Hi Watson, through Arm I deal with customers who use microcontrollers that have all sorts of limitations. So, the question is not so much whether these limitations exist but rather whether you care and what exactly these limitations are (CPU processing, RAM, flash memory, energy, networking bandwidth, cost, physical size limitations, limitations caused by the environment these devices operate in, etc.).
PSK is the most efficient mechanism we have. Not only does it perform extremely well when it comes to CPU performance it also reduces the size of code size, and RAM utilization. Also the bandwidth requirements are minimal. Of course, regular 32-bit microcontrollers are all able to do public key crypto operations (see a presentation I did a while ago in the LWIG group -- https://www.ietf.org/proceedings/92/slides/slides-92-lwig-3.pdf). There are, however, some environments where you just cannot wait multiple seconds for a handshake to complete. In discussions in the IETF I notice for some the IoT computing world starts with Cortex A-class devices, as they are found in Raspberry Pis, tablets and phones. Those are high performance processors where crypto is lightning fast. But don't forget the other family of processors, of which there are probably more than a 80 billion out in the wild already. Ciao Hannes -----Original Message----- From: TLS <tls-boun...@ietf.org> On Behalf Of Watson Ladd Sent: Wednesday, September 30, 2020 2:29 AM To: Blumenthal, Uri - 0553 - MITLL <u...@ll.mit.edu> Cc: tls@ietf.org Subject: Re: [TLS] The future of external PSK in TLS 1.3 On Tue, Sep 29, 2020 at 12:49 PM Blumenthal, Uri - 0553 - MITLL <u...@ll.mit.edu> wrote: > > I share Achim's concerns. > > But I believe the explanations will turn out mostly useless in the real > world, as the "lawyers" of the industry are guaranteed to steer away from > something "not recommended". > > In one word: bad. Why is PSK so necessary? There are very few devices that can't handle the occasional ECC operation. The key management and forward secrecy issues with TLS-PSK are real. Steering applications that can afford the CPU away from PSK and toward hybrid modes is a good thing and why this registry exists imho. -- Astra mortemque praestare gradatim _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
