Re: [TLS] Privacy considerations - identity hiding from eavesdropping in (D)TLS

Hi a working solution fot TLS 1.0,1.1, 1.2, DTLS 1.0, 1.2 is to encrypt the client certificat with an extra key computed from the master secret see https://tools.ietf.org/html/draft-urien-badra-eap-tls-identity-protection-01 Rgs Pascal 2015-08-24 22:56 UTC+02:00, Viktor S. Wold Eide : > Hi, >

[TLS] draft-urien-tls-im-02.txt & test

Dear All I tested the identity module for tls1.3, whose features and code for javacard 3.04, are described in draft-urien-tls-im-02, with the WolfSSL TLS13 stack. As many stacks, pre-shared key is available thanks to a callback that returns the psk value in clear form. I believe this is a bad pract

Re: [TLS] The future of external PSK in TLS 1.3

Hi All Here is an example of PSK+ECDHE for IoT https://tools.ietf.org/html/draft-urien-tls-se-00 uses TLS1.3 server PSK+ECDHE for secure elements The security level in these devices is as high as EAL5+ The computing time is about 1.4s for a PSK+ECDHE session (AES-128-CCM, + secp256r1) The rea

Re: [TLS] The future of external PSK in TLS 1.3

acker.ietf.org/doc/draft-ietf-uta-tls13-iot-profile/) I was > wondering whether there is an implementation of this approach. > > Ciao > Hannes > > > From: Pascal Urien > Sent: Monday, September 21, 2020 11:44 AM > To: Hannes Tschofenig > Cc: Filippo Valsorda ; tls@ietf

Re: [TLS] The future of external PSK in TLS 1.3

gt; https://mailarchive.ietf.org/arch/msg/uta/RJ4wU77D6f7qslfwrc16jkrPTew/ > > > > Ciao > > Hannes > > > > *From:* Pascal Urien > *Sent:* Monday, September 21, 2020 2:01 PM > *To:* Hannes Tschofenig > *Cc:* Filippo Valsorda ; tls@ietf.org > *Subject:* Re: [TLS] The

Re: [TLS] The future of external PSK in TLS 1.3

tls-se memory footprint is flash 《 40KB ram 《 1KB time to open a tls session 1.4 seconds Le lun. 21 sept. 2020 à 14:47, Pascal Urien a écrit : > hi Hannes > > no openssl or wolfssl are used as client in order to check > interoperability with tls-se server > > tls-se is of

Re: [TLS] The future of external PSK in TLS 1.3

ere are also > still ones without. > I'm not sure, if I want spend too much money in my local network "light > bulb". Isn't it always a question of what to protect in which environment? > > best regards > Achim > > Am 21.09.20 um 14:53 schrieb Pascal Urien: &g

Re: [TLS] The future of external PSK in TLS 1.3

Hi all Payment terminal use TLS (see for example https://www.pcisecuritystandards.org/documents/Use-of-SSL-Early-TLS-for-POS-POI-Connections.docx ) They are not WEB browser...may be IoT devices ? because they are connected Le jeu. 24 sept. 2020 à 16:12, Filippo Valsorda a écrit : > 2020-09-2

Re: [TLS] The future of external PSK in TLS 1.3

code also implements https://tools.ietf.org/html/draft-urien-tls-im-03 Pascal Le lun. 21 sept. 2020 à 17:05, Hannes Tschofenig a écrit : > > > Ping me when it becomes available or post a link to the UTA mailing list. > > > > *From:* Pascal Urien > *Sent:* Monday, Se

Re: [TLS] TLS@IET110: Agenda Topics

Dear Chair I would like to shortly presents these two drafts https://www.ietf.org/archive/id/draft-urien-tls-se-01.txt https://www.ietf.org/archive/id/draft-urien-tls-im-04.txt Best Regards Pascal Urien Le mar. 5 janv. 2021 à 03:55, Sean Turner a écrit : > The TLS WG will meet at IETF

[TLS] internet of secure elements

store Open code for RACS server https://github.com/purien/racs_0_1 Pascal Urien ___ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls

Re: [TLS] tls@ietf114: Agenda Topics

Dear chair I would like to request a slot for presentigs these two drafts that were introduced at IETF 112 Hot RFC https://datatracker.ietf.org/doc/draft-urien-tls-im/06/ https://datatracker.ietf.org/doc/draft-urien-tls-se/04/ These drafts have open implementations available at github Best Regard

Re: [TLS] TLS ECDSA nonce reuse attack?

More biased nonce attacks for ECDSA But in my mind the worst threat is Kleptogram for ECDSA (malicious random number generator, such as Dual EC DBRG ?) biased nonce attack for ECDSA = ] J. Breitner and N. Heninger, "Biased nonce sense: Lattice attacks against weak ECDSA si

[TLS] DH security issue in TLS

I wonder if g**x , with x =(1-p)/2 is checked in current TLS 1.2 implementation ? In RFC https://tools.ietf.org/html/rfc7919 "Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for Transport Layer Security (TLS)" "Traditional finite field Diffie-Hellman has each peer choose their secret

Re: [TLS] DH security issue in TLS

he ephemeral secret key on another > leg of the connection. > > On Tue, Dec 3, 2019 at 3:03 PM Scott Fluhrer (sfluhrer) < > sfluh...@cisco.com> wrote: > >> See SRF >> >> >> >> *From:* TLS *On Behalf Of * Pascal Urien >> *Sent:* Tues

Re: [TLS] DH security issue in TLS

u may be interested in checking Section > III.B of [1] > > Best, > > Antoine > > [1] http://antoine.delignat-lavaud.fr/doc/ndss15.pdf > > On 2019-12-04 16:23, Pascal Urien wrote: > > Hi all > > > > https://tools.ietf.org/html/rfc7919 seems somewhat confusing

Re: [TLS] Industry Concerns about TLS 1.3

Hi All There is a smart way to recover DH secret by a third party It is DH tripartite base on EC paring https://tools.ietf.org/html/draft-urien-tls-dh-tripartite-00 Rgs Pascal 2016-09-25 23:20 GMT+02:00 Ackermann, Michael : > I understand your concern over what the nation-state actors are

[TLS] Re: Adoption call for TLS 1.2 Update for Long-term Support

Hi Peter I've never seen TLS 1.3 in an embedded device. By "embedded device" do you > mean a Linux box, or something running RTEMS, uC/OS, ThreadX, or similar? > TLS 1.3 in PSK mode for secure element (smartcard) is described in https://datatracker.ietf.org/doc/draft-urien-tls-se/ Implementati