ECDHE_PSK Cipher Suites for Transport Layer Security (TLS)
RFC 5489
Document Type RFC - Informational (March 2009; No errata)
Last updated 2015-10-14
Replaces draft-badra-ecdhe-tls-psk
Stream IETF
Formats plain text pdf html bibtex
Stream WG state (None)
Document shepherd No shepherd assigned
IESG IESG state RFC 5489 (Informational)
Consensus Boilerplate Unknown
Telechat date
Responsible AD Pasi Eronen
Send notices to (None)
Email authors IPR References Referenced by Nits 
Network Working Group                                           M. Badra
Request for Comments: 5489                         CNRS/LIMOS Laboratory
Category: Informational                                        I. Hajjeh
                                                              INEOVATION
                                                              March 2009

       ECDHE_PSK Cipher Suites for Transport Layer Security (TLS)

Status of This Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Copyright Notice

   Copyright (c) 2009 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents in effect on the date of
   publication of this document (http://trustee.ietf.org/license-info).
   Please review these documents carefully, as they describe your rights
   and restrictions with respect to this document.

   This document may contain material from IETF Documents or IETF
   Contributions published or made publicly available before November
   10, 2008.  The person(s) controlling the copyright in some of this
   material may not have granted the IETF Trust the right to allow
   modifications of such material outside the IETF Standards Process.
   Without obtaining an adequate license from the person(s) controlling
   the copyright in such materials, this document may not be modified
   outside the IETF Standards Process, and derivative works of it may
   not be created outside the IETF Standards Process, except to format
   it for publication as an RFC or to translate it into languages other
   than English.

Abstract

   This document extends RFC 4279, RFC 4492, and RFC 4785 and specifies
   a set of cipher suites that use a pre-shared key (PSK) to
   authenticate an Elliptic Curve Diffie-Hellman exchange with Ephemeral
   keys (ECDHE).  These cipher suites provide Perfect Forward Secrecy
   (PFS).

Badra & Hajjeh               Informational                      [Page 1]
RFC 5489            ECDHE_PSK Cipher Suites for TLS           March 2009

Table of Contents

   1. Introduction ....................................................2
      1.1. Applicability Statement ....................................3
      1.2. Conventions Used in This Document ..........................3
   2. ECDHE_PSK Key Exchange Algorithm ................................3
   3. ECDHE_PSK-Based Cipher Suites ...................................4
      3.1. ECDHE_PSK Cipher Suites Using the SHA-1 Hash ...............4
      3.2. ECDHE_PSK Cipher Suites Using SHA-2 Hashes .................4
   4. ECDHE_PSK-Based Cipher Suites with NULL Encryption ..............5
      4.1. ECDHE_PSK Cipher Suite Using the SHA-1 Hash with
           NULL Encryption ............................................5
      4.2. ECDHE_PSK Cipher Suites Using SHA-2 Hashes with
           NULL Encryption ............................................5
   5. Security Considerations .........................................5
   6. IANA Considerations .............................................6
   7. Acknowledgments .................................................6
   8. Normative References ............................................6

1.  Introduction

   RFC 4279 specifies cipher suites for supporting TLS using pre-shared
   symmetric keys that (a) use only symmetric key operations for
   authentication, (b) use a Diffie-Hellman exchange authenticated with
   a pre-shared key (PSK), or (c) combine public key authentication of
   the server with pre-shared key authentication of the client.

   RFC 4785 specifies authentication-only cipher suites (with no
   encryption).  These cipher suites are useful when authentication and
   integrity protection is desired, but confidentiality is not needed or
   not permitted.

   RFC 4492 defines a set of Elliptic Curve Cryptography (ECC)-based
   cipher suites for TLS and describes the use of ECC certificates for
   client authentication.  In particular, it specifies the use of
   Elliptic Curve Diffie-Hellman (ECDH) key agreement in a TLS handshake
   and the use of the Elliptic Curve Digital Signature Algorithm (ECDSA)
   as a new authentication mechanism.

   This document specifies a set of cipher suites that use a PSK to
   authenticate an ECDH exchange.  These cipher suites provide Perfect
   Forward Secrecy.  Some of these cipher suites provide authentication
   only.

   The reader is expected to become familiar with RFC 4279, RFC 4492,
   and RFC 4785 prior to studying this document.

Badra & Hajjeh               Informational                      [Page 2]
Show full document text
ISOC IETF Trust RFC Editor IRTF IESG IETF IAB IASA & IAOC IETF Tools IANA