On Sat, Sep 19, 2020 at 06:00:00PM +0200, Filippo Valsorda wrote: > Setting Recommended to N is not "banning" anything, it's saying it > "has not been through the IETF consensus process, has limited > applicability, or is intended only for specific use cases". SCADA > sounds like a pretty specific use case. > > I don't have a strong opinion on psk_dhe_ke, but I see no reason > psk_ke wouldn't be marked N like all suites lacking PFS.
Is there actually a problem here? "Nobody" is using external PSK "on the open Internet", because, perhaps not surprisingly, you need to have a pre-shared key for that. Thus, browsers and the like just don't have pre-shared keys with each and every web-server the user might direct them at. By the time external PSK (i.e. not resumption session tickets) is actually in use, we're already well outside the use cases where we're protecting the privacy of Joe-consumer using commodity software. Perhaps in the IoT space one can envision some device "calling home" to the manufacturer or supplier in a manner that identifies the device slightly more than just the source and destination IP addresses, ... but I don't see this as motivating a compelling need to change the registry. -- Viktor. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls