Hi Pascal, that using these ISO 7816 card is fast and save, doesn't say too much about the use-case without that card, or? For sure, there are micro-controller, which are also equipped with hw-ecc or hw-rsa. And there are more secure-devices protecting credentials. But there are also still ones without. I'm not sure, if I want spend too much money in my local network "light bulb". Isn't it always a question of what to protect in which environment?
best regards Achim Am 21.09.20 um 14:53 schrieb Pascal Urien:
tls-se memory footprint is flash 《 40KB ram 《 1KB time to open a tls session 1.4 seconds Le lun. 21 sept. 2020 à 14:47, Pascal Urien <pascal.ur...@gmail.com <mailto:pascal.ur...@gmail.com>> a écrit : hi Hannes no openssl or wolfssl are used as client in order to check interoperability with tls-se server tls-se is of course a specific implémentation for tls13 server in javacard..it is written in java but an ôter implémentation is written in c for constraint notes. as written in the draft tls-se implementation has three software blocks: crypto lib, tls state machine, and tls lib Le lun. 21 sept. 2020 à 14:36, Hannes Tschofenig <hannes.tschofe...@arm.com <mailto:hannes.tschofe...@arm.com>> a écrit : Hi Pascal, ____ __ __ are you saying that the stack on the secure element uses WolfSSL or OpenSSL? I am sure that WolfSSL works well but for code size reasons I doubt OpenSSL is possible. Can you confirm? ____ __ __ In case of WolfSSL, you have multiple options for credentials, including plain PSK, PSK-ECDHE, raw public keys, and certificates as I noted in my mail to the UTA list: ____ https://mailarchive.ietf.org/arch/msg/uta/RJ4wU77D6f7qslfwrc16jkrPTew/____ __ __ Ciao____ Hannes____ __ __ *From:* Pascal Urien <pascal.ur...@gmail.com <mailto:pascal.ur...@gmail.com>> *Sent:* Monday, September 21, 2020 2:01 PM *To:* Hannes Tschofenig <hannes.tschofe...@arm.com <mailto:hannes.tschofe...@arm.com>> *Cc:* Filippo Valsorda <fili...@ml.filippo.io <mailto:fili...@ml.filippo.io>>; tls@ietf.org <mailto:tls@ietf.org> *Subject:* Re: [TLS] The future of external PSK in TLS 1.3____ __ __ Hi Hannes____ __ __ Yes it has been tested with several 3.04 Javacards commercially available____ __ __ In the draft https://tools.ietf.org/html/draft-urien-tls-se-00 Section 5-ISO 7816 Use Case, the exchanges are done with the existing implementation____ __ __ TLS-SE TLS1.3 PSK+ECDH server works with ESP8266 or Arduino+Ethernet boards ____ __ __ For client software we use OPENSSL or WolfSSL____ __ __ Pascal____ __ __ __ __ __ __ __ __ Le lun. 21 sept. 2020 à 12:35, Hannes Tschofenig <hannes.tschofe...@arm.com <mailto:hannes.tschofe...@arm.com>> a écrit :____ Hi Pascal, Thanks for the pointer to the draft. Since I am surveying implementations for the update of RFC 7925 (see https://datatracker.ietf.org/doc/draft-ietf-uta-tls13-iot-profile/) I was wondering whether there is an implementation of this approach. Ciao Hannes From: Pascal Urien <pascal.ur...@gmail.com <mailto:pascal.ur...@gmail.com>> Sent: Monday, September 21, 2020 11:44 AM To: Hannes Tschofenig <hannes.tschofe...@arm.com <mailto:hannes.tschofe...@arm.com>> Cc: Filippo Valsorda <fili...@ml.filippo.io <mailto:fili...@ml.filippo.io>>; tls@ietf.org <mailto:tls@ietf.org> Subject: Re: [TLS] The future of external PSK in TLS 1.3 Hi All Here is an example of PSK+ECDHE for IoT https://tools.ietf.org/html/draft-urien-tls-se-00 uses TLS1.3 server PSK+ECDHE for secure elements The security level in these devices is as high as EAL5+ The computing time is about 1.4s for a PSK+ECDHE session (AES-128-CCM, + secp256r1) The real critical resource is the required RAM size, less than 1KB in our experiments The secure element only needs a classical TCP/IP interface (i.e. sockets like) Trusted PSK should avoid selfie attacks Pascal Le lun. 21 sept. 2020 à 11:29, Hannes Tschofenig <mailto:hannes.tschofe...@arm.com <mailto:hannes.tschofe...@arm.com>> a écrit : Hi Filippo, • Indeed, if the SCADA industry has a particular need, they should profile TLS for use in that industry, and not require we change the recommendation for the open Internet. We have an IoT profile for TLS and it talks about the use of PSK, see https://tools.ietf.org/html/rfc7925 On the “open Internet” (probably referring to the Web usage) you are not going to use PSKs in TLS. There is a separate RFC that provides recommendations for that environmnent, see RFC 752. That RFC is currently being revised, see https://datatracker.ietf.org/doc/draft-sheffer-uta-rfc7525bis/ Ciao Hannes IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. _______________________________________________ TLS mailing list mailto:TLS@ietf.org <mailto:TLS@ietf.org> https://www.ietf.org/mailman/listinfo/tls IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.____ IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
