Hi, I submitted a new version of draft-mattsson-tls-psk-ke-dont-dont-dont. psk_ke is likely the weakest part of TLS 1.3 and German BSI has already made a deadline for its deprecation. It is long overdue to change the "Recommended" value for psk_ke to "N".
This is a major update to earlier versions and adds a lot of background and motivation. The earlier version was never posted to the list. I plan to request presentation time at IETF 116. Cheers, John From: [email protected] <[email protected]> Date: Friday, 30 December 2022 at 09:47 To: John Mattsson <[email protected]>, John Mattsson <[email protected]> Subject: New Version Notification for draft-mattsson-tls-psk-ke-dont-dont-dont-02.txt A new version of I-D, draft-mattsson-tls-psk-ke-dont-dont-dont-02.txt has been successfully submitted by John Preuß Mattsson and posted to the IETF repository. Name: draft-mattsson-tls-psk-ke-dont-dont-dont Revision: 02 Title: Key Exchange Without Forward Secrecy is NOT RECOMMENDED Document date: 2022-12-30 Group: Individual Submission Pages: 9 URL: https://www.ietf.org/archive/id/draft-mattsson-tls-psk-ke-dont-dont-dont-02.txt Status: https://datatracker.ietf.org/doc/draft-mattsson-tls-psk-ke-dont-dont-dont/ Html: https://www.ietf.org/archive/id/draft-mattsson-tls-psk-ke-dont-dont-dont-02.html Htmlized: https://datatracker.ietf.org/doc/html/draft-mattsson-tls-psk-ke-dont-dont-dont Diff: https://author-tools.ietf.org/iddiff?url2=draft-mattsson-tls-psk-ke-dont-dont-dont-02 Abstract: Massive pervasive monitoring attacks using key exfiltration and made possible by key exchange without forward secrecy has been reported. If key exchange without Diffie-Hellman is used, static exfiltration of the long-term authentication keys enables passive attackers to compromise all past and future connections. Malicious actors can get access to long-term keys in different ways: physical attacks, hacking, social engineering attacks, espionage, or by simply demanding access to keying material with or without a court order. Exfiltration attacks are a major cybersecurity threat. The use of psk_ke is not following zero trust principles and governments have already made deadlines for its deprecation. This document updates the IANA PskKeyExchangeMode registry by setting the "Recommended" value for psk_ke to "N". The IETF Secretariat
_______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
