ECDHE_PSK with AES-GCM and AES-CCM Cipher Suites for TLS 1.2 and DTLS 1.2
Draft of message to be sent after approval:
From: The IESG <firstname.lastname@example.org> To: IETF-Announce <email@example.com> Cc: The IESG <firstname.lastname@example.org>, email@example.com, Kathleen.Moriarty.firstname.lastname@example.org, Joseph Salowey <email@example.com>, firstname.lastname@example.org, email@example.com, firstname.lastname@example.org, email@example.com Subject: Protocol Action: 'ECDHE_PSK with AES-GCM and AES-CCM Cipher Suites for Transport Layer Security (TLS) Protocol version 1.2' to Proposed Standard (draft-ietf-tls-ecdhe-psk-aead-05.txt) The IESG has approved the following document: - 'ECDHE_PSK with AES-GCM and AES-CCM Cipher Suites for Transport Layer Security (TLS) Protocol version 1.2' (draft-ietf-tls-ecdhe-psk-aead-05.txt) as Proposed Standard This document is the product of the Transport Layer Security Working Group. The IESG contact persons are Kathleen Moriarty and Eric Rescorla. A URL of this Internet Draft is: https://datatracker.ietf.org/doc/draft-ietf-tls-ecdhe-psk-aead/
Technical Summary This document defines several new cipher suites for the Transport Layer Security (TLS) protocol. The cipher suites are all based on the Ephemeral Elliptic Curve Diffie-Hellman with Pre-Shared Key (ECDHE_PSK) key exchange together with the Authenticated Encryption with Associated Data (AEAD) algorithms AES-GCM and AES-CCM. PSK provides light and efficient authentication, ECDHE provides perfect forward secrecy, and AES-GCM and AES-CCM provides encryption and integrity protection. Working Group Summary There is general support for this document in the working group. The main issues focused around trimming down the list of cipher suites to the minimum number required. Document Quality The document has been review by the TLS working group. The SecDir review triggered additional useful conversation and draft updates. Personnel Joseph Salowey is the Document Shepherd. Kathleen Moriarty is the responsible AD. IANA Note Code points are requested for existing registries.