{"draft":"draft-camwinget-tls-ts13-macciphersuites-12","doc_id":"RFC9150","title":"TLS 1.3 Authentication and Integrity-Only Cipher Suites","authors":["N. Cam-Winget","J. Visoky"],"format":["HTML","TEXT","PDF","XML"],"page_count":"10","pub_status":"INFORMATIONAL","status":"INFORMATIONAL","source":"INDEPENDENT","abstract":"This document defines the use of cipher suites for TLS 1.3 based on\r\nHashed  Message Authentication Code (HMAC). Using these cipher suites\r\nprovides server and, optionally, mutual authentication and data\r\nauthenticity, but not data confidentiality. Cipher suites with these\r\nproperties are not of general applicability, but there are use cases,\r\nspecifically in Internet of Things (IoT) and constrained\r\nenvironments, that do not require confidentiality of exchanged\r\nmessages while still requiring integrity protection, server\r\nauthentication, and optional client authentication. This document\r\ngives examples of such use cases, with the caveat that prior to using\r\nthese integrity-only cipher suites, a threat model for the situation\r\nat hand is needed, and a threat analysis must be performed within\r\nthat model to determine whether the use of integrity-only cipher\r\nsuites is appropriate. The approach described in this document is not\r\nendorsed by the IETF and does not have IETF consensus, but it is\r\npresented here to enable interoperable implementation of a\r\nreduced-security mechanism that provides authentication and message\r\nintegrity without supporting confidentiality.","pub_date":"April 2022","keywords":["HMAC","IoT","constrained devices"],"obsoletes":[],"obsoleted_by":[],"updates":[],"updated_by":[],"see_also":[],"doi":"10.17487\/RFC9150","errata_url":null}