| rfc9257v2.txt | rfc9257.txt | |||
|---|---|---|---|---|
| Internet Engineering Task Force (IETF) R. Housley | Internet Engineering Task Force (IETF) R. Housley | |||
| Request for Comments: 9257 Vigil Security | Request for Comments: 9257 Vigil Security | |||
| Category: Informational J. Hoyland | Category: Informational J. Hoyland | |||
| ISSN: 2070-1721 Cloudflare Ltd. | ISSN: 2070-1721 Cloudflare Ltd. | |||
| M. Sethi | M. Sethi | |||
| Aalto University | Aalto University | |||
| C.A. Wood | C. A. Wood | |||
| Cloudflare | Cloudflare | |||
| July 2022 | July 2022 | |||
| Guidance for External Pre-Shared Key (PSK) Usage in TLS | Guidance for External Pre-Shared Key (PSK) Usage in TLS | |||
| Abstract | Abstract | |||
| This document provides usage guidance for external Pre-Shared Keys | This document provides usage guidance for external Pre-Shared Keys | |||
| (PSKs) in Transport Layer Security (TLS) 1.3 as defined in RFC 8446. | (PSKs) in Transport Layer Security (TLS) 1.3 as defined in RFC 8446. | |||
| It lists TLS security properties provided by PSKs under certain | It lists TLS security properties provided by PSKs under certain | |||
| skipping to change at line 534 ¶ | skipping to change at line 534 ¶ | |||
| <https://www.rfc-editor.org/info/rfc2119>. | <https://www.rfc-editor.org/info/rfc2119>. | |||
| [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC | [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC | |||
| 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, | 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, | |||
| May 2017, <https://www.rfc-editor.org/info/rfc8174>. | May 2017, <https://www.rfc-editor.org/info/rfc8174>. | |||
| [RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol | [RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol | |||
| Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018, | Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018, | |||
| <https://www.rfc-editor.org/info/rfc8446>. | <https://www.rfc-editor.org/info/rfc8446>. | |||
| [RFC9258] Benjamin, D. and C. Wood, "Importing External Pre-Shared | [RFC9258] Benjamin, D. and C. A. Wood, "Importing External Pre- | |||
| Keys (PSKs) for TLS", RFC 9258, DOI 10.17487/RFC9258, July | Shared Keys (PSKs) for TLS 1.3", RFC 9258, | |||
| 2022, <https://www.rfc-editor.org/info/rfc9258>. | DOI 10.17487/RFC9258, July 2022, | |||
| <https://www.rfc-editor.org/info/rfc9258>. | ||||
| 10.2. Informative References | 10.2. Informative References | |||
| [AASS19] Akhmetzyanova, L., Alekseev, E., Smyshlyaeva, E., and A. | [AASS19] Akhmetzyanova, L., Alekseev, E., Smyshlyaeva, E., and A. | |||
| Sokolov, "Continuing to reflect on TLS 1.3 with external | Sokolov, "Continuing to reflect on TLS 1.3 with external | |||
| PSK", April 2019, <https://eprint.iacr.org/2019/421.pdf>. | PSK", April 2019, <https://eprint.iacr.org/2019/421.pdf>. | |||
| [CPACE] Abdalla, M., Haase, B., and J. Hesse, "CPace, a balanced | [CPACE] Abdalla, M., Haase, B., and J. Hesse, "CPace, a balanced | |||
| composable PAKE", Work in Progress, Internet-Draft, draft- | composable PAKE", Work in Progress, Internet-Draft, draft- | |||
| irtf-cfrg-cpace-05, 14 January 2022, | irtf-cfrg-cpace-06, 24 July 2022, | |||
| <https://datatracker.ietf.org/doc/html/draft-irtf-cfrg- | <https://datatracker.ietf.org/doc/html/draft-irtf-cfrg- | |||
| cpace-05>. | cpace-06>. | |||
| [CTLS] Rescorla, E., Barnes, R., and H. Tschofenig, "Compact TLS | [CTLS] Rescorla, E., Barnes, R., Tschofenig, H., and B. M. | |||
| 1.3", Work in Progress, Internet-Draft, draft-ietf-tls- | Schwartz, "Compact TLS 1.3", Work in Progress, Internet- | |||
| ctls-04, 25 October 2021, | Draft, draft-ietf-tls-ctls-06, 9 July 2022, | |||
| <https://datatracker.ietf.org/doc/html/draft-ietf-tls- | <https://datatracker.ietf.org/doc/html/draft-ietf-tls- | |||
| ctls-04>. | ctls-06>. | |||
| [EAP-TLS-PSK] | [EAP-TLS-PSK] | |||
| Mattsson, J. P., Sethi, M., Aura, T., and O. Friel, "EAP- | Mattsson, J. P., Sethi, M., Aura, T., and O. Friel, "EAP- | |||
| TLS with PSK Authentication (EAP-TLS-PSK)", Work in | TLS with PSK Authentication (EAP-TLS-PSK)", Work in | |||
| Progress, Internet-Draft, draft-mattsson-emu-eap-tls-psk- | Progress, Internet-Draft, draft-mattsson-emu-eap-tls-psk- | |||
| 00, 9 March 2020, <https://datatracker.ietf.org/doc/html/ | 00, 9 March 2020, <https://datatracker.ietf.org/doc/html/ | |||
| draft-mattsson-emu-eap-tls-psk-00>. | draft-mattsson-emu-eap-tls-psk-00>. | |||
| [GAA] ETSI, "Digital cellular telecommunications system (Phase | [GAA] ETSI, "Digital cellular telecommunications system (Phase | |||
| 2+); Universal Mobile Telecommunications System (UMTS); | 2+); Universal Mobile Telecommunications System (UMTS); | |||
| LTE; 3G Security; Generic Authentication Architecture | LTE; 3G Security; Generic Authentication Architecture | |||
| (GAA); System description", version 12.0.0, ETSI TR 133 | (GAA); System description", version 12.0.0, ETSI TR 133 | |||
| 919, October 2014, <https://www.etsi.org/deliver/ | 919, October 2014, <https://www.etsi.org/deliver/ | |||
| etsi_tr/133900_133999/133919/12.00.00_60/ | etsi_tr/133900_133999/133919/12.00.00_60/ | |||
| tr_133919v120000p.pdf>. | tr_133919v120000p.pdf>. | |||
| [Krawczyk] Krawczyk, H., "SIGMA: The ‘SIGn-and-MAc’ Approach to | [Krawczyk] Krawczyk, H., "SIGMA: The 'SIGn-and-MAc' Approach to | |||
| Authenticated Diffie-Hellman and Its Use in the IKE | Authenticated Diffie-Hellman and Its Use in the IKE | |||
| Protocols", DOI 10.1007/978-3-540-45146-4_24, 2003, | Protocols", DOI 10.1007/978-3-540-45146-4_24, 2003, | |||
| <https://link.springer.com/content/ | <https://link.springer.com/content/ | |||
| pdf/10.1007/978-3-540-45146-4_24.pdf>. | pdf/10.1007/978-3-540-45146-4_24.pdf>. | |||
| [LwM2M] Open Mobile Alliance, "Lightweight Machine to Machine | [LwM2M] Open Mobile Alliance, "Lightweight Machine to Machine | |||
| Technical Specification", version 1.0, February 2017, | Technical Specification", version 1.0, February 2017, | |||
| <http://www.openmobilealliance.org/release/LightweightM2M/ | <http://www.openmobilealliance.org/release/LightweightM2M/ | |||
| V1_0-20170208-A/OMA-TS-LightweightM2M- | V1_0-20170208-A/OMA-TS-LightweightM2M- | |||
| V1_0-20170208-A.pdf>. | V1_0-20170208-A.pdf>. | |||
| [OPAQUE] Bourdrez, D., Krawczyk, H., Lewi, K., and C. A. Wood, "The | [OPAQUE] Bourdrez, D., Krawczyk, H., Lewi, K., and C. A. Wood, "The | |||
| OPAQUE Asymmetric PAKE Protocol", Work in Progress, | OPAQUE Asymmetric PAKE Protocol", Work in Progress, | |||
| Internet-Draft, draft-irtf-cfrg-opaque-08, 7 March 2022, | Internet-Draft, draft-irtf-cfrg-opaque-09, 6 July 2022, | |||
| <https://datatracker.ietf.org/doc/html/draft-irtf-cfrg- | <https://datatracker.ietf.org/doc/html/draft-irtf-cfrg- | |||
| opaque-08>. | opaque-09>. | |||
| [RFC2865] Rigney, C., Willens, S., Rubens, A., and W. Simpson, | [RFC2865] Rigney, C., Willens, S., Rubens, A., and W. Simpson, | |||
| "Remote Authentication Dial In User Service (RADIUS)", | "Remote Authentication Dial In User Service (RADIUS)", | |||
| RFC 2865, DOI 10.17487/RFC2865, June 2000, | RFC 2865, DOI 10.17487/RFC2865, June 2000, | |||
| <https://www.rfc-editor.org/info/rfc2865>. | <https://www.rfc-editor.org/info/rfc2865>. | |||
| [RFC3748] Aboba, B., Blunk, L., Vollbrecht, J., Carlson, J., and H. | [RFC3748] Aboba, B., Blunk, L., Vollbrecht, J., Carlson, J., and H. | |||
| Levkowetz, Ed., "Extensible Authentication Protocol | Levkowetz, Ed., "Extensible Authentication Protocol | |||
| (EAP)", RFC 3748, DOI 10.17487/RFC3748, June 2004, | (EAP)", RFC 3748, DOI 10.17487/RFC3748, June 2004, | |||
| <https://www.rfc-editor.org/info/rfc3748>. | <https://www.rfc-editor.org/info/rfc3748>. | |||
| skipping to change at line 646 ¶ | skipping to change at line 647 ¶ | |||
| with PSK", DOI 10.1007/s00145-021-09387-y, May 2021, | with PSK", DOI 10.1007/s00145-021-09387-y, May 2021, | |||
| <https://eprint.iacr.org/2019/347.pdf>. | <https://eprint.iacr.org/2019/347.pdf>. | |||
| [Sethi] Sethi, M., Peltonen, A., and T. Aura, "Misbinding Attacks | [Sethi] Sethi, M., Peltonen, A., and T. Aura, "Misbinding Attacks | |||
| on Secure Device Pairing and Bootstrapping", | on Secure Device Pairing and Bootstrapping", | |||
| DOI 10.1145/3321705.3329813, May 2019, | DOI 10.1145/3321705.3329813, May 2019, | |||
| <https://arxiv.org/pdf/1902.07550>. | <https://arxiv.org/pdf/1902.07550>. | |||
| [SmartCard] | [SmartCard] | |||
| Bundesamt für Sicherheit in der Informationstechnik, | Bundesamt für Sicherheit in der Informationstechnik, | |||
| "Technical Guideline TR-03112-7 eCard-API-Framework – | "Technical Guideline TR-03112-7 eCard-API-Framework - | |||
| Protocols", version 1.1.5, April 2015, <https://www.bsi.bu | Protocols", version 1.1.5, April 2015, <https://www.bsi.bu | |||
| nd.de/SharedDocs/Downloads/DE/BSI/Publikationen/ | nd.de/SharedDocs/Downloads/DE/BSI/Publikationen/ | |||
| TechnischeRichtlinien/TR03112/TR- | TechnischeRichtlinien/TR03112/TR- | |||
| 03112-api_teil7.pdf?__blob=publicationFile&v=1>. | 03112-api_teil7.pdf?__blob=publicationFile&v=1>. | |||
| Acknowledgements | Acknowledgements | |||
| This document is the output of the TLS External PSK Design Team, | This document is the output of the TLS External PSK Design Team, | |||
| comprised of the following members: Benjamin Beurdouche, Björn Haase, | comprised of the following members: Benjamin Beurdouche, Björn Haase, | |||
| Christopher Wood, Colm MacCarthaigh, Eric Rescorla, Jonathan Hoyland, | Christopher Wood, Colm MacCarthaigh, Eric Rescorla, Jonathan Hoyland, | |||
| End of changes. 10 change blocks. | ||||
| 14 lines changed or deleted | 15 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. | ||||