Network Working Group M. Badra Request for Comments: 5487 CNRS/LIMOS Laboratory Category: Standards Track March 2009
Network Working Group M. Badra Request for Comments: 5487 CNRS/LIMOS Laboratory Category: Standards Track March 2009
Pre-Shared Key Cipher Suites for TLS with SHA-256/384 and AES Galois Counter Mode
具有SHA-256/384和AES伽罗瓦计数器模式的TLS预共享密钥密码套件
Status of This Memo
关于下段备忘
This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.
本文件规定了互联网社区的互联网标准跟踪协议,并要求进行讨论和提出改进建议。有关本协议的标准化状态和状态,请参考当前版本的“互联网官方协议标准”(STD 1)。本备忘录的分发不受限制。
Copyright Notice
版权公告
Copyright (c) 2009 IETF Trust and the persons identified as the document authors. All rights reserved.
版权所有(c)2009 IETF信托基金和确定为文件作者的人员。版权所有。
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents in effect on the date of publication of this document (http://trustee.ietf.org/license-info). Please review these documents carefully, as they describe your rights and restrictions with respect to this document.
本文件受BCP 78和IETF信托在本文件出版之日生效的与IETF文件有关的法律规定的约束(http://trustee.ietf.org/license-info). 请仔细阅读这些文件,因为它们描述了您对本文件的权利和限制。
This document may contain material from IETF Documents or IETF Contributions published or made publicly available before November 10, 2008. The person(s) controlling the copyright in some of this material may not have granted the IETF Trust the right to allow modifications of such material outside the IETF Standards Process. Without obtaining an adequate license from the person(s) controlling the copyright in such materials, this document may not be modified outside the IETF Standards Process, and derivative works of it may not be created outside the IETF Standards Process, except to format it for publication as an RFC or to translate it into languages other than English.
本文件可能包含2008年11月10日之前发布或公开的IETF文件或IETF贡献中的材料。控制某些材料版权的人员可能未授予IETF信托允许在IETF标准流程之外修改此类材料的权利。在未从控制此类材料版权的人员处获得充分许可的情况下,不得在IETF标准流程之外修改本文件,也不得在IETF标准流程之外创建其衍生作品,除了将其格式化以RFC形式发布或将其翻译成英语以外的其他语言。
Abstract
摘要
RFC 4279 and RFC 4785 describe pre-shared key cipher suites for Transport Layer Security (TLS). However, all those cipher suites use SHA-1 in their Message Authentication Code (MAC) algorithm. This document describes a set of pre-shared key cipher suites for TLS that uses stronger digest algorithms (i.e., SHA-256 or SHA-384) and another set that uses the Advanced Encryption Standard (AES) in Galois Counter Mode (GCM).
RFC 4279和RFC 4785描述了用于传输层安全(TLS)的预共享密钥密码套件。然而,所有这些密码套件在其消息认证码(MAC)算法中都使用SHA-1。本文档描述了一组使用更强摘要算法(即SHA-256或SHA-384)的TLS预共享密钥密码套件和另一组在Galois计数器模式(GCM)下使用高级加密标准(AES)的TLS预共享密钥密码套件。
Table of Contents
目录
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 2 1.1. Applicability Statement . . . . . . . . . . . . . . . . . . 3 1.2. Conventions Used in This Document . . . . . . . . . . . . . 3 2. PSK, DHE_PSK, and RSA_PSK Key Exchange Algorithms with AES-GCM . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. PSK, DHE_PSK, and RSA_PSK Key Exchange with SHA-256/384 . . . . 4 3.1. PSK Key Exchange Algorithm with SHA-256/384 . . . . . . . . 4 3.2. DHE_PSK Key Exchange Algorithm with SHA-256/384 . . . . . . 5 3.3. RSA_PSK Key Exchange Algorithm with SHA-256/384 . . . . . . 5 4. Security Considerations . . . . . . . . . . . . . . . . . . . . 5 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 5 6. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . 6 7. References . . . . . . . . . . . . . . . . . . . . . . . . . . 6 7.1. Normative References . . . . . . . . . . . . . . . . . . . 6 7.2. Informative References . . . . . . . . . . . . . . . . . . 7
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 2 1.1. Applicability Statement . . . . . . . . . . . . . . . . . . 3 1.2. Conventions Used in This Document . . . . . . . . . . . . . 3 2. PSK, DHE_PSK, and RSA_PSK Key Exchange Algorithms with AES-GCM . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. PSK, DHE_PSK, and RSA_PSK Key Exchange with SHA-256/384 . . . . 4 3.1. PSK Key Exchange Algorithm with SHA-256/384 . . . . . . . . 4 3.2. DHE_PSK Key Exchange Algorithm with SHA-256/384 . . . . . . 5 3.3. RSA_PSK Key Exchange Algorithm with SHA-256/384 . . . . . . 5 4. Security Considerations . . . . . . . . . . . . . . . . . . . . 5 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 5 6. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . 6 7. References . . . . . . . . . . . . . . . . . . . . . . . . . . 6 7.1. Normative References . . . . . . . . . . . . . . . . . . . 6 7.2. Informative References . . . . . . . . . . . . . . . . . . 7
The benefits of pre-shared symmetric-key vs. public-/private-key pair based authentication for the key exchange in TLS have been explained in the Introduction of [RFC4279]. This document leverages the already defined algorithms for the application of newer, generally regarded stronger, cryptographic primitives and building blocks.
[RFC4279]的介绍中解释了预共享对称密钥相对于基于公钥/私钥对的TLS密钥交换身份验证的好处。本文档利用已定义的算法应用较新的、通常认为更强的加密原语和构建块。
TLS 1.2 [RFC5246] adds support for authenticated encryption with additional data (AEAD) cipher modes [RFC5116]. This document describes the use of Advanced Encryption Standard [AES] in Galois Counter Mode [GCM] (AES-GCM) with various pre-shared key (PSK) authenticated key exchange mechanisms ([RFC4279] and [RFC4785]) in cipher suites for TLS.
TLS 1.2[RFC5246]增加了对使用附加数据(AEAD)密码模式进行身份验证加密的支持[RFC5116]。本文档描述了在Galois计数器模式[GCM](AES-GCM)中使用高级加密标准[AES],以及TLS密码套件中的各种预共享密钥(PSK)认证密钥交换机制([RFC4279]和[RFC4785])。
This document also specifies PSK cipher suites for TLS that replace SHA-1 by SHA-256 or SHA-384 [SHS]. RFC 4279 [RFC4279] and RFC 4785 [RFC4785] describe PSK cipher suites for TLS. However, all of the RFC 4279 and the RFC 4785 cipher suites use HMAC-SHA1 as their MAC algorithm. Due to recent analytic work on SHA-1 [Wang05], the IETF is gradually moving away from SHA-1 and towards stronger hash algorithms.
本文件还规定了用SHA-256或SHA-384[SHS]代替SHA-1的TLS的PSK密码套件。RFC 4279[RFC4279]和RFC 4785[RFC4785]描述了TLS的PSK密码套件。然而,所有RFC 4279和RFC 4785密码套件都使用HMAC-SHA1作为其MAC算法。由于最近对SHA-1的分析工作[Wang05],IETF正逐渐从SHA-1转向更强的散列算法。
Related TLS cipher suites with key exchange algorithms that are authenticated using public/private key pairs have recently been specified:
最近指定了具有使用公钥/私钥对进行身份验证的密钥交换算法的相关TLS密码套件:
o RSA-, DSS-, and Diffie-Hellman-based cipher suites in [RFC5288], and
o [RFC5288]中基于RSA、DSS和Diffie-Hellman的密码套件,以及
o ECC-based cipher suites with SHA-256/384 and AES-GCM in [RFC5289].
o [RFC5289]中带有SHA-256/384和AES-GCM的基于ECC的密码套件。
The reader is expected to become familiar with these two memos prior to studying this document.
在学习本文件之前,读者应熟悉这两份备忘录。
The cipher suites defined in Section 3 can be negotiated, whatever the negotiated TLS version is.
第3节中定义的密码套件可以协商,无论协商的TLS版本是什么。
The cipher suites defined in Section 2 can be negotiated in TLS version 1.2 or higher.
第2节中定义的密码套件可以在TLS版本1.2或更高版本中协商。
The applicability statement in [RFC4279] applies to this document as well.
[RFC4279]中的适用性声明也适用于本文件。
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119].
本文件中的关键词“必须”、“不得”、“必需”、“应”、“不应”、“应”、“不应”、“建议”、“可”和“可选”应按照[RFC2119]中所述进行解释。
The following six cipher suites use the new authenticated encryption modes defined in TLS 1.2 with AES in Galois Counter Mode [GCM]. The cipher suites with the DHE_PSK key exchange algorithm (TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 and TLS_DHE_PSK_WITH_AES_256_GCM_SHA348) provide Perfect Forward Secrecy (PFS).
以下六个密码套件使用TLS 1.2中定义的新认证加密模式,AES采用伽罗瓦计数器模式[GCM]。带有DHE_PSK密钥交换算法的密码套件(TLS_DHE_PSK_with_AES_128_GCM_SHA256和TLS_DHE_PSK_with_AES_256_GCM_SHA348)提供了完美的前向保密性(PFS)。
CipherSuite TLS_PSK_WITH_AES_128_GCM_SHA256 = {0x00,0xA8}; CipherSuite TLS_PSK_WITH_AES_256_GCM_SHA384 = {0x00,0xA9}; CipherSuite TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 = {0x00,0xAA}; CipherSuite TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 = {0x00,0xAB}; CipherSuite TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 = {0x00,0xAC}; CipherSuite TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 = {0x00,0xAD};
CipherSuite TLS_PSK_WITH_AES_128_GCM_SHA256 = {0x00,0xA8}; CipherSuite TLS_PSK_WITH_AES_256_GCM_SHA384 = {0x00,0xA9}; CipherSuite TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 = {0x00,0xAA}; CipherSuite TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 = {0x00,0xAB}; CipherSuite TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 = {0x00,0xAC}; CipherSuite TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 = {0x00,0xAD};
These cipher suites use authenticated encryption with additional data (AEAD) algorithms, AEAD_AES_128_GCM and AEAD_AES_256_GCM, as described in RFC 5116. GCM is used as described in [RFC5288].
如RFC 5116所述,这些密码套件使用带有附加数据(AEAD)算法的认证加密,AEAD_AES_128_GCM和AEAD_AES_256_GCM。GCM的使用如[RFC5288]所述。
The PSK, DHE_PSK, and RSA_PSK key exchanges are performed as defined in [RFC4279].
PSK、DHE_PSK和RSA_PSK密钥交换按照[RFC4279]中的定义执行。
The Pseudo-Random Function (PRF) algorithms SHALL be as follows:
伪随机函数(PRF)算法应如下所示:
o For cipher suites ending with _SHA256, the PRF is the TLS PRF [RFC5246] with SHA-256 as the hash function.
o 对于以_SHA256结尾的密码套件,PRF是TLS PRF[RFC5246],SHA-256作为哈希函数。
o For cipher suites ending with _SHA384, the PRF is the TLS PRF [RFC5246] with SHA-384 as the hash function.
o 对于以_SHA384结尾的密码套件,PRF是TLS PRF[RFC5246],SHA-384作为哈希函数。
Implementations MUST send a TLS Alert 'bad_record_mac' for all types of failures encountered in processing the AES-GCM algorithm.
对于处理AES-GCM算法时遇到的所有类型的故障,实施必须发送TLS警报“bad_record_mac”。
The first two cipher suites described in each of the following three sections use AES [AES] in Cipher Block Chaining (CBC) mode [MODES] for data confidentiality, whereas the other two cipher suites do not provide data confidentiality; all cipher suites provide integrity protection and authentication using HMAC-based MACs.
以下三节中描述的前两个密码套件在密码块链接(CBC)模式[模式]中使用AES[AES]进行数据保密,而其他两个密码套件不提供数据保密性;所有密码套件都使用基于HMAC的MAC提供完整性保护和身份验证。
CipherSuite TLS_PSK_WITH_AES_128_CBC_SHA256 = {0x00,0xAE}; CipherSuite TLS_PSK_WITH_AES_256_CBC_SHA384 = {0x00,0xAF}; CipherSuite TLS_PSK_WITH_NULL_SHA256 = {0x00,0xB0}; CipherSuite TLS_PSK_WITH_NULL_SHA384 = {0x00,0xB1};
CipherSuite TLS_PSK_WITH_AES_128_CBC_SHA256 = {0x00,0xAE}; CipherSuite TLS_PSK_WITH_AES_256_CBC_SHA384 = {0x00,0xAF}; CipherSuite TLS_PSK_WITH_NULL_SHA256 = {0x00,0xB0}; CipherSuite TLS_PSK_WITH_NULL_SHA384 = {0x00,0xB1};
The above four cipher suites are the same as the corresponding cipher suites in RFC 4279 and RFC 4785 (with names ending in "_SHA" in place of "_SHA256" or "_SHA384"), except for the hash and PRF algorithms, as explained below.
上述四个密码套件与RFC 4279和RFC 4785中相应的密码套件相同(名称以“_SHA”结尾,而不是“_SHA256”或“_SHA384”),但散列和PRF算法除外,如下所述。
o For cipher suites with names ending in "_SHA256":
o 对于名称以“_SHA256”结尾的密码套件:
* The MAC is HMAC [RFC2104] with SHA-256 as the hash function.
* MAC为HMAC[RFC2104],SHA-256为哈希函数。
* When negotiated in a version of TLS prior to 1.2, the PRF from that version is used; otherwise, the PRF is the TLS PRF [RFC5246] with SHA-256 as the hash function.
* 在1.2之前的TLS版本中协商时,使用该版本的PRF;否则,PRF是TLS PRF[RFC5246],SHA-256作为哈希函数。
o For cipher suites with names ending in "_SHA384":
o 对于名称以“_SHA384”结尾的密码套件:
* The MAC is HMAC [RFC2104] with SHA-384 as the hash function.
* MAC是HMAC[RFC2104],SHA-384作为哈希函数。
* When negotiated in a version of TLS prior to 1.2, the PRF from that version is used; otherwise, the PRF is the TLS PRF [RFC5246] with SHA-384 as the hash function.
* 在1.2之前的TLS版本中协商时,使用该版本的PRF;否则,PRF是TLS PRF[RFC5246],SHA-384作为哈希函数。
CipherSuite TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 = {0x00,0xB2}; CipherSuite TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 = {0x00,0xB3}; CipherSuite TLS_DHE_PSK_WITH_NULL_SHA256 = {0x00,0xB4}; CipherSuite TLS_DHE_PSK_WITH_NULL_SHA384 = {0x00,0xB5};
CipherSuite TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 = {0x00,0xB2}; CipherSuite TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 = {0x00,0xB3}; CipherSuite TLS_DHE_PSK_WITH_NULL_SHA256 = {0x00,0xB4}; CipherSuite TLS_DHE_PSK_WITH_NULL_SHA384 = {0x00,0xB5};
The above four cipher suites are the same as the corresponding cipher suites in RFC 4279 and RFC 4785 (with names ending in "_SHA" in place of "_SHA256" or "_SHA384"), except for the hash and PRF algorithms, as explained in Section 3.1.
上述四个密码套件与RFC 4279和RFC 4785中相应的密码套件相同(名称以“_SHA”结尾,而不是“_SHA256”或“_SHA384”),但散列和PRF算法除外,如第3.1节所述。
CipherSuite TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 = {0x00,0xB6}; CipherSuite TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 = {0x00,0xB7}; CipherSuite TLS_RSA_PSK_WITH_NULL_SHA256 = {0x00,0xB8}; CipherSuite TLS_RSA_PSK_WITH_NULL_SHA384 = {0x00,0xB9};
CipherSuite TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 = {0x00,0xB6}; CipherSuite TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 = {0x00,0xB7}; CipherSuite TLS_RSA_PSK_WITH_NULL_SHA256 = {0x00,0xB8}; CipherSuite TLS_RSA_PSK_WITH_NULL_SHA384 = {0x00,0xB9};
The above four cipher suites are the same as the corresponding cipher suites in RFC 4279 and RFC 4785 (with names ending in "_SHA" in place of "_SHA256" or "_SHA384"), except for the hash and PRF algorithms, as explained in Section 3.1.
上述四个密码套件与RFC 4279和RFC 4785中相应的密码套件相同(名称以“_SHA”结尾,而不是“_SHA256”或“_SHA384”),但散列和PRF算法除外,如第3.1节所述。
The security considerations in [RFC4279], [RFC4785], and [RFC5288] apply to this document as well. In particular, as authentication-only cipher suites (with no encryption) defined here do not support confidentiality, care should be taken not to send sensitive information (such as passwords) over connections protected with one of the cipher suites with NULL encryption defined in this document.
[RFC4279]、[RFC4785]和[RFC5288]中的安全注意事项也适用于本文档。特别是,由于此处定义的仅身份验证密码套件(无加密)不支持保密性,因此应注意不要通过使用本文档中定义的空加密密码套件之一保护的连接发送敏感信息(如密码)。
IANA has assigned the following values for the cipher suites defined in this document:
IANA已为本文档中定义的密码套件分配了以下值:
CipherSuite TLS_PSK_WITH_AES_128_GCM_SHA256 = {0x00,0xA8}; CipherSuite TLS_PSK_WITH_AES_256_GCM_SHA384 = {0x00,0xA9}; CipherSuite TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 = {0x00,0xAA}; CipherSuite TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 = {0x00,0xAB}; CipherSuite TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 = {0x00,0xAC}; CipherSuite TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 = {0x00,0xAD}; CipherSuite TLS_PSK_WITH_AES_128_CBC_SHA256 = {0x00,0xAE}; CipherSuite TLS_PSK_WITH_AES_256_CBC_SHA384 = {0x00,0xAF}; CipherSuite TLS_PSK_WITH_NULL_SHA256 = {0x00,0xB0}; CipherSuite TLS_PSK_WITH_NULL_SHA384 = {0x00,0xB1};
CipherSuite TLS_PSK_WITH_AES_128_GCM_SHA256 = {0x00,0xA8}; CipherSuite TLS_PSK_WITH_AES_256_GCM_SHA384 = {0x00,0xA9}; CipherSuite TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 = {0x00,0xAA}; CipherSuite TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 = {0x00,0xAB}; CipherSuite TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 = {0x00,0xAC}; CipherSuite TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 = {0x00,0xAD}; CipherSuite TLS_PSK_WITH_AES_128_CBC_SHA256 = {0x00,0xAE}; CipherSuite TLS_PSK_WITH_AES_256_CBC_SHA384 = {0x00,0xAF}; CipherSuite TLS_PSK_WITH_NULL_SHA256 = {0x00,0xB0}; CipherSuite TLS_PSK_WITH_NULL_SHA384 = {0x00,0xB1};
CipherSuite TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 = {0x00,0xB2}; CipherSuite TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 = {0x00,0xB3}; CipherSuite TLS_DHE_PSK_WITH_NULL_SHA256 = {0x00,0xB4}; CipherSuite TLS_DHE_PSK_WITH_NULL_SHA384 = {0x00,0xB5}; CipherSuite TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 = {0x00,0xB6}; CipherSuite TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 = {0x00,0xB7}; CipherSuite TLS_RSA_PSK_WITH_NULL_SHA256 = {0x00,0xB8}; CipherSuite TLS_RSA_PSK_WITH_NULL_SHA384 = {0x00,0xB9};
CipherSuite TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 = {0x00,0xB2}; CipherSuite TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 = {0x00,0xB3}; CipherSuite TLS_DHE_PSK_WITH_NULL_SHA256 = {0x00,0xB4}; CipherSuite TLS_DHE_PSK_WITH_NULL_SHA384 = {0x00,0xB5}; CipherSuite TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 = {0x00,0xB6}; CipherSuite TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 = {0x00,0xB7}; CipherSuite TLS_RSA_PSK_WITH_NULL_SHA256 = {0x00,0xB8}; CipherSuite TLS_RSA_PSK_WITH_NULL_SHA384 = {0x00,0xB9};
This document borrows from [RFC5289]. The author appreciates Alfred Hoenes for his detailed review and effort on resolving issues in discussion. The author would like also to acknowledge Ibrahim Hajjeh, Simon Josefsson, Hassnaa Moustafa, Joseph Salowey, and Pascal Urien for their reviews of the content of the document.
本文件借用[RFC5289]。作者感谢阿尔弗雷德·霍恩斯(Alfred Hoenes)对解决讨论中的问题所做的详细审查和努力。作者还要感谢易卜拉欣·哈杰、西蒙·约瑟夫松、哈斯纳·穆斯塔法、约瑟夫·萨洛维和帕斯卡尔·乌里安对文件内容的审查。
[AES] National Institute of Standards and Technology, "Specification for the Advanced Encryption Standard (AES)", FIPS 197, November 2001.
[AES]国家标准与技术研究所,“高级加密标准(AES)规范”,FIPS 197,2001年11月。
[GCM] National Institute of Standards and Technology, "Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) for Confidentiality and Authentication", SP 800-38D, November 2007.
[GCM]国家标准与技术研究所,“分组密码操作模式建议:用于保密和认证的Galois/计数器模式(GCM)”,SP 800-38D,2007年11月。
[MODES] National Institute of Standards and Technology, "Recommendation for Block Cipher Modes of Operation - Methods and Techniques", SP 800-38A, December 2001.
[模式]国家标准与技术研究所,“分组密码操作模式建议-方法和技术”,SP 800-38A,2001年12月。
[RFC2104] Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed-Hashing for Message Authentication", RFC 2104, February 1997.
[RFC2104]Krawczyk,H.,Bellare,M.,和R.Canetti,“HMAC:用于消息认证的键控哈希”,RFC 2104,1997年2月。
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2119]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,1997年3月。
[RFC4279] Eronen, P. and H. Tschofenig, "Pre-Shared Key Ciphersuites for Transport Layer Security (TLS)", RFC 4279, December 2005.
[RFC4279]Eronen,P.和H.Tschofenig,“用于传输层安全(TLS)的预共享密钥密码套件”,RFC 4279,2005年12月。
[RFC4785] Blumenthal, U. and P. Goel, "Pre-Shared Key (PSK) Ciphersuites with NULL Encryption for Transport Layer Security (TLS)", RFC 4785, January 2007.
[RFC4785]Blumenthal,U.和P.Goel,“用于传输层安全(TLS)的带空加密的预共享密钥(PSK)密码套件”,RFC 4785,2007年1月。
[RFC5116] McGrew, D., "An Interface and Algorithms for Authenticated Encryption", RFC 5116, January 2008.
[RFC5116]McGrew,D.“认证加密的接口和算法”,RFC 5116,2008年1月。
[RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security (TLS) Protocol Version 1.2", RFC 5246, August 2008.
[RFC5246]Dierks,T.和E.Rescorla,“传输层安全(TLS)协议版本1.2”,RFC 5246,2008年8月。
[RFC5288] Salowey, J., Choudhury, A., and D. McGrew, "AES Galois Counter Mode (GCM) Cipher Suites for TLS", RFC 5288, August 2008.
[RFC5288]Salowey,J.,Choudhury,A.,和D.McGrew,“用于TLS的AES伽罗瓦计数器模式(GCM)密码套件”,RFC 5288,2008年8月。
[SHS] National Institute of Standards and Technology, "Secure Hash Standard", FIPS 180-2, August 2002.
[SHS]国家标准与技术研究所,“安全哈希标准”,FIPS 180-22002年8月。
[RFC5289] Rescorla, E., "TLS Elliptic Curve Cipher Suites with SHA-256/384 and AES Galois Counter Mode (GCM)", RFC 5289, August 2008.
[RFC5289]Rescorla,E.“具有SHA-256/384和AES伽罗瓦计数器模式(GCM)的TLS椭圆曲线密码套件”,RFC 5289,2008年8月。
[Wang05] Wang, X., Yin, Y., and H. Yu, "Finding Collisions in the Full SHA-1", CRYPTO 2005, August 2005.
[Wang05]Wang,X.,Yin,Y.,和H.Yu,“在完整的SHA-1中发现碰撞”,CRYPTO 2005,2005年8月。
Author's Address
作者地址
Mohamad Badra CNRS/LIMOS Laboratory Campus de cezeaux, Bat. ISIMA Aubiere 63170 France
马哈茂德·巴德拉中央研究院/利莫斯实验室,蝙蝠塞泽奥校区。ISIMA Aubiere 63170法国
EMail: badra@isima.fr
EMail: badra@isima.fr