| < draft-ietf-tls-rfc4492bis-01.txt | draft-ietf-tls-rfc4492bis-02.txt > | |||
|---|---|---|---|---|
| TLS Working Group Y. Nir | TLS Working Group Y. Nir | |||
| Internet-Draft Check Point | Internet-Draft Check Point | |||
| Intended status: Standards Track January 13, 2015 | Intended status: Standards Track March 9, 2015 | |||
| Expires: July 17, 2015 | Expires: September 10, 2015 | |||
| Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer | Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer | |||
| Security (TLS) Versions 1.2 and Earlier | Security (TLS) Versions 1.2 and Earlier | |||
| draft-ietf-tls-rfc4492bis-01 | draft-ietf-tls-rfc4492bis-02 | |||
| Abstract | Abstract | |||
| This document describes key exchange algorithms based on Elliptic | This document describes key exchange algorithms based on Elliptic | |||
| Curve Cryptography (ECC) for the Transport Layer Security (TLS) | Curve Cryptography (ECC) for the Transport Layer Security (TLS) | |||
| protocol. In particular, it specifies the use of Ephemeral Elliptic | protocol. In particular, it specifies the use of Ephemeral Elliptic | |||
| Curve Diffie-Hellman (ECDHE) key agreement in a TLS handshake and the | Curve Diffie-Hellman (ECDHE) key agreement in a TLS handshake and the | |||
| use of Elliptic Curve Digital Signature Algorithm (ECDSA) as a new | use of Elliptic Curve Digital Signature Algorithm (ECDSA) as a new | |||
| authentication mechanism. | authentication mechanism. | |||
| skipping to change at page 1, line 36 ¶ | skipping to change at page 1, line 36 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on July 17, 2015. | This Internet-Draft will expire on September 10, 2015. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2015 IETF Trust and the persons identified as the | Copyright (c) 2015 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 23, line 44 ¶ | skipping to change at page 23, line 44 ¶ | |||
| 1.2 the KDF is determined by ciphersuite; it is conceivable that | 1.2 the KDF is determined by ciphersuite; it is conceivable that | |||
| future TLS versions or new TLS extensions introduced in the future | future TLS versions or new TLS extensions introduced in the future | |||
| may vary this computation.) | may vary this computation.) | |||
| All ECDSA computations MUST be performed according to ANSI X9.62 or | All ECDSA computations MUST be performed according to ANSI X9.62 or | |||
| its successors. Data to be signed/verified is hashed, and the result | its successors. Data to be signed/verified is hashed, and the result | |||
| run directly through the ECDSA algorithm with no additional hashing. | run directly through the ECDSA algorithm with no additional hashing. | |||
| The default hash function is SHA-1 [FIPS.180-2], and sha_size (see | The default hash function is SHA-1 [FIPS.180-2], and sha_size (see | |||
| Section 5.4 and Section 5.8) is 20. However, an alternative hash | Section 5.4 and Section 5.8) is 20. However, an alternative hash | |||
| function, such as one of the new SHA hash functions specified in FIPS | function, such as one of the new SHA hash functions specified in FIPS | |||
| 180-2 [FIPS.180-2], may be used instead if the certificate containing | 180-2 [FIPS.180-2], may be used instead. | |||
| the EC public key explicitly requires use of another hash function. | ||||
| (The mechanism for specifying the required hash function has not been | RFC 4492 anticipated the standardization of a mechanism for | |||
| standardized, but this provision anticipates such standardization and | specifying the required hash function in the certificate, perhaps in | |||
| obviates the need to update this document in response. Future PKIX | the parameters field of the subjectPublicKeyInfo. Such | |||
| RFCs may choose, for example, to specify the hash function to be used | standardization never took place, and as a result, SHA-1 is used in | |||
| with a public key in the parameters field of subjectPublicKeyInfo.) | TLS 1.1 and earlier. TLS 1.2 added a SignatureAndHashAlgorithm | |||
| parameter to the DigitallySigned struct, thus allowing agility in | ||||
| choosing the signature hash. | ||||
| All RSA signatures must be generated and verified according to | All RSA signatures must be generated and verified according to | |||
| [PKCS1] block type 1. | [PKCS1] block type 1. | |||
| 6. Cipher Suites | 6. Cipher Suites | |||
| The table below defines new ECC cipher suites that use the key | The table below defines new ECC cipher suites that use the key | |||
| exchange algorithms specified in Section 2. | exchange algorithms specified in Section 2. | |||
| +---------------------------------------+----------------+ | +---------------------------------------+----------------+ | |||
| | CipherSuite | Identifier | | | CipherSuite | Identifier | | |||
| End of changes. 4 change blocks. | ||||
| 11 lines changed or deleted | 14 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||