Here are the open issues for draft-ietf-tls-ecdhe-psk-aead 1. Why does TLS_ECDHE_PSK_WITH_AES_256_CCM_8_SHA256 use SHA256 instead of SHA384 like the other 256 bit cipher suites? (From Russ Housley)
2. Since the security considerations mention passwords (human chosen secrets) it should mention dictionary attacks. (From Russ Housley) 3. Section 2 and 3 of the document contains more detail about TLS 1.3 than necessary. Section 2: This document only defines cipher suites for TLS 1.2, not TLS 1.2 or later. A subset of equivalent cipher suites is defined in the TLS 1.3 specification. Section 3 and 4: Maybe replace the last 2 paragraphs with an addition to section 4 that states: "TLS 1.3 and above name, negotiate and support a subset of these cipher suites in a different way." (TLS 1.3 does not support TLS_ECDHE_PSK_WITH_AES_256_CCM_SHA384 and TLS_ECDHE_PSK_WITH_AES_256_CCM_8_SHA256) 4. Section 3 should contain a bit more detail about relationship to 4492 bis and RFC 4279: Something like the following may be enough. "This messages and pre-master secret construction in this document are based on [RFC4279]. The elliptic curve parameters used in in the Diffie-Hellman parameters are negotiated using extensions defined in [4492-bis]." Thanks, Joe
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
