On Sun 2018-03-18 12:08:13 -0400, Viktor Dukhovni wrote:
> The devices that might use external PSKs will likely be unavoidably
> fingerprinted by source IP address and the target mothership.
I'm not convinced that this is the case -- it's not at all clear that
IoT devices will be attached to a stable network (so the source IP may
change), and for large deployments, the devices might all share the same
"mothership". But the device might still present significant privacy
concerns (for example, if it's a device that travels with a person, its
presence on the network could be used to track that person).
> So I agree with the above approach. It is better to keep external PSKs
> simple, with understood limitations, that to attempt (and fail) to turn
> privacy up to eleven.
fwiw, i agree that a big fat warning about the privacy implications of
reused (if you don't reuse, there is no problem) external PSKs is about
all we can do at this stage of TLS 1.3.
--dkg
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
