Hi Peter, Yes, it should end with ...SHA384. We will fix this in the next update. (Related question from Martin Thompson can be found in [0])
Cheers, John [0] https://www.ietf.org/mail-archive/web/tls/current/msg21517.html On 10/07/16 12:51, "TLS on behalf of Peter Dettman" <tls-boun...@ietf.org on behalf of peter.dett...@bouncycastle.org> wrote: >Hi, >I've just implemented these ciphersuites in BouncyCastle TLS, and have a >couple of questions: > >In Section 3., should > > TLS_ECDHE_PSK_WITH_AES_256_CCM_8_SHA256 = {0xTBD,0xTBD}; > >end with ...SHA384 instead? > > For the AES-256 cipher suites, the TLS PRF with SHA-384 as the hash > function SHALL be used and Clients and Servers MUST NOT negotiate > curves of less than 384 bits. > >requires SHA384 as the PRF, and I don't know what else SHA256 could >refer to for an AEAD ciphersuite. > >I'm also curious whether there is a precedent in other RFCs for an >explicit minimum curve bits, or perhaps a de facto implementer's rule? > >Regards, >Pete Dettman > >On 28/05/2016 12:19 AM, internet-dra...@ietf.org wrote: >> >> A New Internet-Draft is available from the on-line Internet-Drafts >>directories. >> This draft is a work item of the Transport Layer Security of the IETF. >> >> Title : ECDHE_PSK with AES-GCM and AES-CCM Cipher >>Suites for Transport Layer Security (TLS) >> Authors : John Mattsson >> Daniel Migault >> Filename : draft-ietf-tls-ecdhe-psk-aead-00.txt >> Pages : 7 >> Date : 2016-05-27 >> >> Abstract: >> This document defines several new cipher suites for the Transport >> Layer Security (TLS) protocol. The cipher suites are all based on >> the Ephemeral Elliptic Curve Diffie-Hellman with Pre-Shared Key >> (ECDHE_PSK) key exchange together with the Authenticated Encryption >> with Associated Data (AEAD) algorithms AES-GCM and AES-CCM. PSK >> provides light and efficient authentication, ECDHE provides perfect >> forward secrecy, and AES-GCM and AES-CCM provides encryption and >> integrity protection. >> >> >> The IETF datatracker status page for this draft is: >> https://datatracker.ietf.org/doc/draft-ietf-tls-ecdhe-psk-aead/ >> >> There's also a htmlized version available at: >> https://tools.ietf.org/html/draft-ietf-tls-ecdhe-psk-aead-00 >> >> >> Please note that it may take a couple of minutes from the time of >>submission >> until the htmlized version and diff are available at tools.ietf.org. >> >> Internet-Drafts are also available by anonymous FTP at: >> ftp://ftp.ietf.org/internet-drafts/ >> >> _______________________________________________ >> TLS mailing list >> TLS@ietf.org >> https://www.ietf.org/mailman/listinfo/tls >> > >_______________________________________________ >TLS mailing list >TLS@ietf.org >https://www.ietf.org/mailman/listinfo/tls _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
