PSK-TLS and TLS comparision : when to use what?

I was going through the RFC of Pre-Shared Key Ciphersuites for Transport Layer Security (TLS) http://tools.ietf.org/html/rfc4279, and was trying to compare them when to use what?
It actually depends on two main aspects to analyse:-

  1. What is the target environment?
  2. Who is going to use your solution?

Following are the properties, we should have a look, before we think about deploying:-

  1. Does that target environment has enough CPU to process initial Public/Private or Asymatric key cryptography operation? If it is a 256Mhz processor and a new session establishment trigered inbetween a critical task execution, you can not imagine that. Because such devices are alawys assigned to do real time activity?
  2. Is it feasible to update or revoke certificate their / on the target environment?
  3. What is more important ? Availabity or Information Security?

Now, when it comes to end user, who is going to use the solution, Is it a web browser like application or a set of API, which you will sell by adding TLS to it, or a stand alone application running on a small box.

For resource constrained, controlled and where certificate revocation is a pain, and using phony certificate is not granted by IT security policy it is alwys better to go with PSK-TLS, just like IPsec-Preshared key (which also proven to be worked out nicely).

Advertisements

inauguration

I have been thinking for a long time to make a blog/basket for me 🙂 to put all my ideas and thoughts, and get some feedback from my friends and At last did it