Mon, 21 Sep 2020 05:01:34 -0700 (PDT)
MIME-Version: 1.0
References: <77039F11-188E-4408-8B39-57B908DDCB80@ericsson.com> <1600516093048.75181@cs.auckland.ac.nz> <2f2ecb30-bef5-414a-8ff7-d707d773c7ea@www.fastmail.com> <AM0PR08MB3716AAADBE7D2A6F3E29664BFA3A0@AM0PR08MB3716.eurprd08.prod.outlook.com> <CAEQGKXQdVO_SAVT1kciiH1EgQqenaYDeXnFD9gfa3BKTNFBjig@mail.gmail.com> <AM0PR08MB3716D1CD8D13C68C91ADE322FA3A0@AM0PR08MB3716.eurprd08.prod.outlook.com>
In-Reply-To: <AM0PR08MB3716D1CD8D13C68C91ADE322FA3A0@AM0PR08MB3716.eurprd08.prod.outlook.com>
From: Pascal Urien <pascal.urien@gmail.com>
Date: Mon, 21 Sep 2020 14:01:23 +0200
Message-ID: <CAEQGKXS-HyESGOU9iiYCXKdJk-wMkDnO4eYK2iVs21E3gtVOPQ@mail.gmail.com>
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
Cc: Filippo Valsorda <filippo@ml.filippo.io>, "tls@ietf.org" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000a845de05afd19c85"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/ptMloa-x1-msByEdhzn38McIzv0>
Subject: Re: [TLS] The future of external PSK in TLS 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Sep 2020 12:01:38 -0000

Hi Hannes

Yes it has been tested with several  3.04 Javacards  commercially available

In the draft https://tools.ietf.org/html/draft-urien-tls-se-00   Section
5-ISO 7816 Use Case, the exchanges are done with the existing implementation

TLS-SE TLS1.3 PSK+ECDH server works with ESP8266 or Arduino+Ethernet boards

For client software we use OPENSSL or WolfSSL

Pascal




Le lun. 21 sept. 2020 à 12:35, Hannes Tschofenig <Hannes.Tschofenig@arm.com>
a écrit :

> Hi Pascal,
>
> Thanks for the pointer to the draft.
>
> Since I am surveying implementations for the update of RFC 7925 (see
> https://datatracker.ietf.org/doc/draft-ietf-uta-tls13-iot-profile/) I was
> wondering whether there is an implementation of this approach.
>
> Ciao
> Hannes
>
>
> From: Pascal Urien <pascal.urien@gmail.com>
> Sent: Monday, September 21, 2020 11:44 AM
> To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
> Cc: Filippo Valsorda <filippo@ml.filippo.io>; tls@ietf.org
> Subject: Re: [TLS] The future of external PSK in TLS 1.3
>
> Hi All
>
> Here is an example of PSK+ECDHE for IoT
>
> https://tools.ietf.org/html/draft-urien-tls-se-00  uses TLS1.3 server
> PSK+ECDHE for secure elements
>
> The security level in these devices is as high as EAL5+
>
> The computing time is about 1.4s for a PSK+ECDHE session (AES-128-CCM, +
> secp256r1)
>
> The real critical resource is the required RAM size, less than 1KB in our
> experiments
>
> The secure element  only needs a classical TCP/IP interface (i.e. sockets
> like)
>
> Trusted PSK should avoid selfie attacks
>
> Pascal
>
>
>
> Le lun. 21 sept. 2020 à 11:29, Hannes Tschofenig <mailto:
> Hannes.Tschofenig@arm.com> a écrit :
> Hi Filippo,
>
> • Indeed, if the SCADA industry has a particular need, they should profile
> TLS for use in that industry, and not require we change the recommendation
> for the open Internet.
>
> We have an IoT profile for TLS and it talks about the use of PSK, see
> https://tools.ietf.org/html/rfc7925
>
> On the “open Internet” (probably referring to the Web usage) you are not
> going to use PSKs in TLS. There is a separate RFC that provides
> recommendations for that environmnent, see RFC 752. That RFC is currently
> being revised, see
> https://datatracker.ietf.org/doc/draft-sheffer-uta-rfc7525bis/
>
> Ciao
> Hannes
>
> IMPORTANT NOTICE: The contents of this email and any attachments are
> confidential and may also be privileged. If you are not the intended
> recipient, please notify the sender immediately and do not disclose the
> contents to any other person, use it for any purpose, or store or copy the
> information in any medium. Thank you.
> _______________________________________________
> TLS mailing list
> mailto:TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
> IMPORTANT NOTICE: The contents of this email and any attachments are
> confidential and may also be privileged. If you are not the intended
> recipient, please notify the sender immediately and do not disclose the
> contents to any other person, use it for any purpose, or store or copy the
> information in any medium. Thank you.
>