Pre-Shared Key Ciphersuites for Transport Layer Security (TLS)
RFC 4279
Document Type RFC - Proposed Standard (December 2005; No errata)
Authors Hannes Tschofenig  , Pasi Eronen 
Last updated 2015-10-14
Replaces draft-eronen-tls-psk
Stream IETF
Formats plain text html pdf htmlized bibtex
Stream WG state (None)
Document shepherd No shepherd assigned
IESG IESG state RFC 4279 (Proposed Standard)
Action Holders
(None)
Consensus Boilerplate Unknown
Telechat date
Responsible AD Russ Housley
Send notices to ekr@networkresonance.com
Email authors Email WG IPR References Referenced by Nits 
Network Working Group                                     P. Eronen, Ed.
Request for Comments: 4279                                         Nokia
Category: Standards Track                             H. Tschofenig, Ed.
                                                                 Siemens
                                                           December 2005

     Pre-Shared Key Ciphersuites for Transport Layer Security (TLS)

Status of This Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2005).

Abstract

   This document specifies three sets of new ciphersuites for the
   Transport Layer Security (TLS) protocol to support authentication
   based on pre-shared keys (PSKs).  These pre-shared keys are symmetric
   keys, shared in advance among the communicating parties.  The first
   set of ciphersuites uses only symmetric key operations for
   authentication.  The second set uses a Diffie-Hellman exchange
   authenticated with a pre-shared key, and the third set combines
   public key authentication of the server with pre-shared key
   authentication of the client.

Eronen & Tschofenig         Standards Track                     [Page 1]
RFC 4279                PSK Ciphersuites for TLS           December 2005

Table of Contents

   1. Introduction ....................................................2
      1.1. Applicability Statement ....................................3
      1.2. Conventions Used in This Document ..........................4
   2. PSK Key Exchange Algorithm ......................................4
   3. DHE_PSK Key Exchange Algorithm ..................................6
   4. RSA_PSK Key Exchange Algorithm ..................................7
   5. Conformance Requirements ........................................8
      5.1. PSK Identity Encoding ......................................8
      5.2. Identity Hint ..............................................9
      5.3. Requirements for TLS Implementations .......................9
      5.4. Requirements for Management Interfaces .....................9
   6. IANA Considerations ............................................10
   7. Security Considerations ........................................10
      7.1. Perfect Forward Secrecy (PFS) .............................10
      7.2. Brute-Force and Dictionary Attacks ........................10
      7.3. Identity Privacy ..........................................11
      7.4. Implementation Notes ......................................11
   8. Acknowledgements ...............................................11
   9. References .....................................................12
      9.1. Normative References ......................................12
      9.2. Informative References ....................................12

1.  Introduction

   Usually, TLS uses public key certificates [TLS] or Kerberos [KERB]
   for authentication.  This document describes how to use symmetric
   keys (later called pre-shared keys or PSKs), shared in advance among
   the communicating parties, to establish a TLS connection.

   There are basically two reasons why one might want to do this:

   o  First, using pre-shared keys can, depending on the ciphersuite,
      avoid the need for public key operations.  This is useful if TLS
      is used in performance-constrained environments with limited CPU
      power.

   o  Second, pre-shared keys may be more convenient from a key
      management point of view.  For instance, in closed environments
      where the connections are mostly configured manually in advance,
      it may be easier to configure a PSK than to use certificates.
      Another case is when the parties already have a mechanism for
      setting up a shared secret key, and that mechanism could be used
      to "bootstrap" a key for authenticating a TLS connection.

Eronen & Tschofenig         Standards Track                     [Page 2]
RFC 4279                PSK Ciphersuites for TLS           December 2005

   This document specifies three sets of new ciphersuites for TLS.
   These ciphersuites use new key exchange algorithms, and reuse
   existing cipher and MAC algorithms from [TLS] and [AES].  A summary
   of these ciphersuites is shown below.

      CipherSuite                        Key Exchange  Cipher       Hash

      TLS_PSK_WITH_RC4_128_SHA           PSK           RC4_128       SHA
      TLS_PSK_WITH_3DES_EDE_CBC_SHA      PSK           3DES_EDE_CBC  SHA
      TLS_PSK_WITH_AES_128_CBC_SHA       PSK           AES_128_CBC   SHA
      TLS_PSK_WITH_AES_256_CBC_SHA       PSK           AES_256_CBC   SHA
Show full document text
RFC Editor IASA & IETF LLC IETF Trust IRTF IETF IESG IAB IANA Privacy Statement IETF Tools