TLS Elliptic Curve Cipher Suites with SHA-256/384 and AES Galois Counter Mode
draft-ietf-tls-ecc-new-mac-07.txt

Status of this Memo

By submitting this Internet-Draft, each author represents that any applicable patent or other IPR claims of which he or she is aware have been or will be disclosed, and any of which he or she becomes aware will be disclosed, in accordance with Section 6 of BCP 79.

Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts.

Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as “work in progress.”

The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt.

The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html.

This Internet-Draft will expire on November 11, 2008.

Abstract

RFC 4492 describes elliptic curve cipher suites for Transport Layer Security (TLS). However, all those cipher suites use SHA-1 as their MAC algorithm. This document describes sixteen new cipher suites for TLS which specify stronger digest algorithms. Eight use HMAC with SHA-256 or SHA-384 and eight use AES in Galois Counter Mode (GCM).

Table of Contents

1.  Introduction
2.  Conventions Used In This Document
3.  Cipher Suites
    3.1.  HMAC-based Cipher Suites
    3.2.  Galois Counter Mode-based Cipher Suites
4.  Security Considerations
5.  IANA Considerations
6.  Acknowledgements
7.  References
    7.1.  Normative References
    7.2.  Informative References
§  Author's Address
§  Intellectual Property and Copyright Statements

1.  Introduction

RFC 4492 [RFC4492] (Blake-Wilson, S., Bolyard, N., Gupta, V., Hawk, C., and B. Moeller, “Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS),” May 2006.) describes Elliptic Curve Cryptography (ECC) cipher suites for Transport Layer Security (TLS). However, all of the RFC 4492 suites use HMAC-SHA1 as their MAC algorithm. Due to recent analytic work on SHA-1 [Wang05] (Wang, X., Yin, Y., and H. Yu, “Finding Collisions in the Full SHA-1,” August 2005.), the IETF is gradually moving away from SHA-1 and towards stronger hash algorithms. This document specifies TLS ECC cipher suites which use SHA-256 and SHA-384 [SHS] (National Institute of Standards and Technology, “Secure Hash Standard,” August 2002.) rather than SHA-1.

TLS 1.2 [I‑D.ietf‑tls‑rfc4346‑bis] (Dierks, T. and E. Rescorla, “The Transport Layer Security (TLS) Protocol Version 1.2,” March 2008.), adds support for authenticated encryption with additional data (AEAD) cipher modes [RFC5116] (McGrew, D., “An Interface and Algorithms for Authenticated Encryption,” January 2008.). This document also specifies a set of ECC cipher suites using one such mode, Galois Counter Mode (GCM) [GCM] (National Institute of Standards and Technology, “Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) for Confidentiality and Authentication,” November 2007.). Another document [I‑D.ietf‑tls‑rsa‑aes‑gcm] (Salowey, J., Choudhury, A., and D. McGrew, “AES-GCM Cipher Suites for TLS,” April 2008.), provides support for GCM with other key establishment methods.

2.  Conventions Used In This Document

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119] (Bradner, S., “Key words for use in RFCs to Indicate Requirement Levels,” March 1997.).