Pre-Shared Key (PSK) Ciphersuites with NULL Encryption for Transport Layer Security (TLS)
Draft of message to be sent after approval:
From: The IESG <firstname.lastname@example.org> To: IETF-Announce <email@example.com> Cc: Internet Architecture Board <firstname.lastname@example.org>, RFC Editor <email@example.com>, tls mailing list <firstname.lastname@example.org>, tls chair <email@example.com> Subject: Protocol Action: 'Pre-Shared Key Cipher Suites with NULL Encryption for Transport Layer Security (TLS)' to Proposed Standard The IESG has approved the following document: - 'Pre-Shared Key Cipher Suites with NULL Encryption for Transport Layer Security (TLS) ' <draft-ietf-tls-psk-null-04.txt> as a Proposed Standard This document is the product of the Transport Layer Security Working Group. The IESG contact persons are Russ Housley and Tim Polk. A URL of this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-tls-psk-null-04.txt
Technical Summary This document extends the Pre-Shared Key Ciphersuites defined in RFC 4297 to include cipher suites with null encryption and using SHA-1 as the MAC. Working Group Summary This document was uncontroversial in the TLS WG, which appeared to view it as a small delta. Protocol Quality The document authors appear to have an implementation, but it is so simple to implement if one already has an implementation that supports RFC 4297 (basically a new code-point allocation) that there is no reason to think that it will not be added to popular implementations. The document is technically clear. This document was reviewed by Russ Housley for the IESG. Note to RFC Editor Please add section 1.1 and section 6.2 as follows: 1.1. Applicability Statement The ciphersuites defined in this document are intended for a rather limited set of applications, usually involving only a very small number of clients and servers. Even in such environments, other alternatives may be more appropriate. If the main goal is to avoid Public-Key Infrastructures (PKIs), another possibility worth considering is using self-signed certificates with public key fingerprints. Instead of manually configuring a shared secret in, for instance, some configuration file, a fingerprint (hash) of the other party's public key (or certificate) could be placed there instead. It is also possible to use the SRP (Secure Remote Password) ciphersuites for shared secret authentication [SRP]. SRP was designed to be used with passwords, and it incorporates protection against dictionary attacks. However, it is computationally more expensive than the PSK ciphersuites in [TLS-PSK]. 6.2. Informative References [SRP] Taylor, D., Wu, T., Mavroyanopoulos, N. and T. Perrin, "Using SRP for TLS Authentication", Work in Progress, March 2005.