Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS) Versions 1.2 and Earlier
RFC 8422

Document Type RFC - Proposed Standard (August 2018; Errata)
Obsoletes RFC 4492
Last updated 2018-08-17
Replaces draft-nir-tls-rfc4492bis
Stream IETF
Formats plain text pdf html bibtex
Reviews
Stream WG state Submitted to IESG for Publication (wg milestone: Feb 2017 - Move ECC-based CS to... )
Document shepherd Sean Turner
Shepherd write-up Show (last changed 2017-02-16)
IESG IESG state RFC 8422 (Proposed Standard)
Consensus Boilerplate Yes
Telechat date
Responsible AD Kathleen Moriarty
Send notices to "Sean Turner" <sean@sn3rd.com>
IANA IANA review state Version Changed - Review Needed
IANA action state RFC-Ed-Ack
Internet Engineering Task Force (IETF)                            Y. Nir
Request for Comments: 8422                                   Check Point
Obsoletes: 4492                                             S. Josefsson
Category: Standards Track                                         SJD AB
ISSN: 2070-1721                                      M. Pegourie-Gonnard
                                                                     ARM
                                                             August 2018

            Elliptic Curve Cryptography (ECC) Cipher Suites
      for Transport Layer Security (TLS) Versions 1.2 and Earlier

Abstract

   This document describes key exchange algorithms based on Elliptic
   Curve Cryptography (ECC) for the Transport Layer Security (TLS)
   protocol.  In particular, it specifies the use of Ephemeral Elliptic
   Curve Diffie-Hellman (ECDHE) key agreement in a TLS handshake and the
   use of the Elliptic Curve Digital Signature Algorithm (ECDSA) and
   Edwards-curve Digital Signature Algorithm (EdDSA) as authentication
   mechanisms.

   This document obsoletes RFC 4492.

Status of This Memo

   This is an Internet Standards Track document.

   This document is a product of the Internet Engineering Task Force
   (IETF).  It represents the consensus of the IETF community.  It has
   received public review and has been approved for publication by the
   Internet Engineering Steering Group (IESG).  Further information on
   Internet Standards is available in Section 2 of RFC 7841.

   Information about the current status of this document, any errata,
   and how to provide feedback on it may be obtained at
   https://www.rfc-editor.org/info/rfc8422.

Nir, et al.                  Standards Track                    [Page 1]
RFC 8422                ECC Cipher Suites for TLS            August 2018

Copyright Notice

   Copyright (c) 2018 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (https://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Nir, et al.                  Standards Track                    [Page 2]
RFC 8422                ECC Cipher Suites for TLS            August 2018

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   4
     1.1.  Conventions Used in This Document . . . . . . . . . . . .   4
   2.  Key Exchange Algorithm  . . . . . . . . . . . . . . . . . . .   4
     2.1.  ECDHE_ECDSA . . . . . . . . . . . . . . . . . . . . . . .   6
     2.2.  ECDHE_RSA . . . . . . . . . . . . . . . . . . . . . . . .   7
     2.3.  ECDH_anon . . . . . . . . . . . . . . . . . . . . . . . .   7
     2.4.  Algorithms in Certificate Chains  . . . . . . . . . . . .   7
   3.  Client Authentication . . . . . . . . . . . . . . . . . . . .   8
     3.1.  ECDSA_sign  . . . . . . . . . . . . . . . . . . . . . . .   8
   4.  TLS Extensions for ECC  . . . . . . . . . . . . . . . . . . .   9
   5.  Data Structures and Computations  . . . . . . . . . . . . . .  10
     5.1.  Client Hello Extensions . . . . . . . . . . . . . . . . .  10
       5.1.1.  Supported Elliptic Curves Extension . . . . . . . . .  11
       5.1.2.  Supported Point Formats Extension . . . . . . . . . .  13
       5.1.3.  The signature_algorithms Extension and EdDSA  . . . .  13
     5.2.  Server Hello Extension  . . . . . . . . . . . . . . . . .  14
     5.3.  Server Certificate  . . . . . . . . . . . . . . . . . . .  15
     5.4.  Server Key Exchange . . . . . . . . . . . . . . . . . . .  16
       5.4.1.  Uncompressed Point Format for NIST Curves . . . . . .  19
     5.5.  Certificate Request . . . . . . . . . . . . . . . . . . .  20
     5.6.  Client Certificate  . . . . . . . . . . . . . . . . . . .  21
     5.7.  Client Key Exchange . . . . . . . . . . . . . . . . . . .  22
     5.8.  Certificate Verify  . . . . . . . . . . . . . . . . . . .  23
     5.9.  Elliptic Curve Certificates . . . . . . . . . . . . . . .  24
     5.10. ECDH, ECDSA, and RSA Computations . . . . . . . . . . . .  24
     5.11. Public Key Validation . . . . . . . . . . . . . . . . . .  26
   6.  Cipher Suites . . . . . . . . . . . . . . . . . . . . . . . .  26
   7.  Implementation Status . . . . . . . . . . . . . . . . . . . .  27
   8.  Security Considerations . . . . . . . . . . . . . . . . . . .  27
   9.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .  28
   10. References  . . . . . . . . . . . . . . . . . . . . . . . . .  29
Show full document text