Pre-Shared Key Ciphersuites for Transport Layer Security (TLS)
RFC 4279
| Document | Type |
RFC - Proposed Standard
(December 2005; No errata)
Was draft-ietf-tls-psk (tls WG)
|
|
|---|---|---|---|
| Last updated | 2015-10-14 | ||
| Replaces | draft-eronen-tls-psk | ||
| Stream | IETF | ||
| Formats | plain text pdf html bibtex | ||
| Stream | WG state | (None) | |
| Document shepherd | No shepherd assigned | ||
| IESG | IESG state | RFC 4279 (Proposed Standard) | |
| Consensus Boilerplate | Unknown | ||
| Telechat date | |||
| Responsible AD | Russ Housley | ||
| Send notices to | ekr@networkresonance.com | ||
Network Working Group P. Eronen, Ed.
Request for Comments: 4279 Nokia
Category: Standards Track H. Tschofenig, Ed.
Siemens
December 2005
Pre-Shared Key Ciphersuites for Transport Layer Security (TLS)
Status of This Memo
This document specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (2005).
Abstract
This document specifies three sets of new ciphersuites for the
Transport Layer Security (TLS) protocol to support authentication
based on pre-shared keys (PSKs). These pre-shared keys are symmetric
keys, shared in advance among the communicating parties. The first
set of ciphersuites uses only symmetric key operations for
authentication. The second set uses a Diffie-Hellman exchange
authenticated with a pre-shared key, and the third set combines
public key authentication of the server with pre-shared key
authentication of the client.
Eronen & Tschofenig Standards Track [Page 1]
RFC 4279 PSK Ciphersuites for TLS December 2005
Table of Contents
1. Introduction ....................................................2
1.1. Applicability Statement ....................................3
1.2. Conventions Used in This Document ..........................4
2. PSK Key Exchange Algorithm ......................................4
3. DHE_PSK Key Exchange Algorithm ..................................6
4. RSA_PSK Key Exchange Algorithm ..................................7
5. Conformance Requirements ........................................8
5.1. PSK Identity Encoding ......................................8
5.2. Identity Hint ..............................................9
5.3. Requirements for TLS Implementations .......................9
5.4. Requirements for Management Interfaces .....................9
6. IANA Considerations ............................................10
7. Security Considerations ........................................10
7.1. Perfect Forward Secrecy (PFS) .............................10
7.2. Brute-Force and Dictionary Attacks ........................10
7.3. Identity Privacy ..........................................11
7.4. Implementation Notes ......................................11
8. Acknowledgements ...............................................11
9. References .....................................................12
9.1. Normative References ......................................12
9.2. Informative References ....................................12
1. Introduction
Usually, TLS uses public key certificates [TLS] or Kerberos [KERB]
for authentication. This document describes how to use symmetric
keys (later called pre-shared keys or PSKs), shared in advance among
the communicating parties, to establish a TLS connection.
There are basically two reasons why one might want to do this:
o First, using pre-shared keys can, depending on the ciphersuite,
avoid the need for public key operations. This is useful if TLS
is used in performance-constrained environments with limited CPU
power.
o Second, pre-shared keys may be more convenient from a key
management point of view. For instance, in closed environments
where the connections are mostly configured manually in advance,
it may be easier to configure a PSK than to use certificates.
Another case is when the parties already have a mechanism for
setting up a shared secret key, and that mechanism could be used
to "bootstrap" a key for authenticating a TLS connection.
Eronen & Tschofenig Standards Track [Page 2]
RFC 4279 PSK Ciphersuites for TLS December 2005
This document specifies three sets of new ciphersuites for TLS.
These ciphersuites use new key exchange algorithms, and reuse
existing cipher and MAC algorithms from [TLS] and [AES]. A summary
of these ciphersuites is shown below.
CipherSuite Key Exchange Cipher Hash
TLS_PSK_WITH_RC4_128_SHA PSK RC4_128 SHA
TLS_PSK_WITH_3DES_EDE_CBC_SHA PSK 3DES_EDE_CBC SHA
TLS_PSK_WITH_AES_128_CBC_SHA PSK AES_128_CBC SHA
TLS_PSK_WITH_AES_256_CBC_SHA PSK AES_256_CBC SHA
Show full document text