Secure Password Ciphersuites for Transport Layer Security (TLS)
RFC 8492
| Document | Type |
RFC - Informational
(February 2019; Errata)
Was draft-harkins-tls-dragonfly (individual)
|
|
|---|---|---|---|
| Author | Dan Harkins | ||
| Last updated | 2019-05-21 | ||
| Replaces | draft-ietf-tls-pwd | ||
| Stream | ISE | ||
| Formats | plain text html pdf htmlized bibtex | ||
| IETF conflict review | conflict-review-harkins-tls-dragonfly | ||
| Stream | ISE state | Published RFC | |
| Consensus Boilerplate | Unknown | ||
| Document shepherd | Adrian Farrel | ||
| Shepherd write-up | Show (last changed 2017-09-04) | ||
| IESG | IESG state | RFC 8492 (Informational) | |
| Telechat date | |||
| Responsible AD | (None) | ||
| Send notices to | Nevil Brownlee <rfc-ise@rfc-editor.org> | ||
| IANA | IANA review state | Version Changed - Review Needed | |
| IANA action state | RFC-Ed-Ack | ||
Independent Submission D. Harkins, Ed.
Request for Comments: 8492 HP Enterprise
Category: Informational February 2019
ISSN: 2070-1721
Secure Password Ciphersuites for Transport Layer Security (TLS)
Abstract
This memo defines several new ciphersuites for the Transport Layer
Security (TLS) protocol to support certificateless, secure
authentication using only a simple, low-entropy password. The
exchange is called "TLS-PWD". The ciphersuites are all based on an
authentication and key exchange protocol, named "dragonfly", that is
resistant to offline dictionary attacks.
Status of This Memo
This document is not an Internet Standards Track specification; it is
published for informational purposes.
This is a contribution to the RFC Series, independently of any other
RFC stream. The RFC Editor has chosen to publish this document at
its discretion and makes no statement about its value for
implementation or deployment. Documents approved for publication by
the RFC Editor are not candidates for any level of Internet Standard;
see Section 2 of RFC 7841.
Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
https://www.rfc-editor.org/info/rfc8492.
Copyright Notice
Copyright (c) 2019 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document.
Harkins Informational [Page 1]
RFC 8492 TLS Password February 2019
Table of Contents
1. Introduction and Motivation .....................................3
1.1. The Case for Certificateless Authentication ................3
1.2. Resistance to Dictionary Attacks ...........................3
2. Key Words .......................................................4
3. Notation and Background .........................................4
3.1. Notation ...................................................4
3.2. Discrete Logarithm Cryptography ............................5
3.2.1. Elliptic Curve Cryptography .........................5
3.2.2. Finite Field Cryptography ...........................7
3.3. Instantiating the Random Function ..........................8
3.4. Passwords ..................................................8
3.5. Assumptions ................................................9
4. Specification of the TLS-PWD Handshake .........................10
4.1. TLS-PWD Pre-TLS 1.3 .......................................10
4.2. TLS-PWD in TLS 1.3 ........................................11
4.3. Protecting the Username ...................................11
4.3.1. Construction of a Protected Username ...............12
4.3.2. Recovery of a Protected Username ...................13
4.4. Fixing the Password Element ...............................14
4.4.1. Computing an ECC Password Element ..................16
4.4.2. Computing an FFC Password Element ..................18
4.4.3. Password Naming ....................................19
4.4.4. Generating TLS-PWD Commit ..........................20
4.5. Changes to Handshake Message Contents .....................20
4.5.1. Pre-1.3 TLS ........................................20
4.5.1.1. ClientHello Changes .......................20
4.5.1.2. ServerKeyExchange Changes .................21
4.5.1.3. ClientKeyExchange Changes .................23
4.5.2. TLS 1.3 ............................................24
4.5.2.1. TLS 1.3 KeyShare ..........................24
4.5.2.2. ClientHello Changes .......................24
4.5.2.3. ServerHello Changes .......................25
4.5.2.4. HelloRetryRequest Changes .................25
4.6. Computing the Shared Secret ...............................26
5. Ciphersuite Definition .........................................26
6. IANA Considerations ............................................27
7. Security Considerations ........................................27
8. Human Rights Considerations ....................................30
9. Implementation Considerations ..................................31
10. References ....................................................32
10.1. Normative References .....................................32
Show full document text