Pre-Shared Key (PSK) Ciphersuites with NULL Encryption for Transport Layer Security (TLS)
RFC 4785

Approval announcement
Draft of message to be sent after approval:

From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: Internet Architecture Board <iab@iab.org>,
    RFC Editor <rfc-editor@rfc-editor.org>, 
    tls mailing list <tls@ietf.org>, 
    tls chair <tls-chairs@tools.ietf.org>
Subject: Protocol Action: 'Pre-Shared Key Cipher Suites with 
         NULL Encryption for Transport Layer Security (TLS)' to Proposed 
         Standard 

The IESG has approved the following document:

- 'Pre-Shared Key Cipher Suites with NULL Encryption for Transport Layer 
   Security (TLS) '
   <draft-ietf-tls-psk-null-04.txt> as a Proposed Standard

This document is the product of the Transport Layer Security Working 
Group. 

The IESG contact persons are Russ Housley and Tim Polk.

A URL of this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-tls-psk-null-04.txt

Technical Summary

  This document extends the Pre-Shared Key Ciphersuites defined in RFC
  4297 to include cipher suites with null encryption and using SHA-1 as
  the MAC.

Working Group Summary

  This document was uncontroversial in the TLS WG, which appeared to
  view it as a small delta.

Protocol Quality

  The document authors appear to have an implementation, but it is so
  simple to implement if one already has an implementation that supports
  RFC 4297 (basically a new code-point allocation) that there is no
  reason to think that it will not be added to popular implementations.
  The document is technically clear.

  This document was reviewed by Russ Housley for the IESG.

Note to RFC Editor

  Please add section 1.1 and section 6.2 as follows:

  1.1.  Applicability Statement

   The ciphersuites defined in this document are intended for a rather
   limited set of applications, usually involving only a very small
   number of clients and servers.  Even in such environments, other
   alternatives may be more appropriate.

   If the main goal is to avoid Public-Key Infrastructures (PKIs),
   another possibility worth considering is using self-signed
   certificates with public key fingerprints.  Instead of manually
   configuring a shared secret in, for instance, some configuration
   file, a fingerprint (hash) of the other party's public key (or
   certificate) could be placed there instead.

   It is also possible to use the SRP (Secure Remote Password)
   ciphersuites for shared secret authentication [SRP].  SRP was
   designed to be used with passwords, and it incorporates protection
   against dictionary attacks.  However, it is computationally more
   expensive than the PSK ciphersuites in [TLS-PSK].

  6.2.  Informative References

   [SRP]      Taylor, D., Wu, T., Mavroyanopoulos, N. and T. Perrin,
              "Using SRP for TLS Authentication", Work in Progress,
              March 2005.