datatracker.ietf.org
Sign in
Version 5.4.0, 2014-04-22
Report a bug

Pre-Shared Key Ciphersuites for Transport Layer Security (TLS)
RFC 4279

Network Working Group                                     P. Eronen, Ed.
Request for Comments: 4279                                         Nokia
Category: Standards Track                             H. Tschofenig, Ed.
                                                                 Siemens
                                                           December 2005

     Pre-Shared Key Ciphersuites for Transport Layer Security (TLS)

Status of This Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2005).

Abstract

   This document specifies three sets of new ciphersuites for the
   Transport Layer Security (TLS) protocol to support authentication
   based on pre-shared keys (PSKs).  These pre-shared keys are symmetric
   keys, shared in advance among the communicating parties.  The first
   set of ciphersuites uses only symmetric key operations for
   authentication.  The second set uses a Diffie-Hellman exchange
   authenticated with a pre-shared key, and the third set combines
   public key authentication of the server with pre-shared key
   authentication of the client.

Eronen & Tschofenig         Standards Track                     [Page 1]
RFC 4279                PSK Ciphersuites for TLS           December 2005

Table of Contents

   1. Introduction ....................................................2
      1.1. Applicability Statement ....................................3
      1.2. Conventions Used in This Document ..........................4
   2. PSK Key Exchange Algorithm ......................................4
   3. DHE_PSK Key Exchange Algorithm ..................................6
   4. RSA_PSK Key Exchange Algorithm ..................................7
   5. Conformance Requirements ........................................8
      5.1. PSK Identity Encoding ......................................8
      5.2. Identity Hint ..............................................9
      5.3. Requirements for TLS Implementations .......................9
      5.4. Requirements for Management Interfaces .....................9
   6. IANA Considerations ............................................10
   7. Security Considerations ........................................10
      7.1. Perfect Forward Secrecy (PFS) .............................10
      7.2. Brute-Force and Dictionary Attacks ........................10
      7.3. Identity Privacy ..........................................11
      7.4. Implementation Notes ......................................11
   8. Acknowledgements ...............................................11
   9. References .....................................................12
      9.1. Normative References ......................................12
      9.2. Informative References ....................................12

1.  Introduction

   Usually, TLS uses public key certificates [TLS] or Kerberos [KERB]
   for authentication.  This document describes how to use symmetric
   keys (later called pre-shared keys or PSKs), shared in advance among
   the communicating parties, to establish a TLS connection.

   There are basically two reasons why one might want to do this:

   o  First, using pre-shared keys can, depending on the ciphersuite,
      avoid the need for public key operations.  This is useful if TLS
      is used in performance-constrained environments with limited CPU
      power.

   o  Second, pre-shared keys may be more convenient from a key
      management point of view.  For instance, in closed environments
      where the connections are mostly configured manually in advance,
      it may be easier to configure a PSK than to use certificates.
      Another case is when the parties already have a mechanism for
      setting up a shared secret key, and that mechanism could be used
      to "bootstrap" a key for authenticating a TLS connection.

Eronen & Tschofenig         Standards Track                     [Page 2]
RFC 4279                PSK Ciphersuites for TLS           December 2005

   This document specifies three sets of new ciphersuites for TLS.
   These ciphersuites use new key exchange algorithms, and reuse
   existing cipher and MAC algorithms from [TLS] and [AES].  A summary
   of these ciphersuites is shown below.

      CipherSuite                        Key Exchange  Cipher       Hash

      TLS_PSK_WITH_RC4_128_SHA           PSK           RC4_128       SHA

[include full document text]