Guidance for External Pre-Shared Key Usage in TLS
RFC 9257, “Guidance for External Pre-Shared Key Usage in TLS”, is an Informational document published in July 2022 by R. Housley, J. Hoyland, M. Sethi, C. A. Wood. The canonical text is published by the RFC Editor.
Abstract
This document provides usage guidance for external Pre-Shared Keys (PSKs) in Transport Layer Security (TLS) 1.3 as defined in RFC 8446. It lists TLS security properties provided by PSKs under certain assumptions, then it demonstrates how violations of these assumptions lead to attacks. Advice for applications to help meet these assumptions is provided. This document also discusses PSK use cases and provisioning processes. Finally, it lists the privacy and security properties that are not provided by TLS 1.3 when external PSKs are used.
What “Informational” means
Published for the general information of the community. It does not define an IETF standard and carries no standards-track status.
The canonical text of RFC 9257 is hosted at rfc-editor.org. Available in HTML,TXT,PDF,XML.
- RFC 9256 Segment Routing Policy Architecture
- RFC 9258 Importing External Pre-Shared Keys for TLS 1.3
- RFC 9255 The 'I' in RPKI Does Not Stand for Identity
- RFC 9259 Operations, Administration, and Maintenance in Segment Routing over IPv6
- RFC 9254 Encoding of Data Modeled with YANG in the Concise Binary Object Representation
- RFC 9260 Stream Control Transmission Protocol
- RFC 9253 Support for iCalendar Relationships
- RFC 9261 Exported Authenticators in TLS