Suite B Profile for Transport Layer Security (TLS)
RFC 5430

Document Type RFC - Informational (March 2009; No errata)
Obsoleted by RFC 6460
Was draft-rescorla-tls-suiteb (individual in gen area)
Last updated 2013-03-02
Stream IETF
Formats plain text pdf html
Stream WG state (None)
Consensus Unknown
Document shepherd No shepherd assigned
IESG IESG state RFC 5430 (Informational)
Telechat date
Responsible AD Tim Polk
Send notices to housley@vigilsec.com, ekr@rtfm.com, msalter@restarea.ncsc.mil, draft-rescorla-tls-suiteb@ietf.org
Network Working Group                                          M. Salter
Request for Comments: 5430                      National Security Agency
Category: Informational                                      E. Rescorla
                                                       Network Resonance
                                                              R. Housley
                                                          Vigil Security
                                                              March 2009

           Suite B Profile for Transport Layer Security (TLS)

Status of This Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Copyright Notice

   Copyright (c) 2009 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents in effect on the date of
   publication of this document (http://trustee.ietf.org/license-info).
   Please review these documents carefully, as they describe your rights
   and restrictions with respect to this document.

   This document may contain material from IETF Documents or IETF
   Contributions published or made publicly available before November
   10, 2008.  The person(s) controlling the copyright in some of this
   material may not have granted the IETF Trust the right to allow
   modifications of such material outside the IETF Standards Process.
   Without obtaining an adequate license from the person(s) controlling
   the copyright in such materials, this document may not be modified
   outside the IETF Standards Process, and derivative works of it may
   not be created outside the IETF Standards Process, except to format
   it for publication as an RFC or to translate it into languages other
   than English.

Salter, et al.               Informational                      [Page 1]
RFC 5430                    Suite B for TLS                   March 2009

Abstract

   The United States government has published guidelines for "NSA Suite
   B Cryptography", which defines cryptographic algorithm policy for
   national security applications.  This document defines a profile of
   Transport Layer Security (TLS) version 1.2 that is fully conformant
   with Suite B.  This document also defines a transitional profile for
   use with TLS version 1.0 and TLS version 1.1 which employs Suite B
   algorithms to the greatest extent possible.

Table of Contents

   1. Introduction ....................................................2
   2. Conventions Used in This Document ...............................3
   3. Suite B Requirements ............................................3
   4. Suite B Compliance and Interoperability Requirements ............4
      4.1. Security Levels ............................................7
      4.2. Acceptable Curves ..........................................8
      4.3. Certificates ...............................................8
      4.4. signature_algorithms Extension .............................9
      4.5. CertificateRequest Message .................................9
      4.6. CertificateVerify Message .................................10
      4.7. ServerKeyExchange Message Signature .......................10
   5. Security Considerations ........................................10
   6. Acknowledgements ...............................................10
   7. References .....................................................11
      7.1. Normative References ......................................11
      7.2. Informative References ....................................11

1.  Introduction

   The United States government has posted the Fact Sheet on National
   Security Agency (NSA) Suite B Cryptography [NSA], and at the time of
   writing, it states:

       To complement the existing policy for the use of the Advanced
       Encryption Standard (AES) to protect national security systems
       and information as specified in The National Policy on the use of
       the Advanced Encryption Standard (AES) to Protect National
       Security Systems and National Security Information (CNSSP-15),
       the National Security Agency (NSA) announced Suite B Cryptography
       at the 2005 RSA Conference.  In addition to the AES, Suite B
       includes cryptographic algorithms for hashing, digital
       signatures, and key exchange.

       Suite B only specifies the cryptographic algorithms to be
       used. Many other factors need to be addressed in determining
       whether a particular device implementing a particular set of

Salter, et al.               Informational                      [Page 2]
Show full document text