Just to clarify myself further, I would not want us to change the TLS 1.3 protocol. I would rather have this design team produce an informational document that discusses considerations when using external PSKs in different settings, as well as, privacy of PSK identities and possible mitigations.
--Mohit On 1/21/20 1:26 PM, Mohit Sethi M wrote: > Thanks for clarifying. I would still like that this design team to have > a narrow scope. As Sean said in his initial email: > >> forming a design team to focus on external PSK management and usage for TLS > --Mohit > > On 1/21/20 12:40 PM, Björn Haase wrote: >>> Mohit Sethi M <mohit.m.se...@ericsson.com> wrote: >>> I would let CFRG deal with the PAKE selection process: >>> and not have this design team spend time and energy on designing PAKEs. >> That was not what I was suggesting. Instead, I was suggesting to >> *incorporate* the results of the selection process into TLS, such that there >> is an option allowing for security also in case of a "Low-Entropy"-PSK. >> Possibly, if the PAKE substep actually happens to be no more complex than >> Diffie-Hellmann, it might be worth to consider the PAKE as the default >> mechanism for any PSK-based key establishment that authenticates an >> ephemeral new session key with a PSK mechanism.? >> >> Yours, >> >> Björn. >> >> >> Mit freundlichen Grüßen I Best Regards >> >> Dr. Björn Haase >> >> >> Senior Expert Electronics | TGREH Electronics Hardware >> Endress+Hauser Conducta GmbH+Co.KG | Dieselstrasse 24 | 70839 Gerlingen | >> Germany >> Phone: +49 7156 209 377 | Fax: +49 7156 209 221 >> bjoern.ha...@endress.com | www.conducta.endress.com >> >> >> >> Endress+Hauser Conducta GmbH+Co.KG >> Amtsgericht Stuttgart HRA 201908 >> Sitz der Gesellschaft: Gerlingen >> Persönlich haftende Gesellschafterin: >> Endress+Hauser Conducta Verwaltungsgesellschaft mbH >> Sitz der Gesellschaft: Gerlingen >> Amtsgericht Stuttgart HRA 201929 >> Geschäftsführer: Dr. Manfred Jagiella >> >> >> Gemäss Datenschutzgrundverordnung sind wir verpflichtet, Sie zu informieren, >> wenn wir personenbezogene Daten von Ihnen erheben. >> Dieser Informationspflicht kommen wir mit folgendem Datenschutzhinweis >> (https://www.endress.com/de/cookies-endress+hauser-website) nach. >> >> >> >> Disclaimer: >> >> The information transmitted is intended only for the person or entity to >> which it is addressed and may contain confidential, proprietary, and/or >> privileged material. Any review, retransmission, dissemination or other use >> of, or taking of any action in reliance upon, this information by persons or >> entities other than the intended recipient is prohibited. If you receive >> this in error, please contact the sender and delete the material from any >> computer. This e-mail does not constitute a contract offer, a contract >> amendment, or an acceptance of a contract offer unless explicitly and >> conspicuously designated or stated as such. >> >> _______________________________________________ >> TLS mailing list >> TLS@ietf.org >> https://www.ietf.org/mailman/listinfo/tls > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls