diff options
Diffstat (limited to 'doc/protocol/rfc4785.txt')
-rw-r--r-- | doc/protocol/rfc4785.txt | 283 |
1 files changed, 0 insertions, 283 deletions
diff --git a/doc/protocol/rfc4785.txt b/doc/protocol/rfc4785.txt deleted file mode 100644 index e3aefd89ec..0000000000 --- a/doc/protocol/rfc4785.txt +++ /dev/null @@ -1,283 +0,0 @@ - - - - - - -Network Working Group U. Blumenthal -Request for Comments: 4785 P. Goel -Category: Standards Track Intel Corporation - January 2007 - - - Pre-Shared Key (PSK) Ciphersuites with NULL Encryption for - Transport Layer Security (TLS) - - -Status of This Memo - - This document specifies an Internet standards track protocol for the - Internet community, and requests discussion and suggestions for - improvements. Please refer to the current edition of the "Internet - Official Protocol Standards" (STD 1) for the standardization state - and status of this protocol. Distribution of this memo is unlimited. - -Copyright Notice - - Copyright (C) The IETF Trust (2007). - -Abstract - - This document specifies authentication-only ciphersuites (with no - encryption) for the Pre-Shared Key (PSK) based Transport Layer - Security (TLS) protocol. These ciphersuites are useful when - authentication and integrity protection is desired, but - confidentiality is not needed or not permitted. - -Table of Contents - - 1. Introduction ....................................................2 - 1.1. Applicability Statement ....................................2 - 2. Conventions Used in This Document ...............................2 - 3. Cipher Usage ....................................................3 - 4. Security Considerations .........................................3 - 5. IANA Considerations .............................................3 - 6. Acknowledgments .................................................3 - 7. References ......................................................4 - 7.1. Normative References .......................................4 - 7.2. Informative References .....................................4 - - - - - - - - - -Blumenthal & Goel Standards Track [Page 1] - -RFC 4785 PSK NULL Encryption Ciphersuites for TLS January 2007 - - -1. Introduction - - The RFC for Pre-Shared Key (PSK) based Transport Layer Security (TLS) - [TLS-PSK] specifies ciphersuites for supporting TLS using pre-shared - symmetric keys. However, all the ciphersuites defined in [TLS-PSK] - require encryption. However there are cases when only authentication - and integrity protection is required, and confidentiality is not - needed. There are also cases when confidentiality is not permitted - - e.g., for implementations that must meet import restrictions in some - countries. Even though no encryption is used, these ciphersuites - support authentication of the client and server to each other, and - message integrity. This document augments [TLS-PSK] by adding three - more ciphersuites (PSK, DHE_PSK, RSA_PSK) with authentication and - integrity only - no encryption. The reader is expected to become - familiar with [TLS-PSK] standards prior to studying this document. - -1.1. Applicability Statement - - The ciphersuites defined in this document are intended for a rather - limited set of applications, usually involving only a very small - number of clients and servers. Even in such environments, other - alternatives may be more appropriate. - - If the main goal is to avoid Public-key Infrastructures (PKIs), - another possibility worth considering is using self-signed - certificates with public key fingerprints. Instead of manually - configuring a shared secret in, for instance, some configuration - file, a fingerprint (hash) of the other party's public key (or - certificate) could be placed there instead. - - It is also possible to use the Secure Remote Password (SRP) - ciphersuites for shared secret authentication [SRP]. SRP was - designed to be used with passwords, and it incorporates protection - against dictionary attacks. However, it is computationally more - expensive than the PSK ciphersuites in [TLS-PSK]. - -2. Conventions Used in This Document - - The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", - "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this - document are to be interpreted as described in [RFC2119]. - - - - - - - - - - -Blumenthal & Goel Standards Track [Page 2] - -RFC 4785 PSK NULL Encryption Ciphersuites for TLS January 2007 - - -3. Cipher Usage - - The three new ciphersuites proposed here match the three cipher - suites defined in [TLS-PSK], except that we define suites with null - encryption. - - The ciphersuites defined here use the following options for key - exchange and hash part of the protocol: - - CipherSuite Key Exchange Cipher Hash - - TLS_PSK_WITH_NULL_SHA PSK NULL SHA - TLS_DHE_PSK_WITH_NULL_SHA DHE_PSK NULL SHA - TLS_RSA_PSK_WITH_NULL_SHA RSA_PSK NULL SHA - - For the meaning of the terms PSK, please refer to section 1 in [TLS- - PSK]. For the meaning of the terms DHE, RSA, and SHA, please refer - to appendixes A.5 and B in [TLS]. - -4. Security Considerations - - As with all schemes involving shared keys, special care should be - taken to protect the shared values and to limit their exposure over - time. As this document augments [TLS-PSK], everything stated in its - Security Consideration section applies here. In addition, as cipher - suites defined here do not support confidentiality, care should be - taken not to send sensitive information (such as passwords) over - connections protected with one of the ciphersuites defined in this - document. - -5. IANA Considerations - - This document defines three new ciphersuites whose values are in the - TLS Cipher Suite registry defined in [TLS]. - - CipherSuite TLS_PSK_WITH_NULL_SHA = { 0x00, 0x2C }; - CipherSuite TLS_DHE_PSK_WITH_NULL_SHA = { 0x00, 0x2D }; - CipherSuite TLS_RSA_PSK_WITH_NULL_SHA = { 0x00, 0x2E }; - -6. Acknowledgments - - The ciphersuites defined in this document are an augmentation to and - based on [TLS-PSK]. - - - - - - - - -Blumenthal & Goel Standards Track [Page 3] - -RFC 4785 PSK NULL Encryption Ciphersuites for TLS January 2007 - - -7. References - -7.1. Normative References - - [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate - Requirement Levels", BCP 14, RFC 2119, March 1997. - - [TLS] Dierks, T. and E. Rescorla, "The Transport Layer Security - (TLS) Protocol Version 1.1", RFC 4346, April 2006. - - [TLS-PSK] Eronen, P. and H. Tschofenig, "Pre-Shared Key Ciphersuites - for Transport Layer Security (TLS)", RFC 4279, December - 2005. - -7.2. Informative References - - [SRP] Taylor, D., Wu, T., Mavrogiannopoulos, N., and T. Perrin, - "Using SRP for TLS Authentication", Work in Progress, - December 2006. - -Authors' Addresses - - Uri Blumenthal - Intel Corporation - 1515 State Route 10, - PY2-1 10-4 - Parsippany, NJ 07054 - USA - - EMail: urimobile@optonline.net - - - Purushottam Goel - Intel Corporation - 2111 N.E. 25 Ave. - JF3-414 - Hillsboro, OR 97124 - USA - - EMail: Purushottam.Goel@intel.com - - - - - - - - - - - -Blumenthal & Goel Standards Track [Page 4] - -RFC 4785 PSK NULL Encryption Ciphersuites for TLS January 2007 - - -Full Copyright Statement - - Copyright (C) The IETF Trust (2007). - - This document is subject to the rights, licenses and restrictions - contained in BCP 78, and except as set forth therein, the authors - retain all their rights. - - This document and the information contained herein are provided on an - "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS - OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND - THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS - OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF - THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED - WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. - -Intellectual Property - - The IETF takes no position regarding the validity or scope of any - Intellectual Property Rights or other rights that might be claimed to - pertain to the implementation or use of the technology described in - this document or the extent to which any license under such rights - might or might not be available; nor does it represent that it has - made any independent effort to identify any such rights. Information - on the procedures with respect to rights in RFC documents can be - found in BCP 78 and BCP 79. - - Copies of IPR disclosures made to the IETF Secretariat and any - assurances of licenses to be made available, or the result of an - attempt made to obtain a general license or permission for the use of - such proprietary rights by implementers or users of this - specification can be obtained from the IETF on-line IPR repository at - http://www.ietf.org/ipr. - - The IETF invites any interested party to bring to its attention any - copyrights, patents or patent applications, or other proprietary - rights that may cover technology that may be required to implement - this standard. Please address the information to the IETF at - ietf-ipr@ietf.org. - -Acknowledgement - - Funding for the RFC Editor function is currently provided by the - Internet Society. - - - - - - - -Blumenthal & Goel Standards Track [Page 5] - |