[Cryptography] How widely are the PSK modes used?

Jon Callas jon at callas.org
Fri Feb 22 15:40:35 EST 2019 


> On Feb 21, 2019, at 11:27 PM, Dmitry Belyavsky <beldmit at gmail.com> wrote:
> 
> Dear Jon,
> 
[…]

> I suppose there are some places where PSK is necessary though bootstrapping it is still hard. For example, a lack of randomness for the normal TLS in IoT solutions can be such a place.

I only disagree with “necessary” and might say “useful” so yeah. 

> The other place I keep in mind is TLS 1.3, where the PSK mode, if I understand it correctly, is a part of session resumption and, if it is not available, we have to do the full handshake.

I can also see some session-resumption things that could be layered on it.

> 
> The real question is: if we make a PSK-less TLS profile, what problems do we get? What areas will suffer from such a limitation?
> 
> Thank you!

My pleasure. Let me turn this on its head. Even though you and I don’t see completely eye-to-eye, we agree there are a number of use cases for it, even if they’re not presently widely used. So why get rid of it?

The purpose of a standard is interoperability. A standard is a formalish language in which you and I can independently write software that we have a basis for expecting them to work well together. There is thus pressure to allow options people find useful (the MAYs) and a tight set of requirements for a useful minimalist implementation (the MUSTs). These are in tension, and the best result is something like the old Einstein aphorism of “simple as possible and no simpler.” That guidance is both excellent as a guide and useless as guidance. It’s inspirational and not actionable. It’s why we have these discussions, really.

From your examples, we know that PSKs are useful as a mitigation against lack of randomness as well as for higher-level protocols (like some fancy session resumption, optimization thing). Sounds like the case for keeping it has been made, to me. There’s another discussion about where it should be in the MUST/SHOULD/MAY cascade, but that’s a different issue.

“Who’s using this?” Is a valuable question. It shouldn’t be the only one. There are plenty of awful security things that everyone is using and they should go the way of all things *because* everyone is using them. There are plenty of pretty bits of gingerbread that should be kept because of potential, or even as a safety net. A bit of (to me) obvious (and unfair) hyperbole is to take a vote on how many people are regularly using fire hydrants, and if we don’t use them often, why not get rid of them?

It seems to me that the case for PSK is essentially that when you need it, you need it.

	Jon

More information about the cryptography mailing list