Hi Uri, I would even argue that key management is less challenging for IoT deployments because devices typically talk to a single device management server only. So, the communication patterns are pretty simplistic compared to a generic computing device. RFC 7452 talks about this topic (see the device-to-cloud and device-to-gateway pattern).
Ciao Hannes -----Original Message----- From: TLS <[email protected]> On Behalf Of Blumenthal, Uri - 0553 - MITLL Sent: Wednesday, September 30, 2020 2:48 AM To: Watson Ladd <[email protected]> Cc: [email protected] Subject: Re: [TLS] The future of external PSK in TLS 1.3 Because PSK is one of the affordable and reliable quantum-resistant key exchanges that work *today*? And done environments do not wish to do any EC operations. Yes, key management issues are real. Those who need it, understand the implications. Regards, Uri > On Sep 29, 2020, at 20:30, Watson Ladd <[email protected]> wrote: > > On Tue, Sep 29, 2020 at 12:49 PM Blumenthal, Uri - 0553 - MITLL > <[email protected]> wrote: >> >> I share Achim's concerns. >> >> But I believe the explanations will turn out mostly useless in the real >> world, as the "lawyers" of the industry are guaranteed to steer away from >> something "not recommended". >> >> In one word: bad. > > Why is PSK so necessary? There are very few devices that can't handle > the occasional ECC operation. The key management and forward secrecy > issues with TLS-PSK are real. Steering applications that can afford > the CPU away from PSK and toward hybrid modes is a good thing and why > this registry exists imho. > > > -- > Astra mortemque praestare gradatim IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. _______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
