draft-ietf-tls-psk-new-mac-aes-gcm-04.txt   draft-ietf-tls-psk-new-mac-aes-gcm-05.txt 
TLS Working Group Mohamad Badra TLS Working Group Mohamad Badra
Internet Draft LIMOS Laboratory Internet Draft LIMOS Laboratory
Intended status: Standards Track October 30, 2008 Intended status: Standards Track October 31, 2008
Pre-Shared Key Cipher Suites for Transport Layer Security (TLS) with Pre-Shared Key Cipher Suites for Transport Layer Security (TLS) with
SHA-256/384 and AES Galois Counter Mode SHA-256/384 and AES Galois Counter Mode
draft-ietf-tls-psk-new-mac-aes-gcm-04.txt draft-ietf-tls-psk-new-mac-aes-gcm-05.txt
Status of this Memo Status of this Memo
By submitting this Internet-Draft, each author represents that any By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79. aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
skipping to change at page 1, line 32 skipping to change at page 1, line 32
months and may be updated, replaced, or obsoleted by other documents months and may be updated, replaced, or obsoleted by other documents
at any time. It is inappropriate to use Internet-Drafts as at any time. It is inappropriate to use Internet-Drafts as
reference material or to cite them other than as "work in progress." reference material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt http://www.ietf.org/ietf/1id-abstracts.txt
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html http://www.ietf.org/shadow.html
This Internet-Draft will expire on April 30, 2009. This Internet-Draft will expire on April 31, 2009.
Copyright Notice Copyright Notice
Copyright (C) The IETF Trust (2008). Copyright (C) The IETF Trust (2008).
Abstract Abstract
RFC 4279 and RFC 4785 describe pre-shared key cipher suites for RFC 4279 and RFC 4785 describe pre-shared key cipher suites for
Transport Layer Security (TLS). However, all those cipher suites Transport Layer Security (TLS). However, all those cipher suites
use SHA-1 as their MAC algorithm. This document describes a set of use SHA-1 as their MAC algorithm. This document describes a set of
skipping to change at page 2, line 17 skipping to change at page 2, line 17
1. Introduction...................................................3 1. Introduction...................................................3
1.1. Applicability Statement...................................3 1.1. Applicability Statement...................................3
1.2. Conventions used in this document.........................4 1.2. Conventions used in this document.........................4
2. PSK, DHE_PSK and RSA_PSK Key Exchange Algorithms with AES-GCM..4 2. PSK, DHE_PSK and RSA_PSK Key Exchange Algorithms with AES-GCM..4
3. PSK, DHE_PSK and RSA_PSK Key Exchange with SHA-256/384.........4 3. PSK, DHE_PSK and RSA_PSK Key Exchange with SHA-256/384.........4
3.1. PSK Key Exchange Algorithm with SHA-256/384...............5 3.1. PSK Key Exchange Algorithm with SHA-256/384...............5
3.2. DHE_PSK Key Exchange Algorithm with SHA-256/384...........5 3.2. DHE_PSK Key Exchange Algorithm with SHA-256/384...........5
3.3. RSA_PSK Key Exchange Algorithm with SHA-256/384...........5 3.3. RSA_PSK Key Exchange Algorithm with SHA-256/384...........5
4. Security Considerations........................................6 4. Security Considerations........................................6
5. IANA Considerations............................................6 5. IANA Considerations............................................6
6. Acknowledgments................................................6 6. Acknowledgments................................................7
7. References.....................................................7 7. References.....................................................7
7.1. Normative References......................................7 7.1. Normative References......................................7
7.2. Informative References....................................8 7.2. Informative References....................................8
Author's Addresses................................................8 Author's Addresses................................................8
Intellectual Property Statement...................................8 Intellectual Property Statement...................................8
Disclaimer of Validity............................................8 Disclaimer of Validity............................................9
1. Introduction 1. Introduction
The benefits of pre-shared symmetric-key vs. public-/private-key The benefits of pre-shared symmetric-key vs. public-/private-key
pair based authentication for the key exchange in TLS have been pair based authentication for the key exchange in TLS have been
explained in the Introduction of [RFC4279]. This document leverages explained in the Introduction of [RFC4279]. This document leverages
the already defined algorithms for the application of newer, the already defined algorithms for the application of newer,
generally regarded stronger, cryptographic primitives and building generally regarded stronger, cryptographic primitives and building
blocks. blocks.
skipping to change at page 3, line 44 skipping to change at page 3, line 44
and and
- ECC based cipher suites with SHA-256/384 and AES-GCM in - ECC based cipher suites with SHA-256/384 and AES-GCM in
[RFC5289]. [RFC5289].
The reader is expected to become familiar with these two memos prior The reader is expected to become familiar with these two memos prior
to studying this document. to studying this document.
1.1. Applicability Statement 1.1. Applicability Statement
The ciphersuites defined in the Section 3 can be negotiated, The cipher suites defined in Section 3 can be negotiated, whatever
whatever the negotiated TLS version is. the negotiated TLS version is.
The ciphersuites defined in the Sections 2 can be negotiated in TLS The cipher suites defined in Section 2 can be negotiated in TLS
version 1.2 or higher. version 1.2 or higher.
1.2. Conventions used in this document 1.2. Conventions used in this document
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119]. document are to be interpreted as described in [RFC2119].
2. PSK, DHE_PSK and RSA_PSK Key Exchange Algorithms with AES-GCM 2. PSK, DHE_PSK and RSA_PSK Key Exchange Algorithms with AES-GCM
skipping to change at page 4, line 48 skipping to change at page 4, line 48
For cipher suites ending with _SHA384, the PRF is the TLS PRF For cipher suites ending with _SHA384, the PRF is the TLS PRF
[RFC5246] with SHA-384 as the hash function. [RFC5246] with SHA-384 as the hash function.
Implementations MUST send a TLS Alert 'bad_record_mac' for all types Implementations MUST send a TLS Alert 'bad_record_mac' for all types
of failures encountered in processing the AES-GCM algorithm. of failures encountered in processing the AES-GCM algorithm.
3. PSK, DHE_PSK and RSA_PSK Key Exchange with SHA-256/384 3. PSK, DHE_PSK and RSA_PSK Key Exchange with SHA-256/384
The first two cipher suites described in each of the following three The first two cipher suites described in each of the following three
sections use AES [AES] in Cipher Block Chaining (CBC) [CBC] mode sections use AES [AES] in Cipher Block Chaining (CBC) mode [CBC] for
with an HMAC-based MAC. data confidentiality, whereas the other two cipher suites do not
provide data confidentiality; all cipher suites provide integrity
protection and authentication using HMAC-based MACs.
3.1. PSK Key Exchange Algorithm with SHA-256/384 3.1. PSK Key Exchange Algorithm with SHA-256/384
CipherSuite TLS_PSK_WITH_AES_128_CBC_SHA256 = {0xXX,0xXX}; CipherSuite TLS_PSK_WITH_AES_128_CBC_SHA256 = {0xXX,0xXX};
CipherSuite TLS_PSK_WITH_AES_256_CBC_SHA384 = {0xXX,0xXX}; CipherSuite TLS_PSK_WITH_AES_256_CBC_SHA384 = {0xXX,0xXX};
CipherSuite TLS_PSK_WITH_NULL_SHA256 = {0xXX,0xXX}; CipherSuite TLS_PSK_WITH_NULL_SHA256 = {0xXX,0xXX};
CipherSuite TLS_PSK_WITH_NULL_SHA384 = {0xXX,0xXX}; CipherSuite TLS_PSK_WITH_NULL_SHA384 = {0xXX,0xXX};
The above four cipher suites are the same as the corresponding The above four cipher suites are the same as the corresponding
cipher suites in RFC 4279 and RFC 4785 (with names ending in "_SHA" cipher suites in RFC 4279 and RFC 4785 (with names ending in "_SHA"
in place of "_SHA256" or "_SHA384"), except for the hash and PRF in place of "_SHA256" or "_SHA384"), except for the hash and PRF
algorithms: algorithms:
o when negotiated in a version of TLS prior to 1.2, they use the o For cipher suites with names ending in "_SHA256":
PRF from that version;
o when negotiated in TLS version 1.2, they use the PRF and MAC as - The MAC is HMAC [RFC2104] with SHA-256 as the hash
follow: function.
For cipher suites ending with _SHA256, the PRF is the TLS - When negotiated in a version of TLS prior to 1.2, the PRF
PRF [RFC5246] with SHA-256 as the hash function. The MAC from that version is used; otherwise the PRF is the TLS
is HMAC [RFC2104] with SHA-256 as the hash function. PRF [RFC5246] with SHA-256 as the hash function.
For cipher suites ending with _SHA384, the PRF is the TLS o For cipher suites with names ending in "_SHA384":
PRF [RFC5246] with SHA-384 as the hash function. The MAC
is HMAC [RFC2104] with SHA-384 as the hash function. - The MAC is HMAC [RFC2104] with SHA-384 as the hash
function.
- When negotiated in a version of TLS prior to 1.2, the PRF
from that version is used; otherwise the PRF is the TLS
PRF [RFC5246] with SHA-384 as the hash function.
3.2. DHE_PSK Key Exchange Algorithm with SHA-256/384 3.2. DHE_PSK Key Exchange Algorithm with SHA-256/384
CipherSuite TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 = {0xXX,0xXX}; CipherSuite TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 = {0xXX,0xXX};
CipherSuite TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 = {0xXX,0xXX}; CipherSuite TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 = {0xXX,0xXX};
CipherSuite TLS_DHE_PSK_WITH_NULL_SHA256 = {0xXX,0xXX}; CipherSuite TLS_DHE_PSK_WITH_NULL_SHA256 = {0xXX,0xXX};
CipherSuite TLS_DHE_PSK_WITH_NULL_SHA384 = {0xXX,0xXX}; CipherSuite TLS_DHE_PSK_WITH_NULL_SHA384 = {0xXX,0xXX};
The above four cipher suites are the same as the corresponding The above four cipher suites are the same as the corresponding
cipher suites in RFC 4279 and RFC 4785 (with names ending in "_SHA" cipher suites in RFC 4279 and RFC 4785 (with names ending in "_SHA"
 End of changes. 12 change blocks. 
20 lines changed or deleted 26 lines changed or added

This html diff was produced by rfcdiff 1.35. The latest version is available from http://tools.ietf.org/tools/rfcdiff/