> On Mar 18, 2018, at 11:27 AM, Eric Rescorla <e...@rtfm.com> wrote:
>
> After discussion with the chairs and the AD, I have opted to just add a
> section
> that explains the attack. I just merged that (but managed not to get it into
> -27
> due to fumble fingering).
It seems to me that privacy considerations for external PSKs are a rather
secondary issue. These are infinitely more likely to be used by IOT devices
calling the mothership than by users browsing content they'd rather keep
private. I've never used an external PSK, nor do I expect have any of the
posters pointing out the privacy issues.
The devices that might use external PSKs will likely be unavoidably
fingerprinted by source IP address and the target mothership.
So I agree with the above approach. It is better to keep external PSKs
simple, with understood limitations, that to attempt (and fail) to turn
privacy up to eleven.
--
Viktor.
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
