%% You should probably cite rfc9150 instead of this I-D. @techreport{camwinget-tls-ts13-macciphersuites-12, number = {draft-camwinget-tls-ts13-macciphersuites-12}, type = {Internet-Draft}, institution = {Internet Engineering Task Force}, publisher = {Internet Engineering Task Force}, note = {Work in Progress}, url = {https://datatracker.ietf.org/doc/draft-camwinget-tls-ts13-macciphersuites/12/}, author = {Nancy Cam-Winget and Jack Visoky}, title = {{TLS 1.3 Authentication and Integrity-Only Cipher Suites}}, pagetotal = 10, year = 2021, month = jun, day = 17, abstract = {This document defines the use of cipher suites for TLS 1.3 based on Hashed Message Authentication Code (HMAC). Using these cipher suites provides server and, optionally, mutual authentication and data authenticity, but not data confidentiality. Cipher suites with these properties are not of general applicability, but there are use cases, specifically in Internet of Things (IoT) and constrained environments, that do not require confidentiality of exchanged messages while still requiring integrity protection, server authentication, and optional client authentication. This document gives examples of such use cases, with the caveat that prior to using these integrity-only cipher suites, a threat model for the situation at hand is needed, and a threat analysis must be performed within that model to determine whether the use of integrity-only cipher suites is appropriate. The approach described in this document is not endorsed by the IETF and does not have IETF consensus, but it is presented here to enable interoperable implementation of a reduced-security mechanism that provides authentication and message integrity without supporting confidentiality.}, }