Hi Hannes Yes it has been tested with several 3.04 Javacards commercially available
In the draft https://tools.ietf.org/html/draft-urien-tls-se-00 Section 5-ISO 7816 Use Case, the exchanges are done with the existing implementation TLS-SE TLS1.3 PSK+ECDH server works with ESP8266 or Arduino+Ethernet boards For client software we use OPENSSL or WolfSSL Pascal Le lun. 21 sept. 2020 à 12:35, Hannes Tschofenig <hannes.tschofe...@arm.com> a écrit : > Hi Pascal, > > Thanks for the pointer to the draft. > > Since I am surveying implementations for the update of RFC 7925 (see > https://datatracker.ietf.org/doc/draft-ietf-uta-tls13-iot-profile/) I was > wondering whether there is an implementation of this approach. > > Ciao > Hannes > > > From: Pascal Urien <pascal.ur...@gmail.com> > Sent: Monday, September 21, 2020 11:44 AM > To: Hannes Tschofenig <hannes.tschofe...@arm.com> > Cc: Filippo Valsorda <fili...@ml.filippo.io>; tls@ietf.org > Subject: Re: [TLS] The future of external PSK in TLS 1.3 > > Hi All > > Here is an example of PSK+ECDHE for IoT > > https://tools.ietf.org/html/draft-urien-tls-se-00 uses TLS1.3 server > PSK+ECDHE for secure elements > > The security level in these devices is as high as EAL5+ > > The computing time is about 1.4s for a PSK+ECDHE session (AES-128-CCM, + > secp256r1) > > The real critical resource is the required RAM size, less than 1KB in our > experiments > > The secure element only needs a classical TCP/IP interface (i.e. sockets > like) > > Trusted PSK should avoid selfie attacks > > Pascal > > > > Le lun. 21 sept. 2020 à 11:29, Hannes Tschofenig <mailto: > hannes.tschofe...@arm.com> a écrit : > Hi Filippo, > > • Indeed, if the SCADA industry has a particular need, they should profile > TLS for use in that industry, and not require we change the recommendation > for the open Internet. > > We have an IoT profile for TLS and it talks about the use of PSK, see > https://tools.ietf.org/html/rfc7925 > > On the “open Internet” (probably referring to the Web usage) you are not > going to use PSKs in TLS. There is a separate RFC that provides > recommendations for that environmnent, see RFC 752. That RFC is currently > being revised, see > https://datatracker.ietf.org/doc/draft-sheffer-uta-rfc7525bis/ > > Ciao > Hannes > > IMPORTANT NOTICE: The contents of this email and any attachments are > confidential and may also be privileged. If you are not the intended > recipient, please notify the sender immediately and do not disclose the > contents to any other person, use it for any purpose, or store or copy the > information in any medium. Thank you. > _______________________________________________ > TLS mailing list > mailto:TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls > IMPORTANT NOTICE: The contents of this email and any attachments are > confidential and may also be privileged. If you are not the intended > recipient, please notify the sender immediately and do not disclose the > contents to any other person, use it for any purpose, or store or copy the > information in any medium. Thank you. >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
