@techreport{schmertmann-dice-ccm-psk-pfs-01, number = {draft-schmertmann-dice-ccm-psk-pfs-01}, type = {Internet-Draft}, institution = {Internet Engineering Task Force}, publisher = {Internet Engineering Task Force}, note = {Work in Progress}, url = {https://datatracker.ietf.org/doc/draft-schmertmann-dice-ccm-psk-pfs/01/}, author = {Lars Schmertmann and Carsten Bormann}, title = {{ECDHE-PSK AES-CCM Cipher Suites with Forward Secrecy for Transport Layer Security (TLS)}}, pagetotal = 7, year = 2014, month = aug, day = 15, abstract = {RFC 6655 describes the use of the Advanced Encryption Standard (AES) in the Counter with Cipher Block Chaining - Message Authentication Code (CBC-MAC) Mode (CCM) of operation within Transport Layer Security (TLS) and Datagram TLS (DTLS) to provide confidentiality and data origin authentication. The AES-CCM algorithm is amenable to compact implementations, making it suitable for constrained environments. It has been chosen as one of the preferred cipher suites for use with DTLS in the Constrained Application Protocol, CoAP. The present document defines additional cipher suites that provide forward secrecy. It also discusses an option to replace the Hash- based PRF in RFC 6655 by CMAC, reducing the number of cryptographic primitives required for implementation. (The intention is that the option is either chosen or not chosen before this document is agreed, not that both options are defined.) This document is initially addressed at the DICE working group in order to build consensus that there is an actual gap to be filled and about the technical parameters of a solution for that gap. Once this is agreed, the usual path for agreeing a cipher suite will need to be taken.}, }