Pre-Shared Key Cipher Suites for TLS with SHA-256/384 and AES Galois Counter Mode
RFC 5487
Network Working Group M. Badra
Request for Comments: 5487 CNRS/LIMOS Laboratory
Category: Standards Track March 2009
Pre-Shared Key Cipher Suites for TLS with
SHA-256/384 and AES Galois Counter Mode
Status of This Memo
This document specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.
Copyright Notice
Copyright (c) 2009 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents in effect on the date of
publication of this document (http://trustee.ietf.org/license-info).
Please review these documents carefully, as they describe your rights
and restrictions with respect to this document.
This document may contain material from IETF Documents or IETF
Contributions published or made publicly available before November
10, 2008. The person(s) controlling the copyright in some of this
material may not have granted the IETF Trust the right to allow
modifications of such material outside the IETF Standards Process.
Without obtaining an adequate license from the person(s) controlling
the copyright in such materials, this document may not be modified
outside the IETF Standards Process, and derivative works of it may
not be created outside the IETF Standards Process, except to format
it for publication as an RFC or to translate it into languages other
than English.
Abstract
RFC 4279 and RFC 4785 describe pre-shared key cipher suites for
Transport Layer Security (TLS). However, all those cipher suites use
SHA-1 in their Message Authentication Code (MAC) algorithm. This
document describes a set of pre-shared key cipher suites for TLS that
uses stronger digest algorithms (i.e., SHA-256 or SHA-384) and
another set that uses the Advanced Encryption Standard (AES) in
Galois Counter Mode (GCM).
Badra Standards Track [Page 1]
RFC 5487 TLS PSK New MAC and AES-GCM March 2009
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 2
1.1. Applicability Statement . . . . . . . . . . . . . . . . . . 3
1.2. Conventions Used in This Document . . . . . . . . . . . . . 3
2. PSK, DHE_PSK, and RSA_PSK Key Exchange Algorithms with
AES-GCM . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
3. PSK, DHE_PSK, and RSA_PSK Key Exchange with SHA-256/384 . . . . 4
3.1. PSK Key Exchange Algorithm with SHA-256/384 . . . . . . . . 4
3.2. DHE_PSK Key Exchange Algorithm with SHA-256/384 . . . . . . 5
3.3. RSA_PSK Key Exchange Algorithm with SHA-256/384 . . . . . . 5
4. Security Considerations . . . . . . . . . . . . . . . . . . . . 5
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 5
6. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . 6
7. References . . . . . . . . . . . . . . . . . . . . . . . . . . 6
7.1. Normative References . . . . . . . . . . . . . . . . . . . 6
7.2. Informative References . . . . . . . . . . . . . . . . . . 7
1. Introduction
The benefits of pre-shared symmetric-key vs. public-/private-key pair
based authentication for the key exchange in TLS have been explained
in the Introduction of [RFC4279]. This document leverages the
already defined algorithms for the application of newer, generally
regarded stronger, cryptographic primitives and building blocks.
TLS 1.2 [RFC5246] adds support for authenticated encryption with
additional data (AEAD) cipher modes [RFC5116]. This document
describes the use of Advanced Encryption Standard [AES] in Galois
Counter Mode [GCM] (AES-GCM) with various pre-shared key (PSK)
authenticated key exchange mechanisms ([RFC4279] and [RFC4785]) in
cipher suites for TLS.
This document also specifies PSK cipher suites for TLS that replace
SHA-1 by SHA-256 or SHA-384 [SHS]. RFC 4279 [RFC4279] and RFC 4785
[RFC4785] describe PSK cipher suites for TLS. However, all of the
RFC 4279 and the RFC 4785 cipher suites use HMAC-SHA1 as their MAC
algorithm. Due to recent analytic work on SHA-1 [Wang05], the IETF
is gradually moving away from SHA-1 and towards stronger hash
algorithms.
Related TLS cipher suites with key exchange algorithms that are
authenticated using public/private key pairs have recently been
specified:
o RSA-, DSS-, and Diffie-Hellman-based cipher suites in [RFC5288],
and
Show full document text