%% You should probably cite rfc9150 instead of this I-D. @techreport{camwinget-tls-ts13-macciphersuites-11, number = {draft-camwinget-tls-ts13-macciphersuites-11}, type = {Internet-Draft}, institution = {Internet Engineering Task Force}, publisher = {Internet Engineering Task Force}, note = {Work in Progress}, url = {https://datatracker.ietf.org/doc/draft-camwinget-tls-ts13-macciphersuites/11/}, author = {Nancy Cam-Winget and Jack Visoky}, title = {{TLS 1.3 Authentication and Integrity only Cipher Suites}}, pagetotal = 10, year = 2021, month = may, day = 6, abstract = {There are use cases, specifically in Internet of Things (IoT) and constrained environments that do not require confidentiality, though message integrity for all communications and at least server, if not mutual authentication during tunnel establishment, are both still mandated. This document gives examples of such use cases, although a threat model is necessary to determine whether or not a given situation falls into this category of use cases. In order to serve these use cases, this document defines the use of HMAC-only cipher suites for TLS 1.3, which provides server and optionally mutual authentication and data authenticity, but not data confidentiality. The approach described in this document is not endorsed by the IETF and does not have IETF consensus, but is presented here to enable interoperable implementation of a reduced security mechanism that provides authentication and message integrity without supporting confidentiality.}, }