Secure Password Ciphersuites for Transport Layer Security (TLS)

The information below is for an old version of the document
Document Type Expired Internet-Draft (individual)
Last updated 2017-02-06 (latest revision 2016-08-05)
Replaces draft-ietf-tls-pwd
Stream ISE
Intended RFC status Informational
Expired & archived
pdf htmlized bibtex
IETF conflict review conflict-review-harkins-tls-dragonfly
Stream ISE state Finding Reviewers
Consensus Boilerplate Unknown
Document shepherd No shepherd assigned
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


This memo defines several new ciphersuites for the Transport Layer Security (TLS) protocol to support certificate-less, secure authentication using only a simple, low-entropy, password. The exchange is called TLS-PWD. The ciphersuites are all based on an authentication and key exchange protocol, named "dragonfly", that is resistant to off-line dictionary attack.


Dan Harkins (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)