PSK-TLS and TLS comparision : when to use what?

I was going through the RFC of Pre-Shared Key Ciphersuites for Transport Layer Security (TLS) http://tools.ietf.org/html/rfc4279, and was trying to compare them when to use what?
It actually depends on two main aspects to analyse:-

  1. What is the target environment?
  2. Who is going to use your solution?

Following are the properties, we should have a look, before we think about deploying:-

  1. Does that target environment has enough CPU to process initial Public/Private or Asymatric key cryptography operation? If it is a 256Mhz processor and a new session establishment trigered inbetween a critical task execution, you can not imagine that. Because such devices are alawys assigned to do real time activity?
  2. Is it feasible to update or revoke certificate their / on the target environment?
  3. What is more important ? Availabity or Information Security?

Now, when it comes to end user, who is going to use the solution, Is it a web browser like application or a set of API, which you will sell by adding TLS to it, or a stand alone application running on a small box.

For resource constrained, controlled and where certificate revocation is a pain, and using phony certificate is not granted by IT security policy it is alwys better to go with PSK-TLS, just like IPsec-Preshared key (which also proven to be worked out nicely).

Advertisements

About yadab das
Software Developer{writing,debugging,documenting} source code

One Response to PSK-TLS and TLS comparision : when to use what?

  1. Yadab Das says:

    One important aspect, i forgot to mention, Usages of PKI infrastructure is really a costly for resource constrained devices. So, the TLS-PSK, would be a perfect solution for such devices where we can use symmetric keys.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: