RFC 9150
TLS 1.3 Authentication and Integrity-Only Cipher Suites, April 2022
- File formats:
- Also available: XML file for editing
- Status:
- INFORMATIONAL
- Authors:
- N. Cam-Winget
J. Visoky - Stream:
- INDEPENDENT
Cite this RFC: TXT | XML | BibTeX
DOI: https://doi.org/10.17487/RFC9150
Discuss this RFC: Send questions or comments to the mailing list rfc-ise@rfc-editor.org
Other actions: Submit Errata | Find IPR Disclosures from the IETF | View History of RFC 9150
Abstract
This document defines the use of cipher suites for TLS 1.3 based on Hashed Message Authentication Code (HMAC). Using these cipher suites provides server and, optionally, mutual authentication and data authenticity, but not data confidentiality. Cipher suites with these properties are not of general applicability, but there are use cases, specifically in Internet of Things (IoT) and constrained environments, that do not require confidentiality of exchanged messages while still requiring integrity protection, server authentication, and optional client authentication. This document gives examples of such use cases, with the caveat that prior to using these integrity-only cipher suites, a threat model for the situation at hand is needed, and a threat analysis must be performed within that model to determine whether the use of integrity-only cipher suites is appropriate. The approach described in this document is not endorsed by the IETF and does not have IETF consensus, but it is presented here to enable interoperable implementation of a reduced-security mechanism that provides authentication and message integrity without supporting confidentiality.
For the definition of Status, see RFC 2026.
For the definition of Stream, see RFC 8729.