Hi All
A new extension is proposed for [D]TLS1.2 and its lower version(not for
[D]TLS1.3), to send PSKID in client hello msg instead of client key exchange
msg. Using this extension, client can send its list of PSKIDs to server in its
hello msg and server can select any one of them and respond in its hello msg.
- With the help of this extn, PSK cipher handshake can be completed in
1RTT. Messages exchanged are similar to resumption.
- For DHE_PSK, RSA_PSK and ECDHE_PSK ciphers, PSKID in client hello msg
gives additional information to server for cipher negotiation. If unknown
PSKIDs are present, then server can select any NON PSK cipher or fail at that
place only (instead of failing in finished message verification).
Already we received interest and review comments from Nikos Mavrogiannopoulos,
David Woodhouse and Andreas Walz. Based on that we have submitted the 3rd
version of this document.
I am requesting other members of this group also to look into and provide
comments for further improvements.
Regards,
Raja Ashok V K
Huawei Technologies
Bangalore, India
http://www.huawei.com
本邮件及其附件含有华为公司的保密信息,仅限于发送给上面地址中列出的个人或群组。禁
止任何其他人以任何形式使用(包括但不限于全部或部分地泄露、复制、或散发)本邮件中
的信息。如果您错收了本邮件,请您立即电话或邮件通知发件人并删除本邮件!
This e-mail and its attachments contain confidential information from HUAWEI,
which
is intended only for the person or entity whose address is listed above. Any
use of the
information contained herein in any way (including, but not limited to, total
or partial
disclosure, reproduction, or dissemination) by persons other than the intended
recipient(s) is prohibited. If you receive this e-mail in error, please notify
the sender by
phone or email immediately and delete it!
-----Original Message-----
From: [email protected] [mailto:[email protected]]
Sent: 17 December 2016 04:11
To: Raja ashok; Raja ashok; Jayaraghavendran Kuppannan
Subject: New Version Notification for
draft-jay-tls-psk-identity-extension-02.txt
A new version of I-D, draft-jay-tls-psk-identity-extension-02.txt
has been successfully submitted by Raja Ashok V K and posted to the IETF
repository.
Name: draft-jay-tls-psk-identity-extension
Revision: 02
Title: TLS/DTLS PSK Identity Extension
Document date: 2016-12-15
Group: Individual Submission
Pages: 10
URL:
https://www.ietf.org/internet-drafts/draft-jay-tls-psk-identity-extension-02.txt
Status:
https://datatracker.ietf.org/doc/draft-jay-tls-psk-identity-extension/
Htmlized:
https://tools.ietf.org/html/draft-jay-tls-psk-identity-extension-02
Diff:
https://www.ietf.org/rfcdiff?url2=draft-jay-tls-psk-identity-extension-02
Abstract:
Pre-Shared Key (PSK) based Key Exchange Mechanism is primarily used
in constrained environments where resource intensive Asymmetric
Cryptography cannot be used. In the Internet of Things (IoT)
deployments, constrained devices are commonly used for collecting
data via sensors for use in home automation, smart energy etc. In
this context, DTLS is being considered as the primary protocol for
communication security at the application layer and in some cases, it
is also being considered for network access authentication.
This document provides a specification for a new extension for
Optimizing DTLS and TLS Handshake when the Pre-Shared Key (PSK) based
Key Exchange is used. This extension is aimed at reducing the number
of messages exchanged and the RTT of the TLS & DTLS Handshakes.
Hi,
I am submitting my 3rd version of our
draft(draft-jay-tls-psk-identity-extension) in TLS working group.
Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.
The IETF Secretariat
_______________________________________________
TLS mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/tls
