idnits 2.17.1 

draft-ietf-tls-psk-null-00.txt:

  Checking boilerplate required by RFC 5378 and the IETF Trust (see
  https://trustee.ietf.org/license-info):
  ----------------------------------------------------------------------------

  ** It looks like you're using RFC 3978 boilerplate.  You should update this
     to the boilerplate described in the IETF Trust License Policy document
     (see https://trustee.ietf.org/license-info), which is required now.

  -- Found old boilerplate from RFC 3978, Section 5.1 on line 17.

  -- Found old boilerplate from RFC 3978, Section 5.5 on line 186.

  -- Found old boilerplate from RFC 3979, Section 5, paragraph 1 on line 163.

  -- Found old boilerplate from RFC 3979, Section 5, paragraph 2 on line 170.

  -- Found old boilerplate from RFC 3979, Section 5, paragraph 3 on line 176.

  ** This document has an original RFC 3978 Section 5.4 Copyright Line,
     instead of the newer IETF Trust Copyright according to RFC 4748.

  ** This document has an original RFC 3978 Section 5.5 Disclaimer, instead
     of the newer disclaimer which includes the IETF Trust according to RFC
     4748.


  Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
  ----------------------------------------------------------------------------

  == No 'Intended status' indicated for this document; assuming Proposed
     Standard


  Checking nits according to https://www.ietf.org/id-info/checklist :
  ----------------------------------------------------------------------------

  ** The abstract seems to contain references ([TLS], [TLS-PSK]), which it
     shouldn't.  Please replace those with straight textual mentions of the
     documents in question.


  Miscellaneous warnings:
  ----------------------------------------------------------------------------

  == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not
     match the current year

  == The document doesn't use any RFC 2119 keywords, yet seems to have RFC
     2119 boilerplate text.

  -- The document seems to lack a disclaimer for pre-RFC5378 work, but may
     have content which was first submitted before 10 November 2008.  If you
     have contacted all the original authors and they are all willing to grant
     the BCP78 rights to the IETF Trust, then this is fine, and you can ignore
     this comment.  If not, you may need to add the pre-RFC5378 disclaimer. 
     (See the Legal Provisions document at
     https://trustee.ietf.org/license-info for more information.)

  -- The document date (July 19, 2006) is 6483 days in the past.  Is this
     intentional?


  Checking references for intended status: Proposed Standard
  ----------------------------------------------------------------------------

     (See RFCs 3967 and 4897 for information about using normative references
     to lower-maturity documents in RFCs)

  ** Obsolete normative reference: RFC 4346 (ref. 'TLS') (Obsoleted by RFC
     5246)


     Summary: 5 errors (**), 0 flaws (~~), 3 warnings (==), 7 comments (--).

     Run idnits with the --verbose option for more detailed information about
     the items above.

--------------------------------------------------------------------------------

1	TLS Working Group                                         U. Blumenthal
2	Internet Draft                                                  P. Goel
3	Expires: January 2007                                 Intel Corporation
4	                                                          July 19, 2006

6	               Pre-Shared Key Cipher Suite with NULL Encryption for
7	                         Transport Layer Security

9	                      draft-ietf-tls-psk-null-00.txt

11	Status of this Memo

13	   By submitting this Internet-Draft, each author represents that
14	   any applicable patent or other IPR claims of which he or she is
15	   aware have been or will be disclosed, and any of which he or she
16	   becomes aware will be disclosed, in accordance with Section 6 of
17	   BCP 79.

19	   Internet-Drafts are working documents of the Internet Engineering
20	   Task Force (IETF), its areas, and its working groups.  Note that
21	   other groups may also distribute working documents as Internet-
22	   Drafts.

24	   Internet-Drafts are draft documents valid for a maximum of six months
25	   and may be updated, replaced, or obsoleted by other documents at any
26	   time.  It is inappropriate to use Internet-Drafts as reference
27	   material or to cite them other than as "work in progress."

29	   The list of current Internet-Drafts can be accessed at
30	        http://www.ietf.org/ietf/1id-abstracts.txt

32	   The list of Internet-Draft Shadow Directories can be accessed at
33	        http://www.ietf.org/shadow.html

35	   This Internet-Draft will expire on January 19, 2007.

37	Abstract

39	   This document specifies authentication-only cipher suites for the
40	   Pre-Shared Key based [TLS-PSK] Transport Layer Security (TLS) [TLS]
41	   protocol to support null encryption. These cipher suites are useful
42	   for countries and places with cryptography-related restrictions.

44	Conventions used in this document

46	   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
47	   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
48	   document are to be interpreted as described in [RFC2119].

50	Table of Contents

52	   1. Introduction...................................................2
53	   2. Cipher Usage...................................................2
54	   3. Security Considerations........................................3
55	   4. IANA Considerations............................................3
56	   5. Acknowledgments................................................3
57	   6. References.....................................................3
58	      6.1. Normative References......................................3
59	   Author's Addresses................................................4
60	   Intellectual Property Statement...................................4
61	   Disclaimer of Validity............................................5
62	   Copyright Statement...............................................5
63	   Acknowledgment....................................................5

65	1. Introduction

67	   The RFC for Pre-Shared Key based TLS [TLS-PSK] specifies cipher
68	   suites for supporting TLS using pre-shared symmetric keys. However
69	   all the cipher suites defined in [TLS-PSK] require encryption. There
70	   is a need for a cipher suite that supports no encryption. This is
71	   required for implementations to meet import restrictions in some
72	   countries. Even though no encryption is used, this cipher suite
73	   supports authentication of the client and server to each other, and
74	   message integrity. This document augments [TLS-PSK] by adding three
75	   more cipher suites (PSK, DHE, RSA) with authentication and integrity
76	   only - no encryption.

78	2. Cipher Usage

80	   The new cipher suites proposed here is very similar to cipher suites
81	   defined in [TLS-PSK], except that they define null encryption.

83	   The cipher suites defined here uses the following options for key
84	   exchange and hash part of the protocol:

86	   CipherSuite                     Key Exchange   Cipher      Hash

88	   TLS_PSK_WITH_NULL_SHA           PSK            NULL        SHA
89	   TLS_DHE_PSK_WITH_NULL_SHA       DHE_PSK        NULL        SHA
90	   TLS_RSA_PSK_WITH_NULL_SHA       RSA_PSK        NULL        SHA

92	   For the meaning of the terms PSK please refer to section 1 in [TLS-
93	   PSK]. For the meaning of the terms DHE and RSA please refer to
94	   section 7.4.2 in [TLS].

96	3. Security Considerations

98	   As with all schemes involving shared keys, special care should be
99	   taken to protect the shared values and to limit their exposure over
100	   time. As this document augments [TLS-PSK], everything stated in its
101	   Security Consideration section applies here. In addition, as cipher
102	   suites defined here do not support confidentiality - care should be
103	   taken not to send confidential information (such as passwords) over
104	   TLS-PSK connection with no encryption.

106	4. IANA Considerations

108	   This document defines three new cipher suites, whose values are to be
109	   assigned from the TLS Cipher Suite registry defined in [TLS].

111	   CipherSuite   TLS_PSK_WITH_NULL_SHA      = { 0x00, 0xTBD1 };
112	   CipherSuite   TLS_DHE_PSK_WITH_NULL_SHA  = { 0x00, 0xTBD2 };
113	   CipherSuite   TLS_RSA_PSK_WITH_NULL_SHA  = { 0x00, 0xTBD3 };

115	5. Acknowledgments

117	   The cipher suite defined in this document is an augmentation to and
118	   based on [TLS-PSK].

120	6. References

122	6.1. Normative References

124	   [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
125	             Requirement Levels", BCP 14, RFC 2119, March 1997.

127	   [TLS]     Dierks, T. and Rescorla, E., "The TLS Protocol Version
128	             1.1", RFC 4346, April 2006.

130	   [TLS-PSK] Eronen, P., Tschofenig, H., "Pre-Shared Key CipherSuites
131	             for Transport Layer Security (TLS)", RFC 4279, December
132	             2005.

134	Author's Addresses

136	   Uri Blumenthal
137	   Intel Corporation
138	   1515 State Route 10,
139	   3PY1-3.536
140	   Parsippany, NJ 07054
141	   USA

143	   Email: uri.blumenthal@intel.com

145	   Purushottam Goel
146	   Intel Corporation
147	   2111 N.E. 25 Ave.
148	   JF3-414
149	   Hillsboro, OR 97124
150	   USA

152	   Email: Purushottam.goel@intel.com

154	Intellectual Property Statement

156	   The IETF takes no position regarding the validity or scope of any
157	   Intellectual Property Rights or other rights that might be claimed to
158	   pertain to the implementation or use of the technology described in
159	   this document or the extent to which any license under such rights
160	   might or might not be available; nor does it represent that it has
161	   made any independent effort to identify any such rights.  Information
162	   on the procedures with respect to rights in RFC documents can be
163	   found in BCP 78 and BCP 79.

165	   Copies of IPR disclosures made to the IETF Secretariat and any
166	   assurances of licenses to be made available, or the result of an
167	   attempt made to obtain a general license or permission for the use of
168	   such proprietary rights by implementers or users of this
169	   specification can be obtained from the IETF on-line IPR repository at
170	   http://www.ietf.org/ipr.

172	   The IETF invites any interested party to bring to its attention any
173	   copyrights, patents or patent applications, or other proprietary
174	   rights that may cover technology that may be required to implement
175	   this standard.  Please address the information to the IETF at
176	   ietf-ipr@ietf.org.

178	Disclaimer of Validity

180	   This document and the information contained herein are provided on an
181	   "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
182	   OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
183	   ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
184	   INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
185	   INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
186	   WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

188	Copyright Statement

190	   Copyright (C) The Internet Society (2006).

192	   This document is subject to the rights, licenses and restrictions
193	   contained in BCP 78, and except as set forth therein, the authors
194	   retain all their rights.

196	Acknowledgment

198	   Funding for the RFC Editor function is currently provided by the
199	   Internet Society.