From 3fbeb8f2dabee3121d4512edec4cc8b083e44018 Mon Sep 17 00:00:00 2001 From: Thomas Fossati Date: Tue, 3 Sep 2024 10:54:11 +0200 Subject: [PATCH] PFS and integrity-only ciphersuites Fix #43 Signed-off-by: Thomas Fossati --- draft-ietf-uta-tls13-iot-profile.md | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/draft-ietf-uta-tls13-iot-profile.md b/draft-ietf-uta-tls13-iot-profile.md index 5214e56..a28a704 100644 --- a/draft-ietf-uta-tls13-iot-profile.md +++ b/draft-ietf-uta-tls13-iot-profile.md @@ -224,10 +224,16 @@ protocol. Additionally, the work on Compact TLS (cTLS) {{?I-D.ietf-tls-ctls}} ha a step further by utilizing out-of-band knowledge between the communication parties to reduce the amount of data to be transmitted at each individual handshake, among applying other techniques. -# Perfect Forward Secrecy +# Forward Secrecy -TLS 1.3 allows the use of PFS with all ciphersuites since the support for it is -negotiated independently. +RFC8446 has removed Static RSA and Diffie-Hellman cipher suites, therefore all public-key-based key exchange mechanisms available in TLS 1.3 provide forward secrecy. + +Pre-shared keys (PSKs) can be used with (EC)DHE key exchange to provide forward secrecy or can be used alone, at the cost of losing forward secrecy for the application data. + +# Authentication and Integrity-only Cipher Suites + +For a few, very specific Industrial IoT use cases {{?RFC9150}} defines two cipher suites that provide data authenticity, but not data confidentiality. +Please review the security and privacy considerations about their use detailed in {{Section 9 of RFC9150}}. # Keep-Alive