Secure Password Ciphersuites for Transport Layer Security (TLS)
RFC 8492
Document | Type |
RFC - Informational
(February 2019; Errata)
Was draft-harkins-tls-dragonfly (individual)
|
|
---|---|---|---|
Author | Dan Harkins | ||
Last updated | 2019-05-21 | ||
Replaces | draft-ietf-tls-pwd | ||
Stream | Independent Submission | ||
Formats | plain text html pdf htmlized (tools) htmlized bibtex | ||
IETF conflict review | conflict-review-harkins-tls-dragonfly | ||
Stream | ISE state | Published RFC | |
Consensus Boilerplate | Unknown | ||
Document shepherd | Adrian Farrel | ||
Shepherd write-up | Show (last changed 2017-09-04) | ||
IESG | IESG state | RFC 8492 (Informational) | |
Telechat date | |||
Responsible AD | (None) | ||
Send notices to | Nevil Brownlee <rfc-ise@rfc-editor.org> | ||
IANA | IANA review state | Version Changed - Review Needed | |
IANA action state | RFC-Ed-Ack |
Independent Submission D. Harkins, Ed. Request for Comments: 8492 HP Enterprise Category: Informational February 2019 ISSN: 2070-1721 Secure Password Ciphersuites for Transport Layer Security (TLS) Abstract This memo defines several new ciphersuites for the Transport Layer Security (TLS) protocol to support certificateless, secure authentication using only a simple, low-entropy password. The exchange is called "TLS-PWD". The ciphersuites are all based on an authentication and key exchange protocol, named "dragonfly", that is resistant to offline dictionary attacks. Status of This Memo This document is not an Internet Standards Track specification; it is published for informational purposes. This is a contribution to the RFC Series, independently of any other RFC stream. The RFC Editor has chosen to publish this document at its discretion and makes no statement about its value for implementation or deployment. Documents approved for publication by the RFC Editor are not candidates for any level of Internet Standard; see Section 2 of RFC 7841. Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at https://www.rfc-editor.org/info/rfc8492. Copyright Notice Copyright (c) 2019 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Harkins Informational [Page 1] RFC 8492 TLS Password February 2019 Table of Contents 1. Introduction and Motivation .....................................3 1.1. The Case for Certificateless Authentication ................3 1.2. Resistance to Dictionary Attacks ...........................3 2. Key Words .......................................................4 3. Notation and Background .........................................4 3.1. Notation ...................................................4 3.2. Discrete Logarithm Cryptography ............................5 3.2.1. Elliptic Curve Cryptography .........................5 3.2.2. Finite Field Cryptography ...........................7 3.3. Instantiating the Random Function ..........................8 3.4. Passwords ..................................................8 3.5. Assumptions ................................................9 4. Specification of the TLS-PWD Handshake .........................10 4.1. TLS-PWD Pre-TLS 1.3 .......................................10 4.2. TLS-PWD in TLS 1.3 ........................................11 4.3. Protecting the Username ...................................11 4.3.1. Construction of a Protected Username ...............12 4.3.2. Recovery of a Protected Username ...................13 4.4. Fixing the Password Element ...............................14 4.4.1. Computing an ECC Password Element ..................16 4.4.2. Computing an FFC Password Element ..................18 4.4.3. Password Naming ....................................19 4.4.4. Generating TLS-PWD Commit ..........................20 4.5. Changes to Handshake Message Contents .....................20 4.5.1. Pre-1.3 TLS ........................................20 4.5.1.1. ClientHello Changes .......................20 4.5.1.2. ServerKeyExchange Changes .................21 4.5.1.3. ClientKeyExchange Changes .................23 4.5.2. TLS 1.3 ............................................24 4.5.2.1. TLS 1.3 KeyShare ..........................24 4.5.2.2. ClientHello Changes .......................24 4.5.2.3. ServerHello Changes .......................25 4.5.2.4. HelloRetryRequest Changes .................25 4.6. Computing the Shared Secret ...............................26 5. Ciphersuite Definition .........................................26 6. IANA Considerations ............................................27 7. Security Considerations ........................................27 8. Human Rights Considerations ....................................30 9. Implementation Considerations ..................................31 10. References ....................................................32 10.1. Normative References .....................................32Show full document text