Dear All I tested the identity module for tls1.3, whose features and code for javacard 3.04, are described in draft-urien-tls-im-02, with the WolfSSL TLS13 stack. As many stacks, pre-shared key is available thanks to a callback that returns the psk value in clear form. I believe this is a bad practice from a security point of view. The main idea of draft-urien-tls-im-02 is to avoid psk exposure. In order to prevent hijacking, psk is only used thanks to dedicated HDSK procedures, based on psk value. >From a sofware point of view the identiy module requires a dedicated callback at several points in the TLS13 stack. Given this pre-requisite the draft-urien-tls-im-02 works and protects the preshared key. In the WolfSSL TLS13 stack there is a callback to compute asymmetric signature when certificates are used. The identity module can perform this operation (as described in draft and code) and so avoid the private key hijacking. This seems to be the common TLS13 mistake: private key is protected from eavesdropping but not psk. It should be great to test identity module at next IETF hackatons…it is easy to make an identity module with a commercial javacard..i can provided UART interface devices for embedded platform
Rgs Pascal
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls