Pre-Shared Key Cipher Suites for TLS with SHA-256/384 and AES Galois Counter Mode
RFC 5487

Note: This ballot was opened for revision 05 and is now closed.

(Pasi Eronen) Yes

(Jari Arkko) No Objection

(Ron Bonica) No Objection

(Ross Callon) No Objection

(Lisa Dusseault) No Objection

(Russ Housley) No Objection

Comment (2009-01-28)
No email
send info
  The Gen-ART Review by Robert Sparks posted on 22-Jan-2009
  raised a few editorial comments that ought to be addressed:

  1) In the applicability statement, consider pointing to (or moving
  forward) the statement in 4279.

  2) The IANA considerations section should name the registry (btw -  
  where are the instructions to IANA on how to choose the next numbers?)

(Cullen Jennings) No Objection

(Chris Newman) No Objection

Comment (2009-01-28)
No email
send info
It would be helpful to add an informative reference to a definition of
the term "Perfect Forward Secrecy."  That term has a technical meaning
that may differ from a layman's interpretation of the words.  RFC 4949
may be a suitable reference.

(Jon Peterson) No Objection

(Tim Polk) No Objection

Comment (2009-01-27)
No email
send info
I don't quite follow the second paragraph of the security considerations:

   As described in [RFC5288], the cipher suites defined in the Section
   2 of this document may only be used with TLS 1.2 or greater. The
   cipher suites defined in the Section 3 may be used, whatever the
   negotiated TLS version is.

Is the point that cipher suites defined in section 3 provide slightly more cryptographic
security if version 1.2 has been negotiated, since we are using a stronger hash in the
PRF?  As written, this paragraph restates an interoperability issue (already rasied in 1.1) 
rather than  a security consideration.

(Dan Romascanu) No Objection

(Mark Townsley) No Objection

(David Ward) No Objection

Magnus Westerlund No Objection