Hello to all, in the process of the discussions of the external PSK guidance document, it was considered to suggest an encoding for PSK for applications that need to enter the key by manual typing.
Presently such applications might be tempted to allow for strings such as "banana" as PSK which is considered to be a bad idea. I have prepared a very rough suggestion, on how an encoding could be defined that would require assistance from a tool and might enforce some minimum level of entropy. Moreover such an encoding might be more user friendly, since a certain level of typing errors could be distinguished from authentication failures. A first suggestion as basis for a discussion is now online at https://datatracker.ietf.org/doc/draft-haase-psk-encoding/ Yours, Björn. Am 09.03.2020 um 20:17 schrieb Christopher Wood:
This document is the first checkpoint for the External PSK design team started a few weeks back. Feedback in the form of comments, edits, or PRs [1] is welcome! Thanks, Chris (no hat) [1] https://github.com/tlswg/external-psk-design-team ----- Original message ----- From: internet-dra...@ietf.org To: "Christopher A. Wood" <c...@heapingbits.net>, Mohit Sethi <mo...@piuha.net>, Jonathan Hoyland <jonathan.hoyl...@gmail.com>, Christopher Wood <c...@heapingbits.net>, Russ Housley <hous...@vigilsec.com> Subject: New Version Notification for draft-dt-tls-external-psk-guidance-00.txt Date: Monday, March 09, 2020 12:10 PM A new version of I-D, draft-dt-tls-external-psk-guidance-00.txt has been successfully submitted by Christopher A. Wood and posted to the IETF repository. Name: draft-dt-tls-external-psk-guidance Revision: 00 Title: Guidance for External PSK Usage in TLS Document date: 2020-03-09 Group: Individual Submission Pages: 11 URL: https://www.ietf.org/internet-drafts/draft-dt-tls-external-psk-guidance-00.txt Status: https://datatracker.ietf.org/doc/draft-dt-tls-external-psk-guidance/ Htmlized: https://tools.ietf.org/html/draft-dt-tls-external-psk-guidance-00 Htmlized: https://datatracker.ietf.org/doc/html/draft-dt-tls-external-psk-guidance Abstract: This document provides usage guidance for external Pre-Shared Keys (PSKs) in TLS. It lists TLS security properties provided by PSKs under certain assumptions and demonstrates how violations of these assumptions lead to attacks. This document also discusses PSK use cases, provisioning processes, and TLS stack implementation support in the context of these assumptions. It provides advice for applications in various use cases to help meet these assumptions. Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. The IETF Secretariat _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
