Pre-Shared Key Ciphersuites for Transport Layer Security (TLS)
RFC 4279
Document | Type |
RFC - Proposed Standard
(December 2005; No errata)
Was draft-ietf-tls-psk (tls WG)
|
|
---|---|---|---|
Authors | Hannes Tschofenig , Pasi Eronen | ||
Last updated | 2015-10-14 | ||
Replaces | draft-eronen-tls-psk | ||
Stream | IETF | ||
Formats | plain text html pdf htmlized bibtex | ||
Stream | WG state | (None) | |
Document shepherd | No shepherd assigned | ||
IESG | IESG state | RFC 4279 (Proposed Standard) | |
Action Holders |
(None)
|
||
Consensus Boilerplate | Unknown | ||
Telechat date | |||
Responsible AD | Russ Housley | ||
Send notices to | ekr@networkresonance.com |
Network Working Group P. Eronen, Ed. Request for Comments: 4279 Nokia Category: Standards Track H. Tschofenig, Ed. Siemens December 2005 Pre-Shared Key Ciphersuites for Transport Layer Security (TLS) Status of This Memo This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited. Copyright Notice Copyright (C) The Internet Society (2005). Abstract This document specifies three sets of new ciphersuites for the Transport Layer Security (TLS) protocol to support authentication based on pre-shared keys (PSKs). These pre-shared keys are symmetric keys, shared in advance among the communicating parties. The first set of ciphersuites uses only symmetric key operations for authentication. The second set uses a Diffie-Hellman exchange authenticated with a pre-shared key, and the third set combines public key authentication of the server with pre-shared key authentication of the client. Eronen & Tschofenig Standards Track [Page 1] RFC 4279 PSK Ciphersuites for TLS December 2005 Table of Contents 1. Introduction ....................................................2 1.1. Applicability Statement ....................................3 1.2. Conventions Used in This Document ..........................4 2. PSK Key Exchange Algorithm ......................................4 3. DHE_PSK Key Exchange Algorithm ..................................6 4. RSA_PSK Key Exchange Algorithm ..................................7 5. Conformance Requirements ........................................8 5.1. PSK Identity Encoding ......................................8 5.2. Identity Hint ..............................................9 5.3. Requirements for TLS Implementations .......................9 5.4. Requirements for Management Interfaces .....................9 6. IANA Considerations ............................................10 7. Security Considerations ........................................10 7.1. Perfect Forward Secrecy (PFS) .............................10 7.2. Brute-Force and Dictionary Attacks ........................10 7.3. Identity Privacy ..........................................11 7.4. Implementation Notes ......................................11 8. Acknowledgements ...............................................11 9. References .....................................................12 9.1. Normative References ......................................12 9.2. Informative References ....................................12 1. Introduction Usually, TLS uses public key certificates [TLS] or Kerberos [KERB] for authentication. This document describes how to use symmetric keys (later called pre-shared keys or PSKs), shared in advance among the communicating parties, to establish a TLS connection. There are basically two reasons why one might want to do this: o First, using pre-shared keys can, depending on the ciphersuite, avoid the need for public key operations. This is useful if TLS is used in performance-constrained environments with limited CPU power. o Second, pre-shared keys may be more convenient from a key management point of view. For instance, in closed environments where the connections are mostly configured manually in advance, it may be easier to configure a PSK than to use certificates. Another case is when the parties already have a mechanism for setting up a shared secret key, and that mechanism could be used to "bootstrap" a key for authenticating a TLS connection. Eronen & Tschofenig Standards Track [Page 2] RFC 4279 PSK Ciphersuites for TLS December 2005 This document specifies three sets of new ciphersuites for TLS. These ciphersuites use new key exchange algorithms, and reuse existing cipher and MAC algorithms from [TLS] and [AES]. A summary of these ciphersuites is shown below. CipherSuite Key Exchange Cipher Hash TLS_PSK_WITH_RC4_128_SHA PSK RC4_128 SHA TLS_PSK_WITH_3DES_EDE_CBC_SHA PSK 3DES_EDE_CBC SHA TLS_PSK_WITH_AES_128_CBC_SHA PSK AES_128_CBC SHA TLS_PSK_WITH_AES_256_CBC_SHA PSK AES_256_CBC SHAShow full document text