Re: [TLS] I-D Action: draft-ietf-tls-ecdhe-psk-aead-00.txt

<> Sun, 10 July 2016 07:37 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id A764312B017 for <>; Sun, 10 Jul 2016 00:37:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.006
X-Spam-Status: No, score=-4.006 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-1.287, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id q2gsEJtLoS7q for <>; Sun, 10 Jul 2016 00:37:20 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id D4E34128874 for <>; Sun, 10 Jul 2016 00:37:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=s2048; t=1468136238; bh=WkjlTUS1QEUEXSEcea+NqPeXbUtxUET3X3vq5yZoQRE=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:From:Subject; b=d/LdH6kyYpqzb/MtxfgbPPYJ+TKD/YFsmUaxum7kBMsDsTWYrh7eIlcmOK1XE4DXhrL8/FNuuDtuXjWoTLOQwNs90PQrDbKvFRGmGQp5PXJXruGb1uOJQIJa4iDVD4FWJbZgmFWPzSDQa7ijwiwaiZLO3SpoCt6bwlCmh1HQE0/4ka3Fj+S0gz4arGLyblszhXkL3Ds0K5/PA2BaPTX+A9L6iV4C+geCJedLXVwiyvNqX3VgzjzymyP5e7pfQmLZDHyjxlzgVqdak8Bpnz1NQra8CcpA6P1NX5L7PQMpoODYhFr74lHdbVRDLiuaS7XfL36VQKCWUWTa2aUfGU1WfQ==
Received: from [] by with NNFMP; 10 Jul 2016 07:37:18 -0000
Received: from [] by with NNFMP; 10 Jul 2016 07:37:18 -0000
Received: from [] by with NNFMP; 10 Jul 2016 07:37:18 -0000
X-Yahoo-Newman-Property: ymail-3
X-YMail-OSG: So6biaMVM1ltKE9vW8OPaEC7TgbVZ0hgmPWbEJLElY_k2Cct0OjfASZ4oRweU2G XSyx39OrEHoFiMBTy_PnYQx2Nnk_iREyfE3KkcatqG_GIoGcSEo0_yfDXPjebg7GCXGme6ClRHp8 2v7XKAjGcs_wPvLTBzUxHhYe_eHAyqeSaeL7CoXKAK1itS_L8M4DwQ0ftPhJFYLBecTzSa_JSNNE fg0GK_Zx0ydROkzGhpAvPVNn4tlWZ.mvYTCbr6brAxEds9TheG.ts_A3ynOsAd0.PqELHaB7MviV q.ABK96bUWBMKCDeXmO.i464sJk6i25UXhLA8k1yRlRn16ZYXTKLs_G.6ByuQjcctiGic6PgC2aP Z7DjxOhEoBNI.MwMDgJbqTqmnD3bPxuCO_5nst9BLj4shd2w_AQwOneVQa9_rswxuMd2pHB7aZ9u ueC9XSPE2EIBlRiaTl6VbalifNjaEma4SRPUOPURa1VsbjaJ9H0WRHp._cIDEDEifTmppOk7v_Ev veOMGMwxHuUS9Feaik_dQBvC2wgeDVNgw7URMXxxWYbQgX89G
Received: from by; Sun, 10 Jul 2016 07:37:18 +0000; 1468136238.474
Date: Sun, 10 Jul 2016 07:36:59 +0000
To: "" <>, "" <>
Message-ID: <>
In-Reply-To: <>
References: <>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_Part_470299_894945123.1468136219286"
Archived-At: <>
Cc: "" <>
Subject: Re: [TLS] I-D Action: draft-ietf-tls-ecdhe-psk-aead-00.txt
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sun, 10 Jul 2016 07:37:22 -0000

I'm curious as to the relationship between this TLS WG draft and the DICE profile for IoT (currently in Auth48):

The dice profile uses two TLS ciphershuites
TLS_PSK_WITH_AES_128_CCM_8             (defined in
TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8     (defined in

Notice that the DICE profile defines nothing (it has no IANA considerations). Instead, it reuses definitions established previously per the references above.
This draft-ietf-tls-ecdhe-psk-aeak  claims to also define IoT-friendly ciphersuites, for example, TLS_ECDHE_PSK_WITH_AES_128_CCM_8_SHA256 
However, it does not reference the DICE profile draft. 
What is the difference between these?

    On Friday, May 27, 2016 10:19 AM, "" <> wrote:

A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Transport Layer Security of the IETF.

        Title          : ECDHE_PSK with AES-GCM and AES-CCM Cipher Suites for Transport Layer Security (TLS)
        Authors        : John Mattsson
                          Daniel Migault
    Filename        : draft-ietf-tls-ecdhe-psk-aead-00.txt
    Pages          : 7
    Date            : 2016-05-27

  This document defines several new cipher suites for the Transport
  Layer Security (TLS) protocol.  The cipher suites are all based on
  the Ephemeral Elliptic Curve Diffie-Hellman with Pre-Shared Key
  (ECDHE_PSK) key exchange together with the Authenticated Encryption
  with Associated Data (AEAD) algorithms AES-GCM and AES-CCM.  PSK
  provides light and efficient authentication, ECDHE provides perfect
  forward secrecy, and AES-GCM and AES-CCM provides encryption and
  integrity protection.

The IETF datatracker status page for this draft is:

There's also a htmlized version available at:

Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at

Internet-Drafts are also available by anonymous FTP at:

TLS mailing list