Add a new "SECURITY_CONSIDERATION" document to help customers manage External PSKs 

### Problem:

Add a new `SECURITY_CONSIDERATION` document. 
It MUST contain a section on how to safely manage external PSKs, including:

- Use a different PSK for each endpoint, and use a different PSK when acting as a server vs when acting as a client. See the selfie attack.
- If the server name is configured during the ClientHello callback, then so should the PSKs (the PSKs should be set with the server name in mind).
- Do not store your PSKs publicly or send them over plaintext (do we really need to include this?)

### Solution:

Adds new documents called `SECURITY_CONSIDERATION` unders docs/ folder to discuss attack scenarios and ways to prevent them. 

* **Does this change what S2N sends over the wire?**  No
* **Does this change any public APIs?**  No. Doc Addition.
* **Which versions of TLS will this impact?** All.


[//]: #  (NOTE: If you believe this might be a security issue, please email aws-security@amazon.com instead of creating a GitHub issue. For more details, see the AWS Vulnerability Reporting Guide: https://aws.amazon.com/security/vulnerability-reporting/ )


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add a new "SECURITY_CONSIDERATION" document to help customers manage External PSKs #2887

Problem:

Solution:

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Add a new "SECURITY_CONSIDERATION" document to help customers manage External PSKs #2887

Description

Problem:

Solution:

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions