Pre-Shared Key Cipher Suites for TLS with SHA-256/384 and AES Galois Counter Mode
Draft of message to be sent after approval:
From: The IESG <firstname.lastname@example.org> To: IETF-Announce <email@example.com> Cc: Internet Architecture Board <firstname.lastname@example.org>, RFC Editor <email@example.com>, tls mailing list <firstname.lastname@example.org>, tls chair <email@example.com> Subject: Protocol Action: 'Pre-Shared Key Cipher Suites for Transport Layer Security (TLS) with SHA-256/384 and AES Galois Counter Mode' to Proposed Standard The IESG has approved the following document: - 'Pre-Shared Key Cipher Suites for Transport Layer Security (TLS) with SHA-256/384 and AES Galois Counter Mode ' <draft-ietf-tls-psk-new-mac-aes-gcm-05.txt> as a Proposed Standard This document is the product of the Transport Layer Security Working Group. The IESG contact persons are Pasi Eronen and Tim Polk. A URL of this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-tls-psk-new-mac-aes-gcm-05.txt
Technical Summary RFC 4279 and RFC 4785 describe pre-shared key cipher suites for Transport Layer Security (TLS). However, all those cipher suites use SHA-1 as their MAC algorithm. This document describes a set of pre-shared key cipher suites for TLS which uses stronger digest algorithms (i.e., SHA-256 or SHA-384) and another set which uses the Advanced Encryption Standard (AES) in Galois Counter Mode (GCM). Working Group Summary This document is a product of the Transport Layer Security (TLS) Working Group. The document represents the consensus of the TLS working group. Document Quality There are no existing implementations, but working group members have shown interest in the document. Personnel The document shepherd is Joe Salowey. The responsible area director is Pasi Eronen. RFC Editor Note Please add the following sentence to the end of Section 1.1: "The applicability statement in [RFC4279] applies to this document as well." Please remove the following paragraph from Section 4: "As described in [RFC5288], the cipher suites defined in the Section 2 of this document may only be used with TLS 1.2 or greater. The cipher suites defined in the Section 3 may be used, whatever the negotiated TLS version is. "