Pre-Shared Key Cipher Suites for TLS with SHA-256/384 and AES Galois Counter Mode
Note: This ballot was opened for revision 05 and is now closed.
(Pasi Eronen) Yes
(Jari Arkko) No Objection
(Ron Bonica) No Objection
(Ross Callon) No Objection
(Lisa Dusseault) No Objection
(Russ Housley) No Objection
The Gen-ART Review by Robert Sparks posted on 22-Jan-2009 raised a few editorial comments that ought to be addressed: 1) In the applicability statement, consider pointing to (or moving forward) the statement in 4279. 2) The IANA considerations section should name the registry (btw - where are the instructions to IANA on how to choose the next numbers?)
(Cullen Jennings) No Objection
(Chris Newman) No Objection
It would be helpful to add an informative reference to a definition of the term "Perfect Forward Secrecy." That term has a technical meaning that may differ from a layman's interpretation of the words. RFC 4949 may be a suitable reference.
(Jon Peterson) No Objection
(Tim Polk) No Objection
I don't quite follow the second paragraph of the security considerations: As described in [RFC5288], the cipher suites defined in the Section 2 of this document may only be used with TLS 1.2 or greater. The cipher suites defined in the Section 3 may be used, whatever the negotiated TLS version is. Is the point that cipher suites defined in section 3 provide slightly more cryptographic security if version 1.2 has been negotiated, since we are using a stronger hash in the PRF? As written, this paragraph restates an interoperability issue (already rasied in 1.1) rather than a security consideration.