Guidance for External PSK Usage in TLS

Document Type Replaced Internet-Draft (tls WG)
Authors Russ Housley  , Jonathan Hoyland  , Mohit Sethi  , Christopher Wood 
Last updated 2020-06-17 (latest revision 2020-04-06)
Replaced by draft-ietf-tls-external-psk-guidance
Stream Internet Engineering Task Force (IETF)
Intended RFC status (None)
Expired & archived
plain text pdf htmlized bibtex
Stream WG state Adopted by a WG
Document shepherd No shepherd assigned
IESG IESG state Replaced by draft-ietf-tls-external-psk-guidance
Consensus Boilerplate Unknown
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


This document provides usage guidance for external Pre-Shared Keys (PSKs) in TLS. It lists TLS security properties provided by PSKs under certain assumptions and demonstrates how violations of these assumptions lead to attacks. This document also discusses PSK use cases, provisioning processes, and TLS stack implementation support in the context of these assumptions. It provides advice for applications in various use cases to help meet these assumptions.


Russ Housley (
Jonathan Hoyland (
Mohit Sethi (
Christopher Wood (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)