Because PSK is one of the affordable and reliable quantum-resistant key exchanges that work *today*? And done environments do not wish to do any EC operations.
Yes, key management issues are real. Those who need it, understand the implications. Regards, Uri > On Sep 29, 2020, at 20:30, Watson Ladd <watsonbl...@gmail.com> wrote: > > On Tue, Sep 29, 2020 at 12:49 PM Blumenthal, Uri - 0553 - MITLL > <u...@ll.mit.edu> wrote: >> >> I share Achim's concerns. >> >> But I believe the explanations will turn out mostly useless in the real >> world, as the "lawyers" of the industry are guaranteed to steer away from >> something "not recommended". >> >> In one word: bad. > > Why is PSK so necessary? There are very few devices that can't handle > the occasional ECC operation. The key management and forward secrecy > issues with TLS-PSK are real. Steering applications that can afford > the CPU away from PSK and toward hybrid modes is a good thing and why > this registry exists imho. > > > -- > Astra mortemque praestare gradatim
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
