Hi Hannes The TLS-SE code is now published https://github.com/purien/TLS-SE
It also comprises software tools for testing This code is a TLS1.3 ECDH-PSK server for a javacard as specified in https://tools.ietf.org/html/draft-urien-tls-se-01 It has been tested with several javacard 3.04 This code also implements https://tools.ietf.org/html/draft-urien-tls-im-03 Pascal Le lun. 21 sept. 2020 à 17:05, Hannes Tschofenig <hannes.tschofe...@arm.com> a écrit : > > > Ping me when it becomes available or post a link to the UTA mailing list. > > > > *From:* Pascal Urien <pascal.ur...@gmail.com> > *Sent:* Monday, September 21, 2020 4:18 PM > *To:* Hannes Tschofenig <hannes.tschofe...@arm.com> > *Subject:* Re: [TLS] The future of external PSK in TLS 1.3 > > > > Not at this moment but the code will be pusblished on github > > > > Le lun. 21 sept. 2020 à 15:30, Hannes Tschofenig < > hannes.tschofe...@arm.com> a écrit : > > Thanks for the details. > > > > Is the code for the tls13 server on the javacard open source? > > > > Ciao > > Hannes > > > > > > *From:* Pascal Urien <pascal.ur...@gmail.com> > *Sent:* Monday, September 21, 2020 2:54 PM > *To:* Hannes Tschofenig <hannes.tschofe...@arm.com> > *Cc:* Filippo Valsorda <fili...@ml.filippo.io>; t...@ietf.org > *Subject:* Re: [TLS] The future of external PSK in TLS 1.3 > > > > tls-se memory footprint is > > flash 《 40KB > > ram 《 1KB > > > > time to open a tls session 1.4 seconds > > > > > > Le lun. 21 sept. 2020 à 14:47, Pascal Urien <pascal.ur...@gmail.com> a > écrit : > > hi Hannes > > > > no openssl or wolfssl are used as client in order to check > interoperability with tls-se server > > > > tls-se is of course a specific implémentation for tls13 server in > javacard..it is written in java but an ôter implémentation is written in c > for constraint notes. as written in the draft tls-se implementation has > three software blocks: crypto lib, tls state machine, and tls lib > > > > > > > > Le lun. 21 sept. 2020 à 14:36, Hannes Tschofenig < > hannes.tschofe...@arm.com> a écrit : > > Hi Pascal, > > > > are you saying that the stack on the secure element uses WolfSSL or > OpenSSL? I am sure that WolfSSL works well but for code size reasons I > doubt OpenSSL is possible. Can you confirm? > > > > In case of WolfSSL, you have multiple options for credentials, including > plain PSK, PSK-ECDHE, raw public keys, and certificates as I noted in my > mail to the UTA list: > > https://mailarchive.ietf.org/arch/msg/uta/RJ4wU77D6f7qslfwrc16jkrPTew/ > > > > Ciao > > Hannes > > > > *From:* Pascal Urien <pascal.ur...@gmail.com> > *Sent:* Monday, September 21, 2020 2:01 PM > *To:* Hannes Tschofenig <hannes.tschofe...@arm.com> > *Cc:* Filippo Valsorda <fili...@ml.filippo.io>; t...@ietf.org > *Subject:* Re: [TLS] The future of external PSK in TLS 1.3 > > > > Hi Hannes > > > > Yes it has been tested with several 3.04 Javacards commercially available > > > > In the draft https://tools.ietf.org/html/draft-urien-tls-se-00 Section > 5-ISO 7816 Use Case, the exchanges are done with the existing implementation > > > > TLS-SE TLS1.3 PSK+ECDH server works with ESP8266 or Arduino+Ethernet > boards > > > > For client software we use OPENSSL or WolfSSL > > > > Pascal > > > > > > > > > > Le lun. 21 sept. 2020 à 12:35, Hannes Tschofenig < > hannes.tschofe...@arm.com> a écrit : > > Hi Pascal, > > Thanks for the pointer to the draft. > > Since I am surveying implementations for the update of RFC 7925 (see > https://datatracker.ietf.org/doc/draft-ietf-uta-tls13-iot-profile/) I was > wondering whether there is an implementation of this approach. > > Ciao > Hannes > > > From: Pascal Urien <pascal.ur...@gmail.com> > Sent: Monday, September 21, 2020 11:44 AM > To: Hannes Tschofenig <hannes.tschofe...@arm.com> > Cc: Filippo Valsorda <fili...@ml.filippo.io>; t...@ietf.org > Subject: Re: [TLS] The future of external PSK in TLS 1.3 > > Hi All > > Here is an example of PSK+ECDHE for IoT > > https://tools.ietf.org/html/draft-urien-tls-se-00 uses TLS1.3 server > PSK+ECDHE for secure elements > > The security level in these devices is as high as EAL5+ > > The computing time is about 1.4s for a PSK+ECDHE session (AES-128-CCM, + > secp256r1) > > The real critical resource is the required RAM size, less than 1KB in our > experiments > > The secure element only needs a classical TCP/IP interface (i.e. sockets > like) > > Trusted PSK should avoid selfie attacks > > Pascal > > > > Le lun. 21 sept. 2020 à 11:29, Hannes Tschofenig <mailto: > hannes.tschofe...@arm.com> a écrit : > Hi Filippo, > > • Indeed, if the SCADA industry has a particular need, they should profile > TLS for use in that industry, and not require we change the recommendation > for the open Internet. > > We have an IoT profile for TLS and it talks about the use of PSK, see > https://tools.ietf.org/html/rfc7925 > > On the “open Internet” (probably referring to the Web usage) you are not > going to use PSKs in TLS. There is a separate RFC that provides > recommendations for that environmnent, see RFC 752. That RFC is currently > being revised, see > https://datatracker.ietf.org/doc/draft-sheffer-uta-rfc7525bis/ > > Ciao > Hannes > > IMPORTANT NOTICE: The contents of this email and any attachments are > confidential and may also be privileged. If you are not the intended > recipient, please notify the sender immediately and do not disclose the > contents to any other person, use it for any purpose, or store or copy the > information in any medium. Thank you. > _______________________________________________ > TLS mailing list > mailto:t...@ietf.org > https://www.ietf.org/mailman/listinfo/tls > IMPORTANT NOTICE: The contents of this email and any attachments are > confidential and may also be privileged. If you are not the intended > recipient, please notify the sender immediately and do not disclose the > contents to any other person, use it for any purpose, or store or copy the > information in any medium. Thank you. > > IMPORTANT NOTICE: The contents of this email and any attachments are > confidential and may also be privileged. If you are not the intended > recipient, please notify the sender immediately and do not disclose the > contents to any other person, use it for any purpose, or store or copy the > information in any medium. Thank you. > > IMPORTANT NOTICE: The contents of this email and any attachments are > confidential and may also be privileged. If you are not the intended > recipient, please notify the sender immediately and do not disclose the > contents to any other person, use it for any purpose, or store or copy the > information in any medium. Thank you. > > IMPORTANT NOTICE: The contents of this email and any attachments are > confidential and may also be privileged. If you are not the intended > recipient, please notify the sender immediately and do not disclose the > contents to any other person, use it for any purpose, or store or copy the > information in any medium. Thank you. >
_______________________________________________ Uta mailing list Uta@ietf.org https://www.ietf.org/mailman/listinfo/uta
