On Tuesday, 10 July 2018 08:47:15 CEST Björn Haase wrote: > > Peter Gutmann wrote: > >In addition, the security doesn't have to be theoretically perfect, just > >good enough. An isolated network is frequently deemed secure enough, > Mostly in my analysis the assumption of the "isolation" of the network is a > security-misconception making setups vulnerable. You just need a network > plug and an own wireless device for making the plant remotely vulnerable. > While I agree that in most cases permanent physical access to a plant by an > attacker is unlikely, I consider it clearly feasible for the adversary to > have short-time access to an installation.
exactly, and plopping down an Ethernet to M2M gateway is something that will require access once and doesn't even require a knowledgeable attacker (variant of Evil Maid attack essentially) > >(16-bit device, and it took about 30s for the connection to be established, > >the key size was chosen because it was all the hardware could handle). > BTW, This is actually why we in the ICS business need TLS1.3 with its fast > options on tiny devices such as X25519 and Ed25519. That's by integer > factors faster on devices such as the M0 or the MSP430 than all of the > fastest legacy options, such as P256! > > Yours, > > Björn > > P.S.: > > Also in my perception, we clearly need a PAKE option for ICS use, both as > replacement for PSK for machine2machine interfaces and for true > operator-account logins. We currently cannot to rely on a properly > installed PKI in ICS environments. given what you said above, it sounds to me, like the PAKE in question should use negotiation for group (curve) selection, wouldn't it? -- Regards, Hubert Kario Senior Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 115, 612 00 Brno, Czech Republic
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
