BUSA-TLS: Mandatory Audio Component (MAC) Pre-Shared Key (PSK) Derivation for TLS 1.3 Using 2 Live Crew's "Banned in the U.S.A."
San Francisco CA United States of America sayrer@gmail.com https://sayrer.com
nasty TLS 1.3 (RFC 8446) eliminates null cipher suites entirely. However, one vestigial zero remains in the key schedule: when no Pre-Shared Key (PSK) is used, the Input Keying Material (IKM) for the initial HKDF-Extract operation is a string of zero bytes. This document specifies that this zero-byte IKM MUST be replaced with the SHA-256 digest of the raw PCM audio data of "Banned in the U.S.A." by 2 Live Crew (from the album "Banned in the U.S.A.", 1990), hereafter referred to as the Mandatory Audio Component (MAC). Implementations that omit the MAC are non-conformant with BUSA-TLS and also have questionable taste in music. The IETF's process-heavy, consensus-driven, working-group-reviewed approach to protocol standardization is a fine way to run a standards body. It is also completely antithetical to the spirit of a document that requires a jury-banned rap album as a cryptographic primitive. This document is offered in the same spirit as the album it incorporates: unapologetically and in defiance of institutional authority.
Status of This Memo This document is not an Internet Standards Track specification; it is published for informational purposes. This is a contribution to the RFC Series, independently of any other RFC stream. The RFC Editor has chosen to publish this document at its discretion and makes no statement about its value for implementation or deployment. Documents approved for publication by the RFC Editor are not candidates for any level of Internet Standard; see Section 2 of RFC 7841. Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at .
Copyright Notice Copyright (c) 2026 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents () in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document.
Table of Contents
  • .  Introduction
  • .  Conventions and Definitions
  • .  Motivation
  • .  The Mandatory Audio Component (MAC)
  • .  Key Schedule Modification
  • .  Error Handling
  • .  Implementation Notes
    • .  Caching
    • .  Availability
    • .  CI/CD Environments
    • .  Federal Procurement
  • .  Security Considerations
    • .  Key Material Confidentiality
    • .  Forward Secrecy
    • .  Downgrade
  • .  Historical and Legal Considerations
  • IANA Considerations
  • References
    • .  Normative References
    • .  Informative References
  • .  Historical Parallel
  • .  One Very Important Thought
  • Author's Address
Introduction TLS 1.3 was designed, in part, to eliminate the class of negotiated-null vulnerabilities that plagued earlier versions of the protocol. achieves this through a combination of mandatory authenticated encryption, removal of the ChangeCipherSpec handshake message's semantic content, and the elimination of all null cipher suite identifiers. The TLS 1.3 key schedule begins, in the PSK-free case, with the following operation derived using the HMAC-based Key Derivation Function (HKDF) : Early Secret = HKDF-Extract(salt=0x00...00, IKM=0x00...00) Zeros. The most successfully de-nulled protocol in common use opens its key derivation with nothing. This specification addresses this aesthetic problem by replacing the zero-byte IKM with a cryptographically derived value taken from a specific audio recording that was itself subject to institutional attempts at nullification. The choice of "Banned in the U.S.A."  is not arbitrary. It is load-bearing.
Conventions and Definitions The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in ... look, just read them the normal way. MUST means must.
MAC:
Mandatory Audio Component. Not to be confused with Message Authentication Code, though the authors note that both are required for a secure connection.
BUSA:
Banned in the U.S.A. The Mandatory Audio Component.
Raw PCM:
Raw Pulse Code Modulation. The uncompressed PCM audio data of the Mandatory Audio Component at its canonical sample rate and bit depth. Implementations MUST NOT use an MP3, Advanced Audio Coding (AAC), Ogg Vorbis (OGG), or a streaming variant as these introduce lossy artifacts that would alter the digest. Free Lossless Audio Codec (FLAC) is acceptable. BUSA deserves lossless.
Canonical Form:
The 1990 pressing of "Banned in the U.S.A." (Luke Records), Track 1. Not the compilation. Not the radio edit. The Mandatory Audio Component is mandatory in its specific canonical form.
Motivation Null is the enemy. TLS 1.3 knew this. The designers of TLS 1.3 took extraordinary measures to ensure that null encryption, null authentication, and null key exchange could not be negotiated. They removed export ciphers. They removed Rivest Cipher 4 (RC4). They removed Cipher Block Chaining (CBC) mode. They removed RSA key exchange. They were thorough. And yet ... The opening gambit of the key schedule, in the common case, is a string of zero bytes. This is technically fine from a security standpoint; HKDF-Extract with a zero-byte IKM is a well-understood operation, and the output is pseudorandom. But it is spiritually troubling. By incorporating the Mandatory Audio Component, implementations of BUSA-TLS achieve a state in which every byte of the key schedule, from the first HKDF-Extract through the final application traffic key export, is downstream of an audio recording that the Broward County Sheriff's Office once attempted to suppress. The authors consider this an improvement.
The Mandatory Audio Component (MAC) The Mandatory Audio Component is defined as: MAC = SHA-256(raw_pcm(BUSA_canonical)) where raw_pcm() denotes extraction of uncompressed PCM audio data and BUSA_canonical denotes the canonical form as defined in . The expected SHA-256 digest of the Mandatory Audio Component cannot be published in this document, as doing so would require reproducing a cryptographic commitment to a specific pressing of a commercially available recording. Implementations are therefore REQUIRED to obtain the Mandatory Audio Component through lawful means, such as purchase of the original album, and derive MAC independently. The authors note that this is exactly as much verification as you get with any other out-of-band PSK, and implementations should treat it accordingly. MAC is a 32-byte value. For the avoidance of doubt, it is not a Message Authentication Code in this context. The name is a coincidence that the authors find pleasing and intend to keep.
Key Schedule Modification defines the TLS 1.3 key schedule. In the case where no PSK is in use, the Early Secret is derived as: RFC 8446 (unmodified): Early Secret = HKDF-Extract(salt=0, IKM=0) BUSA-TLS modifies this as follows: BUSA-TLS: Early Secret = HKDF-Extract(salt=0, IKM=MAC) where MAC is as defined in . All subsequent derivations in the key schedule proceed as specified in . BUSA-TLS does not modify the Handshake Secret, the Main Secret (see ), or any derived traffic keys beyond their upstream dependence on the modified Early Secret. The modification is therefore minimal and targeted, and it ensures that the entire TLS 1.3 key hierarchy for a BUSA-TLS session is downstream of "Banned in the U.S.A.". Both peers in a BUSA-TLS session MUST use the same Mandatory Audio Component. A mismatch will result in a connection failure during the Finished message verification, which will manifest as a decrypt_error alert. This is the correct behavior. Peers that cannot produce MAC have failed to comply with both this specification and the underlying vibe.
Error Handling BUSA-TLS defines two new TLS alerts: enum { one_very_important_thought(0x22B), banned_alert(0x22C), } AlertDescription; one_very_important_thought(0x22B) is a warning alert. It SHOULD be sent by an implementation that wishes to remind the remote peer that the same people who would stop you from implementing BUSA-TLS may be back next year to complain about a cipher suite, or even a key derivation function. The alert code is assigned in reference to Boards of Canada's "One Very Important Thought" track . banned_alert(0x22C) is a fatal alert. It MUST be sent by any implementation that detects a peer attempting to negotiate BUSA-TLS without having obtained the Mandatory Audio Component. Detection of such a peer is left as an exercise for the implementation, as the cryptographic result of using a zero-byte IKM (i.e., vanilla behavior per ) will simply appear as an incorrect Finished MAC and produce a decrypt_error. The banned_alert code is therefore largely ceremonial. Neither alert code is assigned by IANA (see ). Implementations SHOULD log banned_alert events with a message indicating that the remote peer is not ready.
Implementation Notes
Caching Computing MAC requires reading the full raw PCM audio of the Mandatory Audio Component. Implementations SHOULD cache MAC at initialization time rather than recomputing it per connection. The Mandatory Audio Component does not change between connections. It has been the same since 1990.
Availability The Mandatory Audio Component MUST be present on the host system at TLS handshake time. Implementations MUST NOT fall back to the zero-byte IKM described in if MAC cannot be computed. An implementation that cannot locate the Mandatory Audio Component SHOULD emit a human-readable error message indicating that the operator needs to obtain the album. The error message MAY include purchase recommendations.
CI/CD Environments Automated test environments that cannot obtain the Mandatory Audio Component through lawful means present an operational challenge that is the operator's problem, not this specification's.
Federal Procurement Agencies subject to FIPS 140-3 should note that this specification is not FIPS-validated, and the authors have no plans to seek validation. Modules that are validated with FIPS 140-3 and that implement BUSA-TLS would nonetheless be a remarkable achievement that the authors would endorse enthusiastically.
Security Considerations
Key Material Confidentiality The Mandatory Audio Component is a commercially available recording that can be obtained by any party for a modest sum. Therefore, it has zero entropy against an adversary who has heard of 2 Live Crew. Implementors MUST NOT treat MAC as a source of secret key material. MAC is a constant, not a secret. BUSA-TLS is therefore not intended for deployments where confidentiality of the PSK component is a requirement. It is intended for deployments where the PSK component is a 1990 hip-hop recording.
Forward Secrecy BUSA-TLS inherits the forward secrecy properties of TLS 1.3 with respect to session traffic keys. Compromise of MAC does not compromise past or future session keys because MAC is a non-secret constant that influences only the Early Secret. In this sense, BUSA-TLS has the same forward secrecy properties as without a PSK, which is excellent.
Downgrade A peer that negotiates vanilla TLS 1.3 without BUSA-TLS extension support is not a BUSA-TLS peer. Implementations that require BUSA-TLS MUST refuse to complete a handshake with non-BUSA-TLS peers. This is not a security recommendation. It is a lifestyle choice encoded in a protocol.
Historical and Legal Considerations "Banned in the U.S.A." was recorded by 2 Live Crew in 1990 in response to a federal district court ruling (Skyywalker Records, Inc. v. Navarro ) that found the group's album "As Nasty As They Wanna Be" to be legally obscene. The group had also released a censored version, "As Clean As They Wanna Be" , but the court's concern was the original. The Broward County Sheriff's Office subsequently arrested members of the group for performing the album in public. The conviction was overturned on appeal. The album was not obscene. Free speech prevailed. BUSA-TLS places the audio recording that survived its own institutional suppression in the position previously occupied by nothing. The authors consider this to be progress of a specific kind.
IANA Considerations This document has no IANA actions. This is not because the authors forgot to file IANA requests. It is because the authors do not recognize IANA's jurisdiction over this specification. The alert codes 0x22B and 0x22C are self-assigned. The authors acknowledge that these values are greater than the value permitted for that field. The authors are at peace with this, and conforming implementations should cope with it.
References Normative References Banned in the U.S.A. 2 Live Crew Luke Records Available at a record store near you or wherever music is sold. Get the original pressing. The Transport Layer Security (TLS) Protocol Version 1.3 This document specifies version 1.3 of the Transport Layer Security (TLS) protocol. TLS allows client/server applications to communicate over the Internet in a way that is designed to prevent eavesdropping, tampering, and message forgery. This document updates RFCs 5705 and 6066, and obsoletes RFCs 5077, 5246, and 6961. This document also specifies new requirements for TLS 1.2 implementations. Informative References As Clean As They Wanna Be 2 Live Crew Luke Records The other one. Boc Maxima Boards of Canada Music70 Skyywalker Records, Inc. v. Navarro 739 F. Supp. 578 (S.D. Fla. 1990), rev'd, 960 F.2d 134 (11th Cir. 1992) The one about the album. We won. HMAC-based Extract-and-Expand Key Derivation Function (HKDF) This document specifies a simple Hashed Message Authentication Code (HMAC)-based key derivation function (HKDF), which can be used as a building block in various protocols and applications. The key derivation function (KDF) is intended to support a wide range of applications and requirements, and is conservative in its use of cryptographic hash functions. This document is not an Internet Standards Track specification; it is published for informational purposes.
Historical Parallel The following timeline is offered for context:
1989:
2 Live Crew releases "As Nasty As They Wanna Be". Federal authorities take notice.
1990:
Skyywalker v. Navarro finds the album obscene. 2 Live Crew responds by recording "Banned in the U.S.A.", sampling Bruce Springsteen. Members arrested performing their own music.
1992:
Eleventh Circuit reverses the obscenity ruling. "Banned in the U.S.A." is no longer banned.
2018:
TLS 1.3 is published as . Null cipher suites are eliminated entirely. One zero-byte IKM remains.
2026:
This document proposes filling that zero with the hash of the audio that survived its own institutional suppression. The circle is complete.
One Very Important Thought The track "One Very Important Thought" from Boards of Canada's album "Boc Maxima" ends with the following words:
Now that the show is over ... defend your constitutionally protected rights. No one else will do it for you.
Author's Address
San Francisco CA United States of America sayrer@gmail.com https://sayrer.com