From nobody Tue Nov 11 15:18:35 2014 Return-Path: X-Original-To: dtls-iot@ietfa.amsl.com Delivered-To: dtls-iot@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 805511A1B11 for ; Tue, 11 Nov 2014 15:18:31 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.999 X-Spam-Level: X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eysSlr5ly_Bs for ; Tue, 11 Nov 2014 15:18:26 -0800 (PST) Received: from mail-wg0-x22d.google.com (mail-wg0-x22d.google.com [IPv6:2a00:1450:400c:c00::22d]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 838041A1A27 for ; Tue, 11 Nov 2014 15:18:26 -0800 (PST) Received: by mail-wg0-f45.google.com with SMTP id x12so12799490wgg.4 for ; Tue, 11 Nov 2014 15:18:25 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:content-type:subject:date:message-id:cc:to:mime-version; bh=cSmYFKopeoN6nGeq1h3YLn7kuR9PgYS7y/a6ZfhiliE=; b=gk5OT0HCTSrZ42SsmYPqJlieTqjRWqqE1F7nMFsz2iIKdWPQLCsW/pt6vvi13/zUmU d9jagAC2ZTmCeUtfdttMnDGnDxVCn31CAQgoONEX8U1nG9/54ZYtrBvsnrH/4XVVdP9a V2XEp+kWmawTXFXJkxQprpwXpk2mzsN9ntjoA3rOVT5CKHjmXCaH3UYP8PF0GsvhCO8E FSCR1MN5nXS7t9iNdBXbFiAZDaMtrSJJ+8joUv8G5mrLjZrDAZPZXMBIzVOgpfql/A4X WPHioasyls/v4iKJwmfMpEdQEfbbxZdV/31vvcnEyDC7keWr7ghTj/C9PCs9wMO3muU/ 83hg== X-Received: by 10.194.89.129 with SMTP id bo1mr6292386wjb.29.1415747905380; Tue, 11 Nov 2014 15:18:25 -0800 (PST) Received: from dhcp-b659.meeting.ietf.org (dhcp-b659.meeting.ietf.org. [31.133.182.89]) by mx.google.com with ESMTPSA id l4sm29139177wjx.14.2014.11.11.15.18.23 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 11 Nov 2014 15:18:24 -0800 (PST) From: Dorothy Gellert Content-Type: multipart/alternative; boundary="Apple-Mail=_39687DEF-B9FC-4163-9E3A-621DEB8ED6C5" Date: Tue, 11 Nov 2014 13:18:21 -1000 Message-Id: <6F73BAEE-5FA3-4BCA-9A28-B98E1093CB95@gmail.com> To: dtls-iot@ietf.org Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\)) X-Mailer: Apple Mail (2.1878.6) Archived-At: http://mailarchive.ietf.org/arch/msg/dtls-iot/0MGN7cj2NwnubipAZvpiiCuRhlM Cc: Dorothy Gellert , Zach Shelby , Hannes Tschofenig Subject: [Dtls-iot] WGLC for DTLS Profile draft: 11/11/2014 - 11/25/2014 X-BeenThere: dtls-iot@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DTLS for IoT discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Nov 2014 23:18:31 -0000 --Apple-Mail=_39687DEF-B9FC-4163-9E3A-621DEB8ED6C5 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii Dear WG, As discussed during the Dice WG meeting at IETF#91, this email starts a = WGLC for our DTLS profile draft: https://tools.ietf.org/html/draft-ietf-dice-profile-05 Please review. This WGLC will end on Tuesday, November 25, 2014. Best Regards, Dorothy and Zach= --Apple-Mail=_39687DEF-B9FC-4163-9E3A-621DEB8ED6C5 Content-Transfer-Encoding: 7bit Content-Type: text/html; charset=us-ascii Dear WG,

As discussed during the Dice WG meeting at IETF#91, this email starts a WGLC  for our DTLS profile draft:

https://tools.ietf.org/html/draft-ietf-dice-profile-05

Please review.  This WGLC will end on Tuesday, November 25, 2014.

Best Regards,
Dorothy and Zach
--Apple-Mail=_39687DEF-B9FC-4163-9E3A-621DEB8ED6C5-- From nobody Tue Nov 11 16:17:42 2014 Return-Path: X-Original-To: dtls-iot@ietfa.amsl.com Delivered-To: dtls-iot@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 422241A802C for ; Tue, 11 Nov 2014 16:17:41 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.999 X-Spam-Level: X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id D0p7OOUiP1f2 for ; Tue, 11 Nov 2014 16:17:39 -0800 (PST) Received: from mail-wg0-x22e.google.com (mail-wg0-x22e.google.com [IPv6:2a00:1450:400c:c00::22e]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 930171A885F for ; Tue, 11 Nov 2014 16:17:39 -0800 (PST) Received: by mail-wg0-f46.google.com with SMTP id x13so13115309wgg.19 for ; Tue, 11 Nov 2014 16:17:38 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :message-id:references:to; bh=aaQsT5wbNCzRXn9zUvSAy75ffMIZiIJjA5oPWYa5ObU=; b=IVuAzJ6evt8wBfUmYnH5gaM9CoT9Bp1zW3rfHWHPjwROrJyuI3JOxMyoKcI1fkPcE7 an74EowIl+JPBPKIJT+vzM6g+CJEHmTdQs9faKkvZUqJEp3TuG1xx525Uz0/F1BfM5Un aCL+sKAJCjCfnbkzcy9Yb9pPjrKpBkGlCCa1eCnl3Etlag6msJE0qUVZARCkOCcm/HC0 dlWAZUydBmYDDZjPHvp7HFfWXWOJduXLBlUEw/ip2HEzC87vv+ku+BBmgLKp6GPud3X2 KLv7/EICcsIdRb42KE0XZQbvEQLX6lAWM1N4Qo1DD1dJgRiV1Sq2rb+FMIiDpb3AwIH8 l1IQ== X-Received: by 10.180.9.169 with SMTP id a9mr45332055wib.7.1415751458369; Tue, 11 Nov 2014 16:17:38 -0800 (PST) Received: from dhcp-b659.meeting.ietf.org (dhcp-b659.meeting.ietf.org. [31.133.182.89]) by mx.google.com with ESMTPSA id l4sm29266406wjx.14.2014.11.11.16.17.36 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 11 Nov 2014 16:17:37 -0800 (PST) Content-Type: multipart/alternative; boundary="Apple-Mail=_9989A6DD-6727-4B26-A291-5A6C06B35B19" Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\)) From: Dorothy Gellert In-Reply-To: <6F73BAEE-5FA3-4BCA-9A28-B98E1093CB95@gmail.com> Date: Tue, 11 Nov 2014 14:17:36 -1000 Message-Id: References: <6F73BAEE-5FA3-4BCA-9A28-B98E1093CB95@gmail.com> To: dtls-iot@ietf.org X-Mailer: Apple Mail (2.1878.6) Archived-At: http://mailarchive.ietf.org/arch/msg/dtls-iot/9Qw-gMJ5twXyiVm0B8SloOtsHH4 Cc: Zach Shelby Subject: [Dtls-iot] Revised: WGLC for DTLS Profile draft: 11/11/2014 - 12/2/2014 X-BeenThere: dtls-iot@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DTLS for IoT discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 Nov 2014 00:17:41 -0000 --Apple-Mail=_9989A6DD-6727-4B26-A291-5A6C06B35B19 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=windows-1252 Dear WG, Based on Carsten=92s comment at the Dice WG F2F, we will run the WGLC = for 3 weeks, to give folks a chance to get home from the meeting.=20 So, with this change in mind,the WGLC for the DTLS profile draft will = conclude on December 2nd, 2014. Apologies for the oversight. Dorothy On Nov 11, 2014, at 1:18 PM, Dorothy Gellert = wrote: > Dear WG, >=20 > As discussed during the Dice WG meeting at IETF#91, this email starts = a WGLC for our DTLS profile draft: >=20 > https://tools.ietf.org/html/draft-ietf-dice-profile-05 >=20 > Please review. This WGLC will end on Tuesday, November 25, 2014. >=20 > Best Regards, > Dorothy and Zach --Apple-Mail=_9989A6DD-6727-4B26-A291-5A6C06B35B19 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=windows-1252 Dear = WG,

Based on Carsten=92s comment at the Dice WG F2F, = we will run the WGLC for 3 weeks, to give folks a chance to get home = from the meeting. 
So, with this change in mind,the WGLC = for the DTLS profile draft will conclude on December 2nd, = 2014.

Apologies for the = oversight.
Dorothy


=
On Nov 11, 2014, at 1:18 PM, Dorothy Gellert <dorothy.gellert@gmail.com>= ; wrote:

Dear WG,

As discussed during the Dice WG meeting at IETF#91, = this email starts a WGLC  for our DTLS profile draft:

https://to= ols.ietf.org/html/draft-ietf-dice-profile-05

Please review.  This WGLC = will end on Tuesday, November 25, 2014.

Best Regards,
Dorothy and = Zach

= --Apple-Mail=_9989A6DD-6727-4B26-A291-5A6C06B35B19-- From nobody Tue Nov 11 16:38:25 2014 Return-Path: X-Original-To: dtls-iot@ietfa.amsl.com Delivered-To: dtls-iot@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 31D511A9144 for ; Tue, 11 Nov 2014 16:38:22 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -101.9 X-Spam-Level: X-Spam-Status: No, score=-101.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, USER_IN_WHITELIST=-100] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id t30253_5-F57 for ; Tue, 11 Nov 2014 16:38:20 -0800 (PST) Received: from odin.smetech.net (x-bolt-wan.smeinc.net [209.135.219.146]) by ietfa.amsl.com (Postfix) with ESMTP id BF5941A899C for ; Tue, 11 Nov 2014 16:38:20 -0800 (PST) Received: from localhost (unknown [209.135.209.5]) by odin.smetech.net (Postfix) with ESMTP id 4B10EF240A2; Tue, 11 Nov 2014 19:38:10 -0500 (EST) X-Virus-Scanned: amavisd-new at smetech.net Received: from odin.smetech.net ([209.135.209.4]) by localhost (ronin.smeinc.net [209.135.209.5]) (amavisd-new, port 10024) with ESMTP id 47eSGpYJlM1i; Tue, 11 Nov 2014 19:37:47 -0500 (EST) Received: from v150.vpn.iad.rg.net (v150.vpn.iad.rg.net [198.180.150.150]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by odin.smetech.net (Postfix) with ESMTP id E61E7F240A1; Tue, 11 Nov 2014 19:37:46 -0500 (EST) Mime-Version: 1.0 (Apple Message framework v1085) Content-Type: text/plain; charset=us-ascii From: Russ Housley In-Reply-To: <6F73BAEE-5FA3-4BCA-9A28-B98E1093CB95@gmail.com> Date: Tue, 11 Nov 2014 19:37:34 -0500 Content-Transfer-Encoding: quoted-printable Message-Id: <1B65AA0C-100B-4072-BC30-71B78C49FD32@vigilsec.com> References: <6F73BAEE-5FA3-4BCA-9A28-B98E1093CB95@gmail.com> To: dtls-iot@ietf.org X-Mailer: Apple Mail (2.1085) Archived-At: http://mailarchive.ietf.org/arch/msg/dtls-iot/MbCi5xhIPR8lnYQQrmO65uSVGHk Cc: Dorothy Gellert , Zach Shelby , Hannes Tschofenig Subject: Re: [Dtls-iot] WGLC for DTLS Profile draft: 11/11/2014 - 11/25/2014 X-BeenThere: dtls-iot@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DTLS for IoT discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 Nov 2014 00:38:22 -0000 DICE document requires TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8. I have no = problem with that choice. It makes a lot of sense for small devices. The HTTPbis is also taking a path that requires an AEAD algorithm. It = would be really nice if the two groups came to a place that allowed = interoperability, but HTTPbis seems to be on a path for AES-GCM. = AES-CCM is better for small devices. It seems to me that the two groups should talk to each other before WG = Last Call is over. Russ From nobody Tue Nov 11 16:55:03 2014 Return-Path: X-Original-To: dtls-iot@ietfa.amsl.com Delivered-To: dtls-iot@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8AE1E1A8912 for ; Tue, 11 Nov 2014 16:55:02 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.201 X-Spam-Level: X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FG8QQROo4Kwx for ; Tue, 11 Nov 2014 16:55:00 -0800 (PST) Received: from service88.mimecast.com (service88.mimecast.com [195.130.217.12]) by ietfa.amsl.com (Postfix) with ESMTP id C91D91A8783 for ; Tue, 11 Nov 2014 16:54:59 -0800 (PST) Received: from USA-SJC-GW1.usa.Arm.com (fw-tnat.snv.arm.com [217.140.100.22]) (Using TLS) by service88.mimecast.com; Wed, 12 Nov 2014 00:54:58 +0000 Received: from Spock.usa.Arm.com ([fe80::4116:859a:65b1:2f84]) by USA-SJC-GW1.usa.Arm.com ([::1]) with mapi; Wed, 12 Nov 2014 00:54:53 +0000 From: Zach Shelby To: Russ Housley Date: Wed, 12 Nov 2014 00:54:54 +0000 Thread-Topic: [Dtls-iot] WGLC for DTLS Profile draft: 11/11/2014 - 11/25/2014 Thread-Index: Ac/+E0UGV9TaV7D9TPuz2UcmBW+CIQ== Message-ID: References: <6F73BAEE-5FA3-4BCA-9A28-B98E1093CB95@gmail.com> <1B65AA0C-100B-4072-BC30-71B78C49FD32@vigilsec.com> In-Reply-To: <1B65AA0C-100B-4072-BC30-71B78C49FD32@vigilsec.com> Accept-Language: en-US, en-GB Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US, en-GB MIME-Version: 1.0 X-MC-Unique: 114111200545800202 Content-Type: text/plain; charset=WINDOWS-1252 Content-Transfer-Encoding: quoted-printable Archived-At: http://mailarchive.ietf.org/arch/msg/dtls-iot/QA4EREcACR12w4WwnynBGXHcNDw Cc: Dorothy Gellert , Hannes Tschofenig , "dtls-iot@ietf.org" Subject: Re: [Dtls-iot] WGLC for DTLS Profile draft: 11/11/2014 - 11/25/2014 X-BeenThere: dtls-iot@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DTLS for IoT discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 Nov 2014 00:55:02 -0000 Russ, Thanks for bringing this up, I absolutely agree. HTTP 2.0 will also be appl= icable to some classes of constrained devices, and even in those cases CCM = is a better choice due to hardware support. Ideally we would want to see HT= TPbis define support for *either* GCM or CCM. I would also point out that C= oAP already requires the support of TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 with= its DTLS binding. We'll make a point to reach out to the HTTPbis WG. Zach On Nov 11, 2014, at 2:37 PM, Russ Housley wrote: > DICE document requires TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8. I have no pro= blem with that choice. It makes a lot of sense for small devices. > > The HTTPbis is also taking a path that requires an AEAD algorithm. It wo= uld be really nice if the two groups came to a place that allowed interoper= ability, but HTTPbis seems to be on a path for AES-GCM. AES-CCM is better = for small devices. > > It seems to me that the two groups should talk to each other before WG La= st Call is over. > > Russ > > _______________________________________________ > dtls-iot mailing list > dtls-iot@ietf.org > https://www.ietf.org/mailman/listinfo/dtls-iot > Zach Shelby Director of Technical Marketing ARM Internet of Things BU www.arm.com US: +1 (408) 203-9434 Finland: +358 407796297 Skype: zdshelby LinkedIn: fi.linkedin.com/in/zachshelby/ -- IMPORTANT NOTICE: The contents of this email and any attachments are con= fidential and may also be privileged. If you are not the intended recipient= , please notify the sender immediately and do not disclose the contents to = any other person, use it for any purpose, or store or copy the information = in any medium. Thank you. ARM Limited, Registered office 110 Fulbourn Road, Cambridge CB1 9NJ, Regist= ered in England & Wales, Company No: 2557590 ARM Holdings plc, Registered office 110 Fulbourn Road, Cambridge CB1 9NJ, R= egistered in England & Wales, Company No: 2548782 From nobody Tue Nov 11 23:24:44 2014 Return-Path: X-Original-To: dtls-iot@ietfa.amsl.com Delivered-To: dtls-iot@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 60CC51A00F0 for ; Tue, 11 Nov 2014 23:24:41 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.55 X-Spam-Level: X-Spam-Status: No, score=-1.55 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_DE=0.35] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mdg0JvAxvK3q for ; Tue, 11 Nov 2014 23:24:39 -0800 (PST) Received: from mailhost.informatik.uni-bremen.de (mailhost.informatik.uni-bremen.de [IPv6:2001:638:708:30c9::12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6795E1A1BB5 for ; Tue, 11 Nov 2014 23:24:39 -0800 (PST) X-Virus-Scanned: amavisd-new at informatik.uni-bremen.de Received: from smtp-fb3.informatik.uni-bremen.de (smtp-fb3.informatik.uni-bremen.de [134.102.224.120]) by mailhost.informatik.uni-bremen.de (8.14.5/8.14.5) with ESMTP id sAC7OUSk012695; Wed, 12 Nov 2014 08:24:31 +0100 (CET) Received: from dhcp-93f4.meeting.ietf.org (dhcp-93f4.meeting.ietf.org [31.133.147.244]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp-fb3.informatik.uni-bremen.de (Postfix) with ESMTPSA id 4F5C1AC4; Wed, 12 Nov 2014 08:24:29 +0100 (CET) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 8.0 \(1990.1\)) From: Carsten Bormann In-Reply-To: <1B65AA0C-100B-4072-BC30-71B78C49FD32@vigilsec.com> Date: Tue, 11 Nov 2014 21:24:26 -1000 X-Mao-Original-Outgoing-Id: 437469866.570854-8375c76f9356222e98e0ee7eca4a1ba5 Content-Transfer-Encoding: quoted-printable Message-Id: References: <6F73BAEE-5FA3-4BCA-9A28-B98E1093CB95@gmail.com> <1B65AA0C-100B-4072-BC30-71B78C49FD32@vigilsec.com> To: Russ Housley X-Mailer: Apple Mail (2.1990.1) Archived-At: http://mailarchive.ietf.org/arch/msg/dtls-iot/g3MC9hHtF0Z8oFH6v6NA-MlxI7w Cc: Dorothy Gellert , Zach Shelby , Hannes Tschofenig , dtls-iot@ietf.org Subject: Re: [Dtls-iot] WGLC for DTLS Profile draft: 11/11/2014 - 11/25/2014 X-BeenThere: dtls-iot@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DTLS for IoT discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 Nov 2014 07:24:41 -0000 Also, they are talking about their preferred algorithm being = =E2=80=9Cmandatory to deploy=E2=80=9D. This means a TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 HTTP/2 would not qualify = as real HTTP/2. (There is some pushback from the WG as well, e.g. for Russian sites that = are legally required to use GOST cipher suites.) Gr=C3=BC=C3=9Fe, Carsten > On 11 Nov 2014, at 14:37, Russ Housley wrote: >=20 > DICE document requires TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8. I have no = problem with that choice. It makes a lot of sense for small devices. >=20 > The HTTPbis is also taking a path that requires an AEAD algorithm. It = would be really nice if the two groups came to a place that allowed = interoperability, but HTTPbis seems to be on a path for AES-GCM. = AES-CCM is better for small devices. >=20 > It seems to me that the two groups should talk to each other before WG = Last Call is over. >=20 > Russ >=20 > _______________________________________________ > dtls-iot mailing list > dtls-iot@ietf.org > https://www.ietf.org/mailman/listinfo/dtls-iot >=20 From nobody Fri Nov 14 11:59:25 2014 Return-Path: X-Original-To: dtls-iot@ietfa.amsl.com Delivered-To: dtls-iot@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F00701A9099 for ; Fri, 14 Nov 2014 11:59:16 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.494 X-Spam-Level: X-Spam-Status: No, score=-2.494 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.594, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dczeJZVajsXS for ; Fri, 14 Nov 2014 11:59:15 -0800 (PST) Received: from mout.gmx.net (mout.gmx.net [212.227.15.18]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5EC831A9088 for ; Fri, 14 Nov 2014 11:58:46 -0800 (PST) Received: from [192.168.10.250] ([31.133.163.101]) by mail.gmx.com (mrgmx001) with ESMTPSA (Nemesis) id 0MV6EP-1XUgP40tyP-00YNXZ; Fri, 14 Nov 2014 20:58:01 +0100 Message-ID: <54665EC1.8020706@gmx.net> Date: Fri, 14 Nov 2014 20:57:53 +0100 From: Hannes Tschofenig User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0 MIME-Version: 1.0 To: Russ Housley , dtls-iot@ietf.org References: <6F73BAEE-5FA3-4BCA-9A28-B98E1093CB95@gmail.com> <1B65AA0C-100B-4072-BC30-71B78C49FD32@vigilsec.com> In-Reply-To: <1B65AA0C-100B-4072-BC30-71B78C49FD32@vigilsec.com> OpenPGP: id=4D776BC9 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="w7aX9fSinN4AwfInugxphlwDpXPRIs5Jn" X-Provags-ID: V03:K0:r6tvJTtFBxLrmqC9UXSniTYR+kmqpHPRWRl0145JQqU48O8qJb/ eatFTZyngXM/aSDtzM3piYlFrj9U3Nuhxyei9NJr7zxZu+x1d34V6MvdTWQ5KKYuQUzfxeC jKqLbuQCc2gtqU/72XvkFGWlaqvsvtAQl4TR4UONTr8TZxX0cMOcrvUghDSsZsfT391rrGC C3CzZAC9+sfa0qHGJQH7A== X-UI-Out-Filterresults: notjunk:1; Archived-At: http://mailarchive.ietf.org/arch/msg/dtls-iot/F5HjG40CErKp0Ok62-tRvON-rrA Cc: Dorothy Gellert , Zach Shelby Subject: Re: [Dtls-iot] WGLC for DTLS Profile draft: 11/11/2014 - 11/25/2014 X-BeenThere: dtls-iot@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DTLS for IoT discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 Nov 2014 19:59:17 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --w7aX9fSinN4AwfInugxphlwDpXPRIs5Jn Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable Hi Russ, thanks for bringing this up. The ciphersuites selected for the DTLS profile draft have been heavily influenced by the work done in the CORE working group. We have been telling silicon partners that they should put AES-CCM into their chips and they have indeed following that recommendation. I believe, however, that this is not a problem as such since the UTA work really has a different scope - they focus on Web/Messaging/Email rather than the IoT space. I sent a mail to their list to request the title to be adjusted. Ciao Hannes On 11/12/2014 01:37 AM, Russ Housley wrote: > DICE document requires TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8. I have no p= roblem with that choice. It makes a lot of sense for small devices. >=20 > The HTTPbis is also taking a path that requires an AEAD algorithm. It = would be really nice if the two groups came to a place that allowed inter= operability, but HTTPbis seems to be on a path for AES-GCM. AES-CCM is b= etter for small devices. >=20 > It seems to me that the two groups should talk to each other before WG = Last Call is over. >=20 > Russ >=20 > _______________________________________________ > dtls-iot mailing list > dtls-iot@ietf.org > https://www.ietf.org/mailman/listinfo/dtls-iot >=20 --w7aX9fSinN4AwfInugxphlwDpXPRIs5Jn Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org iQEcBAEBCgAGBQJUZl7CAAoJEGhJURNOOiAtg8cIAJNe7GDWaD1KGtRjkKM7uDNY INJxBkDyH78S89PuI57Nt8jRluiQsjFZVa1TGjg1oanYuVpl6oLgYinriK2sOyjq 3nspE9M430fHNoMWsqTmHGZal4SWU1xiMY+CO8qz9e5vl6GLOZUIfk8vlkTrE9Cc 4+5q+g0a5wa+8uqZbP2nZ1+7RCEfdrvFBl9mgYXLUX7s3AhDGgXO+IFlVF6sEwT6 Y5aY38xba3VBFNzNv+fa1gSCFDEzJbX4XR/067QMo9r/RsKZ1rcgkrzzi8z2J1yp H8LCI998kWe2JmfQwfg3tVHvx3nYqLRXEBx9psy3vX9hTGpB9ISFit4qWeb4GCY= =BzrV -----END PGP SIGNATURE----- --w7aX9fSinN4AwfInugxphlwDpXPRIs5Jn-- From nobody Fri Nov 14 12:02:17 2014 Return-Path: X-Original-To: dtls-iot@ietfa.amsl.com Delivered-To: dtls-iot@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1449E1A90BA for ; Fri, 14 Nov 2014 12:02:10 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.55 X-Spam-Level: X-Spam-Status: No, score=-1.55 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_DE=0.35] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OXQz9M3anvQx for ; Fri, 14 Nov 2014 12:02:08 -0800 (PST) Received: from mailhost.informatik.uni-bremen.de (mailhost.informatik.uni-bremen.de [IPv6:2001:638:708:30c9::12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8EF4E1A8863 for ; Fri, 14 Nov 2014 12:01:17 -0800 (PST) X-Virus-Scanned: amavisd-new at informatik.uni-bremen.de Received: from smtp-fb3.informatik.uni-bremen.de (smtp-fb3.informatik.uni-bremen.de [134.102.224.120]) by mailhost.informatik.uni-bremen.de (8.14.5/8.14.5) with ESMTP id sAEK1C53025001; Fri, 14 Nov 2014 21:01:12 +0100 (CET) Received: from dhcp-9bf8.meeting.ietf.org (dhcp-9bf8.meeting.ietf.org [31.133.155.248]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp-fb3.informatik.uni-bremen.de (Postfix) with ESMTPSA id E1B22410; Fri, 14 Nov 2014 21:01:10 +0100 (CET) Content-Type: text/plain; charset=windows-1252 Mime-Version: 1.0 (Mac OS X Mail 8.0 \(1990.1\)) From: Carsten Bormann In-Reply-To: <54665EC1.8020706@gmx.net> Date: Fri, 14 Nov 2014 10:01:08 -1000 X-Mao-Original-Outgoing-Id: 437688067.956814-b52b4c239354800f64cdb018b2e47d2b Content-Transfer-Encoding: quoted-printable Message-Id: <0ABD39B8-3311-4DBC-9A63-CFC9C6A44EAE@tzi.org> References: <6F73BAEE-5FA3-4BCA-9A28-B98E1093CB95@gmail.com> <1B65AA0C-100B-4072-BC30-71B78C49FD32@vigilsec.com> <54665EC1.8020706@gmx.net> To: Hannes Tschofenig X-Mailer: Apple Mail (2.1990.1) Archived-At: http://mailarchive.ietf.org/arch/msg/dtls-iot/DO001lDMpX5GIQekgEaEGSc_54g Cc: Dorothy Gellert , Zach Shelby , Russ Housley , dtls-iot@ietf.org Subject: Re: [Dtls-iot] WGLC for DTLS Profile draft: 11/11/2014 - 11/25/2014 X-BeenThere: dtls-iot@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DTLS for IoT discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 Nov 2014 20:02:11 -0000 On 14 Nov 2014, at 09:57, Hannes Tschofenig = wrote: >=20 > I believe, however, that this is not a problem as such since the UTA > work really has a different scope - they focus on Web/Messaging/Email > rather than the IoT space. I sent a mail to their list to request the > title to be adjusted. This is not about UTA, but HTTP/2 (httpbis WG). Gr=FC=DFe, Carsten From nobody Fri Nov 14 12:06:18 2014 Return-Path: X-Original-To: dtls-iot@ietfa.amsl.com Delivered-To: dtls-iot@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 61CAD1A90D4 for ; Fri, 14 Nov 2014 12:06:15 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.494 X-Spam-Level: X-Spam-Status: No, score=-2.494 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.594, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NLUtpeYGqzeb for ; Fri, 14 Nov 2014 12:06:13 -0800 (PST) Received: from mout.gmx.net (mout.gmx.net [212.227.15.18]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BD37E1A90B6 for ; Fri, 14 Nov 2014 12:06:12 -0800 (PST) Received: from [192.168.10.250] ([31.133.163.101]) by mail.gmx.com (mrgmx001) with ESMTPSA (Nemesis) id 0M7Gj8-1Y9oS93UYw-00x18E; Fri, 14 Nov 2014 21:05:28 +0100 Message-ID: <54666080.8050502@gmx.net> Date: Fri, 14 Nov 2014 21:05:20 +0100 From: Hannes Tschofenig User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0 MIME-Version: 1.0 To: Carsten Bormann References: <6F73BAEE-5FA3-4BCA-9A28-B98E1093CB95@gmail.com> <1B65AA0C-100B-4072-BC30-71B78C49FD32@vigilsec.com> <54665EC1.8020706@gmx.net> <0ABD39B8-3311-4DBC-9A63-CFC9C6A44EAE@tzi.org> In-Reply-To: <0ABD39B8-3311-4DBC-9A63-CFC9C6A44EAE@tzi.org> OpenPGP: id=4D776BC9 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="0on3n8DhFxKWkveldsV9alFl72FRTRcGl" X-Provags-ID: V03:K0:O++ecQf+oxd0iLD12vDT2c3vqTo0h1TtNNH9bmgOosM+KC5+PUA WK2XGq85gYooZl4X9KGGK2oDr4SonecXSjSmhmJzCyNZ9vv10SmbwrxadDdr9Fu+7y9BxVP OEcllVEVmAP+/8RXEktRQwljhanY90TdFmdf4zvH8DU5QNnTEvNMETZp5rNjPj0LWT9gISs sUH1lZ91BFjcAIVQ3m2vg== X-UI-Out-Filterresults: notjunk:1; Archived-At: http://mailarchive.ietf.org/arch/msg/dtls-iot/PQu2KFQ3_Dt3jvf9HDghoM9UGSI Cc: Dorothy Gellert , Zach Shelby , Russ Housley , dtls-iot@ietf.org Subject: Re: [Dtls-iot] WGLC for DTLS Profile draft: 11/11/2014 - 11/25/2014 X-BeenThere: dtls-iot@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DTLS for IoT discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 Nov 2014 20:06:15 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --0on3n8DhFxKWkveldsV9alFl72FRTRcGl Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable The comment Russ raised during the SAAG was about the WGLC of http://tools.ietf.org/html/draft-ietf-uta-tls-bcp-07 in UTA and their choice of the cryptographic algorithms. I read through draft-ietf-uta-tls-bcp when working on the DTLS profile draft and was fully aware of the misalignment but assumed it was caused by the different scope. Ciao Hannes On 11/14/2014 09:01 PM, Carsten Bormann wrote: > On 14 Nov 2014, at 09:57, Hannes Tschofenig = wrote: >> >> I believe, however, that this is not a problem as such since the UTA >> work really has a different scope - they focus on Web/Messaging/Email >> rather than the IoT space. I sent a mail to their list to request the >> title to be adjusted. >=20 > This is not about UTA, but HTTP/2 (httpbis WG). >=20 > Gr=FC=DFe, Carsten >=20 > _______________________________________________ > dtls-iot mailing list > dtls-iot@ietf.org > https://www.ietf.org/mailman/listinfo/dtls-iot >=20 --0on3n8DhFxKWkveldsV9alFl72FRTRcGl Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org iQEcBAEBCgAGBQJUZmCCAAoJEGhJURNOOiAt91QH/3ZuJaY5b31pcG6LmqG5HEot ByoCp+pUTtEm9sXGpld1p70xVZLdokMggth0yuFMLweypcT54FDtIiXr7q1OgsHq b0J92OoxIMr20EJFfeuJg/c9Mr0cD2MTA3dWFXzc2cjXJaEStOpq+A4M0/+NBQaK DdlfiQcI5W/6AMppcWlXsqr6o1Xn5lUESldsXhHtFBD08rnvz+Ay7QJP8dleg+hE fRzePjM9ulWavXl5WKizlBtWeGMkv7T8+3gEFVtFN7XNpPt5KzwmmqxPlaHpV9FE kqpXl+gUKotZD5qmREnshi3luTlQnLMKFToO/5DUlRP7Vh6WQYHRRAz09VSaYjw= =I40A -----END PGP SIGNATURE----- --0on3n8DhFxKWkveldsV9alFl72FRTRcGl-- From nobody Fri Nov 14 12:06:32 2014 Return-Path: X-Original-To: dtls-iot@ietfa.amsl.com Delivered-To: dtls-iot@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 550321A90F3 for ; Fri, 14 Nov 2014 12:06:30 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -101.9 X-Spam-Level: X-Spam-Status: No, score=-101.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, USER_IN_WHITELIST=-100] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oxLRCsxofCrh for ; Fri, 14 Nov 2014 12:06:27 -0800 (PST) Received: from odin.smetech.net (x-bolt-wan.smeinc.net [209.135.219.146]) by ietfa.amsl.com (Postfix) with ESMTP id B04201A90B2 for ; Fri, 14 Nov 2014 12:06:25 -0800 (PST) Received: from localhost (unknown [209.135.209.5]) by odin.smetech.net (Postfix) with ESMTP id 7CB23F5C015; Fri, 14 Nov 2014 15:06:15 -0500 (EST) X-Virus-Scanned: amavisd-new at smetech.net Received: from odin.smetech.net ([209.135.209.4]) by localhost (ronin.smeinc.net [209.135.209.5]) (amavisd-new, port 10024) with ESMTP id ne90+Vf6uoif; Fri, 14 Nov 2014 15:05:54 -0500 (EST) Received: from v150.vpn.iad.rg.net (v150.vpn.iad.rg.net [198.180.150.150]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by odin.smetech.net (Postfix) with ESMTP id D9F71F3C025; Fri, 14 Nov 2014 15:05:53 -0500 (EST) Mime-Version: 1.0 (Apple Message framework v1085) Content-Type: text/plain; charset=us-ascii From: Russ Housley In-Reply-To: <54665EC1.8020706@gmx.net> Date: Fri, 14 Nov 2014 15:05:41 -0500 Content-Transfer-Encoding: quoted-printable Message-Id: References: <6F73BAEE-5FA3-4BCA-9A28-B98E1093CB95@gmail.com> <1B65AA0C-100B-4072-BC30-71B78C49FD32@vigilsec.com> <54665EC1.8020706@gmx.net> To: Hannes Tschofenig X-Mailer: Apple Mail (2.1085) Archived-At: http://mailarchive.ietf.org/arch/msg/dtls-iot/o0sDfIASQSkND7ENk9a1Vd9UcPs Cc: Dorothy Gellert , Zach Shelby , dtls-iot@ietf.org Subject: Re: [Dtls-iot] WGLC for DTLS Profile draft: 11/11/2014 - 11/25/2014 X-BeenThere: dtls-iot@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DTLS for IoT discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 Nov 2014 20:06:30 -0000 Hannes: I understand the hardware situation. That was the point I was trying to = make when I said, "It makes a lot of sense for small devices." Please = explain this situation in HTTPbis. My hope is that they will join you = by either picking AES-CCM or picking both AES-GCM and AES-CCM. Russ On Nov 14, 2014, at 2:57 PM, Hannes Tschofenig wrote: > Hi Russ, >=20 > thanks for bringing this up. >=20 > The ciphersuites selected for the DTLS profile draft have been heavily > influenced by the work done in the CORE working group. >=20 > We have been telling silicon partners that they should put AES-CCM = into > their chips and they have indeed following that recommendation. >=20 > I believe, however, that this is not a problem as such since the UTA > work really has a different scope - they focus on Web/Messaging/Email > rather than the IoT space. I sent a mail to their list to request the > title to be adjusted. >=20 > Ciao > Hannes >=20 > On 11/12/2014 01:37 AM, Russ Housley wrote: >> DICE document requires TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8. I have no = problem with that choice. It makes a lot of sense for small devices. >>=20 >> The HTTPbis is also taking a path that requires an AEAD algorithm. = It would be really nice if the two groups came to a place that allowed = interoperability, but HTTPbis seems to be on a path for AES-GCM. = AES-CCM is better for small devices. >>=20 >> It seems to me that the two groups should talk to each other before = WG Last Call is over. >>=20 >> Russ From nobody Fri Nov 14 14:55:23 2014 Return-Path: X-Original-To: dtls-iot@ietfa.amsl.com Delivered-To: dtls-iot@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 61A5F1AD33F for ; Fri, 14 Nov 2014 14:55:22 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.494 X-Spam-Level: X-Spam-Status: No, score=-2.494 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.594] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MdpVrL6JTCGN for ; Fri, 14 Nov 2014 14:55:20 -0800 (PST) Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) by ietfa.amsl.com (Postfix) with ESMTP id 18ECA1AD305 for ; Fri, 14 Nov 2014 14:55:20 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id A32A6BE09; Fri, 14 Nov 2014 22:55:18 +0000 (GMT) X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bOGMWhLeSbr5; Fri, 14 Nov 2014 22:55:17 +0000 (GMT) Received: from [10.87.48.4] (unknown [86.42.24.216]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 08979BE07; Fri, 14 Nov 2014 22:55:17 +0000 (GMT) Message-ID: <54668854.1020503@cs.tcd.ie> Date: Fri, 14 Nov 2014 22:55:16 +0000 From: Stephen Farrell User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0 MIME-Version: 1.0 To: Russ Housley , Hannes Tschofenig References: <6F73BAEE-5FA3-4BCA-9A28-B98E1093CB95@gmail.com> <1B65AA0C-100B-4072-BC30-71B78C49FD32@vigilsec.com> <54665EC1.8020706@gmx.net> In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Archived-At: http://mailarchive.ietf.org/arch/msg/dtls-iot/p-4--tmhL_x2fRDlWDcAjoCibZY Cc: Dorothy Gellert , Zach Shelby , dtls-iot@ietf.org Subject: Re: [Dtls-iot] WGLC for DTLS Profile draft: 11/11/2014 - 11/25/2014 X-BeenThere: dtls-iot@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DTLS for IoT discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 Nov 2014 22:55:22 -0000 Hi Russ, On 14/11/14 20:05, Russ Housley wrote: > Hannes: > > I understand the hardware situation. That was the point I was trying > to make when I said, "It makes a lot of sense for small devices." > Please explain this situation in HTTPbis. My hope is that they will > join you by either picking AES-CCM or picking both AES-GCM and > AES-CCM. I'm not getting why we see having two AES modes as advantageous. I get that there are devices out there with CCM and that that's unlikely to go away, and that the same is true for GCM, but that seems like a thing that's a pain to work around. Or am I over interpreting "hope" there? S. > > Russ > > > On Nov 14, 2014, at 2:57 PM, Hannes Tschofenig wrote: > >> Hi Russ, >> >> thanks for bringing this up. >> >> The ciphersuites selected for the DTLS profile draft have been >> heavily influenced by the work done in the CORE working group. >> >> We have been telling silicon partners that they should put AES-CCM >> into their chips and they have indeed following that >> recommendation. >> >> I believe, however, that this is not a problem as such since the >> UTA work really has a different scope - they focus on >> Web/Messaging/Email rather than the IoT space. I sent a mail to >> their list to request the title to be adjusted. >> >> Ciao Hannes >> >> On 11/12/2014 01:37 AM, Russ Housley wrote: >>> DICE document requires TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8. I >>> have no problem with that choice. It makes a lot of sense for >>> small devices. >>> >>> The HTTPbis is also taking a path that requires an AEAD >>> algorithm. It would be really nice if the two groups came to a >>> place that allowed interoperability, but HTTPbis seems to be on a >>> path for AES-GCM. AES-CCM is better for small devices. >>> >>> It seems to me that the two groups should talk to each other >>> before WG Last Call is over. >>> >>> Russ > > _______________________________________________ dtls-iot mailing > list dtls-iot@ietf.org > https://www.ietf.org/mailman/listinfo/dtls-iot > From nobody Fri Nov 14 19:03:15 2014 Return-Path: X-Original-To: dtls-iot@ietfa.amsl.com Delivered-To: dtls-iot@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E3FB31A038A for ; Fri, 14 Nov 2014 19:03:11 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.901 X-Spam-Level: X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id t7a06ZHgUgzi for ; Fri, 14 Nov 2014 19:03:09 -0800 (PST) Received: from emea01-am1-obe.outbound.protection.outlook.com (mail-am1on0795.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe00::795]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5C6851A0AF1 for ; Fri, 14 Nov 2014 19:03:09 -0800 (PST) Received: from DBXPR04CA0015.eurprd04.prod.outlook.com (10.141.8.143) by DB3PR04MB0633.eurprd04.prod.outlook.com (25.160.45.147) with Microsoft SMTP Server (TLS) id 15.1.16.15; Sat, 15 Nov 2014 03:02:45 +0000 Received: from DB3FFO11FD021.protection.gbl (2a01:111:f400:7e04::129) by DBXPR04CA0015.outlook.office365.com (2a01:111:e400:9414::15) with Microsoft SMTP Server (TLS) id 15.1.16.15 via Frontend Transport; Sat, 15 Nov 2014 03:02:44 +0000 Received: from mail.philips.com (206.191.240.52) by DB3FFO11FD021.mail.protection.outlook.com (10.47.217.52) with Microsoft SMTP Server (TLS) id 15.1.6.13 via Frontend Transport; Sat, 15 Nov 2014 03:02:41 +0000 Received: from DBXPRD9003MB059.MGDPHG.emi.philips.com ([169.254.7.62]) by DBXPRD9003HT001.MGDPHG.emi.philips.com ([141.251.25.206]) with mapi id 14.16.0472.000; Sat, 15 Nov 2014 03:02:41 +0000 From: "Kumar, Sandeep" To: Hannes Tschofenig , Russ Housley , "dtls-iot@ietf.org" Thread-Topic: [Dtls-iot] WGLC for DTLS Profile draft: 11/11/2014 - 11/25/2014 Thread-Index: AQHP/hD7xvnAK6SEDkWOLiOtk7uDiJxgjmuAgAByf7A= Date: Sat, 15 Nov 2014 03:02:40 +0000 Message-ID: References: <6F73BAEE-5FA3-4BCA-9A28-B98E1093CB95@gmail.com> <1B65AA0C-100B-4072-BC30-71B78C49FD32@vigilsec.com> <54665EC1.8020706@gmx.net> In-Reply-To: <54665EC1.8020706@gmx.net> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [173.197.107.9] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-EOPAttributedMessage: 0 Received-SPF: None (protection.outlook.com: philips.com does not designate permitted sender hosts) Authentication-Results: spf=none (sender IP is 206.191.240.52) smtp.mailfrom=sandeep.kumar@philips.com; X-Forefront-Antispam-Report: CIP:206.191.240.52; CTRY:US; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(10019020)(6009001)(428002)(5423002)(13464003)(52604005)(51704005)(189002)(199003)(374574003)(55904004)(85714005)(377454003)(24454002)(479174003)(20776003)(99396003)(47776003)(46406003)(86362001)(97736003)(66066001)(33656002)(101416001)(76176999)(2656002)(54356999)(87936001)(64706001)(97756001)(44976005)(19580395003)(46102003)(84676001)(6806004)(69596002)(15975445006)(120916001)(92726001)(68736004)(19580405001)(107046002)(95666004)(104016003)(55846006)(105586002)(50466002)(106466001)(81156004)(77096003)(21056001)(77156002)(23726002)(50986999)(62966003)(4396001)(106116001)(567094001); DIR:OUT; SFP:1102; SCL:1; SRVR:DB3PR04MB0633; H:mail.philips.com; FPR:; MLV:sfv; PTR:ErrorRetry; MX:1; A:1; LANG:en; X-Microsoft-Antispam: UriScan:; X-Microsoft-Antispam: BCL:0;PCL:0;RULEID:;SRVR:DB3PR04MB0633; X-Exchange-Antispam-Report-Test: UriScan:; X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:;SRVR:DB3PR04MB0633; X-Forefront-PRVS: 03965EFC76 X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:;SRVR:DB3PR04MB0633; X-OriginatorOrg: philips.com Archived-At: http://mailarchive.ietf.org/arch/msg/dtls-iot/k0EwK4ivyx8C4u8Vden7QoIr3tw Cc: Dorothy Gellert , Zach Shelby Subject: Re: [Dtls-iot] WGLC for DTLS Profile draft: 11/11/2014 - 11/25/2014 X-BeenThere: dtls-iot@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DTLS for IoT discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 15 Nov 2014 03:03:12 -0000 HI Hannes Can you clarify if the silicon vendors are implementing AES-CCM or plain AE= S in hardware (i.e. AES-ECB) with the CCM mode implemented in software? If it is the former, do you know if they are flexible enough to implement A= ES-CCM with different nonce lengths. The reason I ask is because AES-CCM in= IEEE 802.15.4 uses a nonce length of 13-octets while DTLS uses 12-octets. = I have heard of some15.4 chips that hard-code (in hardware) the 13-octet no= nce length making it useless for DTLS. Regards Sandeep > -----Original Message----- > From: dtls-iot [mailto:dtls-iot-bounces@ietf.org] On Behalf Of Hannes > Tschofenig > Sent: Friday, November 14, 2014 9:58 AM > To: Russ Housley; dtls-iot@ietf.org > Cc: Dorothy Gellert; Zach Shelby > Subject: Re: [Dtls-iot] WGLC for DTLS Profile draft: 11/11/2014 - 11/25/2= 014 > > Hi Russ, > > thanks for bringing this up. > > The ciphersuites selected for the DTLS profile draft have been heavily > influenced by the work done in the CORE working group. > > We have been telling silicon partners that they should put AES-CCM into t= heir > chips and they have indeed following that recommendation. > > I believe, however, that this is not a problem as such since the UTA work > really has a different scope - they focus on Web/Messaging/Email rather > than the IoT space. I sent a mail to their list to request the title to b= e > adjusted. > > Ciao > Hannes > > On 11/12/2014 01:37 AM, Russ Housley wrote: > > DICE document requires TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8. I > have no problem with that choice. It makes a lot of sense for small devi= ces. > > > > The HTTPbis is also taking a path that requires an AEAD algorithm. It = would > be really nice if the two groups came to a place that allowed interoperab= ility, > but HTTPbis seems to be on a path for AES-GCM. AES-CCM is better for sma= ll > devices. > > > > It seems to me that the two groups should talk to each other before WG > Last Call is over. > > > > Russ > > > > _______________________________________________ > > dtls-iot mailing list > > dtls-iot@ietf.org > > https://www.ietf.org/mailman/listinfo/dtls-iot > > ________________________________ The information contained in this message may be confidential and legally p= rotected under applicable law. The message is intended solely for the addre= ssee(s). If you are not the intended recipient, you are hereby notified tha= t any use, forwarding, dissemination, or reproduction of this message is st= rictly prohibited and may be unlawful. If you are not the intended recipien= t, please contact the sender by return e-mail and destroy all copies of the= original message. From nobody Fri Nov 14 19:56:45 2014 Return-Path: X-Original-To: dtls-iot@ietfa.amsl.com Delivered-To: dtls-iot@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E4EFA1A03AB for ; Fri, 14 Nov 2014 19:56:43 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_HELO_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id k45Nr5yivRdK for ; Fri, 14 Nov 2014 19:56:41 -0800 (PST) Received: from emea01-am1-obe.outbound.protection.outlook.com (mail-am1on0787.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe00::787]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 853BE1A006F for ; Fri, 14 Nov 2014 19:56:40 -0800 (PST) Received: from AM3PR04CA0046.eurprd04.prod.outlook.com (10.242.16.46) by AM3PR04MB0629.eurprd04.prod.outlook.com (10.255.133.150) with Microsoft SMTP Server (TLS) id 15.1.16.15; Sat, 15 Nov 2014 03:44:06 +0000 Received: from AM1FFO11FD015.protection.gbl (2a01:111:f400:7e00::173) by AM3PR04CA0046.outlook.office365.com (2a01:111:e400:8814::46) with Microsoft SMTP Server (TLS) id 15.1.16.15 via Frontend Transport; Sat, 15 Nov 2014 03:44:06 +0000 Received: from mail.philips.com (206.191.240.52) by AM1FFO11FD015.mail.protection.outlook.com (10.174.64.93) with Microsoft SMTP Server (TLS) id 15.1.6.13 via Frontend Transport; Sat, 15 Nov 2014 03:44:06 +0000 Received: from DBXPRD9003MB059.MGDPHG.emi.philips.com ([169.254.7.62]) by DBXPRD9003HT003.MGDPHG.emi.philips.com ([141.251.25.208]) with mapi id 14.16.0472.000; Sat, 15 Nov 2014 03:44:05 +0000 From: "Kumar, Sandeep" To: "dtls-iot@ietf.org" , "Hannes Tschofenig (Hannes.Tschofenig@gmx.net)" Thread-Topic: AES-CCM nonces in DTLS records Thread-Index: AdAAgPb6clYzdGscSKeAUJZGqRiWeg== Date: Sat, 15 Nov 2014 03:44:05 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [173.197.107.9] Content-Type: multipart/alternative; boundary="_000_BE6D13F6A4554947952B39008B0DC0153E921C8CDBXPRD9003MB059_" MIME-Version: 1.0 X-EOPAttributedMessage: 0 X-Forefront-Antispam-Report: CIP:206.191.240.52; CTRY:US; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(10019020)(6009001)(428002)(189002)(85714005)(374574003)(55904004)(199003)(16236675004)(55846006)(33656002)(99396003)(229853001)(87936001)(19300405004)(50986999)(4396001)(66066001)(54356999)(77096003)(104016003)(69596002)(68736004)(77156002)(64706001)(81156004)(2656002)(106466001)(62966003)(97736003)(512954002)(120916001)(21056001)(84326002)(84676001)(46102003)(105586002)(71186001)(101416001)(107046002)(107886001)(15975445006)(15202345003)(19625215002)(20776003)(19580395003)(6806004)(86362001)(44976005)(92726001)(95666004)(567094001); DIR:OUT; SFP:1102; SCL:1; SRVR:AM3PR04MB0629; H:mail.philips.com; FPR:; MLV:sfv; PTR:ErrorRetry; MX:1; A:1; LANG:en; X-Microsoft-Antispam: UriScan:; X-Microsoft-Antispam: BCL:0;PCL:0;RULEID:;SRVR:AM3PR04MB0629; X-Exchange-Antispam-Report-Test: UriScan:; X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:;SRVR:AM3PR04MB0629; X-Forefront-PRVS: 03965EFC76 Received-SPF: None (protection.outlook.com: philips.com does not designate permitted sender hosts) Authentication-Results: spf=none (sender IP is 206.191.240.52) smtp.mailfrom=sandeep.kumar@philips.com; X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:;SRVR:AM3PR04MB0629; X-OriginatorOrg: philips.com Archived-At: http://mailarchive.ietf.org/arch/msg/dtls-iot/9O7xlN7xZrbNgglXNBM0mTxSa9o Subject: [Dtls-iot] AES-CCM nonces in DTLS records X-BeenThere: dtls-iot@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DTLS for IoT discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 15 Nov 2014 03:56:44 -0000 --_000_BE6D13F6A4554947952B39008B0DC0153E921C8CDBXPRD9003MB059_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi Hannes I would like to point out one other improvement with AEAD mode ciphers (pre= sently AES-GCM and AES-CCM) that could go into the profile draft. Presently both RFC5288 and RFC6655 mention that the The nonce_explicit MAY be the 64-bit sequence number. However this only means that GenericAEADCipher.nonce_explicit field in the = record layer is an exact copy of the sequence number (for DTLS: epoch||sequ= ence number). This leads to a duplication of 8-bytes per record which can m= ean a lot for IEEE 802.15.4 networks. ChaCha20 and Poly1305 based ciphersuite for TLS (draft-agl-tls-chacha20poly= 1305-04) does remove this duplication by stating When used in TLS, the "record_iv_length" is zero and the nonce is the sequence number for the record, as an 8-byte, big-endian number. The question to you (and to the group) is if we can make a similar statemen= t for improvement in AES-CCM preventing an 8-byte duplication per packet. U= nfortunately this might mean that an IoT profiled DTLS using AES-CCM may no= t work with existing implementations unless there is some form of signaling= (for example with an extension). Regards Sandeep ________________________________ The information contained in this message may be confidential and legally p= rotected under applicable law. The message is intended solely for the addre= ssee(s). If you are not the intended recipient, you are hereby notified tha= t any use, forwarding, dissemination, or reproduction of this message is st= rictly prohibited and may be unlawful. If you are not the intended recipien= t, please contact the sender by return e-mail and destroy all copies of the= original message. --_000_BE6D13F6A4554947952B39008B0DC0153E921C8CDBXPRD9003MB059_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Hi Hannes

 

I would like to point out one other improvement with= AEAD mode ciphers (presently AES-GCM and AES-CCM) that could go into the p= rofile draft.

 

Presently both RFC5288 and RFC6655 mention that the<= o:p>

The nonce_explicit MAY be the 64-bit sequence number.=

However this only means that GenericAEADCipher.nonce= _explicit field in the record layer is an exact copy of the sequence number= (for DTLS: epoch||sequence number). This leads to a duplication of 8-bytes= per record which can mean a lot for IEEE 802.15.4 networks.

 

ChaCha20 and Poly1305 based ciphersuite for TLS (dra= ft-agl-tls-chacha20poly1305-04) does remove this duplication  by stati= ng

When used in TLS, the "record_iv_length" is zero and the non=
ce is the
   sequence number for the record, as an 8-byte, big-endian =
number.

 

The question to you (and to the group) is if we can = make a similar statement for improvement in AES-CCM preventing an 8-byte du= plication per packet. Unfortunately this might mean that an IoT profiled DT= LS using AES-CCM may not work with existing implementations unless there is some form of signaling (for examp= le with an extension).

 

Regards

Sandeep

 


The information contained in= this message may be confidential and legally protected under applicable la= w. The message is intended solely for the addressee(s). If you are not the = intended recipient, you are hereby notified that any use, forwarding, dissemination, or reproduction of this message i= s strictly prohibited and may be unlawful. If you are not the intended reci= pient, please contact the sender by return e-mail and destroy all copies of= the original message.
 --_000_BE6D13F6A4554947952B39008B0DC0153E921C8CDBXPRD9003MB059_-- From nobody Fri Nov 14 19:59:54 2014 Return-Path: X-Original-To: dtls-iot@ietfa.amsl.com Delivered-To: dtls-iot@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 19BF51A1A3B for ; Fri, 14 Nov 2014 19:59:52 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.55 X-Spam-Level: X-Spam-Status: No, score=-1.55 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_DE=0.35] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OF6Q1Es3enO5 for ; Fri, 14 Nov 2014 19:59:50 -0800 (PST) Received: from mailhost.informatik.uni-bremen.de (mailhost.informatik.uni-bremen.de [IPv6:2001:638:708:30c9::12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8EB3F1A1A2C for ; Fri, 14 Nov 2014 19:59:50 -0800 (PST) X-Virus-Scanned: amavisd-new at informatik.uni-bremen.de Received: from smtp-fb3.informatik.uni-bremen.de (smtp-fb3.informatik.uni-bremen.de [134.102.224.120]) by mailhost.informatik.uni-bremen.de (8.14.5/8.14.5) with ESMTP id sAF3xlYe020772; Sat, 15 Nov 2014 04:59:47 +0100 (CET) Received: from dhcp-93f4.meeting.ietf.org (dhcp-93f4.meeting.ietf.org [31.133.147.244]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp-fb3.informatik.uni-bremen.de (Postfix) with ESMTPSA id CD804537; Sat, 15 Nov 2014 04:59:45 +0100 (CET) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 8.0 \(1990.1\)) From: Carsten Bormann In-Reply-To: Date: Fri, 14 Nov 2014 17:59:44 -1000 X-Mao-Original-Outgoing-Id: 437716783.6542-2ab964b3f1919d91a98a5d61d2361bc5 Content-Transfer-Encoding: quoted-printable Message-Id: References: To: "Kumar, Sandeep" X-Mailer: Apple Mail (2.1990.1) Archived-At: http://mailarchive.ietf.org/arch/msg/dtls-iot/P6MCCfrRTAOxZdmIEmS_5iZvJL4 Cc: "Hannes Tschofenig \(Hannes.Tschofenig@gmx.net\)" , "dtls-iot@ietf.org" Subject: Re: [Dtls-iot] AES-CCM nonces in DTLS records X-BeenThere: dtls-iot@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DTLS for IoT discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 15 Nov 2014 03:59:52 -0000 On 14 Nov 2014, at 17:44, Kumar, Sandeep = wrote: >=20 > this only means that GenericAEADCipher.nonce_explicit field in the = record layer is an exact copy of the sequence number (for DTLS: = epoch||sequence number).=20 Indeed, that is one reason why GHC (RFC7400) works so well with DTLS = 1.2. Gr=C3=BC=C3=9Fe, Carsten From nobody Fri Nov 14 23:05:44 2014 Return-Path: X-Original-To: dtls-iot@ietfa.amsl.com Delivered-To: dtls-iot@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8A0031A1B13 for ; Fri, 14 Nov 2014 23:05:36 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.443 X-Spam-Level: X-Spam-Status: No, score=-4.443 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_DE=0.35, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.594] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ifq2K56Jb_JC for ; Fri, 14 Nov 2014 23:05:29 -0800 (PST) Received: from mx-out-2.rwth-aachen.de (mx-out-2.rwth-aachen.de [134.130.5.187]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A91701A1B0D for ; Fri, 14 Nov 2014 23:05:27 -0800 (PST) X-IronPort-AV: E=Sophos;i="5.07,390,1413237600"; d="p7s'?scan'208,217";a="270697727" Received: from mail-i4.nets.rwth-aachen.de ([137.226.12.21]) by mx-2.rz.rwth-aachen.de with ESMTP; 15 Nov 2014 08:05:26 +0100 Received: from messenger.nets.rwth-aachen.de (messenger.nets.rwth-aachen.de [137.226.13.40]) by mail-i4.nets.rwth-aachen.de (Postfix) with ESMTP id B2F3C13DA67; Sat, 15 Nov 2014 08:05:25 +0100 (CET) Received: from MESSENGER.nets.rwth-aachen.de ([fe80::d4e:bb9d:9e0:bfee]) by MESSENGER.nets.rwth-aachen.de ([fe80::d4e:bb9d:9e0:bfee%12]) with mapi id 14.01.0218.012; Sat, 15 Nov 2014 08:05:25 +0100 From: Rene Hummen To: Dorothy Gellert Thread-Topic: Retransmission timeout and PSK identity hint (was: [Dtls-iot] WGLC for DTLS Profile draft: 11/11/2014 - 11/25/2014) Thread-Index: AQHQAKKGO0YMQGeUpkqGQLG2jUtdOA== Date: Sat, 15 Nov 2014 07:05:24 +0000 Message-ID: References: <6F73BAEE-5FA3-4BCA-9A28-B98E1093CB95@gmail.com> In-Reply-To: <6F73BAEE-5FA3-4BCA-9A28-B98E1093CB95@gmail.com> Accept-Language: en-US, de-DE Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: x-originating-ip: [173.197.88.101] Content-Type: multipart/signed; boundary="Apple-Mail=_F370CE57-D15F-4C23-A1C4-7AB230A73E9C"; protocol="application/pkcs7-signature"; micalg=sha1 MIME-Version: 1.0 Archived-At: http://mailarchive.ietf.org/arch/msg/dtls-iot/TKgZDyWojQA9tS0yGgdw0bWQNUw Cc: Zach Shelby , Hannes Tschofenig , "dtls-iot@ietf.org" Subject: [Dtls-iot] Retransmission timeout and PSK identity hint (was: WGLC for DTLS Profile draft: 11/11/2014 - 11/25/2014) X-BeenThere: dtls-iot@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DTLS for IoT discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 15 Nov 2014 07:05:40 -0000 --Apple-Mail=_F370CE57-D15F-4C23-A1C4-7AB230A73E9C Content-Type: multipart/alternative; boundary="Apple-Mail=_7B374BB6-12F4-4012-BF8D-3D2EC974A4F0" --Apple-Mail=_7B374BB6-12F4-4012-BF8D-3D2EC974A4F0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=windows-1252 Besides the fact that I would have liked this draft to consider both a = constrained DTLS client and a constrained DTLS server, I have two main = comments: 1) =46rom my experience, the recommended timeout values for DTLS often = lead to spurious retransmissions in constrained node networks. = Especially for constrained devices with software ECC support, network = delays in combination with ECDH and ECDSA operations quickly exceed a 1 = sec timeout. Similarly, for long message flights (i.e., = certificate-related flights), repeated loss of a handshake message = causes extensive handshake delays. As the specific timeout values may be = application dependent, pointing out these issues in sections 5.2 and 5.3 = would be very useful. 2) Section 5.1: The paragraph about the =93PSK identity hint=94 is = unclear to me. What is the rationale behind recommending against sending = the hint if the key selection is based on the domain name of the server = in contrast to any other means of identification? Moreover, how does = this tie in with the subsequent recommendation saying =93A server using = the identity hint needs to guide the selection based on a received SNI = value from the client.=94? Some editorial comments (possibly personal preference): - The end of the introduction starting from =93The design of DTLS is = intentionally very similar to TLS.=94 could be moved into an own = section, e.g., called =93Overview of the DTLS Protocol=94. In my = opinion, this would further improve readability. - In the third bullet point of the same paragraph, I would also remove = the sentence about IKEv2 as this information is distracting with respect = to the subsequent recommendation. To highlight what I mean, I am copying = the text from the draft here: =93... [The HelloVerifyRequest] is sent by the server and includes a = stateless cookie, which is returned in a ClientHello message back to the = server. This type of DoS protection mechanism has been incorporated into = the design of IKEv2. Although the exchange is optional for the server to = execute, a client implementation has to be prepared to respond to it.". - It would may helpful for implementors to have a brief summary of the = most important general recommendations at the end of the introduction. = Something along the lines: =93An implementation complying to this = profile i) MUST not use compression for DTLS handshake messages, ii) = MUST not use DTLS < 1.2, and MAY use any of the following authentication = modes: PSK, raw public-key, certificates. Specific recommendations for = each of these modes are given in sections 5 - 18.=94 - Section 5.1: =93Furthermore, credentials are provisioned into trusted = hardware modules or in the firmware by the developers.=94 -> add = =93often/commonly/typically=94 as there may also be other forms of = provisioning. Ren=E9 On 12 Nov 2014, at 00:18, Dorothy Gellert = wrote: > Dear WG, >=20 > As discussed during the Dice WG meeting at IETF#91, this email starts = a WGLC for our DTLS profile draft: >=20 > https://tools.ietf.org/html/draft-ietf-dice-profile-05 >=20 > Please review. This WGLC will end on Tuesday, November 25, 2014. >=20 > Best Regards, > Dorothy and Zach > _______________________________________________ > dtls-iot mailing list > dtls-iot@ietf.org > https://www.ietf.org/mailman/listinfo/dtls-iot -- Dipl.-Inform. Rene Hummen, Ph.D. Student Chair of Communication and Distributed Systems RWTH Aachen University, Germany tel: +49 241 80 21426 web: http://www.comsys.rwth-aachen.de/team/rene-hummen/ --Apple-Mail=_7B374BB6-12F4-4012-BF8D-3D2EC974A4F0 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=windows-1252
Besides the fact that I would have liked this = draft to consider both a constrained DTLS client and a constrained DTLS = server, I have two main comments:

1) =46rom my = experience, the recommended timeout values for DTLS often lead to = spurious retransmissions in constrained node networks. Especially for = constrained devices with software ECC support, network delays in = combination with ECDH and ECDSA operations quickly exceed a 1 sec = timeout. Similarly, for long message flights (i.e., certificate-related = flights), repeated loss of a handshake message causes extensive = handshake delays. As the specific timeout values may be application = dependent, pointing out these issues in sections 5.2 and 5.3 would be = very useful.

2) Section 5.1: The paragraph = about the =93PSK identity hint=94 is unclear to me. What is the = rationale behind recommending against sending the hint if the key = selection is based on the domain name of the server in contrast to any = other means of identification? Moreover, how does this tie in with the = subsequent recommendation saying =93A server using the identity hint = needs to guide the selection based on a received SNI value from the = client.=94?


Some editorial = comments (possibly personal preference):

- The = end of the introduction starting from =93The design of DTLS is = intentionally very similar to TLS.=94 could be moved into an own = section, e.g., called =93Overview of the DTLS Protocol=94. In my = opinion, this would further improve = readability.

- In the third bullet point of the = same paragraph, I would also remove the sentence about IKEv2 as this = information is distracting with respect to the subsequent = recommendation. To highlight what I mean, I am copying the text from the = draft here:
=93... [The HelloVerifyRequest] is sent by the = server and includes a stateless cookie, which is returned in a = ClientHello message back to the server. This type of DoS protection = mechanism has been incorporated into the design of IKEv2. Although the = exchange is optional for the server to execute, a client implementation = has to be prepared to respond to it.".

- It = would may helpful for implementors to have a brief summary of the most = important general recommendations at the end of the introduction. = Something along the lines: =93An implementation complying to this = profile i) MUST not use compression for DTLS handshake messages, ii) = MUST not use DTLS < 1.2, and MAY use any of the following = authentication modes: PSK, raw public-key, certificates. Specific = recommendations for each of these modes are given in sections 5 - = 18.=94

- Section 5.1: =93Furthermore, = credentials are provisioned into trusted hardware modules or in the = firmware by the developers.=94 -> add =93often/commonly/typically=94 = as there may also be other forms of = provisioning.

Ren=E9


On 12 Nov 2014, at 00:18, Dorothy Gellert <dorothy.gellert@gmail.com>= ; wrote:
Dear WG,

As discussed during the Dice WG meeting at IETF#91, = this email starts a WGLC  for our DTLS profile draft:

https://to= ols.ietf.org/html/draft-ietf-dice-profile-05

Please review.  This WGLC = will end on Tuesday, November 25, 2014.

Best Regards,
Dorothy and = Zach
_______________________________________________
dtls-io= t mailing list
dtls-iot@ietf.org
https://www.iet= f.org/mailman/listinfo/dtls-iot

--
Dipl.-Inform. Rene Hummen, Ph.D. = Student
Chair of Communication and Distributed Systems
RWTH Aachen = University, Germany
tel: +49 241 80 21426
web: http://www.com= sys.rwth-aachen.de/team/rene-hummen/

= --Apple-Mail=_7B374BB6-12F4-4012-BF8D-3D2EC974A4F0-- --Apple-Mail=_F370CE57-D15F-4C23-A1C4-7AB230A73E9C Content-Disposition: attachment; filename="smime.p7s" Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIOGzCCBCEw ggMJoAMCAQICAgDHMA0GCSqGSIb3DQEBBQUAMHExCzAJBgNVBAYTAkRFMRwwGgYDVQQKExNEZXV0 c2NoZSBUZWxla29tIEFHMR8wHQYDVQQLExZULVRlbGVTZWMgVHJ1c3QgQ2VudGVyMSMwIQYDVQQD ExpEZXV0c2NoZSBUZWxla29tIFJvb3QgQ0EgMjAeFw0wNjEyMTkxMDI5MDBaFw0xOTA2MzAyMzU5 MDBaMFoxCzAJBgNVBAYTAkRFMRMwEQYDVQQKEwpERk4tVmVyZWluMRAwDgYDVQQLEwdERk4tUEtJ MSQwIgYDVQQDExtERk4tVmVyZWluIFBDQSBHbG9iYWwgLSBHMDEwggEiMA0GCSqGSIb3DQEBAQUA A4IBDwAwggEKAoIBAQDpm8NnhfkNrvWNVMOWUDU9YuluTO2U1wBblSJ01CDrNI/W7MAxBAuZgeKm FNJSoCgjhIt0iQReW+DieMF4yxbLKDU5ey2QRdDtoAB6fL9KDhsAw4bpXCsxEXsM84IkQ4wcOItq aACa7txPeKvSxhObdq3u3ibo7wGvdA/BCaL2a869080UME/15eOkyGKbghoDJzANAmVgTe3RCSMq ljVYJ9N2xnG2kB3E7f81hn1vM7PbD8URwoqDoZRdQWvY0hD1TP3KUazZve+Sg7va64sWVlZDz+HV Ez2mHycwzUlU28kTNJpxdcVs6qcLmPkhnSevPqM5OUhqjK3JmfvDEvK9AgMBAAGjgdkwgdYwcAYD VR0fBGkwZzBloGOgYYZfaHR0cDovL3BraS50ZWxlc2VjLmRlL2NnaS1iaW4vc2VydmljZS9hZl9E b3dubG9hZEFSTC5jcmw/LWNybF9mb3JtYXQ9WF81MDkmLWlzc3Vlcj1EVF9ST09UX0NBXzIwHQYD VR0OBBYEFEm3xs/oPR9/6kR7Eyn38QpwPt5kMB8GA1UdIwQYMBaAFDHDeRu69VPXF+CJei0XbAqz K50zMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgECMA0GCSqGSIb3DQEBBQUAA4IB AQA74Vp3wEgX3KkY7IGvWonwvSiSpspZGBJw7Cjy565/lizn8l0ZMfYTK3S9vYCyufdnyTmieTvh ERHua3iRM347XyYndVNljjNj7s9zw7CSI0khUHUjoR8Y4pSFPT8z6XcgjaK95qGFKUD2P3MyWA0J a6bahWzAP7uNZmRWJE6uDT8yNQFb6YyC2XJZT7GGhfF0hVblw/hc843uR7NTBXDn5U2KaYMo4RMJ hp5eyOpYHgwf+aTUWgRo/Sg+iwK2WLX2oSw3VwBnqyNojWOl75lrXP1LVvarQIc01BGSbOyHxQoL BzNytG8MHVQs2FHHzL8w00Ny8TK/jM5JY6gA9/IcMIIE6DCCA9CgAwIBAgIECfJ04DANBgkqhkiG 9w0BAQUFADBaMQswCQYDVQQGEwJERTETMBEGA1UEChMKREZOLVZlcmVpbjEQMA4GA1UECxMHREZO LVBLSTEkMCIGA1UEAxMbREZOLVZlcmVpbiBQQ0EgR2xvYmFsIC0gRzAxMB4XDTA3MDIxNDExNDkz OFoXDTE5MDIxMzAwMDAwMFowXjELMAkGA1UEBhMCREUxFDASBgNVBAoTC1JXVEggQWFjaGVuMRcw FQYDVQQDEw5SV1RIIEFhY2hlbiBDQTEgMB4GCSqGSIb3DQEJARYRY2FAcnd0aC1hYWNoZW4uZGUw ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4MAhk48jcelLfNUI5kvMv+CF54xJnL4x/ cJQnN2NId6CJ3fqs0siO2exIACfzdjxOUpQ6ZFOn5pdTvTi7stnk8WAaP/d9LFd8k9Gbxjh7xh3L +0a3ac+/tHJcX564ntUxGtVGMuShEoUaZUT5fw97TL36UJ8OqXLrqpdAKcFKaJ+pgRp2gTLj4MNU MPjA4GlstpjoLnT++qFm7t/ZS92/E3OqNJUwHH6C35vSroVscmg+a7XxT6U4JO99MYxNcTIMzhPS 9Ytp+302w7i51daBjr0hFGPK0nLSV6gv77zBSFJ7AVGJJxBSUzDn0xkDLYvZwqaeYkj8kDB2oSeR yfGjAgMBAAGjggGwMIIBrDAPBgNVHRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQU btU+wBwvcck8v0lO72pVSOzR8jgwHwYDVR0jBBgwFoAUSbfGz+g9H3/qRHsTKffxCnA+3mQwHAYD VR0RBBUwE4ERY2FAcnd0aC1hYWNoZW4uZGUwgYgGA1UdHwSBgDB+MD2gO6A5hjdodHRwOi8vY2Rw MS5wY2EuZGZuLmRlL2dsb2JhbC1yb290LWNhL3B1Yi9jcmwvY2FjcmwuY3JsMD2gO6A5hjdodHRw Oi8vY2RwMi5wY2EuZGZuLmRlL2dsb2JhbC1yb290LWNhL3B1Yi9jcmwvY2FjcmwuY3JsMIGiBggr BgEFBQcBAQSBlTCBkjBHBggrBgEFBQcwAoY7aHR0cDovL2NkcDEucGNhLmRmbi5kZS9nbG9iYWwt cm9vdC1jYS9wdWIvY2FjZXJ0L2NhY2VydC5jcnQwRwYIKwYBBQUHMAKGO2h0dHA6Ly9jZHAyLnBj YS5kZm4uZGUvZ2xvYmFsLXJvb3QtY2EvcHViL2NhY2VydC9jYWNlcnQuY3J0MA0GCSqGSIb3DQEB BQUAA4IBAQAXh37GLAscIHrVqQYrG5P/dYULxAseU6xuXKnSpVTnMWVFf1TtN/p2D+8XTKtl/A4W lYa9np+ONblWcS1nJsuYf7N9wrO4zCEcVBNLIAHCY3ZXG+IoNHwgXqSYqXHzrAQZjkSJr1RfbFE4 njUy0nNhtC51HX0ongWfqODc6z7aF9we20615Mh8Kk8uox4XgjLLV/UjPVlwRAnuYIeF0wycvQ6j z/PJMuOrXShpqejpaiRXqKx8oPXAlCcnoqRLlQc1L0iwQHBn0Em6tDmMHcahbf9SBOWiZ8+O0av4 ly8CQ95okz9hto9UErXUIzNea2AQXBtlIyLLKgVuYPf4i3IyMIIFBjCCA+6gAwIBAgIHFHkMp6Zz lDANBgkqhkiG9w0BAQUFADBeMQswCQYDVQQGEwJERTEUMBIGA1UEChMLUldUSCBBYWNoZW4xFzAV BgNVBAMTDlJXVEggQWFjaGVuIENBMSAwHgYJKoZIhvcNAQkBFhFjYUByd3RoLWFhY2hlbi5kZTAe Fw0xMjA5MTkwOTIzMzVaFw0xNTA5MTkwOTIzMzVaMDkxCzAJBgNVBAYTAkRFMRQwEgYDVQQKEwtS V1RIIEFhY2hlbjEUMBIGA1UEAxMLUmVuZSBIdW1tZW4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw ggEKAoIBAQDDoo52P1ghFxnZmWNVnv7+qDKjyif4AoLkJrs7CVV34cRm/PhuW8WzLqOES0B0ENWE eDUez2Dc4inRNXdF5zMy36rLuKsK5MuznnXTzqYGMeGQAU7MkUvSZdMIWDpMdVc5nKzP81leStBY c3t6T2PNFHbeQEoHqjUNMQc9wfFWVQHTnQt9+kejn8NDMHqzKjJ+bnXm3byZCEs09CnmGli1irfJ cR6Fo4KcRMHKVrAHUG8NB+QyPv9RzEawbxwZgyDot5G/A4iRnX0aZ7OjB6ohkepKniBZqSMeOIu1 /Y7p6zYwqiLLywX1VtDQz067R4pkrT5h/IO/VcEGXukXqPA/AgMBAAGjggHsMIIB6DAvBgNVHSAE KDAmMBEGDysGAQQBga0hgiwBAQQCAzARBg8rBgEEAYGtIYIsAgEEAgMwCQYDVR0TBAIwADALBgNV HQ8EBAMCBeAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMB0GA1UdDgQWBBTAJpMHhUGI 9hiu0k6Ccd8MggDivTAfBgNVHSMEGDAWgBRu1T7AHC9xyTy/SU7valVI7NHyODAsBgNVHREEJTAj gSFyZW5lLmh1bW1lbkBjb21zeXMucnd0aC1hYWNoZW4uZGUweQYDVR0fBHIwcDA2oDSgMoYwaHR0 cDovL2NkcDEucGNhLmRmbi5kZS9yd3RoLWNhL3B1Yi9jcmwvY2FjcmwuY3JsMDagNKAyhjBodHRw Oi8vY2RwMi5wY2EuZGZuLmRlL3J3dGgtY2EvcHViL2NybC9jYWNybC5jcmwwgZQGCCsGAQUFBwEB BIGHMIGEMEAGCCsGAQUFBzAChjRodHRwOi8vY2RwMS5wY2EuZGZuLmRlL3J3dGgtY2EvcHViL2Nh Y2VydC9jYWNlcnQuY3J0MEAGCCsGAQUFBzAChjRodHRwOi8vY2RwMi5wY2EuZGZuLmRlL3J3dGgt Y2EvcHViL2NhY2VydC9jYWNlcnQuY3J0MA0GCSqGSIb3DQEBBQUAA4IBAQCA/Plhm3Cxu6mOs3O3 Wsl/9Ow7rbANrMvB2zxZW4yGJGu5FKaib+ir66xbpMAbmN4gqQmwuDMW+oWC7U+m9IfFG+T482Rz AvsYEOZUmq3Y0KFx87MEJdgaWtJ7PnlUaGtgQjdMso0pvAboZnp2pfxazq46lHXDgTCJsd7MUHb6 MzV9JpDzq0qnXeM2d+WxpOckuo11SAtXod+zuI9Udm7oUVIGeI8yFQrtHhtfESOmi57zSTseEYNS meInQtPv1ARHwuFRBcG5SkHDqbFZIw+2QVK2qq23NlTeBB/JfitX13NYdYNMgymz30iHXvxmB1nN fmJ9RDejQ4SVonYR7pLLMYIC5zCCAuMCAQEwaTBeMQswCQYDVQQGEwJERTEUMBIGA1UEChMLUldU SCBBYWNoZW4xFzAVBgNVBAMTDlJXVEggQWFjaGVuIENBMSAwHgYJKoZIhvcNAQkBFhFjYUByd3Ro LWFhY2hlbi5kZQIHFHkMp6ZzlDAJBgUrDgMCGgUAoIIBUzAYBgkqhkiG9w0BCQMxCwYJKoZIhvcN AQcBMBwGCSqGSIb3DQEJBTEPFw0xNDExMTUwNzA1MjJaMCMGCSqGSIb3DQEJBDEWBBSGY+vu0JUz jodiYnq2FMftm73jyzB4BgkrBgEEAYI3EAQxazBpMF4xCzAJBgNVBAYTAkRFMRQwEgYDVQQKEwtS V1RIIEFhY2hlbjEXMBUGA1UEAxMOUldUSCBBYWNoZW4gQ0ExIDAeBgkqhkiG9w0BCQEWEWNhQHJ3 dGgtYWFjaGVuLmRlAgcUeQynpnOUMHoGCyqGSIb3DQEJEAILMWugaTBeMQswCQYDVQQGEwJERTEU MBIGA1UEChMLUldUSCBBYWNoZW4xFzAVBgNVBAMTDlJXVEggQWFjaGVuIENBMSAwHgYJKoZIhvcN AQkBFhFjYUByd3RoLWFhY2hlbi5kZQIHFHkMp6ZzlDANBgkqhkiG9w0BAQEFAASCAQCzocOl1CS8 XnhUcWf4NdbaWzQirHG5pEKzw1Tsfl4wApQmMkU8urxhhX65qKc9lvfuyl9bfJPn+CPnAgBG2TtE eRsCRZTa3iv3Sn2qpfa1T/ecsGMaryyQqnSNCdw3pZvBcjqyx5oWi/3iomK7DU8zz6rZuQ8kv6Gl zI+LWUIcTzPSa21CHAHmadztWOhF28NlIdhZL5f9l4nLvklpK87HEMtZ7BW3d8EqLo+gO4gB3a23 uoGFUjuJ07YQyzXN4iJBj4bFFY8h+UoQqTXgTuyeEbPIRipYCd1Qz0jHqtPBTG0S93Rc+LybJyXX YiFZ1Ht9TdiJaRAeTyL8baV5MWk4AAAAAAAA --Apple-Mail=_F370CE57-D15F-4C23-A1C4-7AB230A73E9C-- From nobody Sat Nov 15 18:20:22 2014 Return-Path: X-Original-To: dtls-iot@ietfa.amsl.com Delivered-To: dtls-iot@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3664F1A016F for ; Sat, 15 Nov 2014 18:20:18 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I7c0JVXC6iYW for ; Sat, 15 Nov 2014 18:20:15 -0800 (PST) Received: from mailscan1.extendcp.co.uk (mailscan27.extendcp.co.uk [176.32.228.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 449A31A016A for ; Sat, 15 Nov 2014 18:20:14 -0800 (PST) Received: from lb1.hi.local ([10.0.1.197] helo=mailscan2.extendcp.co.uk) by mailscan-g66.hi.local with esmtp (Exim 4.80.1) (envelope-from ) id 1XppRk-0007ym-3o; Sun, 16 Nov 2014 02:20:12 +0000 Received: from lb1.hi.local ([10.0.1.197] helo=mail41.extendcp.co.uk) by mailscan2.extendcp.co.uk with esmtps (UNKNOWN:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.80.1) (envelope-from ) id 1XppRj-0001oP-Km; Sun, 16 Nov 2014 02:20:12 +0000 Received: from host31-51-175-12.range31-51.btcentralplus.com ([31.51.175.12] helo=[192.168.0.2]) by mail41.extendcp.com with esmtpsa (TLSv1:DHE-RSA-AES128-SHA:128) (Exim 4.80.1) id 1XppRf-0004k6-PC; Sun, 16 Nov 2014 02:20:08 +0000 Message-ID: <546809C6.1090308@gridmerge.com> Date: Sun, 16 Nov 2014 02:19:50 +0000 From: Robert Cragie Organization: Gridmerge Ltd. User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.5.0 MIME-Version: 1.0 To: "Kumar, Sandeep" , Hannes Tschofenig , Russ Housley , "dtls-iot@ietf.org" References: <6F73BAEE-5FA3-4BCA-9A28-B98E1093CB95@gmail.com> <1B65AA0C-100B-4072-BC30-71B78C49FD32@vigilsec.com> <54665EC1.8020706@gmx.net> In-Reply-To: Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha1; boundary="------------ms040405090003050300030107" X-Authenticated-As: robert.cragie@gridmerge.com X-Extend-Src: mailout Archived-At: http://mailarchive.ietf.org/arch/msg/dtls-iot/oYCT81bb2gCfx-lWlmZsa5gs5O4 Cc: Dorothy Gellert , Zach Shelby Subject: Re: [Dtls-iot] WGLC for DTLS Profile draft: 11/11/2014 - 11/25/2014 X-BeenThere: dtls-iot@ietf.org X-Mailman-Version: 2.1.15 Precedence: list Reply-To: robert.cragie@gridmerge.com List-Id: DTLS for IoT discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 16 Nov 2014 02:20:18 -0000 This is a cryptographically signed message in MIME format. --------------ms040405090003050300030107 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: quoted-printable Hi Sandeep, From my own personal experience, I would say AES-CCM implementations=20 are normally done in software in conjunction with a hardware accelerated = AES-128 block cipher. The biggest speed ups come from implementing the=20 block cipher in hardware. However, there are implementations of full=20 AES-CCM in hardware in certain devices for on-the-fly packet/buffer=20 encryption/protection and decryption/verification. The implementations I = am aware of can accommodate a variable length nonce in the AES-CCM engine= =2E However, it is possible that certain AES-CCM engines were designed for=20 operations on a memory contiguous buffer, for example an 802.15.4 MAC=20 packet. It is quite possible that the content of a DTLS record to be=20 protected with AES-CCM is spread about, therefore it may need to be done = in software in conjunction with a hardware accelerated AES-128 block=20 cipher anyway. I think UTA should state the use of approved AEAD ciphers as BCP, so=20 that would include both AES-GCM and AES-CCM modes of operation. I=20 realise the aim of a MTI cipher suite is for interoperability but it can = become quickly outdated, e.g. the TLS 1.2 MTI cipher suite=20 (TLS_RSA_WITH_AES_128_CBC_SHA). Robert On 15/11/2014 3:02 AM, Kumar, Sandeep wrote: > HI Hannes > > Can you clarify if the silicon vendors are implementing AES-CCM or plai= n AES in hardware (i.e. AES-ECB) with the CCM mode implemented in softwar= e? > If it is the former, do you know if they are flexible enough to impleme= nt AES-CCM with different nonce lengths. The reason I ask is because AES-= CCM in IEEE 802.15.4 uses a nonce length of 13-octets while DTLS uses 12-= octets. I have heard of some15.4 chips that hard-code (in hardware) the 1= 3-octet nonce length making it useless for DTLS. > > Regards > Sandeep > > > >> -----Original Message----- >> From: dtls-iot [mailto:dtls-iot-bounces@ietf.org] On Behalf Of Hannes >> Tschofenig >> Sent: Friday, November 14, 2014 9:58 AM >> To: Russ Housley; dtls-iot@ietf.org >> Cc: Dorothy Gellert; Zach Shelby >> Subject: Re: [Dtls-iot] WGLC for DTLS Profile draft: 11/11/2014 - 11/2= 5/2014 >> >> Hi Russ, >> >> thanks for bringing this up. >> >> The ciphersuites selected for the DTLS profile draft have been heavily= >> influenced by the work done in the CORE working group. >> >> We have been telling silicon partners that they should put AES-CCM int= o their >> chips and they have indeed following that recommendation. >> >> I believe, however, that this is not a problem as such since the UTA w= ork >> really has a different scope - they focus on Web/Messaging/Email rathe= r >> than the IoT space. I sent a mail to their list to request the title t= o be >> adjusted. >> >> Ciao >> Hannes >> >> On 11/12/2014 01:37 AM, Russ Housley wrote: >>> DICE document requires TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8. I >> have no problem with that choice. It makes a lot of sense for small d= evices. >>> The HTTPbis is also taking a path that requires an AEAD algorithm. I= t would >> be really nice if the two groups came to a place that allowed interope= rability, >> but HTTPbis seems to be on a path for AES-GCM. AES-CCM is better for = small >> devices. >>> It seems to me that the two groups should talk to each other before W= G >> Last Call is over. >>> Russ >>> >>> _______________________________________________ >>> dtls-iot mailing list >>> dtls-iot@ietf.org >>> https://www.ietf.org/mailman/listinfo/dtls-iot >>> > > ________________________________ > The information contained in this message may be confidential and legal= ly protected under applicable law. The message is intended solely for the= addressee(s). If you are not the intended recipient, you are hereby noti= fied that any use, forwarding, dissemination, or reproduction of this mes= sage is strictly prohibited and may be unlawful. If you are not the inten= ded recipient, please contact the sender by return e-mail and destroy all= copies of the original message. > > _______________________________________________ > dtls-iot mailing list > dtls-iot@ietf.org > https://www.ietf.org/mailman/listinfo/dtls-iot > --------------ms040405090003050300030107 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIRnzCC BXQwggRcoAMCAQICECdm7lbrSfOOq9dwovyE3iIwDQYJKoZIhvcNAQEMBQAwbzELMAkGA1UE BhMCU0UxFDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5h bCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9vdDAeFw0w MDA1MzAxMDQ4MzhaFw0yMDA1MzAxMDQ4MzhaMIGFMQswCQYDVQQGEwJHQjEbMBkGA1UECBMS R3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01PRE8g Q0EgTGltaXRlZDErMCkGA1UEAxMiQ09NT0RPIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0 eTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJHoVJLSClaxrA0k3cXPRGd0mSs3 o30jcABxvFPfxPoqEo9LfxBWvZ9wcrdhf8lLDxenPeOwBGHu/xGXx/SGPgr6Plz5k+Y0etkU a+ecs4Wggnp2r3GQ1+z9DfqcbPrfsIL0FH75vsSmL09/mX+1/GdDcr0MANaJ62ss0+2PmBwU q37l42782KjkkiTaQ2tiuFX96sG8bLaL8w6NmuSbbGmZ+HhIMEXVreENPEVg/DKWUSe8Z8PK LrZr6kbHxyCgsR9l3kgIuqROqfKDRjeE6+jMgUhDZ05yKptcvUwbKIpcInu0q5jZ7uBRg8MJ Rk5tPpn6lRfafDNXQTyNUe0LtlyvLGMa31fIP7zpXcSbr0WZ4qNaJLS6qVY9z2+q/0lYvvCo //S4rek3+7q49As6+ehDQh6J2ITLE/HZu+GJYLiMKFasFB2cCudx688O3T2plqFIvTz3r7UN IkzAEYHsVjv206LiW7eyBCJSlYCTaeiOTGXxkQMtcHQC6otnFSlpUgK7199QalVGv6CjKGF/ cNDDoqosIapHziicBkV2v4IYJ7TVrrTLUOZr9EyGcTDppt8WhuDY/0Dd+9BCiH+jMzouXB5B EYFjzhhxayvspoq3MVw6akfgw3lZ1iAar/JqmKpyvFdK0kuduxD8sExB5e0dPV4onZzMv7NR 2qdH5YRTAgMBAAGjgfQwgfEwHwYDVR0jBBgwFoAUrb2YejS0Jvf6xCZU7wO94CTLVBowHQYD VR0OBBYEFLuvfgI9+qbxPISOre44mOzZMjLUMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8E BTADAQH/MBEGA1UdIAQKMAgwBgYEVR0gADBEBgNVHR8EPTA7MDmgN6A1hjNodHRwOi8vY3Js LnVzZXJ0cnVzdC5jb20vQWRkVHJ1c3RFeHRlcm5hbENBUm9vdC5jcmwwNQYIKwYBBQUHAQEE KTAnMCUGCCsGAQUFBzABhhlodHRwOi8vb2NzcC51c2VydHJ1c3QuY29tMA0GCSqGSIb3DQEB DAUAA4IBAQBkv4PxX5qF0M24oSlXDeha99HpPvJ2BG7xUnC7Hjz/TQ10asyBgiXTw6AqXUz1 uouhbcRUCXXH4ycOXYR5N0ATd/W0rBzQO6sXEtbvNBh+K+l506tXRQyvKPrQ2+VQlYi734VX aX2S2FLKc4G/HPPmuG5mEQWzHpQtf5GVklnxTM6jkXFMfEcMOwsZ9qGxbIY+XKrELoLL+QeW ukhNkPKUyKlzousGeyOd3qLzTVWfemFFmBhox15AayP1eXrvjLVri7dvRvR78T1LBNiTgFla 4EEkHbKPFWBYR9vvbkb9FfXZX5qz29i45ECzzZc5roW7HY683Ieb0abv8TtvEDhvMIIF5jCC A86gAwIBAgIQapvhODv/K2ufAdXZuKdSVjANBgkqhkiG9w0BAQwFADCBhTELMAkGA1UEBhMC R0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgG A1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNh dGlvbiBBdXRob3JpdHkwHhcNMTMwMTEwMDAwMDAwWhcNMjgwMTA5MjM1OTU5WjCBlzELMAkG A1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9y ZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxPTA7BgNVBAMTNENPTU9ETyBSU0EgQ2xp ZW50IEF1dGhlbnRpY2F0aW9uIGFuZCBTZWN1cmUgRW1haWwgQ0EwggEiMA0GCSqGSIb3DQEB AQUAA4IBDwAwggEKAoIBAQC+s55XrCh2dUAWxzgDmNPGGHYhUPMleQtMtaDRfTpYPpynMS6n 9jR22YRq2tA9NEjk6vW7rN/5sYFLIP1of3l0NKZ6fLWfF2VgJ5cijKYy/qlAckY1wgOkUMgz KlWlVJGyK+UlNEQ1/5ErCsHq9x9aU/x1KwTdF/LCrT03Rl/FwFrf1XTCwa2QZYL55AqLPikF lgqOtzk06kb2qvGlnHJvijjI03BOrNpo+kZGpcHsgyO1/u1OZTaOo8wvEU17VVeP1cHWse9t GKTDyUGg2hJZjrqck39UIm/nKbpDSZ0JsMoIw/JtOOg0JC56VzQgBo7ictReTQE5LFLG3yQK +xS1AgMBAAGjggE8MIIBODAfBgNVHSMEGDAWgBS7r34CPfqm8TyEjq3uOJjs2TIy1DAdBgNV HQ4EFgQUgq9sjPjF/pZhfOgfPStxSF7Ei8AwDgYDVR0PAQH/BAQDAgGGMBIGA1UdEwEB/wQI MAYBAf8CAQAwEQYDVR0gBAowCDAGBgRVHSAAMEwGA1UdHwRFMEMwQaA/oD2GO2h0dHA6Ly9j cmwuY29tb2RvY2EuY29tL0NPTU9ET1JTQUNlcnRpZmljYXRpb25BdXRob3JpdHkuY3JsMHEG CCsGAQUFBwEBBGUwYzA7BggrBgEFBQcwAoYvaHR0cDovL2NydC5jb21vZG9jYS5jb20vQ09N T0RPUlNBQWRkVHJ1c3RDQS5jcnQwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmNvbW9kb2Nh LmNvbTANBgkqhkiG9w0BAQwFAAOCAgEAeFyygSg0TzzuX1bOn5dW7I+iaxf28/ZJCAbU2C81 zd9A/tNx4+jsQgwRGiHjZrAYayZrrm78hOx7aEpkfNPQIHGG6Fvq3EzWf/Lvx7/hk6zSPwIa l9v5IkDcZoFD7f3iT7PdkHJY9B51csvU50rxpEg1OyOT8fk2zvvPBuM4qQNqbGWlnhMpIMwp WZT89RY0wpJO+2V6eXEGGHsROs3njeP9DqqqAJaBa4wBeKOdGCWn1/Jp2oY6dyNmNppI4ZNM UH4Tam85S1j6E95u4+1Nuru84OrMIzqvISE2HN/56ebTOWlcrurffade2022O/tUU1gb4jfW CcyvB8czm12FgX/y/lRjmDbEA08QJNB2729Y+io1IYO3ztveBdvUCIYZojTq/OCR6MvnzS6X 72HP0PRLRTiOSEmIDsS5N5w/8IW1Hva5hEFy6fDAfd9yI+O+IMMAj1KcL/Zo9jzJ16HO5m60 ttl1Enk8MQkz/W3JlHaeI5iKFn4UJu1/cP2YHXYPiWf2JyBzsLBrGk1II+3yL8aorYew6CQv dVifC3HtwlSam9V1niiCfOBe2C12TdKGu05LWIA3ZkFcWJGaNXOZ6Ggyh/TqvXG5v7zmEVDN XFnHn9tFpMpOUvxhcsjycBtH0dZ0WrNw6gH+HF8TIhCnH3+zzWuDN0Rk6h9KVkfKehIwggY5 MIIFIaADAgECAhEAkJNVgmy0T3j/sFnejfTMyTANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UE BhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEa MBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxPTA7BgNVBAMTNENPTU9ETyBSU0EgQ2xpZW50 IEF1dGhlbnRpY2F0aW9uIGFuZCBTZWN1cmUgRW1haWwgQ0EwHhcNMTQwOTE2MDAwMDAwWhcN MTcwOTE1MjM1OTU5WjCCATcxCzAJBgNVBAYTAkdCMRAwDgYDVQQREwdXRjQgNFdBMRcwFQYD VQQIEw5XZXN0IFlvcmtzaGlyZTESMBAGA1UEBxMJV2FrZWZpZWxkMRQwEgYDVQQJEwtHcmFu Z2UgTW9vcjEfMB0GA1UECRMWODkgR3JlZW5maWVsZCBDcmVzY2VudDEXMBUGA1UEChMOR3Jp ZG1lcmdlIEx0ZC4xNDAyBgNVBAsTK0lzc3VlZCB0aHJvdWdoIEdyaWRtZXJnZSBMdGQuIEUt UEtJIE1hbmFnZXIxHzAdBgNVBAsTFkNvcnBvcmF0ZSBTZWN1cmUgRW1haWwxFjAUBgNVBAMT DVJvYmVydCBDcmFnaWUxKjAoBgkqhkiG9w0BCQEWG3JvYmVydC5jcmFnaWVAZ3JpZG1lcmdl LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALTtrEYc/EYQZDn+/Byj786j qzQJukVnEZ0qu6G8Y/QZphmITLPJJCxlCvJhRGCt5zRDfwG1lM0k77mTVP166mrPMKfEbhAF mhW54app3f02j/E0T73Wkwqhc2xj+vs6ox+kXRZIiEa/VY1TXd8ALZZAJ2uPQm+3QByE0cO6 7Q7jr5dmZuXAuygh5Q7MvzxL0vKmxhJ1n0veVDwk+BifimRX+HHU3XTGrqySkiN4Amdm7ESD qdO7UAoezIGZoA/fTJE9CS4f4tVXcKhfGlp/Tw3K9q9cp6cjYD802hnFoiSQ9PgLviP20lcH CIGn91WkYhuYG9u8Fzgzmu0yVK5L0kkCAwEAAaOCAdswggHXMB8GA1UdIwQYMBaAFIKvbIz4 xf6WYXzoHz0rcUhexIvAMB0GA1UdDgQWBBTSD2iG48824eEQkBLu4BgdWzh49TAOBgNVHQ8B Af8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDBAYIKwYBBQUHAwIw RgYDVR0gBD8wPTA7BgwrBgEEAbIxAQIBAwUwKzApBggrBgEFBQcCARYdaHR0cHM6Ly9zZWN1 cmUuY29tb2RvLm5ldC9DUFMwWgYDVR0fBFMwUTBPoE2gS4ZJaHR0cDovL2NybC5jb21vZG9j YS5jb20vQ09NT0RPUlNBQ2xpZW50QXV0aGVudGljYXRpb25hbmRTZWN1cmVFbWFpbENBLmNy bDCBiwYIKwYBBQUHAQEEfzB9MFUGCCsGAQUFBzAChklodHRwOi8vY3J0LmNvbW9kb2NhLmNv bS9DT01PRE9SU0FDbGllbnRBdXRoZW50aWNhdGlvbmFuZFNlY3VyZUVtYWlsQ0EuY3J0MCQG CCsGAQUFBzABhhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20wJgYDVR0RBB8wHYEbcm9iZXJ0 LmNyYWdpZUBncmlkbWVyZ2UuY29tMA0GCSqGSIb3DQEBCwUAA4IBAQAq8C9mIiSV9Nj9ZjHa 1kupbDGYy57v5fCk9lT++uiwGBP9yIFd9Gr8wISOl+96l9OLo8E+5CcPLyt96H4ez/ksXjC1 5EhzuhUB7HNi2b9GLDenjiHW4vBmSoIAbt9Pnz6zZsPH7eBPBcqkIWLFuqKBYUoXKLpzrVtr Kgv6PM3t2+4YakBnMWjpcqzinurEeGq4mh3gHTv03wcyT6eQVCu5k4yaJxoQReYtYIjv+W+m LmT/ZW61ZATZb2adV8xPejUlWSq4+2bpRbXZpD9FAmomNC8fSvGUUhMfYq5t5IUPHfP0kEH5 WQVWgVfpcf6Q8rnpWznsMiJrucUpJf8ZenHtMYIEKDCCBCQCAQEwga0wgZcxCzAJBgNVBAYT AkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAY BgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMT0wOwYDVQQDEzRDT01PRE8gUlNBIENsaWVudCBB dXRoZW50aWNhdGlvbiBhbmQgU2VjdXJlIEVtYWlsIENBAhEAkJNVgmy0T3j/sFnejfTMyTAJ BgUrDgMCGgUAoIICTzAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEP Fw0xNDExMTYwMjE5NTBaMCMGCSqGSIb3DQEJBDEWBBRd2fBGVJEhEqZ4viCoZXRRoyqUBjBs BgkqhkiG9w0BCQ8xXzBdMAsGCWCGSAFlAwQBKjALBglghkgBZQMEAQIwCgYIKoZIhvcNAwcw DgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsOAwIHMA0GCCqGSIb3DQMCAgEo MIG+BgkrBgEEAYI3EAQxgbAwga0wgZcxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVy IE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1p dGVkMT0wOwYDVQQDEzRDT01PRE8gUlNBIENsaWVudCBBdXRoZW50aWNhdGlvbiBhbmQgU2Vj dXJlIEVtYWlsIENBAhEAkJNVgmy0T3j/sFnejfTMyTCBwAYLKoZIhvcNAQkQAgsxgbCgga0w gZcxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcT B1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMT0wOwYDVQQDEzRDT01PRE8g UlNBIENsaWVudCBBdXRoZW50aWNhdGlvbiBhbmQgU2VjdXJlIEVtYWlsIENBAhEAkJNVgmy0 T3j/sFnejfTMyTANBgkqhkiG9w0BAQEFAASCAQCtQY/jWs7g7N5aAXWTFUEXSJthluLlHihb 8CZ8Qrx1dnj1mEvzAuLqySCyYTK7hiFq7EuXU7E0IvN+GHrRs7C7EgzC2X3LCWNdN3Q1zS8K n5a3DmVjwDhEFnzEoTyoXiD/hJiXv5zlqQpFCTddpm/JY0ONg34NsUa5zPRlB3mhU/GEomAL Zqcp7z7UYyc39oPDoOvrN5eFngvCdLRp8OkIJkOhFlvxWHLcM1aWU6z2m8V/uADkKJ1VKwF3 sdKjcrOkUPLW6mymuL1/QO5hmjg/eHNmP+JIcKppF3U0+hVfQAN7zIE42eJAoZlJGtyVI00O MywCvunP9AKv9J76ohUiAAAAAAAA --------------ms040405090003050300030107-- From nobody Tue Nov 18 02:58:01 2014 Return-Path: X-Original-To: dtls-iot@ietfa.amsl.com Delivered-To: dtls-iot@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 13A2B1A01CB for ; Tue, 18 Nov 2014 02:58:00 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.494 X-Spam-Level: X-Spam-Status: No, score=-2.494 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.594, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7hoFNdyXNh6G for ; Tue, 18 Nov 2014 02:57:58 -0800 (PST) Received: from mout.gmx.net (mout.gmx.net [212.227.17.20]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CC3E51A00DF for ; Tue, 18 Nov 2014 02:57:57 -0800 (PST) Received: from [192.168.10.128] ([80.92.115.84]) by mail.gmx.com (mrgmx101) with ESMTPSA (Nemesis) id 0LorB9-1YRQ491zdz-00gpQs; Tue, 18 Nov 2014 11:57:15 +0100 Message-ID: <546B2607.3040509@gmx.net> Date: Tue, 18 Nov 2014 11:57:11 +0100 From: Hannes Tschofenig User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0 MIME-Version: 1.0 To: Russ Housley References: <6F73BAEE-5FA3-4BCA-9A28-B98E1093CB95@gmail.com> <1B65AA0C-100B-4072-BC30-71B78C49FD32@vigilsec.com> <54665EC1.8020706@gmx.net> In-Reply-To: OpenPGP: id=4D776BC9 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="sgPli2uoVSAtAhx90edXpAwHwiSv7GdW3" X-Provags-ID: V03:K0:aqxaqCkpPwIeVR5BCCvmxjasUjLD8vDIae3AnBDVapfPJRNAnKB 25A9nrFkCr8sY37DtRbRhZGSzvZMM+Cx5QICzuE2YoT1OFuP4rqaqNfeSriWkzuXJabzpe6 GEMJTWY25ZaKD7PfL93a2s5zUSrHZvyA5rpuYOsu6oH/h7pzh4Y48mCF3CPmZxFqH3V0nV4 MWOrG28NOOn6JMR7gBwvA== X-UI-Out-Filterresults: notjunk:1; Archived-At: http://mailarchive.ietf.org/arch/msg/dtls-iot/NhqwrtIH17dyrRK1dCLmoqak6XQ Cc: Dorothy Gellert , Zach Shelby , dtls-iot@ietf.org Subject: Re: [Dtls-iot] WGLC for DTLS Profile draft: 11/11/2014 - 11/25/2014 X-BeenThere: dtls-iot@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DTLS for IoT discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Nov 2014 10:58:00 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --sgPli2uoVSAtAhx90edXpAwHwiSv7GdW3 Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable Hi Russ, the HTTP 2.0 situation raises an additional question, namely what the relevance of HTTP 2.0 is for Internet of Things. While HTTP 2.0 better compresses headers (in comparison to HTTP 1.x) it adds other features that are less relevant for the IoT environment. These features come at a cost. CoAP is definitely a better fit for IoT scenarios than HTTP 2.0, as research work by Markku Kojo in http://link.springer.com/chapter/10.1007%2F978-3-319-11692-1_10 IMHO HTTPbis focuses on the Web and not on the IoT environment. Ciao Hannes On 11/14/2014 09:05 PM, Russ Housley wrote: > Hannes: >=20 > I understand the hardware situation. That was the point I was trying t= o make when I said, "It makes a lot of sense for small devices." Please = explain this situation in HTTPbis. My hope is that they will join you by= either picking AES-CCM or picking both AES-GCM and AES-CCM. >=20 > Russ >=20 >=20 > On Nov 14, 2014, at 2:57 PM, Hannes Tschofenig wrote: >=20 >> Hi Russ, >> >> thanks for bringing this up. >> >> The ciphersuites selected for the DTLS profile draft have been heavily= >> influenced by the work done in the CORE working group. >> >> We have been telling silicon partners that they should put AES-CCM int= o >> their chips and they have indeed following that recommendation. >> >> I believe, however, that this is not a problem as such since the UTA >> work really has a different scope - they focus on Web/Messaging/Email >> rather than the IoT space. I sent a mail to their list to request the >> title to be adjusted. >> >> Ciao >> Hannes >> >> On 11/12/2014 01:37 AM, Russ Housley wrote: >>> DICE document requires TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8. I have no= problem with that choice. It makes a lot of sense for small devices. >>> >>> The HTTPbis is also taking a path that requires an AEAD algorithm. I= t would be really nice if the two groups came to a place that allowed int= eroperability, but HTTPbis seems to be on a path for AES-GCM. AES-CCM is= better for small devices. >>> >>> It seems to me that the two groups should talk to each other before W= G Last Call is over. >>> >>> Russ >=20 --sgPli2uoVSAtAhx90edXpAwHwiSv7GdW3 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org iQEcBAEBCgAGBQJUayYHAAoJEGhJURNOOiAtGDQIAIo8grtZW51kqfq41S8VOGN+ hTY/VqtJOaQINASVEi1tlqeQX8lBIkgDRPssQKlOC/witqrQDzFXO8wiug6rAi6b ylV/yVDXHFoz1MM04dx3xcleyUV6BNpd5iRZjvppdT0+l2/e/3Qy1eJH3fpI1vxj llS5ogofwNkSrcm/yqJZ+kajfXfp4Ka9jPfx3FYG+xMdvLpQ4mu1QSnozul36x7b PDAhLhphuZvaF1VCLc8Y9POnacli8D107WehcUhVNovdMRky+DhOsCI4nvB8uZfH PR6swppVnt1DioP0QN51Ld3Sv2YpEVn5whlcDdqWhYh1TnnFuPNxTZTdPAlbJ6c= =ET/e -----END PGP SIGNATURE----- --sgPli2uoVSAtAhx90edXpAwHwiSv7GdW3-- From nobody Wed Nov 19 07:08:58 2014 Return-Path: X-Original-To: dtls-iot@ietfa.amsl.com Delivered-To: dtls-iot@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A64C61AD029 for ; Wed, 19 Nov 2014 07:08:52 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.201 X-Spam-Level: X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xndCZvtyhwXw for ; Wed, 19 Nov 2014 07:08:45 -0800 (PST) Received: from sessmg22.ericsson.net (sessmg22.ericsson.net [193.180.251.58]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DB6191A07BE for ; Wed, 19 Nov 2014 07:07:57 -0800 (PST) X-AuditID: c1b4fb3a-f79116d000000fec-ef-546cb24b2e10 Received: from ESESSHC001.ericsson.se (Unknown_Domain [153.88.253.124]) by sessmg22.ericsson.net (Symantec Mail Security) with SMTP id 8A.C2.04076.B42BC645; Wed, 19 Nov 2014 16:07:55 +0100 (CET) Received: from ESESSMB307.ericsson.se ([169.254.7.2]) by ESESSHC001.ericsson.se ([153.88.183.21]) with mapi id 14.03.0174.001; Wed, 19 Nov 2014 16:07:55 +0100 From: John Mattsson To: "dtls-iot@ietf.org" Thread-Topic: [Dtls-iot] WGLC for DTLS Profile draft: 11/11/2014 - 11/25/2014 Thread-Index: AQHQBAqXRZnRGe2mFkumriFbgAn+VA== Date: Wed, 19 Nov 2014 15:07:54 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/14.4.6.141106 x-originating-ip: [153.88.183.16] Content-Type: text/plain; charset="utf-8" Content-ID: Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFnrILMWRmVeSWpSXmKPExsUyM+Jvja73ppwQg2+/FS0Wt+9idWD0WLLk J1MAYxSXTUpqTmZZapG+XQJXxomDj9kL2rgq1u75y9zA+ISzi5GTQ0LAROJD02NWCFtM4sK9 9WxdjFwcQgJHGCX27rrLBJIQEljEKPF1fwqIzSZgIDF3TwMbiC0ioC1xY/s9sGZhAR+JOydX sEDEfSWeb3jNCmHrSdzdO48RxGYRUJW4vrgbLM4rYC7xbuIZsHpGoMXfT60B28UsIC5x68l8 JoiDBCSW7DnPDGGLSrx8/A+sVxRo5uSOI+wQcUWJnWfbgWo4gHo1Jdbv0ocYYy1xfsk/Zghb UWJK90N2iLWCEidnPmGZwCg6C8m2WQjds5B0z0LSPQtJ9wJG1lWMosWpxcW56UZGeqlFmcnF xfl5enmpJZsYgXFycMtvqx2MB587HmIU4GBU4uHdwJ4TIsSaWFZcmXuIUZqDRUmcd+G5ecFC AumJJanZqakFqUXxRaU5qcWHGJk4OKUaGHk3XVrrc/634RrHGQuV5ibENZvdq1RcrZPPcnB6 Qd+JmbIJkzX7tU+Zp0/NNf/W9Fy89k14kPuH1G1PVvd0rsti4n7JU9178MPO9Stt7d4kW017 XFl917+Z58+MDKFf99zjvgh/ef1RzDR6/UXuTEWu/yFrfxwMXmMspswy/2xIde8dw47nz5VY ijMSDbWYi4oTAReq3510AgAA Archived-At: http://mailarchive.ietf.org/arch/msg/dtls-iot/BRmFJdsNcHzPqKj_bUORTxidU-E Subject: Re: [Dtls-iot] WGLC for DTLS Profile draft: 11/11/2014 - 11/25/2014 X-BeenThere: dtls-iot@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DTLS for IoT discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Nov 2014 15:08:53 -0000 SGksDQoNCkFncmVlaW5nIHdpdGggSGFubmVzIG9uIEhUVFAvMiBmb3IgSW9ULg0KDQpXaGlsZSBB RVMtQ0NNIGlzIGJldHRlciBmb3Igc21hbGwgZGV2aWNlcywgQUVTLUdDTSBpcyBmYXN0ZXIgb24g bGFyZ2UNCmRldmljZXMuIFNlZSBmb3IgZXhhbXBsZSAoaHR0cHM6Ly9lcHJpbnQuaWFjci5vcmcv MjAxNC8xODYucGRmLCBUYWJsZSA0LA0K4oCcc2luZ2xlIG1lc3NhZ2XigJ0pLiBJIGFsc28gdGhp bmsgaXQgd291bGQgYmUgYSBiYWQgaWRlYSBmb3IgSFRUUC8yIHRvDQpyZXF1aXJlIGltcGxlbWVu dGF0aW9uIG9mIGEgY2lwaGVyIHN1aXRlIHdpdGggb25seSBhIDggYnl0ZSBhdXRoZW50aWNhdGlv bg0KdGFnLiBUaGUgSW9UIGRldmljZXMgdGhhdCBpbXBsZW1lbnRzIEhUVFAvMiBjYW4gcHJvYmFi bHkgdGFrZSB0aGUgY29zdCBvZg0KaW1wbGVtZW50aW5nIEdDTSBhcyB3ZWxsLg0KDQpDb25jZXJu aW5nIFVUQSBCQ1AsIEkgdGhpbmsgUm9iZXJ0cyBzdWdnZXN0aW9uIOKAnEkgdGhpbmsgVVRBIHNo b3VsZCBzdGF0ZQ0KdGhlIHVzZSBvZiBhcHByb3ZlZCBBRUFEIGNpcGhlcnMgYXMgQkNQ4oCdIG1h a2VzIHNlbnNlLg0KDQpBbm90aGVyIGFzcGVjdCBpcyB0aGF0IHdlIHdpbGwgcHJvYmFibHkgc29v biBoYXZlIENoYUNoYTIwLVBvbHkxMzA1IGFzIGENCm5ldyBBRUFEIGNpcGhlcjogDQpodHRwczov L3Rvb2xzLmlldGYub3JnL2h0bWwvZHJhZnQtaXJ0Zi1jZnJnLWNoYWNoYTIwLXBvbHkxMzA1LTAz DQoNCkkgc3VzcGVjdCB0aGlzIHRvIGJlIHBvcHVsYXIgZm9yIElvVCBkZXZpY2VzIHdpdGhvdXQg SFcgc3VwcG9ydCBmb3IgQUVTLA0KYW5kIGl0IHN0cmVuZ3RoZW5zIHRoZSBjYXNlIGZvciBVVEEg QkNQIHRvIG5vdCByZWNvbW1lbmQganVzdCBHQ00gYnV0IGFsbA0KYXBwcm92ZWQgQUVBRCBjaXBo ZXJzLg0KDQpDaGVlcnMsDQpKb2huDQoNCg0K From nobody Thu Nov 20 01:28:35 2014 Return-Path: X-Original-To: dtls-iot@ietfa.amsl.com Delivered-To: dtls-iot@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 015421A0123 for ; Thu, 20 Nov 2014 01:28:33 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.793 X-Spam-Level: X-Spam-Status: No, score=-4.793 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.594] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h4gbzlyJXe3n for ; Thu, 20 Nov 2014 01:28:26 -0800 (PST) Received: from edge10.ethz.ch (edge10.ethz.ch [82.130.75.186]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C7CD01A011D for ; Thu, 20 Nov 2014 01:28:25 -0800 (PST) Received: from CAS11.d.ethz.ch (172.31.38.211) by edge10.ethz.ch (82.130.75.186) with Microsoft SMTP Server (TLS) id 14.3.195.1; Thu, 20 Nov 2014 10:28:19 +0100 Received: from MBX110.d.ethz.ch ([fe80::9d9a:a7f2:c282:5f6a]) by CAS11.d.ethz.ch ([fe80::ecc9:4e2d:b26b:1614%10]) with mapi id 14.03.0195.001; Thu, 20 Nov 2014 10:28:23 +0100 From: "Kovatsch Matthias" To: Dorothy Gellert , "dtls-iot@ietf.org" Thread-Topic: [Dtls-iot] WGLC for DTLS Profile draft: 11/11/2014 - 11/25/2014 Thread-Index: AQHP/gXYytYS7WCvhUiNLtPiW+VmLJxkME1A Date: Thu, 20 Nov 2014 09:28:22 +0000 Message-ID: <55877B3AFB359744BA0F2140E36F52B52B8FF795@MBX110.d.ethz.ch> References: <6F73BAEE-5FA3-4BCA-9A28-B98E1093CB95@gmail.com> In-Reply-To: <6F73BAEE-5FA3-4BCA-9A28-B98E1093CB95@gmail.com> Accept-Language: en-US, de-CH Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [97.65.203.35] Content-Type: multipart/alternative; boundary="_000_55877B3AFB359744BA0F2140E36F52B52B8FF795MBX110dethzch_" MIME-Version: 1.0 Archived-At: http://mailarchive.ietf.org/arch/msg/dtls-iot/_0fzOttgnaEzJMLw4s6oTxarJ1A Cc: Zach Shelby , Hannes Tschofenig Subject: Re: [Dtls-iot] WGLC for DTLS Profile draft: 11/11/2014 - 11/25/2014 X-BeenThere: dtls-iot@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DTLS for IoT discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Nov 2014 09:28:33 -0000 --_000_55877B3AFB359744BA0F2140E36F52B52B8FF795MBX110dethzch_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Dear Hannes, dear list This is a great document and it is also quite important for the rollout of = the IoT. Thanks Hannes for the good work in impressive time. Besides a few = suggestions for improvement, I have the following critique: The document st= ill implies that all IoT devices will be DTLS clients and that DTLS servers= will be unconstrained, somewhere in the cloud. While I understand that thi= s is one of the current use cases (from the OMA LWM2M Client Registration I= nterface), this implication undermines the idea and benefits of CoAP. The I= oT devices are meant to be the origin/resource servers, as their sensors an= d actuators provide the information about the physical world. I hope this i= dea is clear and does not need further discussion (even LWM2M uses this com= munication model (Device Management, Service Enablement, and Information Re= porting)). "3. Communication Model" on page 5 is luckily not very clear about the role= s and the restriction was not apparent to me. "7. Session Resumption" on pa= ge 15, however, states "the communication model described in Section 3 does= not assume that the server is constrained". This must be fixed because this document is a critical link for the overall= software stack. We must make sure that it does not cripple the idea behind= CoAP! In addition, it must also be applicable for constrained-device-to-co= nstrained-device communication. Session resumption without server-side stat= e can still be excluded by the profile, since the client can always be a co= nstrained device. Some text on exceptions might be useful where a constrain= ed server MAY utilize session resumption without server-side state when the= client is unconstrained. Other comments: Page 7: "Some AEAD ciphersuites have shorter authentication tags" It would be nice to briefly introduce the term authentication tag with its = purpose in the previous paragraph where AEAD is explained. Page 8: "[RFC4279] does not mandate the use of any particular type of ident= ity." On first reading, it was not clear to me what identity the document is talk= ing about. Maybe "cryptographic identity" might help? Page 9: The second paragraph about the PSK identity hint is very confusing.= The case where a client has multiple keys is quite likely when thinking ab= out ACE and should probably be the default model. The paragraph could be or= ganized into the following three strategies: 1) Only one key based on the domain name (does this include the IP?): = no identity hint and clients MUST ignore 2) Multiple keys: hint to select correct key for operation 3) SNI: guide the selection based on the received SNI value from the c= lient Page 9: The third paragraph talks about identity and key lengths, but what = are the restrictions that are not applicable? I am also not sure how the in= formation about interfaces ties in. Page 14: 6. Error Handling For implementers, it would be really helpful to have a full list of the app= licable error messages instead of a selection of not applicable ones. It wo= uld be great to have a short description for each when they occur and how t= he parties should proceed (e.g., state clean-ups, follow-up messages, etc.)= . Page 14: "As stated in Section 2 of RFC 4279 the decryption_error error mes= sage may also be used instead." It would be very nice to include the reason for this in the profile documen= t. Engineers will always want to know why ;) Furthermore, the correct name appears to be "decrypt_error". In another RFC, I read about suppressing warning messages if the party want= s to establish the session anyway. This recommendation could be mentioned i= n the profile as well (maybe even with a MUST NOT send warnings?). Page 19: The second paragraph about the static relationship rather reflects= the traditional way networked embedded devices were connected. This docume= nt should have an actual IoT in mind and look forward to networks and appli= cations that converge and are all but static. If this is too speculative fo= r an RFC, best delete this dusty paragraph. Editorial hints: Page 10: "To replace, delete, or add raw public keys" --> missing s Page 11: "This ciphersuite makes" --> missing s Page 12: "A device compliant with this protocol" confusing, as it is a prof= ile Page 17: "that the DTLS context is still in kept at the IOT device." Page 17: "deployments the must constrained link" --> "most" Page 18: "This RFC 6066 [RFC6066] extension" --> "The"? "This" sounds awkwa= rd here. Page 18: "certificates and URLs instead" --> "send URLs instead"? A few mor= e words on what is done might be helpful here. Page 18: "This RFC 6066 extension" --> "The" again under 13. Trusted CA Ind= ication Page 20: "This RFC 6066 extension" --> "The" Page 20: "the main benefit of this extension is it to allows" --> "that it" Page 20: "implement this extension support this extension even though" --> = pick one Best regards Matthias From: dtls-iot [mailto:dtls-iot-bounces@ietf.org] On Behalf Of Dorothy Gell= ert Sent: Dienstag, 11. November 2014 13:18 To: dtls-iot@ietf.org Cc: Dorothy Gellert; Zach Shelby; Hannes Tschofenig Subject: [Dtls-iot] WGLC for DTLS Profile draft: 11/11/2014 - 11/25/2014 Dear WG, As discussed during the Dice WG meeting at IETF#91, this email starts a WGL= C for our DTLS profile draft: https://tools.ietf.org/html/draft-ietf-dice-profile-05 Please review. This WGLC will end on Tuesday, November 25, 2014. Best Regards, Dorothy and Zach --_000_55877B3AFB359744BA0F2140E36F52B52B8FF795MBX110dethzch_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

This is a great document and it is also quite important fo= r the rollout of the IoT. Thanks Hannes for the good work in impressive time. Besides a few suggestions for improvement, I have the = following critique: The document still implies that all IoT devices will be= DTLS clients and that DTLS servers will be unconstrained, somewhere in the= cloud. While I understand that this is one of the current use cases (from the OMA LWM2M Client Registrati= on Interface), this implication undermines the idea and benefits of CoAP. T= he IoT devices are meant to be the origin/resource servers, as their sensor= s and actuators provide the information about the physical world. I hope this idea is clear and does not need furt= her discussion (even LWM2M uses this communication model (Device Management= , Service Enablement, and Information Reporting)).

 

“3. Communication Model” on page 5 is luckily = not very clear about the roles and the restriction was not apparent to me. “7. Session Resumption” on page 15, however, states “= ;the communication model described in Section 3 does not assume that the se= rver is constrained”.

 

This must be fixed because this document is a critical lin= k for the overall software stack. We must make sure that it does not cripple the idea behind CoAP! In addition, it must also be applic= able for constrained-device-to-constrained-device communication. Session re= sumption without server-side state can still be excluded by the profile, si= nce the client can always be a constrained device. Some text on exceptions might be useful where a constrained server= MAY utilize session resumption without server-side state when the client i= s unconstrained.

 

Other comments:

 

Page 7: “Some AEAD ciphersuites have shorter authent= ication tags”

It would be nice to briefly introduce the term authenticat= ion tag with its purpose in the previous paragraph where AEAD is explained.

 

Page 8: “[RFC4279] does not mandate the use of any p= articular type of identity.”

On first reading, it was not clear to me what identity the= document is talking about. Maybe “cryptographic identity” might help?

 

Page 9: The second paragraph about the PSK identity hint i= s very confusing. The case where a client has multiple keys is quite likely when thinking about ACE and should probably be the default= model. The paragraph could be organized into the following three strategie= s:

1)      Only one key based on the domain name (does this i= nclude the IP?): no identity hint and clients MUST ignore=

2)      Multiple keys: hint to select correct key for oper= ation

3)      SNI: guide the selection based on the received SNI= value from the client

 

Page 9: The third paragraph talks about identity and key l= engths, but what are the restrictions that are not applicable? I am also not sure how the information about interfaces ties in.

 

Page 14: 6. Error Handling

For implementers, it would be really helpful to have a ful= l list of the applicable error messages instead of a selection of not applicable ones. It would be great to have a short description for = each when they occur and how the parties should proceed (e.g., state clean-= ups, follow-up messages, etc.).

 

Page 14: “As stated in Section 2 of RFC 4279 the dec= ryption_error error message may also be used instead.”

It would be very nice to include the reason for this in th= e profile document. Engineers will always want to know why ;)

Furthermore, the correct name appears to be “decrypt= _error”.

In another RFC, I read about suppressing warning messages = if the party wants to establish the session anyway. This recommendation could be mentioned in the profile as well (maybe even with a MUST NOT send= warnings?).

 

Page 19: The second paragraph about the static relationshi= p rather reflects the traditional way networked embedded devices were connected. This document should have an actual IoT in mind and look f= orward to networks and applications that converge and are all but static. I= f this is too speculative for an RFC, best delete this dusty paragraph.

 

Editorial hints:

 

Page 10: “To replace, delete, or add raw public key<= /span>sà missing s

Page 11: “This ciphersuite makesà missing s

Page 12: “A device compliant with this = protocol” confusing, as it is a profile

Page 17: “that the DTLS context is still = in kept at the IOT device.”

Page 17: “deployments the must constrained link” à= ;Page 18: “This RFC 6066 [RFC6066] extension” à “The”? “This” sounds awkward here.

Page 18: “certificates and URLs instead” à “send URLs inste= ad”? A few more words on what is done might be helpful here.<= /p>

Page 18: “This RFC 6066 extension” &agra= ve; “The” again under 13. Trusted CA Indication<= /p>

Page 20: “This RFC 6066 extension” &agra= ve; “The”

Page 20: “the main benefit of this extension is = it to allows” à “= that it”

Page 20: “implement this extension support this extension even though” à pick one

 

Best regards

Matthias

 

 

From: dtls-iot [mailto:dtls-iot-bounces@ietf.org] On Behalf Of Dorothy Gellert
Sent: Dienstag, 11. November 2014 13:18
To: dtls-iot@ietf.org
Cc: Dorothy Gellert; Zach Shelby; Hannes Tschofenig
Subject: [Dtls-iot] WGLC for DTLS Profile draft: 11/11/2014 - 11/25/= 2014

 

Dear WG,

As discussed during the Dice WG meeting at IETF#91, this emai= l starts a WGLC  for our DTLS profile draft:

 

 

Please review.  This WGLC will end on Tuesday, November = 25, 2014.

 

Best Regards,

Dorothy and Zach

--_000_55877B3AFB359744BA0F2140E36F52B52B8FF795MBX110dethzch_-- From nobody Sat Nov 22 11:05:42 2014 Return-Path: X-Original-To: dtls-iot@ietfa.amsl.com Delivered-To: dtls-iot@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2400C1ACE0C for ; Sat, 22 Nov 2014 11:05:39 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.592 X-Spam-Level: X-Spam-Status: No, score=-2.592 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RP_MATCHES_RCVD=-0.594] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h1nJgOmQ3UBe for ; Sat, 22 Nov 2014 11:05:35 -0800 (PST) Received: from waldorf.isode.com (ext-bt.isode.com [217.34.220.158]) by ietfa.amsl.com (Postfix) with ESMTP id 7FD671ACE13 for ; Sat, 22 Nov 2014 11:05:34 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1416683133; d=isode.com; s=selector; i=@isode.com; bh=IaVuETwWfYvtNXQxlvKMkatf5NmEkPM3DajVbPSdmbw=; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version: In-Reply-To:References:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description; b=dGSpVczFojL9I1VaOOOIHbe3Oi+movjAj9cczAZrshWt4mcxkpHJnpOVCvSCm6wI7yTEvv F4VyyrPagch/2I+Suik/RyzvyUOKWWiaGKKIHpbRj2iYoD6TmslgqxjCrvd6QmJ9A+iwFA MDgKJ++fdyt1ytw8U1cDQiS9+HZT7ng=; Received: from [192.168.0.12] (cpc5-nmal20-2-0-cust24.19-2.cable.virginm.net [92.234.84.25]) by waldorf.isode.com (submission channel) via TCP with ESMTPSA id ; Sat, 22 Nov 2014 19:05:02 +0000 X-SMTP-Protocol-Errors: PIPELINING From: Alexey Melnikov X-Mailer: iPad Mail (11D257) In-Reply-To: <6F73BAEE-5FA3-4BCA-9A28-B98E1093CB95@gmail.com> X-Identity-Key: id1 Date: Sat, 22 Nov 2014 19:08:06 +0000 X-Account-Key: account1 X-Mozilla-Draft-Info: internal/draft; vcard=0; receipt=0; DSN=0; uuencode=0 Message-Id: X-Mozilla-Keys: User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Thunderbird/24.6.0 References: <6F73BAEE-5FA3-4BCA-9A28-B98E1093CB95@gmail.com> To: Dorothy Gellert MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=Apple-Mail-E9C087A6-45FF-4DB1-8390-36426EB18333 Content-Transfer-Encoding: 7bit Archived-At: http://mailarchive.ietf.org/arch/msg/dtls-iot/iXt4NJe1Xz_f1P3uuUS03rS9Cog Cc: Zach Shelby , Hannes Tschofenig , "dtls-iot@ietf.org" Subject: Re: [Dtls-iot] WGLC for DTLS Profile draft: 11/11/2014 - 11/25/2014 X-BeenThere: dtls-iot@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DTLS for IoT discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 22 Nov 2014 19:05:40 -0000 --Apple-Mail-E9C087A6-45FF-4DB1-8390-36426EB18333 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Hi, My detailed comments are below. > On 11 Nov 2014, at 23:18, Dorothy Gellert wrot= e: >=20 > Dear WG, >=20 > As discussed during the Dice WG meeting at IETF#91, this email starts a WG= LC for our DTLS profile draft: >=20 > https://tools.ietf.org/html/draft-ietf-dice-profile-05 >=20 > Please review. This WGLC will end on Tuesday, November 25, 2014. While I think this document is on the right track (and mostly fine), there i= s a number of editorial issues that makes figuring out some requirements dif= ficult. I suggest a revision before IETF LC. On page 4: I suggest this document reference TLS WG document about deprecati= ng RC4. In Section 3, beginning of 3rd para: Clients are provisioned with information about the servers they need to initiate their DTLS exchange with and with credentials. Did you mean "with and without"? Section 4 is a good tutorial. Lots of Informative references are missing (e.= g. for SHA1, SHA-256, AES, HMAC, CCM, GCM, etc) In 5.1: is use of something like False Start common in IoT environment? As i= t reduces number of round trips, it might be advantageous and you should con= sider mentioning it. In 5.2, the following paragraph seems out of place: Since many IoT devices will either have limited ways to log error or no ability at all, any error will lead to implementations attempting to re-try the exchange. Implementers have to carefully evaluate the impact of errors and ways to remedy the situation since a commonly used approach for delegating decision making to users is difficult in a timely fashion (or impossible). In particular, does it also apply to 5.1 and 5.3? Maybe you should move it s= omewhere else so that it is clear that it applies to all cases. In 5.3: Support of the cached info extension is required. Should this be REQUIRED? When DTLS is used to secure CoAP messages then the server provided certificates MUST contain the fully qualified DNS domain name or "FQDN". The coaps URI scheme is described in Section 6.2 of [RFC7252]. This FQDN is stored In order to avoid any doubt, I would insert "as dNSName" here. in the SubjectAltName or in the CN, I think the correct way to say that is: "or in the leftmost CN component of s= ubject name" as explained in Section 9.1.3.3 of [RFC7252], At the end of section 7: Since the communication model described in Section 3 does not assume that the server is constrained. RFC 5077 [RFC5077] describing TLS I think you didn't intend dot here, maybe comma? session resumption without server-side state is not utilized by this profile. In Section 10: Client-Initiated, Regular Data Uploads This is a variation of the previous case whereby data gets uploaded on a regular basis, for example, based on frequent temperature readings. With such regular exchange it can be assumed that the DTLS context is still in kept=20 Delete "in"? at the IoT device. For this message exchange pattern the use of DTLS heartbeat messages is quite useful. The MTU discovery mechanism, on the other hand, is less likely to be relevant since for many IoT deployments the must constrained link is the wireless interface at I couldn't figure out what you are trying to say here. the IoT device itself rather than somewhere in the network. In Section 17: Recommendation: Client implementations SHOULD implement this extension support this extension Drop "support this extension". even though the ciphersuites recommended by this profile are not vulnerable this attack. Missing "to". In Section 18: CoAP demands version 1.2 of DTLS to be used and the earlier version of DTLS is not supported. As such, there is no risk of downgrading to an older version of DTLS. The work described in [I-D.bmoeller-tls-downgrade-scsv] is therefore also not applicable to this environment since there is no legacy server infrastructure to worry about. While I-D.bmoeller-tls-downgrade-scsv is not currently needed, it might be u= seful when TLS 1.3/etc gets deployed and problems are found in TLS 1.2. Is t= his something we need to worry about in long term? TLS and DTLS allows a client and a server who already have a TLS connection to negotiate new parameters, generate new keys, etc by initiating a TLS handshake using a ClientHello message. Renegotiation happens in the existing TLS connection, with the new handshake packets being encrypted along with application data. It is not clear what the above is trying to say. If this is explaining what r= enegotiation is, then it should be moved to the beginning of the same paragr= aph (I didn't include the first sentence of it). If this is a recommendation= not to use renegotiation, then it needs rewording to make that clear. Best Regards, Alexey --Apple-Mail-E9C087A6-45FF-4DB1-8390-36426EB18333 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable
Hi,
My detailed comments are below.

On 11 Nov 2= 014, at 23:18, Dorothy Gellert <dorothy.gellert@gmail.com> wrote:

Dear WG,

As d= iscussed during the Dice WG meeting at IETF#91, this email starts a WGLC &nb= sp;for our DTLS profile draft:

https://tools.ietf.org/html/draft-ietf-dice-profile-05<= /a>

Please review.  This WGLC will end on Tuesday, Nove= mber 25, 2014.









=
   When DTLS i= s used to secure CoAP messages then the server provided
   certificates MUST c= ontain the fully qualified DNS domain name or
   "FQDN".  The coaps URI s= cheme is described in Section 6.2 of
   [RFC7252].  This FQDN is stored<= /span>

=
In order to avoid= any doubt, I would insert "as dNSName" here.

    in the SubjectAltName or in the CN= ,

I think the cor= rect way to say that is: "or in the leftmost CN component of subject name"

<= /div>
   as ex= plained in Section 9.1.3.3 of [RFC7252],

At the end of section 7:

   Since the communication model d= escribed in Section 3 does not assume
   that the server is constrained. &nbs= p;RFC 5077 [RFC5077] describing TLS

I think you didn't intend dot here, maybe comma?

   session resu= mption without server-side state is not utilized by this
   profile.

In Section 10:

Client-Initiated, Regular D= ata Uploads

 = ;     This is a variation of the previous case whereby data gets
   = ;   uploaded on a regular basis, for example, based on frequent<= /div>
    &nbs= p; temperature readings.  With such regular exchange it can be
     = ; assumed that the DTLS context is still in kept 

Delete "in"?

      at the IoT device.

     = ; For this message exchange pattern the use of DTLS heartbeat
      mess= ages is quite useful.  The MTU discovery mechanism, on the
=
      ot= her hand, is less likely to be relevant since for many IoT
=       deploym= ents the must constrained link is the wireless interface at

I couldn't figure out what you ar= e trying to say here.

      the IoT device itself rather than somewhere in the= network.
<= br>
In Sect= ion 17:
  &n= bsp;Recommendation: Client implementations SHOULD implement this
   extension= support this extension

Drop "support this extension".

   even though the ciphersuites
   recommended b= y this profile are not vulnerable this attack.

Missing "to".

In Section 18:

   CoAP demands version 1.2 of DTLS to be u= sed and the earlier version
   of DTLS is not supported.  As such, there= is no risk of downgrading
   to an older version of DTLS.  The work des= cribed in
&= nbsp;  [I-D.bmoeller-tls-downgrade-scsv] is therefore also not applicab= le to
 = ;  this environment since there is no legacy server infrastructure to
   = ;worry about.

Whi= le I-D.bmoeller-tls-downgrade-scsv is not currently needed, it might be usef= ul when TLS 1.3/etc gets deployed and problems are found in TLS 1.2. Is this= something we need to worry about in long term?

   TLS
   and DTLS allows a client a= nd a server who already have a TLS
   connection to negotiate new parameters,= generate new keys, etc by
   initiating a TLS handshake using a ClientHello m= essage.
&nb= sp;  Renegotiation happens in the existing TLS connection, with the new=
  &nb= sp;handshake packets being encrypted along with application data.

It is not clear what the ab= ove is trying to say. If this is explaining what renegotiation is, then it s= hould be moved to the beginning of the same paragraph (I didn't include the f= irst sentence of it). If this is a recommendation not to use renegotiation, t= hen it needs rewording to make that clear.

Best Regards,
Alexey

= --Apple-Mail-E9C087A6-45FF-4DB1-8390-36426EB18333-- From nobody Mon Nov 24 22:53:30 2014 Return-Path: X-Original-To: dtls-iot@ietfa.amsl.com Delivered-To: dtls-iot@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B6A611A0010 for ; Mon, 24 Nov 2014 22:53:29 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.244 X-Spam-Level: X-Spam-Status: No, score=-1.244 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_SOFTFAIL=0.665, T_RP_MATCHES_RCVD=-0.01] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kqEriQSJC8Jb for ; Mon, 24 Nov 2014 22:53:23 -0800 (PST) Received: from smtp-in1.interdigital.com (smtp-in1.interdigital.com [64.208.228.133]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 145F61A0008 for ; Mon, 24 Nov 2014 22:53:22 -0800 (PST) X-ASG-Debug-ID: 1416898400-06daaa130c1fd6f0001-roOjxa Received: from smtp-out1.interdigital.com (sahara.interdigital.com [10.0.128.27]) by smtp-in1.interdigital.com with ESMTP id 0J5x1PgeugLnqNnp for ; Tue, 25 Nov 2014 01:53:20 -0500 (EST) X-Barracuda-Envelope-From: Akbar.Rahman@InterDigital.com Received: from interdigital.com ([10.0.128.12]) by smtp-out1.interdigital.com with Microsoft SMTPSVC(6.0.3790.4675); Tue, 25 Nov 2014 01:53:19 -0500 Received: from KYANITE.InterDigital.com ([10.1.64.253]) by interdigital.com with Microsoft SMTPSVC(6.0.3790.4675); Tue, 25 Nov 2014 01:53:19 -0500 Received: from KAINITE.InterDigital.com (10.1.64.252) by KYANITE.InterDigital.com (10.1.64.253) with Microsoft SMTP Server (TLS) id 14.3.210.2; Tue, 25 Nov 2014 01:53:18 -0500 Received: from NISSONITE.InterDigital.com (10.2.64.252) by KAINITE.InterDigital.com (10.1.64.252) with Microsoft SMTP Server (TLS) id 14.3.210.2; Tue, 25 Nov 2014 01:53:18 -0500 Received: from NABESITE.InterDigital.com ([fe80::4d8a:a889:67c2:f009]) by NISSONITE.InterDigital.com ([::1]) with mapi id 14.03.0210.002; Tue, 25 Nov 2014 01:53:16 -0500 From: "Rahman, Akbar" To: Hannes Tschofenig Thread-Topic: [Dtls-iot] WGLC for DTLS Profile draft: 11/11/2014 - 11/25/2014 X-ASG-Orig-Subj: RE: [Dtls-iot] WGLC for DTLS Profile draft: 11/11/2014 - 11/25/2014 Thread-Index: AQHQBKReemBwkGLSHUewrwD8omBPA5xw6p0g Date: Tue, 25 Nov 2014 06:53:15 +0000 Message-ID: <36F5869FE31AB24485E5E3222C288E1F0761DF@NABESITE.InterDigital.com> References: <6F73BAEE-5FA3-4BCA-9A28-B98E1093CB95@gmail.com> <55877B3AFB359744BA0F2140E36F52B52B8FF795@MBX110.d.ethz.ch> In-Reply-To: <55877B3AFB359744BA0F2140E36F52B52B8FF795@MBX110.d.ethz.ch> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.1.247.68] Content-Type: multipart/alternative; boundary="_000_36F5869FE31AB24485E5E3222C288E1F0761DFNABESITEInterDigi_" MIME-Version: 1.0 X-OriginalArrivalTime: 25 Nov 2014 06:53:19.0582 (UTC) FILETIME=[7F24A7E0:01D0087C] X-Barracuda-Connect: sahara.interdigital.com[10.0.128.27] X-Barracuda-Start-Time: 1416898400 X-Barracuda-URL: https://10.1.245.3:443/cgi-mod/mark.cgi X-Barracuda-BRTS-Status: 1 X-Virus-Scanned: by bsmtpd at interdigital.com X-Barracuda-Spam-Score: 0.00 X-Barracuda-Spam-Status: No, SCORE=0.00 using global scores of TAG_LEVEL=1000.0 QUARANTINE_LEVEL=1000.0 KILL_LEVEL=9.0 tests=HTML_MESSAGE X-Barracuda-Spam-Report: Code version 3.2, rules version 3.2.3.12014 Rule breakdown below pts rule name description ---- ---------------------- -------------------------------------------------- 0.00 HTML_MESSAGE BODY: HTML included in message Archived-At: http://mailarchive.ietf.org/arch/msg/dtls-iot/iz61aHqcDaFhGMD0niHUFRr0WVE Cc: Kovatsch Matthias , Zach Shelby , Dorothy Gellert , "dtls-iot@ietf.org" Subject: Re: [Dtls-iot] WGLC for DTLS Profile draft: 11/11/2014 - 11/25/2014 X-BeenThere: dtls-iot@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DTLS for IoT discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Nov 2014 06:53:30 -0000 --_000_36F5869FE31AB24485E5E3222C288E1F0761DFNABESITEInterDigi_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi Hannes, Thank you for the very good work on the DTLS Profile draft. I think it is = ready for progression. I do however have some comments for you to consider= : 1) I strongly agree with the comment below from Matthias that: * "The document still implies that all IoT devices will be DTLS cli= ents and that DTLS servers will be unconstrained, somewhere in the cloud. W= hile I understand that this is one of the current use cases (from the OMA L= WM2M Client Registration Interface), this implication undermines the idea a= nd benefits of CoAP. The IoT devices are meant to be the origin/resource se= rvers, as their sensors and actuators provide the information about the phy= sical world." 2) In the abstract and elsewhere there are references to a constrained= device providing sensor data. I think that this should be clarified. If = you read the CoAP spec [RFC 7252] you will clearly see that the constrained= device may either be read (GET - which corresponds to your sensor examples= ), or the device may have some data loaded onto it (PUT, POST, DELETE - and= thus may be an actuator for example). So you should indicate the dual nat= ure of constrained devices. * See for example: https://tools.ietf.org/html/rfc7252#section-5.8 3) Shouldn't the CoAP spec [RFC 7252] be classified as a Normative ref= erence instead of an Informative reference (e.g. because you are aligning y= our security modes with RFC 7252)? Best Regards, Akbar From: dtls-iot [mailto:dtls-iot-bounces@ietf.org] On Behalf Of Kovatsch Mat= thias Sent: Thursday, November 20, 2014 4:28 AM To: Dorothy Gellert; dtls-iot@ietf.org Cc: Zach Shelby; Hannes Tschofenig Subject: Re: [Dtls-iot] WGLC for DTLS Profile draft: 11/11/2014 - 11/25/201= 4 Dear Hannes, dear list This is a great document and it is also quite important for the rollout of = the IoT. Thanks Hannes for the good work in impressive time. Besides a few = suggestions for improvement, I have the following critique: The document st= ill implies that all IoT devices will be DTLS clients and that DTLS servers= will be unconstrained, somewhere in the cloud. While I understand that thi= s is one of the current use cases (from the OMA LWM2M Client Registration I= nterface), this implication undermines the idea and benefits of CoAP. The I= oT devices are meant to be the origin/resource servers, as their sensors an= d actuators provide the information about the physical world. I hope this i= dea is clear and does not need further discussion (even LWM2M uses this com= munication model (Device Management, Service Enablement, and Information Re= porting)). "3. Communication Model" on page 5 is luckily not very clear about the role= s and the restriction was not apparent to me. "7. Session Resumption" on pa= ge 15, however, states "the communication model described in Section 3 does= not assume that the server is constrained". This must be fixed because this document is a critical link for the overall= software stack. We must make sure that it does not cripple the idea behind= CoAP! In addition, it must also be applicable for constrained-device-to-co= nstrained-device communication. Session resumption without server-side stat= e can still be excluded by the profile, since the client can always be a co= nstrained device. Some text on exceptions might be useful where a constrain= ed server MAY utilize session resumption without server-side state when the= client is unconstrained. Other comments: Page 7: "Some AEAD ciphersuites have shorter authentication tags" It would be nice to briefly introduce the term authentication tag with its = purpose in the previous paragraph where AEAD is explained. Page 8: "[RFC4279] does not mandate the use of any particular type of ident= ity." On first reading, it was not clear to me what identity the document is talk= ing about. Maybe "cryptographic identity" might help? Page 9: The second paragraph about the PSK identity hint is very confusing.= The case where a client has multiple keys is quite likely when thinking ab= out ACE and should probably be the default model. The paragraph could be or= ganized into the following three strategies: 1) Only one key based on the domain name (does this include the IP?): = no identity hint and clients MUST ignore 2) Multiple keys: hint to select correct key for operation 3) SNI: guide the selection based on the received SNI value from the c= lient Page 9: The third paragraph talks about identity and key lengths, but what = are the restrictions that are not applicable? I am also not sure how the in= formation about interfaces ties in. Page 14: 6. Error Handling For implementers, it would be really helpful to have a full list of the app= licable error messages instead of a selection of not applicable ones. It wo= uld be great to have a short description for each when they occur and how t= he parties should proceed (e.g., state clean-ups, follow-up messages, etc.)= . Page 14: "As stated in Section 2 of RFC 4279 the decryption_error error mes= sage may also be used instead." It would be very nice to include the reason for this in the profile documen= t. Engineers will always want to know why ;) Furthermore, the correct name appears to be "decrypt_error". In another RFC, I read about suppressing warning messages if the party want= s to establish the session anyway. This recommendation could be mentioned i= n the profile as well (maybe even with a MUST NOT send warnings?). Page 19: The second paragraph about the static relationship rather reflects= the traditional way networked embedded devices were connected. This docume= nt should have an actual IoT in mind and look forward to networks and appli= cations that converge and are all but static. If this is too speculative fo= r an RFC, best delete this dusty paragraph. Editorial hints: Page 10: "To replace, delete, or add raw public keys" --> missing s Page 11: "This ciphersuite makes" --> missing s Page 12: "A device compliant with this protocol" confusing, as it is a prof= ile Page 17: "that the DTLS context is still in kept at the IOT device." Page 17: "deployments the must constrained link" --> "most" Page 18: "This RFC 6066 [RFC6066] extension" --> "The"? "This" sounds awkwa= rd here. Page 18: "certificates and URLs instead" --> "send URLs instead"? A few mor= e words on what is done might be helpful here. Page 18: "This RFC 6066 extension" --> "The" again under 13. Trusted CA Ind= ication Page 20: "This RFC 6066 extension" --> "The" Page 20: "the main benefit of this extension is it to allows" --> "that it" Page 20: "implement this extension support this extension even though" --> = pick one Best regards Matthias From: dtls-iot [mailto:dtls-iot-bounces@ietf.org] On Behalf Of Dorothy Gell= ert Sent: Dienstag, 11. November 2014 13:18 To: dtls-iot@ietf.org Cc: Dorothy Gellert; Zach Shelby; Hannes Tschofenig Subject: [Dtls-iot] WGLC for DTLS Profile draft: 11/11/2014 - 11/25/2014 Dear WG, As discussed during the Dice WG meeting at IETF#91, this email starts a WGL= C for our DTLS profile draft: https://tools.ietf.org/html/draft-ietf-dice-profile-05 Please review. This WGLC will end on Tuesday, November 25, 2014. Best Regards, Dorothy and Zach --_000_36F5869FE31AB24485E5E3222C288E1F0761DFNABESITEInterDigi_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Hi Hannes,

 <= /p>

 <= /p>

Thank you for the very go= od work on the DTLS Profile draft.  I think it is ready for progressio= n.  I do however have some comments for you to consider:

 <= /p>

1) = ;     I strongly agree = with the comment below from Matthias that:

·       &= nbsp; “The docume= nt still implies that all IoT devices will be DTLS clients and that DTLS se= rvers will be unconstrained, somewhere in the cloud. While I understand that this is one of the current use cases (from the OMA LWM2M C= lient Registration Interface), this implication undermines the idea and ben= efits of CoAP. The IoT devices are meant to be the origin/resource servers,= as their sensors and actuators provide the information about the physical world.”

 

2) = ;     In the abstract a= nd elsewhere there are references to a constrained device providing sensor = data.  I think that this should be clarified.  If you read the CoAP spec [RFC 7252] you will clearly see that the constrained de= vice may either be read (GET – which corresponds to your sensor examp= les), or the device may have some data loaded onto it (PUT, POST, DELETE &#= 8211; and thus may be an actuator for example).  So you should indicate the dual nature of constrained devices.

·       &= nbsp; See for example: https://tools.i= etf.org/html/rfc7252#section-5.8=

3) = ;     Shouldn’t t= he CoAP spec [RFC 7252] be classified as a Normative reference instead of a= n Informative reference (e.g. because you are aligning your security modes with RFC 7252)?

 <= /p>

 <= /p>

Best Regards,<= /span>

 <= /p>

Akbar

 <= /p>

 <= /p>

 <= /p>

 <= /p>

From: dtls-i= ot [mailto:dtls-iot-bounces@ietf.org] On Behalf Of Kovatsch Matthias
Sent: Thursday, November 20, 2014 4:28 AM
To: Dorothy Gellert; dtls-iot@ietf.org
Cc: Zach Shelby; Hannes Tschofenig
Subject: Re: [Dtls-iot] WGLC for DTLS Profile draft: 11/11/2014 - 11= /25/2014

 

Dear Hanne= s,

dear list<= o:p>

 = ;

This is a great document = and it is also quite important for the rollout of the IoT. Thanks Hannes fo= r the good work in impressive time. Besides a few suggestions for improvement, I have the following critique: The document still implies= that all IoT devices will be DTLS clients and that DTLS servers will be un= constrained, somewhere in the cloud. While I understand that this is one of= the current use cases (from the OMA LWM2M Client Registration Interface), this implication undermines the = idea and benefits of CoAP. The IoT devices are meant to be the origin/resou= rce servers, as their sensors and actuators provide the information about t= he physical world. I hope this idea is clear and does not need further discussion (even LWM2M uses this commun= ication model (Device Management, Service Enablement, and Information Repor= ting)).

 <= /p>

“3. Communication M= odel” on page 5 is luckily not very clear about the roles and the res= triction was not apparent to me. “7. Session Resumption” on pag= e 15, however, states “the communication model described in Section 3 does= not assume that the server is constrained”.

 <= /p>

This must be fixed becaus= e this document is a critical link for the overall software stack. We must = make sure that it does not cripple the idea behind CoAP! In addition, it must also be applicable for constrained-device-to-constrai= ned-device communication. Session resumption without server-side state can = still be excluded by the profile, since the client can always be a constrai= ned device. Some text on exceptions might be useful where a constrained server MAY utilize session resumption = without server-side state when the client is unconstrained.

 <= /p>

Other comments:

 <= /p>

Page 7: “Some AEAD = ciphersuites have shorter authentication tags”

It would be nice to brief= ly introduce the term authentication tag with its purpose in the previous p= aragraph where AEAD is explained.

 <= /p>

Page 8: “[RFC4279] = does not mandate the use of any particular type of identity.”

On first reading, it was = not clear to me what identity the document is talking about. Maybe “c= ryptographic identity” might help?

 <= /p>

Page 9: The second paragr= aph about the PSK identity hint is very confusing. The case where a client = has multiple keys is quite likely when thinking about ACE and should probably be the default model. The paragraph could be organized= into the following three strategies:

1) = ;     Only one key base= d on the domain name (does this include the IP?): no identity hint and clie= nts MUST ignore

2) = ;     Multiple keys: hi= nt to select correct key for operation

3) = ;     SNI: guide the se= lection based on the received SNI value from the client

 <= /p>

Page 9: The third paragra= ph talks about identity and key lengths, but what are the restrictions that= are not applicable? I am also not sure how the information about interfaces ties in.

 <= /p>

Page 14: 6. Error Handlin= g

For implementers, it woul= d be really helpful to have a full list of the applicable error messages in= stead of a selection of not applicable ones. It would be great to have a short description for each when they occur and how the par= ties should proceed (e.g., state clean-ups, follow-up messages, etc.).=

 <= /p>

Page 14: “As stated= in Section 2 of RFC 4279 the decryption_error error message may also be us= ed instead.”

It would be very nice to = include the reason for this in the profile document. Engineers will always = want to know why ;)

Furthermore, the correct = name appears to be “decrypt_error”.

In another RFC, I read ab= out suppressing warning messages if the party wants to establish the sessio= n anyway. This recommendation could be mentioned in the profile as well (maybe even with a MUST NOT send warnings?).

 <= /p>

Page 19: The second parag= raph about the static relationship rather reflects the traditional way netw= orked embedded devices were connected. This document should have an actual IoT in mind and look forward to networks and applications t= hat converge and are all but static. If this is too speculative for an RFC,= best delete this dusty paragraph.

 <= /p>

Editorial hints:

 <= /p>

Page 10: “To replac= e, delete, or add raw public keysà missing s

Page 11: “This ciph= ersuite makesà missing s

Page 12: “A device = compliant with this protocol” confusing, as it is a profile

Page 17: “that the = DTLS context is still in k= ept at the IOT device.”

Page 17: “deploymen= ts the must constrained link” à “= ;most”

Page 18: “This RFC 6066 [RFC6066] extension” à “The”? “This” sounds awkward here.=

Page 18: “certifica= tes and URLs instead” à “send URLs instead”= ? A few more words on what is done might be helpful here.=

Page 18: “This RFC 6066 extension” à R= 20;The” again under 13. Trusted CA Indication

Page 20: “This RFC 6066 extension” à R= 20;The”

Page 20: “the main = benefit of this extension is it to allows” à “that it”

Page 20: “implement this extension support this extension even though” à pick one

 <= /p>

Best regards

Matthias

 <= /p>

 <= /p>

From: dtls-i= ot [mailto:dtls-iot-bounces@ie= tf.org] On Behalf Of Dorothy Gellert
Sent: Dienstag, 11. November 2014 13:18
To: dtls-iot@ietf.org
Cc: Dorothy Gellert; Zach Shelby; Hannes Tschofenig
Subject: [Dtls-iot] WGLC for DTLS Profile draft: 11/11/2014 - 11/25/= 2014

 

Dear WG,=

As discussed during the Dice WG meeting at IET= F#91, this email starts a WGLC  for our DTLS profile draft:=

 

 

Please review.  This WGLC will end on Tue= sday, November 25, 2014.

 

Best Regards,

Dorothy and Zach

--_000_36F5869FE31AB24485E5E3222C288E1F0761DFNABESITEInterDigi_-- From nobody Mon Nov 24 23:09:31 2014 Return-Path: X-Original-To: dtls-iot@ietfa.amsl.com Delivered-To: dtls-iot@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 793A81A0013 for ; Mon, 24 Nov 2014 23:09:29 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.91 X-Spam-Level: X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6huDVh0SkD0C for ; Mon, 24 Nov 2014 23:09:27 -0800 (PST) Received: from mout.gmx.net (mout.gmx.net [212.227.17.21]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 82E251A0010 for ; Mon, 24 Nov 2014 23:09:26 -0800 (PST) Received: from [192.168.131.131] ([80.92.115.84]) by mail.gmx.com (mrgmx102) with ESMTPSA (Nemesis) id 0LeBPM-1YGNa91Qp2-00pxjA; Tue, 25 Nov 2014 08:09:21 +0100 Message-ID: <54742B21.7040806@gmx.net> Date: Tue, 25 Nov 2014 08:09:21 +0100 From: Hannes Tschofenig User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0 MIME-Version: 1.0 To: kovatsch@inf.ethz.ch, Akbar.Rahman@InterDigital.com OpenPGP: id=4D776BC9 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="i0NQMjMTCw0mtwkpMSvBjuX0jSN3IuhMi" X-Provags-ID: V03:K0:9r0KvYaNjRfZnOqapg7gqQ2tIBbwJWPrpSo9hLfwZXbBo4pbYnm 8SrNjgp3b08gXTjSU5qh1gxrug+gwUI9N81ZfORAKfqHG4quIvU8aBElMx+4BpRTdEPuhEL GX+0709Jr0yMbveeaBOn0phBvPKHKCKFTe3gpJ5dkTUCQXH9iVDadS3Tb8yz4Db4xEV27yK f1uWtLpcYw0oeblJ/HY+Q== X-UI-Out-Filterresults: notjunk:1; Archived-At: http://mailarchive.ietf.org/arch/msg/dtls-iot/XY5igFh33lJSBK0r0r8h-Qt23Ps Cc: "dtls-iot@ietf.org" Subject: [Dtls-iot] Unconstrained DTLS servers X-BeenThere: dtls-iot@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DTLS for IoT discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Nov 2014 07:09:29 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --i0NQMjMTCw0mtwkpMSvBjuX0jSN3IuhMi Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hi Akbar, Hi Matthias, Hi all, You both raised an issue that I would like to respond to separately: =E2=80=9CThe document still implies that all IoT devices will be DTLS cli= ents and that DTLS servers will be unconstrained, somewhere in the cloud. While I understand that this is one of the current use cases (from the OMA LWM2M Client Registration Interface), this implication undermines the idea and benefits of CoAP. The IoT devices are meant to be the origin/resource servers, as their sensors and actuators provide the information about the physical world.=E2=80=9D You are completely correct that this is the assumption I made for the document and I did it intentionally after consulting with the working group earlier this year. It is an issue of scoping. I originally tried to cover both cases, namely a situation where the client is constrained and the server side isn't as well as the situation where the server side is constrained but the client isn't. Of course, both are completely valid and reasonable use cases. There was only one problem. The case where the server was constrained essentially fell into the category that ACE is trying to solve. So, I had a missing piece there with regard to the authentication and the authorization story= =2E For this reason I recommended to the working group to deal with the constrained server case later when results from the ACE WG are available since the issue is more than just the use of DTLS in that scenario. I hope that this makes more sense and it might be worthwhile to actually explain the scoping in the document itself and to make an informative reference to the work in the ACE working group. Ciao Hannes --i0NQMjMTCw0mtwkpMSvBjuX0jSN3IuhMi Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org iQEcBAEBCgAGBQJUdCshAAoJEGhJURNOOiAtt74H/18Qyq9N0LIJ9PJJ+MbcXoAV eN0PASoSBPC3+NDNZPbLUAZe36hx8zz9Y4MaVgmb6YbJTGitlFJF7VyWmPVqlDJn DnQU3jZhWZEfQzV6YX3dQnB/yc08gbZM4T89ygh3aj2nVHprbEh2jU1MSK79wL20 k28twK4tP4Vaepwpk5IXaUgjvfDancrRea3pe5Xvle5fa53lr5ueTIZuGRf5OQW6 vJKS4on90DnJVlZya+H8gqKpBBFHE5GbwmMujts1a6dEWDQzrYJPNqByaHqHtFJ5 OqMxUf4wVAcaFD+1u0py8G+x6BUeMnRQ5RFrCHQeOwcq2Kmi/nt+AOMRtwCFiLo= =rzfh -----END PGP SIGNATURE----- --i0NQMjMTCw0mtwkpMSvBjuX0jSN3IuhMi-- From nobody Mon Nov 24 23:13:29 2014 Return-Path: X-Original-To: dtls-iot@ietfa.amsl.com Delivered-To: dtls-iot@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CB85D1A0013 for ; Mon, 24 Nov 2014 23:13:26 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.55 X-Spam-Level: X-Spam-Status: No, score=-1.55 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_DE=0.35] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h5O4QM4RcKCO for ; Mon, 24 Nov 2014 23:13:25 -0800 (PST) Received: from mailhost.informatik.uni-bremen.de (mailhost.informatik.uni-bremen.de [IPv6:2001:638:708:30c9::12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D9A201A0010 for ; Mon, 24 Nov 2014 23:13:24 -0800 (PST) X-Virus-Scanned: amavisd-new at informatik.uni-bremen.de Received: from smtp-fb3.informatik.uni-bremen.de (smtp-fb3.informatik.uni-bremen.de [134.102.224.120]) by mailhost.informatik.uni-bremen.de (8.14.5/8.14.5) with ESMTP id sAP7DK9R005471; Tue, 25 Nov 2014 08:13:20 +0100 (CET) Received: from [192.168.217.149] (p54893706.dip0.t-ipconnect.de [84.137.55.6]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp-fb3.informatik.uni-bremen.de (Postfix) with ESMTPSA id 08CF3CD0; Tue, 25 Nov 2014 08:13:19 +0100 (CET) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 8.1 \(1993\)) From: Carsten Bormann In-Reply-To: <54742B21.7040806@gmx.net> Date: Tue, 25 Nov 2014 08:13:19 +0100 X-Mao-Original-Outgoing-Id: 438592398.852556-c957f521d8dc75c2bbcad00df14f6a38 Content-Transfer-Encoding: quoted-printable Message-Id: <85CB26D0-CFE1-4622-B42C-72CBFCC80AA5@tzi.org> References: <54742B21.7040806@gmx.net> To: Hannes Tschofenig X-Mailer: Apple Mail (2.1993) Archived-At: http://mailarchive.ietf.org/arch/msg/dtls-iot/hdMQ9JmVW4YdswTl7HOkk_H0MV4 Cc: kovatsch@inf.ethz.ch, Akbar.Rahman@InterDigital.com, "dtls-iot@ietf.org" Subject: Re: [Dtls-iot] Unconstrained DTLS servers X-BeenThere: dtls-iot@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DTLS for IoT discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Nov 2014 07:13:27 -0000 On 25 Nov 2014, at 08:09, Hannes Tschofenig = wrote: >=20 > Of course, both are completely valid and reasonable use cases. There = was > only one problem. The case where the server was constrained = essentially > fell into the category that ACE is trying to solve. So, I had a = missing > piece there with regard to the authentication and the authorization = story. Can you elaborate on that? I see nothing in ACE that focuses it to = constrainedness of only the server or only the client. Conversely, I = see nothing in DTLS that requires ACE to set up a connection to a = constrained server (the PSK mechanism provides any decoupling between = the two that might be needed). Gr=C3=BC=C3=9Fe, Carsten From nobody Mon Nov 24 23:21:52 2014 Return-Path: X-Original-To: dtls-iot@ietfa.amsl.com Delivered-To: dtls-iot@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 96D3F1A0013 for ; Mon, 24 Nov 2014 23:21:49 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.91 X-Spam-Level: X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BUYwutWFGZka for ; Mon, 24 Nov 2014 23:21:46 -0800 (PST) Received: from mout.gmx.net (mout.gmx.net [212.227.17.20]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 37A7F1A0008 for ; Mon, 24 Nov 2014 23:21:46 -0800 (PST) Received: from [192.168.131.131] ([80.92.115.84]) by mail.gmx.com (mrgmx102) with ESMTPSA (Nemesis) id 0ME47n-1XhrWH1xHz-00HSWa; Tue, 25 Nov 2014 08:21:38 +0100 Message-ID: <54742E01.6070507@gmx.net> Date: Tue, 25 Nov 2014 08:21:37 +0100 From: Hannes Tschofenig User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0 MIME-Version: 1.0 To: "Rahman, Akbar" References: <6F73BAEE-5FA3-4BCA-9A28-B98E1093CB95@gmail.com> <55877B3AFB359744BA0F2140E36F52B52B8FF795@MBX110.d.ethz.ch> <36F5869FE31AB24485E5E3222C288E1F0761DF@NABESITE.InterDigital.com> In-Reply-To: <36F5869FE31AB24485E5E3222C288E1F0761DF@NABESITE.InterDigital.com> OpenPGP: id=4D776BC9 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="VmigOaoqc6L3s8Lt3s10OomETlalUskgu" X-Provags-ID: V03:K0:clIURjDMUk05254aJRYEmihYPgQWfs0nADhHjI3pXGYuDAHT3Xs +rBhDzGMntI/IAcjjTdqPzxp6D7ZGRZLRp2P6fLle78gTI+u5L78W4Wz89YSPkHTFc6Be7Y 6ogIoBmfb11/mds6j+yzSuwxsedVB2Kmw0K4mWyx6w/Vh4lJPguREn+/aAgrP6xekPuTI55 qa7KdvTZtvI8X3hPGdA/Q== X-UI-Out-Filterresults: notjunk:1; Archived-At: http://mailarchive.ietf.org/arch/msg/dtls-iot/z-7YwvXxfVSJ4-iiJ8KUV-MFbsM Cc: Kovatsch Matthias , Zach Shelby , Dorothy Gellert , "dtls-iot@ietf.org" Subject: Re: [Dtls-iot] WGLC for DTLS Profile draft: 11/11/2014 - 11/25/2014 X-BeenThere: dtls-iot@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DTLS for IoT discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Nov 2014 07:21:50 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --VmigOaoqc6L3s8Lt3s10OomETlalUskgu Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable Hi Akbar, thanks for your review comments. A few notes below. On 11/25/2014 07:53 AM, Rahman, Akbar wrote: > Hi Hannes, >=20 > =20 >=20 > =20 >=20 > Thank you for the very good work on the DTLS Profile draft. I think it= > is ready for progression. I do however have some comments for you to > consider: >=20 > =20 >=20 > 1) I strongly agree with the comment below from Matthias that: >=20 > =B7 =93The document still implies that all IoT devices will be = DTLS > clients and that DTLS servers will be unconstrained, somewhere in the > cloud. While I understand that this is one of the current use cases > (from the OMA LWM2M Client Registration Interface), this implication > undermines the idea and benefits of CoAP. The IoT devices are meant to > be the origin/resource servers, as their sensors and actuators provide > the information about the physical world.=94 >=20 >=20 I responded to this issue in a separate mail. >=20 > 2) In the abstract and elsewhere there are references to a > constrained device providing sensor data. I think that this should be > clarified. If you read the CoAP spec [RFC 7252] you will clearly see > that the constrained device may either be read (GET =96 which correspon= ds > to your sensor examples), or the device may have some data loaded onto > it (PUT, POST, DELETE =96 and thus may be an actuator for example). So= > you should indicate the dual nature of constrained devices. >=20 > =B7 See for example: https://tools.ietf.org/html/rfc7252#sectio= n-5.8 >=20 I kept the description a bit more abstract without going into the specific exchanges of CoAP itself and there might be a bit of a terminology mismatch between the use of client and server in CoAP vs. the use of client and server in DTLS. In order for the DTLS scenario to work the IoT device initiates the interaction with some server (cloud) and uploads data there. There may also be the situation where the IoT device interacts with some server (cloud) and downloads information (such as device configuration, etc.). In any case, the important part is that the constrained IoT device initiates the interaction with the server side infrastructure since otherwise you run into all sorts of problems when the could infrastructure starts to interact with an IoT device, such as discovery, NAT and firewall traversal, the asymmetric nature of DTLS, etc. There are certainly message exchange patterns in the CoAP specification that are not covered by this DTLS profile document, as pointed out in your comment #1. Does this make sense to you? > 3) Shouldn=92t the CoAP spec [RFC 7252] be classified as a Normati= ve > reference instead of an Informative reference (e.g. because you are > aligning your security modes with RFC 7252)? I decided against listing CoAP as a normative reference since there is nothing in the spec that requires it. In fact, you could run another protocol over DTLS and the recommendations would still be sound. Ciao Hannes >=20 > =20 >=20 > =20 >=20 > Best Regards, >=20 > =20 >=20 > Akbar >=20 > =20 >=20 > =20 >=20 > =20 >=20 > =20 >=20 > *From:*dtls-iot [mailto:dtls-iot-bounces@ietf.org] *On Behalf Of > *Kovatsch Matthias > *Sent:* Thursday, November 20, 2014 4:28 AM > *To:* Dorothy Gellert; dtls-iot@ietf.org > *Cc:* Zach Shelby; Hannes Tschofenig > *Subject:* Re: [Dtls-iot] WGLC for DTLS Profile draft: 11/11/2014 - > 11/25/2014 >=20 > =20 >=20 > Dear Hannes, >=20 > dear list >=20 > =20 >=20 > This is a great document and it is also quite important for the rollout= > of the IoT. Thanks Hannes for the good work in impressive time. Besides= > a few suggestions for improvement, I have the following critique: The > document still implies that all IoT devices will be DTLS clients and > that DTLS servers will be unconstrained, somewhere in the cloud. While = I > understand that this is one of the current use cases (from the OMA LWM2= M > Client Registration Interface), this implication undermines the idea an= d > benefits of CoAP. The IoT devices are meant to be the origin/resource > servers, as their sensors and actuators provide the information about > the physical world. I hope this idea is clear and does not need further= > discussion (even LWM2M uses this communication model (Device Management= , > Service Enablement, and Information Reporting)). >=20 > =20 >=20 > =933. Communication Model=94 on page 5 is luckily not very clear about = the > roles and the restriction was not apparent to me. =937. Session > Resumption=94 on page 15, however, states =93the communication model > described in Section 3 does not assume that the server is constrained=94= =2E >=20 > =20 >=20 > This must be fixed because this document is a critical link for the > overall software stack. We must make sure that it does not cripple the > idea behind CoAP! In addition, it must also be applicable for > constrained-device-to-constrained-device communication. Session > resumption without server-side state can still be excluded by the > profile, since the client can always be a constrained device. Some text= > on exceptions might be useful where a constrained server MAY utilize > session resumption without server-side state when the client is > unconstrained. >=20 > =20 >=20 > Other comments: >=20 > =20 >=20 > Page 7: =93Some AEAD ciphersuites have shorter authentication tags=94 >=20 > It would be nice to briefly introduce the term authentication tag with > its purpose in the previous paragraph where AEAD is explained. >=20 > =20 >=20 > Page 8: =93[RFC4279] does not mandate the use of any particular type of= > identity.=94 >=20 > On first reading, it was not clear to me what identity the document is > talking about. Maybe =93cryptographic identity=94 might help? >=20 > =20 >=20 > Page 9: The second paragraph about the PSK identity hint is very > confusing. The case where a client has multiple keys is quite likely > when thinking about ACE and should probably be the default model. The > paragraph could be organized into the following three strategies: >=20 > 1) Only one key based on the domain name (does this include the > IP?): no identity hint and clients MUST ignore >=20 > 2) Multiple keys: hint to select correct key for operation >=20 > 3) SNI: guide the selection based on the received SNI value from > the client >=20 > =20 >=20 > Page 9: The third paragraph talks about identity and key lengths, but > what are the restrictions that are not applicable? I am also not sure > how the information about interfaces ties in. >=20 > =20 >=20 > Page 14: 6. Error Handling >=20 > For implementers, it would be really helpful to have a full list of the= > applicable error messages instead of a selection of not applicable ones= =2E > It would be great to have a short description for each when they occur > and how the parties should proceed (e.g., state clean-ups, follow-up > messages, etc.). >=20 > =20 >=20 > Page 14: =93As stated in Section 2 of RFC 4279 the decryption_error err= or > message may also be used instead.=94 >=20 > It would be very nice to include the reason for this in the profile > document. Engineers will always want to know why ;) >=20 > Furthermore, the correct name appears to be =93decrypt_error=94. >=20 > In another RFC, I read about suppressing warning messages if the party > wants to establish the session anyway. This recommendation could be > mentioned in the profile as well (maybe even with a MUST NOT send > warnings?). >=20 > =20 >=20 > Page 19: The second paragraph about the static relationship rather > reflects the traditional way networked embedded devices were connected.= > This document should have an actual IoT in mind and look forward to > networks and applications that converge and are all but static. If this= > is too speculative for an RFC, best delete this dusty paragraph. >=20 > =20 >=20 > Editorial hints: >=20 > =20 >=20 > Page 10: =93To replace, delete, or add raw public key*s*=93 =E0missing = s >=20 > Page 11: =93This ciphersuite make*s*=94 =E0missing s >=20 > Page 12: =93A device compliant with this *protocol*=94 confusing, as it= is a > profile >=20 > Page 17: =93that the DTLS context is still *in*kept at the IOT device.=94= >=20 > Page 17: =93deployments the m*u*st constrained link=94 =E0=93most=94 >=20 > Page 18: =93*This*RFC 6066 [RFC6066] extension=94 =E0=93The=94? =93This= =94 sounds > awkward here. >=20 > Page 18: =93certificates and URLs instead=94 =E0=93send URLs instead=94= ? A few > more words on what is done might be helpful here. >=20 > Page 18: =93*This*RFC 6066 extension=94 =E0=93The=94 again under 13. Tr= usted CA > Indication >=20 > Page 20: =93*This*RFC 6066 extension=94 =E0=93The=94 >=20 > Page 20: =93the main benefit of this extension is *it to*allows=94 =E0=93= that it=94 >=20 > Page 20: =93*implement this extension support this extension*even thoug= h=94 > =E0pick one >=20 > =20 >=20 > Best regards >=20 > Matthias >=20 > =20 >=20 > =20 >=20 > *From:*dtls-iot [mailto:dtls-iot-bounces@ietf.org] *On Behalf Of > *Dorothy Gellert > *Sent:* Dienstag, 11. November 2014 13:18 > *To:* dtls-iot@ietf.org > *Cc:* Dorothy Gellert; Zach Shelby; Hannes Tschofenig > *Subject:* [Dtls-iot] WGLC for DTLS Profile draft: 11/11/2014 - 11/25/2= 014 >=20 > =20 >=20 > Dear WG, >=20 > As discussed during the Dice WG meeting at IETF#91, this email starts a= > WGLC for our DTLS profile draft: >=20 > =20 >=20 > https://tools.ietf.org/html/draft-ietf-dice-profile-05 >=20 > =20 >=20 > Please review. This WGLC will end on Tuesday, November 25, 2014. >=20 > =20 >=20 > Best Regards, >=20 > Dorothy and Zach >=20 --VmigOaoqc6L3s8Lt3s10OomETlalUskgu Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org iQEcBAEBCgAGBQJUdC4BAAoJEGhJURNOOiAtCXAH/0MEJ/OI4RP+qO4T1a0ig8C0 WTaJ7fRmOiT41G8bjLMdVglU9lLWDgKcPf0pUIP8XNDeYRTjo2I+eUbfRdY6q2RN JamJ5OBU01Q8KAWvsdJeXTtqWhGwDX8z36MBfFi9lzrPT9z16KQfami4iN3i67pa f1WIhQrxE/7SqaiAC4V2fnmSKCfs5wJMTHYJ7lDXywquVHRGlz2cwqyq1asOrazU UGIgxqdtcO7ejDJWK/r2ifXk62P9qWUGayWXT+09WHNxWy4AbNVmEL5sUtkLYciN wnmiwB+XEANnULdr13MRo/d+f+o0BgqZYe/0odoO93P2nqhtJtzqunr5X8W6TSU= =qqjC -----END PGP SIGNATURE----- --VmigOaoqc6L3s8Lt3s10OomETlalUskgu-- From nobody Mon Nov 24 23:24:29 2014 Return-Path: X-Original-To: dtls-iot@ietfa.amsl.com Delivered-To: dtls-iot@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2DC521A0025 for ; Mon, 24 Nov 2014 23:24:27 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.91 X-Spam-Level: X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gnGwa8wU-7ST for ; Mon, 24 Nov 2014 23:24:25 -0800 (PST) Received: from mout.gmx.net (mout.gmx.net [212.227.17.21]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8E8F91A0023 for ; Mon, 24 Nov 2014 23:24:24 -0800 (PST) Received: from [192.168.131.131] ([80.92.115.84]) by mail.gmx.com (mrgmx101) with ESMTPSA (Nemesis) id 0MfAog-1XZzk922tG-00OkSm; Tue, 25 Nov 2014 08:24:20 +0100 Message-ID: <54742EA2.3000708@gmx.net> Date: Tue, 25 Nov 2014 08:24:18 +0100 From: Hannes Tschofenig User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0 MIME-Version: 1.0 To: Carsten Bormann References: <54742B21.7040806@gmx.net> <85CB26D0-CFE1-4622-B42C-72CBFCC80AA5@tzi.org> In-Reply-To: <85CB26D0-CFE1-4622-B42C-72CBFCC80AA5@tzi.org> OpenPGP: id=4D776BC9 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="xkXQt15AGnxExwdLOnm51DQ86M2I5QLM9" X-Provags-ID: V03:K0:q18cl/nNYkgx/+TzcZmELf6/htQVm1QS4Uv4QP77s/RWsVrFczy ytAVJ0BMA4Q4VbjMSytf17EEEOv/hGtuI1yoFhhx5Udp5SuRRWM4Myeno/KSpZ4SdrYydAz dRhShm3GK8nTccrRkzYjeG+PDuQpt8p5kLoUZrDeheCvNn0+Lcvrele6178FPJ6EzNKzOEf YK4K9eat+BFCJC7EW/4LQ== X-UI-Out-Filterresults: notjunk:1; Archived-At: http://mailarchive.ietf.org/arch/msg/dtls-iot/IkKyobimwNekhuFhxw3USkBu0OM Cc: kovatsch@inf.ethz.ch, Akbar.Rahman@InterDigital.com, "dtls-iot@ietf.org" Subject: Re: [Dtls-iot] Unconstrained DTLS servers X-BeenThere: dtls-iot@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DTLS for IoT discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Nov 2014 07:24:27 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --xkXQt15AGnxExwdLOnm51DQ86M2I5QLM9 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hi Carsten, On 11/25/2014 08:13 AM, Carsten Bormann wrote: > On 25 Nov 2014, at 08:09, Hannes Tschofenig = wrote: >> >> Of course, both are completely valid and reasonable use cases. There w= as >> only one problem. The case where the server was constrained essentiall= y >> fell into the category that ACE is trying to solve. So, I had a missin= g >> piece there with regard to the authentication and the authorization st= ory. >=20 > Can you elaborate on that? I see nothing in ACE that focuses it to con= strainedness of only the server or only the client. I didn't intent to provide a complete description of ACE. The point was more that the ACE work isn't finished and a description in the DTLS profile draft would have a dependency on it. Do you agree with that part? > Conversely, I see nothing in DTLS that requires ACE to set up a connec= tion to a constrained server (the PSK mechanism provides any decoupling b= etween the two that might be needed). We are still at the level of use cases in ACE and many of the solution related aspects are still under discussion. Ciao Hannes >=20 > Gr=C3=BC=C3=9Fe, Carsten >=20 --xkXQt15AGnxExwdLOnm51DQ86M2I5QLM9 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org iQEcBAEBCgAGBQJUdC6iAAoJEGhJURNOOiAtWdoH/204fwny+zp3TqEb9sN07xuD dnwWkJrV5N3yrqvU2TqSWZ9cHn7csVRBSCRt+hNGGcxKCEBhhUjXyYt+mapTj9y9 +6jjqBd5O5wOTiZLYXjvVAChv/wTU3wB5N0RZ9fcw2nT4Hs7gZBKI4U7Yk35FM94 C7nD5sbCtTe4tOlkQs0o619E4g8lyFLpemFCCZvJ/FwJnaADVaYHx8zDockQ1T6o kWxraC3CHggsdd2gtpj3W0phJ7yD623lEeMGXTQhEtLLh5RgnIOZ1yaeDb/Ve7eh IL96MoeXAfLB6V1lHHrwAszMprvoWWmLNJGv8owcZhgKIptLA8QqUcazWPFjcuE= =cyDL -----END PGP SIGNATURE----- --xkXQt15AGnxExwdLOnm51DQ86M2I5QLM9-- From nobody Mon Nov 24 23:31:54 2014 Return-Path: X-Original-To: dtls-iot@ietfa.amsl.com Delivered-To: dtls-iot@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DC7661A0030 for ; Mon, 24 Nov 2014 23:31:40 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.55 X-Spam-Level: X-Spam-Status: No, score=-1.55 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_DE=0.35] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mLFYN1SMM2uG for ; Mon, 24 Nov 2014 23:31:40 -0800 (PST) Received: from mailhost.informatik.uni-bremen.de (mailhost.informatik.uni-bremen.de [IPv6:2001:638:708:30c9::12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8833E1A0037 for ; Mon, 24 Nov 2014 23:31:29 -0800 (PST) X-Virus-Scanned: amavisd-new at informatik.uni-bremen.de Received: from smtp-fb3.informatik.uni-bremen.de (smtp-fb3.informatik.uni-bremen.de [134.102.224.120]) by mailhost.informatik.uni-bremen.de (8.14.5/8.14.5) with ESMTP id sAP7VQwJ020668; Tue, 25 Nov 2014 08:31:26 +0100 (CET) Received: from [192.168.217.149] (p54893706.dip0.t-ipconnect.de [84.137.55.6]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp-fb3.informatik.uni-bremen.de (Postfix) with ESMTPSA id BFCD6CF0; Tue, 25 Nov 2014 08:31:24 +0100 (CET) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 8.1 \(1993\)) From: Carsten Bormann In-Reply-To: <54742EA2.3000708@gmx.net> Date: Tue, 25 Nov 2014 08:31:21 +0100 X-Mao-Original-Outgoing-Id: 438593479.627896-c6d9c5ab6ff4f3678bac259817ffdb79 Content-Transfer-Encoding: quoted-printable Message-Id: <535A8E85-B962-42D6-9F4A-43CD96FE037E@tzi.org> References: <54742B21.7040806@gmx.net> <85CB26D0-CFE1-4622-B42C-72CBFCC80AA5@tzi.org> <54742EA2.3000708@gmx.net> To: Hannes Tschofenig X-Mailer: Apple Mail (2.1993) Archived-At: http://mailarchive.ietf.org/arch/msg/dtls-iot/81U_rx93kv9pKZVb4HbTwx3oCkw Cc: kovatsch@inf.ethz.ch, Akbar.Rahman@InterDigital.com, "dtls-iot@ietf.org" Subject: Re: [Dtls-iot] Unconstrained DTLS servers X-BeenThere: dtls-iot@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DTLS for IoT discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Nov 2014 07:31:41 -0000 > On 25 Nov 2014, at 08:24, Hannes Tschofenig = wrote: >=20 > Hi Carsten, >=20 > On 11/25/2014 08:13 AM, Carsten Bormann wrote: >> On 25 Nov 2014, at 08:09, Hannes Tschofenig = wrote: >>>=20 >>> Of course, both are completely valid and reasonable use cases. There = was >>> only one problem. The case where the server was constrained = essentially >>> fell into the category that ACE is trying to solve. So, I had a = missing >>> piece there with regard to the authentication and the authorization = story. >>=20 >> Can you elaborate on that? I see nothing in ACE that focuses it to = constrainedness of only the server or only the client. >=20 > I didn't intent to provide a complete description of ACE. I still don=E2=80=99t get why that would be needed. > The point was > more that the ACE work isn't finished Obviously. > and a description in the DTLS > profile draft would have a dependency on it. I need help understanding why that is needed in the first place. >=20 >> Conversely, I see nothing in DTLS that requires ACE to set up a = connection to a constrained server (the PSK mechanism provides any = decoupling between the two that might be needed). > We are still at the level of use cases in ACE and many of the solution > related aspects are still under discussion. Is your assumption that the usage of DTLS will significantly change from = the way defined in RFC 7252, as a result of the ACE work? If yes, I=E2=80=99d like to know more about that. If no, again I see only very loose coupling that would not stop us from = profiling the constrained server case. Gr=C3=BC=C3=9Fe, Carsten From nobody Tue Nov 25 00:02:10 2014 Return-Path: X-Original-To: dtls-iot@ietfa.amsl.com Delivered-To: dtls-iot@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1296A1A004C for ; Tue, 25 Nov 2014 00:02:09 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.91 X-Spam-Level: X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lOOK-ZKgJseh for ; Tue, 25 Nov 2014 00:02:07 -0800 (PST) Received: from mout.gmx.net (mout.gmx.net [212.227.17.22]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E6A4A1A0025 for ; Tue, 25 Nov 2014 00:02:06 -0800 (PST) Received: from [192.168.131.131] ([80.92.115.84]) by mail.gmx.com (mrgmx103) with ESMTPSA (Nemesis) id 0MZD0K-1XckeE0NnI-00KuDK; Tue, 25 Nov 2014 09:02:02 +0100 Message-ID: <54743777.8000800@gmx.net> Date: Tue, 25 Nov 2014 09:01:59 +0100 From: Hannes Tschofenig User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0 MIME-Version: 1.0 To: Stephen Farrell , Russ Housley References: <6F73BAEE-5FA3-4BCA-9A28-B98E1093CB95@gmail.com> <1B65AA0C-100B-4072-BC30-71B78C49FD32@vigilsec.com> <54665EC1.8020706@gmx.net> <54668854.1020503@cs.tcd.ie> In-Reply-To: <54668854.1020503@cs.tcd.ie> OpenPGP: id=4D776BC9 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="mIU2C9xuCojDKWn3JApq126oTiioUtmE2" X-Provags-ID: V03:K0:tf2aUQS4j06GZ52Gg8MgFTYXmFWjgYnDjnxAkVDxBSfJsmV+4Wp zGivpnWN3dBKj+nh8QQh00fTCU3ljt5yuQdoGBnLZVke+lFdp4940xfP9p1xxFYNBRn+s6h zlpU9PBsOzpHM+jwSXvOr/CDYFXlWAouh2CeXFzFc7YsdHJifGH3EWYsLDeUgBQAbaevmbJ PAKAHaDTb93Eyyah33jpg== X-UI-Out-Filterresults: notjunk:1; Archived-At: http://mailarchive.ietf.org/arch/msg/dtls-iot/VrpWtH1uw2tUIYR1OhgIJTfOm0Q Cc: Dorothy Gellert , Zach Shelby , dtls-iot@ietf.org Subject: Re: [Dtls-iot] WGLC for DTLS Profile draft: 11/11/2014 - 11/25/2014 X-BeenThere: dtls-iot@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DTLS for IoT discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Nov 2014 08:02:09 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --mIU2C9xuCojDKWn3JApq126oTiioUtmE2 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hi Stephen, I personally don't care too much about the different AES modes of operation. I don't have a particularly preference since both will have more or less the same code size and performance (particularly when we talk about small message sizes). Of course, it would have been useful to think about this issue earlier when CCM and GCM were developed (funny enough by two IETF folks, Russ and David McGrew). In any case, I don't want to get dragged into this "my algorithm is better than yours" debate.= The issue is just that other SDOs have also selected AES-CCM, such as Bluetooth Smart, Zigbee IP* (if that matters anymore today), and IEEE 802.11i (which isn't necessarily a low power radio but still used in certain IoT deployments). These silicon manufacturers then made these algorithms available for developers as well (besides using them for the underlying radio technology). Furthermore, they have also been added to SoCs even without the radio technology. In many cases these algorithm implementations cannot be updated (even if they are just software running on the chip) rather than being really in hardware. Whether it is useful to put the entire algorithm in hardware or instead just some primitives is yet another story but I guess it is a bit too late for that discussion. The question therefore is what could be done about this situation. Here are the options: a) Change the recommendations in the UTA document to AES-CCM b) Change the recommendations in the DTLS profile document to AES-GCM c) Indicate support for both (AES-CCM and AES-GCM) d) Leave the documents as they are since they target different industry segments/use cases. As I argued earlier I think option (d) is the way to go. Ciao Hannes *: According to my understanding Zigbee IP uses a variation of AES-CCM. On 11/14/2014 11:55 PM, Stephen Farrell wrote: >=20 > Hi Russ, >=20 > >=20 > On 14/11/14 20:05, Russ Housley wrote: >> Hannes: >> >> I understand the hardware situation. That was the point I was trying >> to make when I said, "It makes a lot of sense for small devices." >> Please explain this situation in HTTPbis. My hope is that they will >> join you by either picking AES-CCM or picking both AES-GCM and >> AES-CCM. >=20 > I'm not getting why we see having two AES modes as advantageous. >=20 > I get that there are devices out there with CCM and that that's > unlikely to go away, and that the same is true for GCM, but that > seems like a thing that's a pain to work around. >=20 > Or am I over interpreting "hope" there? >=20 > >=20 > S. >=20 >=20 >> >> Russ >> >> >> On Nov 14, 2014, at 2:57 PM, Hannes Tschofenig wrote: >> >>> Hi Russ, >>> >>> thanks for bringing this up. >>> >>> The ciphersuites selected for the DTLS profile draft have been >>> heavily influenced by the work done in the CORE working group. >>> >>> We have been telling silicon partners that they should put AES-CCM >>> into their chips and they have indeed following that >>> recommendation. >>> >>> I believe, however, that this is not a problem as such since the >>> UTA work really has a different scope - they focus on >>> Web/Messaging/Email rather than the IoT space. I sent a mail to >>> their list to request the title to be adjusted. >>> >>> Ciao Hannes >>> >>> On 11/12/2014 01:37 AM, Russ Housley wrote: >>>> DICE document requires TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8. I >>>> have no problem with that choice. It makes a lot of sense for >>>> small devices. >>>> >>>> The HTTPbis is also taking a path that requires an AEAD >>>> algorithm. It would be really nice if the two groups came to a >>>> place that allowed interoperability, but HTTPbis seems to be on a >>>> path for AES-GCM. AES-CCM is better for small devices. >>>> >>>> It seems to me that the two groups should talk to each other >>>> before WG Last Call is over. >>>> >>>> Russ >> >> _______________________________________________ dtls-iot mailing >> list dtls-iot@ietf.org=20 >> https://www.ietf.org/mailman/listinfo/dtls-iot >> --mIU2C9xuCojDKWn3JApq126oTiioUtmE2 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org iQEcBAEBCgAGBQJUdDd3AAoJEGhJURNOOiAt99UH/Rs70XRbSyqWjEXqa6nvT+p5 mrJzoVN2PxKCr5MnQPjLR6knoAjM7og636/P5bmTcTY0Br5YpjNhqqHQ/IfgOVjb NAGl5S9ttKz8YrsHnoRUTWjOrwRpJImpXhhmZs42PESEc4f4CREAjCbj04eT/Kl7 THziNB3TvQ1kXE+XXKTV/lUUzjixsaBXa5I9XvOVlGcmGnPCrdEDCDK3H9VEcl+6 PnIM4j3X/QU2Q4qxLqmxACSInyLBTseMf4lGPAtl263RYIIcWI1Jl1H+7Sxy6mYw 4LtMuSNCKoLtn+iZg2MEUptJtjqc+BvQLGf9eJ4Aapdw9WMj8OU+cWHJdmVe9eU= =nTjy -----END PGP SIGNATURE----- --mIU2C9xuCojDKWn3JApq126oTiioUtmE2-- From nobody Tue Nov 25 00:19:48 2014 Return-Path: X-Original-To: dtls-iot@ietfa.amsl.com Delivered-To: dtls-iot@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 900161A0059 for ; Tue, 25 Nov 2014 00:19:46 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.91 X-Spam-Level: X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZgCvR_s2SlQo for ; Tue, 25 Nov 2014 00:19:44 -0800 (PST) Received: from mout.gmx.net (mout.gmx.net [212.227.17.21]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 93ADA1A0033 for ; Tue, 25 Nov 2014 00:19:41 -0800 (PST) Received: from [192.168.131.131] ([80.92.115.84]) by mail.gmx.com (mrgmx103) with ESMTPSA (Nemesis) id 0MHokD-1XuYG62Zu1-003eIa; Tue, 25 Nov 2014 09:19:31 +0100 Message-ID: <54743B8E.2000507@gmx.net> Date: Tue, 25 Nov 2014 09:19:26 +0100 From: Hannes Tschofenig User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0 MIME-Version: 1.0 To: Carsten Bormann References: <54742B21.7040806@gmx.net> <85CB26D0-CFE1-4622-B42C-72CBFCC80AA5@tzi.org> <54742EA2.3000708@gmx.net> <535A8E85-B962-42D6-9F4A-43CD96FE037E@tzi.org> In-Reply-To: <535A8E85-B962-42D6-9F4A-43CD96FE037E@tzi.org> OpenPGP: id=4D776BC9 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="xKftw1qqp5MGL9FJNJQ7dn01tLdOqTTkl" X-Provags-ID: V03:K0:vJw/8+3p8+Vh2groQaI3NQwO/tkEggu+2DgRfd2k2BA9J9rG6IP K/IhfzEDtR9elnvZB/umzYwEkdAVUXqHFBf5XFJCtNex3QDlcFUviWTelkPI4FpfMQI799r zK4Tsf660aMMu3tdMu6MBJxZ4FqvKtuAW6UqrLThoDC8IVKmjtJZZjZRJfevvGQuG5XF8Ep +4x/YOsSjKnwhMahdueJw== X-UI-Out-Filterresults: notjunk:1; Archived-At: http://mailarchive.ietf.org/arch/msg/dtls-iot/JBwoz9kkuQffyQ3NXzZDO7-lbIk Cc: kovatsch@inf.ethz.ch, Akbar.Rahman@InterDigital.com, "dtls-iot@ietf.org" Subject: Re: [Dtls-iot] Unconstrained DTLS servers X-BeenThere: dtls-iot@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DTLS for IoT discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Nov 2014 08:19:46 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --xKftw1qqp5MGL9FJNJQ7dn01tLdOqTTkl Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hi Carsten, thanks for the quick feedback. On 11/25/2014 08:31 AM, Carsten Bormann wrote: >=20 >> On 25 Nov 2014, at 08:24, Hannes Tschofenig wrote: >> >> Hi Carsten, >> >> On 11/25/2014 08:13 AM, Carsten Bormann wrote: >>> On 25 Nov 2014, at 08:09, Hannes Tschofenig wrote: >>>> >>>> Of course, both are completely valid and reasonable use cases. There= was >>>> only one problem. The case where the server was constrained essentia= lly >>>> fell into the category that ACE is trying to solve. So, I had a miss= ing >>>> piece there with regard to the authentication and the authorization = story. >>> >>> Can you elaborate on that? I see nothing in ACE that focuses it to c= onstrainedness of only the server or only the client. >> >> I didn't intent to provide a complete description of ACE. >=20 > I still don=E2=80=99t get why that would be needed. In ACE we have use cases that consider different types of constrained devices. One important use case is the unconstrained client accessing a constrained server. This use case is all over the map in the use case document. The other use cases, constrained client talking to a constrained server and constrained client to unconstrained server, are also hinted at. The story is a bit weaker there. (That is my reading of the use case document.) >> The point was >> more that the ACE work isn't finished >=20 > Obviously. >=20 >> and a description in the DTLS >> profile draft would have a dependency on it. >=20 > I need help understanding why that is needed in the first place. In order to provide a description that is interoperable one will have to explain what the client presents to the server to deal with authorization. Just looking at the different solutions there are cases where the client provides a certificate at the DTLS layer, a shared secret at the at the DTLS layer but there are also solutions being presented that move this functionality to the application layer. In other cases, there may be no DTLS at all and only application layer security objects (as presented at the last IETF meeting). We also don't know whether we will have one solution only or more than one. Maybe we will have one solution that provides all types of credentials; maybe not.= >>> Conversely, I see nothing in DTLS that requires ACE to set up a conne= ction to a constrained server (the PSK mechanism provides any decoupling = between the two that might be needed). >> We are still at the level of use cases in ACE and many of the solution= >> related aspects are still under discussion. >=20 > Is your assumption that the usage of DTLS will significantly change fro= m the way defined in RFC 7252, as a result of the ACE work? RFC 7252 does not really provide enough details for these scenarios to build an interoperable solution. Hence, I wouldn't call it "change RFC 7252" but rather fill in the gaps. > If yes, I=E2=80=99d like to know more about that. > If no, again I see only very loose coupling that would not stop us from= profiling the constrained server case. I fear that the resulting specification will suffer from a lack interoperability. If we make good progress in ACE over the next 6 months than a solution description will hopefully explain how the client to resource server communication looks like. Ciao Hannes >=20 > Gr=C3=BC=C3=9Fe, Carsten >=20 --xKftw1qqp5MGL9FJNJQ7dn01tLdOqTTkl Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org iQEcBAEBCgAGBQJUdDuPAAoJEGhJURNOOiAtT7sH/2Angjs6z+T9IY7gBFmI/4vw 7kLQqzYGaqkD5psiEa8ZzhhZ9Vb4LcA55XPBrzJC/JYOmXqqiLb82vAUt5i49GTi yZZXJRTZnyAJ1m/JRJRn62H+PPJ4DP8oOD2lPUKU+Uik6D0bodVJ6k5CHM2eiIOU I777uRO7Onz+QvieK+gksEtoomkoeO3wlNeXuJGwkbMLk+V8Khm3HsmSsCFoJrg8 WPiJS9CrTzs8iF39q+vVmnrYo5eIthreTVtQUKYi0wYjNOQOB7mKZw7wE5s22L6S l0ckPc6xIU+LFRHOySn70myOEZcTZ2mS3C8Car6+zmfacsvEKwfuR7UJ+BhU0Ps= =Qi9Z -----END PGP SIGNATURE----- --xKftw1qqp5MGL9FJNJQ7dn01tLdOqTTkl-- From nobody Tue Nov 25 00:25:48 2014 Return-Path: X-Original-To: dtls-iot@ietfa.amsl.com Delivered-To: dtls-iot@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D393B1A0035 for ; Tue, 25 Nov 2014 00:25:45 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.201 X-Spam-Level: X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4oRB-Mab8oy4 for ; Tue, 25 Nov 2014 00:25:43 -0800 (PST) Received: from service88.mimecast.com (service88.mimecast.com [195.130.217.12]) by ietfa.amsl.com (Postfix) with ESMTP id CE8E31A0023 for ; Tue, 25 Nov 2014 00:25:42 -0800 (PST) Received: from USA-SJC-GW1.usa.Arm.com (fw-tnat.snv.arm.com [217.140.100.22]) (Using TLS) by service88.mimecast.com; Tue, 25 Nov 2014 08:25:41 +0000 Received: from Spock.usa.Arm.com ([fe80::4116:859a:65b1:2f84]) by USA-SJC-GW1.usa.Arm.com ([::1]) with mapi; Tue, 25 Nov 2014 08:25:37 +0000 From: Zach Shelby To: Hannes Tschofenig Date: Tue, 25 Nov 2014 08:25:37 +0000 Thread-Topic: [Dtls-iot] WGLC for DTLS Profile draft: 11/11/2014 - 11/25/2014 Thread-Index: AdAIiWQhnLpG3U5MQnurolciyx+8ag== Message-ID: References: <6F73BAEE-5FA3-4BCA-9A28-B98E1093CB95@gmail.com> <1B65AA0C-100B-4072-BC30-71B78C49FD32@vigilsec.com> <54665EC1.8020706@gmx.net> <54668854.1020503@cs.tcd.ie> <54743777.8000800@gmx.net> In-Reply-To: <54743777.8000800@gmx.net> Accept-Language: en-US, en-GB Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US, en-GB MIME-Version: 1.0 X-MC-Unique: 114112508254104302 Content-Type: text/plain; charset=WINDOWS-1252 Content-Transfer-Encoding: quoted-printable Archived-At: http://mailarchive.ietf.org/arch/msg/dtls-iot/mW0fzSrTFgSUNOxMBdtgyesqSy4 Cc: Dorothy Gellert , Russ Housley , "dtls-iot@ietf.org" , Stephen Farrell Subject: Re: [Dtls-iot] WGLC for DTLS Profile draft: 11/11/2014 - 11/25/2014 X-BeenThere: dtls-iot@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DTLS for IoT discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Nov 2014 08:25:46 -0000 In addition to actual hardware support for AES-CCM in the embedded SoC indu= stry, which won't go away anytime soon, I would also point out that the req= uired cipher suites in CoAP are CCM based as well. We really do need to sup= port CCM in the DICE Profile. We could indicate support for GCM as well, bu= t I don't think that is particularly important. Regarding the UTA doc, considering that it is general recommendations for T= LS and DTLS, this should really align with the needs of the DICE and CoRE w= orking groups (and thus the IoT industry) as well. It is totally contradict= ory to indicate in draft-ietf-uta-tls-bcp that GCM is recommended, and then= in several other RFCs dependent on DTLS recommend the use of CCM. At the m= inimum that document should have a reference to the use of CCM in IoT speci= fications. That would be option c from your list Hannes? Zach On Nov 25, 2014, at 10:01 AM, Hannes Tschofenig = wrote: > Hi Stephen, > > I personally don't care too much about the different AES modes of > operation. I don't have a particularly preference since both will have > more or less the same code size and performance (particularly when we > talk about small message sizes). Of course, it would have been useful to > think about this issue earlier when CCM and GCM were developed (funny > enough by two IETF folks, Russ and David McGrew). In any case, I don't > want to get dragged into this "my algorithm is better than yours" debate. > > The issue is just that other SDOs have also selected AES-CCM, such as > Bluetooth Smart, Zigbee IP* (if that matters anymore today), and IEEE > 802.11i (which isn't necessarily a low power radio but still used in > certain IoT deployments). > > These silicon manufacturers then made these algorithms available for > developers as well (besides using them for the underlying radio > technology). Furthermore, they have also been added to SoCs even without > the radio technology. > > In many cases these algorithm implementations cannot be updated (even if > they are just software running on the chip) rather than being really in > hardware. > > Whether it is useful to put the entire algorithm in hardware or instead > just some primitives is yet another story but I guess it is a bit too > late for that discussion. > > The question therefore is what could be done about this situation. Here > are the options: > > a) Change the recommendations in the UTA document to AES-CCM > b) Change the recommendations in the DTLS profile document to AES-GCM > c) Indicate support for both (AES-CCM and AES-GCM) > d) Leave the documents as they are since they target different industry > segments/use cases. > > As I argued earlier I think option (d) is the way to go. > > Ciao > Hannes > > *: According to my understanding Zigbee IP uses a variation of AES-CCM. > > On 11/14/2014 11:55 PM, Stephen Farrell wrote: >> >> Hi Russ, >> >> >> >> On 14/11/14 20:05, Russ Housley wrote: >>> Hannes: >>> >>> I understand the hardware situation. That was the point I was trying >>> to make when I said, "It makes a lot of sense for small devices." >>> Please explain this situation in HTTPbis. My hope is that they will >>> join you by either picking AES-CCM or picking both AES-GCM and >>> AES-CCM. >> >> I'm not getting why we see having two AES modes as advantageous. >> >> I get that there are devices out there with CCM and that that's >> unlikely to go away, and that the same is true for GCM, but that >> seems like a thing that's a pain to work around. >> >> Or am I over interpreting "hope" there? >> >> >> >> S. >> >> >>> >>> Russ >>> >>> >>> On Nov 14, 2014, at 2:57 PM, Hannes Tschofenig wrote: >>> >>>> Hi Russ, >>>> >>>> thanks for bringing this up. >>>> >>>> The ciphersuites selected for the DTLS profile draft have been >>>> heavily influenced by the work done in the CORE working group. >>>> >>>> We have been telling silicon partners that they should put AES-CCM >>>> into their chips and they have indeed following that >>>> recommendation. >>>> >>>> I believe, however, that this is not a problem as such since the >>>> UTA work really has a different scope - they focus on >>>> Web/Messaging/Email rather than the IoT space. I sent a mail to >>>> their list to request the title to be adjusted. >>>> >>>> Ciao Hannes >>>> >>>> On 11/12/2014 01:37 AM, Russ Housley wrote: >>>>> DICE document requires TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8. I >>>>> have no problem with that choice. It makes a lot of sense for >>>>> small devices. >>>>> >>>>> The HTTPbis is also taking a path that requires an AEAD >>>>> algorithm. It would be really nice if the two groups came to a >>>>> place that allowed interoperability, but HTTPbis seems to be on a >>>>> path for AES-GCM. AES-CCM is better for small devices. >>>>> >>>>> It seems to me that the two groups should talk to each other >>>>> before WG Last Call is over. >>>>> >>>>> Russ >>> >>> _______________________________________________ dtls-iot mailing >>> list dtls-iot@ietf.org >>> https://www.ietf.org/mailman/listinfo/dtls-iot >>> > Zach Shelby Director of Technical Marketing ARM Internet of Things BU www.arm.com US: +1 (408) 203-9434 Finland: +358 407796297 Skype: zdshelby LinkedIn: fi.linkedin.com/in/zachshelby/ -- IMPORTANT NOTICE: The contents of this email and any attachments are con= fidential and may also be privileged. If you are not the intended recipient= , please notify the sender immediately and do not disclose the contents to = any other person, use it for any purpose, or store or copy the information = in any medium. Thank you. ARM Limited, Registered office 110 Fulbourn Road, Cambridge CB1 9NJ, Regist= ered in England & Wales, Company No: 2557590 ARM Holdings plc, Registered office 110 Fulbourn Road, Cambridge CB1 9NJ, R= egistered in England & Wales, Company No: 2548782 From nobody Tue Nov 25 00:31:19 2014 Return-Path: X-Original-To: dtls-iot@ietfa.amsl.com Delivered-To: dtls-iot@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 765CC1A0067 for ; Tue, 25 Nov 2014 00:31:16 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.201 X-Spam-Level: X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id msQ8jwNZRd-S for ; Tue, 25 Nov 2014 00:31:14 -0800 (PST) Received: from service88.mimecast.com (service88.mimecast.com [195.130.217.12]) by ietfa.amsl.com (Postfix) with ESMTP id 1306C1A0053 for ; Tue, 25 Nov 2014 00:31:13 -0800 (PST) Received: from USA-SJC-GW2.usa.Arm.com (fw-tnat.snv.arm.com [217.140.100.22]) (Using TLS) by service88.mimecast.com; Tue, 25 Nov 2014 08:31:12 +0000 Received: from Spock.usa.Arm.com ([fe80::4116:859a:65b1:2f84]) by USA-SJC-GW2.usa.Arm.com ([::1]) with mapi; Tue, 25 Nov 2014 00:31:09 -0800 From: Zach Shelby To: Hannes Tschofenig Date: Tue, 25 Nov 2014 00:31:08 -0800 Thread-Topic: [Dtls-iot] Unconstrained DTLS servers Thread-Index: AdAIiilecb4vJTxkSG+c2JtHQUOp1g== Message-ID: <0848B960-2EAB-4902-8C51-9374536228AE@arm.com> References: <54742B21.7040806@gmx.net> In-Reply-To: <54742B21.7040806@gmx.net> Accept-Language: en-US, en-GB Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US, en-GB MIME-Version: 1.0 X-MC-Unique: 114112508311202702 Content-Type: text/plain; charset=WINDOWS-1252 Content-Transfer-Encoding: quoted-printable Archived-At: http://mailarchive.ietf.org/arch/msg/dtls-iot/rtBkFoPoY6Ik83GP-5phvwgXsv8 Cc: "kovatsch@inf.ethz.ch" , "Akbar.Rahman@InterDigital.com" , "dtls-iot@ietf.org" Subject: Re: [Dtls-iot] Unconstrained DTLS servers X-BeenThere: dtls-iot@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DTLS for IoT discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Nov 2014 08:31:16 -0000 Hi, Hannes is correct here, we as a working group did decide to scope this prof= ile on a simple client-server based configuration. The profile draft was wr= itten according to that assumption. It is also a good point that without ACE, there are some missing holes here= in our specifications for constrained DTLS servers. We certainly could pub= lish a peer-to-peer DTLS profile after the ACE work is done. Zach On Nov 25, 2014, at 9:09 AM, Hannes Tschofenig = wrote: > Hi Akbar, Hi Matthias, > Hi all, > > You both raised an issue that I would like to respond to separately: > > =93The document still implies that all IoT devices will be DTLS clients > and that DTLS servers will be unconstrained, somewhere in the cloud. > While I understand that this is one of the current use cases (from the > OMA LWM2M Client Registration Interface), this implication undermines > the idea and benefits of CoAP. The IoT devices are meant to be the > origin/resource servers, as their sensors and actuators provide the > information about the physical world.=94 > > You are completely correct that this is the assumption I made for the > document and I did it intentionally after consulting with the working > group earlier this year. > > It is an issue of scoping. > > I originally tried to cover both cases, namely a situation where the > client is constrained and the server side isn't as well as the situation > where the server side is constrained but the client isn't. > > Of course, both are completely valid and reasonable use cases. There was > only one problem. The case where the server was constrained essentially > fell into the category that ACE is trying to solve. So, I had a missing > piece there with regard to the authentication and the authorization story= . > > For this reason I recommended to the working group to deal with the > constrained server case later when results from the ACE WG are available > since the issue is more than just the use of DTLS in that scenario. > > I hope that this makes more sense and it might be worthwhile to actually > explain the scoping in the document itself and to make an informative > reference to the work in the ACE working group. > > Ciao > Hannes > _______________________________________________ > dtls-iot mailing list > dtls-iot@ietf.org > https://www.ietf.org/mailman/listinfo/dtls-iot Zach Shelby Director of Technical Marketing ARM Internet of Things BU www.arm.com US: +1 (408) 203-9434 Finland: +358 407796297 Skype: zdshelby LinkedIn: fi.linkedin.com/in/zachshelby/ -- IMPORTANT NOTICE: The contents of this email and any attachments are con= fidential and may also be privileged. If you are not the intended recipient= , please notify the sender immediately and do not disclose the contents to = any other person, use it for any purpose, or store or copy the information = in any medium. Thank you. ARM Limited, Registered office 110 Fulbourn Road, Cambridge CB1 9NJ, Regist= ered in England & Wales, Company No: 2557590 ARM Holdings plc, Registered office 110 Fulbourn Road, Cambridge CB1 9NJ, R= egistered in England & Wales, Company No: 2548782 From nobody Tue Nov 25 00:37:40 2014 Return-Path: X-Original-To: dtls-iot@ietfa.amsl.com Delivered-To: dtls-iot@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5977A1A006E for ; Tue, 25 Nov 2014 00:37:34 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.55 X-Spam-Level: X-Spam-Status: No, score=-1.55 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_DE=0.35] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z8dcmEcrWcOi for ; Tue, 25 Nov 2014 00:37:33 -0800 (PST) Received: from mailhost.informatik.uni-bremen.de (mailhost.informatik.uni-bremen.de [IPv6:2001:638:708:30c9::12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 493CA1A0067 for ; Tue, 25 Nov 2014 00:37:33 -0800 (PST) X-Virus-Scanned: amavisd-new at informatik.uni-bremen.de Received: from smtp-fb3.informatik.uni-bremen.de (smtp-fb3.informatik.uni-bremen.de [134.102.224.120]) by mailhost.informatik.uni-bremen.de (8.14.5/8.14.5) with ESMTP id sAP8bTar022190; Tue, 25 Nov 2014 09:37:29 +0100 (CET) Received: from [192.168.217.149] (p54893706.dip0.t-ipconnect.de [84.137.55.6]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp-fb3.informatik.uni-bremen.de (Postfix) with ESMTPSA id 62AB4D90; Tue, 25 Nov 2014 09:37:29 +0100 (CET) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 8.1 \(1993\)) From: Carsten Bormann In-Reply-To: <54743B8E.2000507@gmx.net> Date: Tue, 25 Nov 2014 09:37:28 +0100 X-Mao-Original-Outgoing-Id: 438597447.403538-c756e74cd27cf5821f5fd42686932596 Content-Transfer-Encoding: quoted-printable Message-Id: <1F50337D-E043-4A67-BB5E-E1467BF8CB75@tzi.org> References: <54742B21.7040806@gmx.net> <85CB26D0-CFE1-4622-B42C-72CBFCC80AA5@tzi.org> <54742EA2.3000708@gmx.net> <535A8E85-B962-42D6-9F4A-43CD96FE037E@tzi.org> <54743B8E.2000507@gmx.net> To: Hannes Tschofenig X-Mailer: Apple Mail (2.1993) Archived-At: http://mailarchive.ietf.org/arch/msg/dtls-iot/HlfbbJqO4ZGwqyADPjRsWdDoar4 Cc: kovatsch@inf.ethz.ch, Akbar.Rahman@InterDigital.com, "dtls-iot@ietf.org" Subject: Re: [Dtls-iot] Unconstrained DTLS servers X-BeenThere: dtls-iot@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DTLS for IoT discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Nov 2014 08:37:34 -0000 >=20 > In order to provide a description that is interoperable one will have = to > explain what the client presents to the server to deal with > authorization. I still fail to see why this is somehow easy with a constrained client = and hard with a constrained server. > Just looking at the different solutions there are cases > where the client provides a certificate at the DTLS layer, a shared > secret at the at the DTLS layer but there are also solutions being > presented that move this functionality to the application layer. The DTLS profile would not cover the application layer approach, = obviously. > In > other cases, there may be no DTLS at all and only application layer > security objects (as presented at the last IETF meeting). Again, that is not something that the DTLS profile needs to worry about. > We also don't > know whether we will have one solution only or more than one. Maybe we > will have one solution that provides all types of credentials; maybe = not. >=20 >>>> Conversely, I see nothing in DTLS that requires ACE to set up a = connection to a constrained server (the PSK mechanism provides any = decoupling between the two that might be needed). >>> We are still at the level of use cases in ACE and many of the = solution >>> related aspects are still under discussion. >>=20 >> Is your assumption that the usage of DTLS will significantly change = from the way defined in RFC 7252, as a result of the ACE work? >=20 > RFC 7252 does not really provide enough details for these scenarios to > build an interoperable solution. Hence, I wouldn't call it "change RFC > 7252" but rather fill in the gaps. Hmm, how is a single interoperable solution a prerequisite to having a = DTLS profile? The document as is clearly is open to many different interoperable = solutions for the constrained client case, and the same should be true = for the constrained server. There is some hidden assumption in this argumentation that we still need = to uncover. Gr=C3=BC=C3=9Fe, Carsten From nobody Tue Nov 25 01:11:37 2014 Return-Path: X-Original-To: dtls-iot@ietfa.amsl.com Delivered-To: dtls-iot@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 389641A0075 for ; Tue, 25 Nov 2014 01:11:34 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.91 X-Spam-Level: X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4ofVJGZO7Qgt for ; Tue, 25 Nov 2014 01:11:30 -0800 (PST) Received: from mout.gmx.net (mout.gmx.net [212.227.17.22]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3DB711A0074 for ; Tue, 25 Nov 2014 01:11:30 -0800 (PST) Received: from [192.168.131.131] ([80.92.115.84]) by mail.gmx.com (mrgmx102) with ESMTPSA (Nemesis) id 0MQu9K-1XUPlC2Zf4-00UI40; Tue, 25 Nov 2014 10:11:24 +0100 Message-ID: <547447BB.6070001@gmx.net> Date: Tue, 25 Nov 2014 10:11:23 +0100 From: Hannes Tschofenig User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0 MIME-Version: 1.0 To: "Kumar, Sandeep" , Russ Housley , "dtls-iot@ietf.org" References: <6F73BAEE-5FA3-4BCA-9A28-B98E1093CB95@gmail.com> <1B65AA0C-100B-4072-BC30-71B78C49FD32@vigilsec.com> <54665EC1.8020706@gmx.net> In-Reply-To: OpenPGP: id=4D776BC9 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="kmQ45qHNBvqvdRsjcAdHJ4IekWWTmuGaR" X-Provags-ID: V03:K0:T6oaItPivlK2ROjKut/mjJR9f20iKQrq55uV8OI7K12+sgoFmSm lwiZePuQ1gwRbycNRdBPzG/aAxanNjlIP0yd1yKV9pFoU7i+e+LEXL7lkcGZM1GiKywpSVT /fHpCBfv5BK6Kz3bEpdk9SS+y4z63Y5aEHU9fC1+2szz57SNKpZ0RHll1c7HDWfvJrMZXxb SocqrDh710SdKe/xFyutQ== X-UI-Out-Filterresults: notjunk:1; Archived-At: http://mailarchive.ietf.org/arch/msg/dtls-iot/AECmWXjoF46RyRm8eaRr_BKNRK4 Cc: Dorothy Gellert , Zach Shelby Subject: Re: [Dtls-iot] WGLC for DTLS Profile draft: 11/11/2014 - 11/25/2014 X-BeenThere: dtls-iot@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DTLS for IoT discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Nov 2014 09:11:34 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --kmQ45qHNBvqvdRsjcAdHJ4IekWWTmuGaR Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable Hi Sandeep, On 11/15/2014 04:02 AM, Kumar, Sandeep wrote: > HI Hannes >=20 > Can you clarify if the silicon vendors are implementing AES-CCM or > plain AES in hardware (i.e. AES-ECB) with the CCM mode implemented in > software? It is sometimes a bit hard to say whether functionality is implemented in software or in hardware since everything is hidden on the chip. Just take the Nordic Semiconductor Bluetooth Smart SoC (nRF51822) https://www.nordicsemi.com/eng/Products/Bluetooth-Smart-Bluetooth-low-ene= rgy/nRF51822 Due to Bluetooth 4.1 specification it comes with AES-CCM support and the firmware for this chip can be updated (and there are different versions of the firmware available). What exactly can be updated is something I don't know because the firmware image is provided by Nordic. Of course, the main purpose of this chip is to run Bluetooth Smart-based applications and there may not be enough space to run your entire IoT software stack. You might have other radio technologies running on other chips as well. As such, in your final product you might end up having various places where you could run your cryptographic algorithms... When I looked at the specifications to answer your question I actually didn't find the needed info. Maybe I have not searched enough. I will get in touch with the guys at Nordic to figure it out for this specific example. Your question is obviously quite good and I believe we should put more text into the draft about this topic to give silicon vendors some guidance about what to provide. > If it is the former, do you know if they are flexible > enough to implement AES-CCM with different nonce lengths. The reason > I ask is because AES-CCM in IEEE 802.15.4 uses a nonce length of > 13-octets while DTLS uses 12-octets. I have heard of some15.4 chips > that hard-code (in hardware) the 13-octet nonce length making it > useless for DTLS. Is the issue caused by IEEE 802.15.4 or by Zigbee IP? Ciao Hannes >=20 > Regards Sandeep >=20 >=20 >=20 >> -----Original Message----- From: dtls-iot >> [mailto:dtls-iot-bounces@ietf.org] On Behalf Of Hannes Tschofenig=20 >> Sent: Friday, November 14, 2014 9:58 AM To: Russ Housley; >> dtls-iot@ietf.org Cc: Dorothy Gellert; Zach Shelby Subject: Re: >> [Dtls-iot] WGLC for DTLS Profile draft: 11/11/2014 - 11/25/2014 >>=20 >> Hi Russ, >>=20 >> thanks for bringing this up. >>=20 >> The ciphersuites selected for the DTLS profile draft have been >> heavily influenced by the work done in the CORE working group. >>=20 >> We have been telling silicon partners that they should put AES-CCM >> into their chips and they have indeed following that >> recommendation. >>=20 >> I believe, however, that this is not a problem as such since the >> UTA work really has a different scope - they focus on >> Web/Messaging/Email rather than the IoT space. I sent a mail to >> their list to request the title to be adjusted. >>=20 >> Ciao Hannes >>=20 >> On 11/12/2014 01:37 AM, Russ Housley wrote: >>> DICE document requires TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8. I >> have no problem with that choice. It makes a lot of sense for >> small devices. >>>=20 >>> The HTTPbis is also taking a path that requires an AEAD >>> algorithm. It would >> be really nice if the two groups came to a place that allowed >> interoperability, but HTTPbis seems to be on a path for AES-GCM. >> AES-CCM is better for small devices. >>>=20 >>> It seems to me that the two groups should talk to each other >>> before WG >> Last Call is over. >>>=20 >>> Russ >>>=20 >>> _______________________________________________ dtls-iot mailing >>> list dtls-iot@ietf.org=20 >>> https://www.ietf.org/mailman/listinfo/dtls-iot >>>=20 >=20 >=20 > ________________________________ The information contained in this > message may be confidential and legally protected under applicable > law. The message is intended solely for the addressee(s). If you are > not the intended recipient, you are hereby notified that any use, > forwarding, dissemination, or reproduction of this message is > strictly prohibited and may be unlawful. If you are not the intended > recipient, please contact the sender by return e-mail and destroy all > copies of the original message. >=20 --kmQ45qHNBvqvdRsjcAdHJ4IekWWTmuGaR Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org iQEcBAEBCgAGBQJUdEe7AAoJEGhJURNOOiAtK2MH/0wIyxCZ+5EiPrV6u4PSuibA g08E0svLqjmAg5I0sHC3ulHZqw/m53xw/+jbaEbjM6JTIqvHQw5sFC0A3kIkCmaP 95cDrJgNU8zDc8NSyYeJLpbTNORjw3z4KTu9Bod2JAGqtyPCTgZteSdiUbRn4cGT Lybp2bcFvYZnj3MYgM6v6QIi48cjlIi53fy8Wfhv4BG96istQjrKZ1CJ472cx+s4 Zf0oXKvAg7n+Cwhvx2NLkMiZ0KWjj+5IFjQfHX15o594+fRm9DcJeYhAZPB2s8w+ AJKaorymXrRtdU85trMnAY+KwxCUtfGQ8se791iOI+LoJTkmxnFnuFLqQ2wFOag= =lbL4 -----END PGP SIGNATURE----- --kmQ45qHNBvqvdRsjcAdHJ4IekWWTmuGaR-- From nobody Tue Nov 25 01:17:25 2014 Return-Path: X-Original-To: dtls-iot@ietfa.amsl.com Delivered-To: dtls-iot@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3CD451A007D for ; Tue, 25 Nov 2014 01:17:23 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.91 X-Spam-Level: X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ux_Maou3iajA for ; Tue, 25 Nov 2014 01:17:20 -0800 (PST) Received: from mout.gmx.net (mout.gmx.net [212.227.15.19]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6928E1A0075 for ; Tue, 25 Nov 2014 01:17:20 -0800 (PST) Received: from [192.168.131.131] ([80.92.115.84]) by mail.gmx.com (mrgmx002) with ESMTPSA (Nemesis) id 0MdrK9-1XYW9Y1XWX-00PgFI; Tue, 25 Nov 2014 10:16:29 +0100 Message-ID: <547448EB.8070506@gmx.net> Date: Tue, 25 Nov 2014 10:16:27 +0100 From: Hannes Tschofenig User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0 MIME-Version: 1.0 To: Zach Shelby References: <6F73BAEE-5FA3-4BCA-9A28-B98E1093CB95@gmail.com> <1B65AA0C-100B-4072-BC30-71B78C49FD32@vigilsec.com> <54665EC1.8020706@gmx.net> <54668854.1020503@cs.tcd.ie> <54743777.8000800@gmx.net> In-Reply-To: OpenPGP: id=4D776BC9 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="mGh1hdx3TNQxBvp5NVIMpFlQ7MkcKUCxf" X-Provags-ID: V03:K0:QHT+uIN2/W+Z5/ek3ir2D4kvtJCwNSjCU+431RWMxske5RmzrKk iR3E7L89E5CzAXOg85IZ8gt3A1Q4KLgCgCRBv04ovcpSvt/saKhJT9UtP5B9s64uVjg/6/1 /ivCJ3a3VvBqsQ7Byz997rFB3x6gVkz6aZOzxNHTXR5PgoZbaUKxDZwjbxhzBMRjNJrmUvp vq0APqw21fXl2LVqnperw== X-UI-Out-Filterresults: notjunk:1; Archived-At: http://mailarchive.ietf.org/arch/msg/dtls-iot/HrhS5W9tjJH005wzX7-N4YXq1-I Cc: Dorothy Gellert , Russ Housley , "dtls-iot@ietf.org" , Stephen Farrell Subject: Re: [Dtls-iot] WGLC for DTLS Profile draft: 11/11/2014 - 11/25/2014 X-BeenThere: dtls-iot@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DTLS for IoT discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Nov 2014 09:17:23 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --mGh1hdx3TNQxBvp5NVIMpFlQ7MkcKUCxf Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable Hi Zach, it would be option #d in my list below. In fact, I have already dropped a mail to the UTA list about their document and raised the issue of scoping. Their document is really is about the Web. I fear that nobody had really looked at their document in detail since otherwise someone would have noticed that it also talks briefly about email and XMPP while there is other work in the group that provides much greater detail on those topic. In the same spirit I see the IoT case as something that does not belong in their document at all. TLS (and DTLS) is just used in a number of different deployments and they are a bit different. Ciao Hannes On 11/25/2014 09:25 AM, Zach Shelby wrote: > In addition to actual hardware support for AES-CCM in the embedded SoC = industry, which won't go away anytime soon, I would also point out that t= he required cipher suites in CoAP are CCM based as well. We really do nee= d to support CCM in the DICE Profile. We could indicate support for GCM a= s well, but I don't think that is particularly important. >=20 > Regarding the UTA doc, considering that it is general recommendations f= or TLS and DTLS, this should really align with the needs of the DICE and = CoRE working groups (and thus the IoT industry) as well. It is totally co= ntradictory to indicate in draft-ietf-uta-tls-bcp that GCM is recommended= , and then in several other RFCs dependent on DTLS recommend the use of C= CM. At the minimum that document should have a reference to the use of CC= M in IoT specifications. >=20 > That would be option c from your list Hannes? >=20 > Zach >=20 > On Nov 25, 2014, at 10:01 AM, Hannes Tschofenig wrote: >=20 >> Hi Stephen, >> >> I personally don't care too much about the different AES modes of >> operation. I don't have a particularly preference since both will have= >> more or less the same code size and performance (particularly when we >> talk about small message sizes). Of course, it would have been useful = to >> think about this issue earlier when CCM and GCM were developed (funny >> enough by two IETF folks, Russ and David McGrew). In any case, I don't= >> want to get dragged into this "my algorithm is better than yours" deba= te. >> >> The issue is just that other SDOs have also selected AES-CCM, such as >> Bluetooth Smart, Zigbee IP* (if that matters anymore today), and IEEE >> 802.11i (which isn't necessarily a low power radio but still used in >> certain IoT deployments). >> >> These silicon manufacturers then made these algorithms available for >> developers as well (besides using them for the underlying radio >> technology). Furthermore, they have also been added to SoCs even witho= ut >> the radio technology. >> >> In many cases these algorithm implementations cannot be updated (even = if >> they are just software running on the chip) rather than being really i= n >> hardware. >> >> Whether it is useful to put the entire algorithm in hardware or instea= d >> just some primitives is yet another story but I guess it is a bit too >> late for that discussion. >> >> The question therefore is what could be done about this situation. Her= e >> are the options: >> >> a) Change the recommendations in the UTA document to AES-CCM >> b) Change the recommendations in the DTLS profile document to AES-GCM >> c) Indicate support for both (AES-CCM and AES-GCM) >> d) Leave the documents as they are since they target different industr= y >> segments/use cases. >> >> As I argued earlier I think option (d) is the way to go. >> >> Ciao >> Hannes >> >> *: According to my understanding Zigbee IP uses a variation of AES-CCM= =2E >> >> On 11/14/2014 11:55 PM, Stephen Farrell wrote: >>> >>> Hi Russ, >>> >>> >>> >>> On 14/11/14 20:05, Russ Housley wrote: >>>> Hannes: >>>> >>>> I understand the hardware situation. That was the point I was tryin= g >>>> to make when I said, "It makes a lot of sense for small devices." >>>> Please explain this situation in HTTPbis. My hope is that they will= >>>> join you by either picking AES-CCM or picking both AES-GCM and >>>> AES-CCM. >>> >>> I'm not getting why we see having two AES modes as advantageous. >>> >>> I get that there are devices out there with CCM and that that's >>> unlikely to go away, and that the same is true for GCM, but that >>> seems like a thing that's a pain to work around. >>> >>> Or am I over interpreting "hope" there? >>> >>> >>> >>> S. >>> >>> >>>> >>>> Russ >>>> >>>> >>>> On Nov 14, 2014, at 2:57 PM, Hannes Tschofenig wrote: >>>> >>>>> Hi Russ, >>>>> >>>>> thanks for bringing this up. >>>>> >>>>> The ciphersuites selected for the DTLS profile draft have been >>>>> heavily influenced by the work done in the CORE working group. >>>>> >>>>> We have been telling silicon partners that they should put AES-CCM >>>>> into their chips and they have indeed following that >>>>> recommendation. >>>>> >>>>> I believe, however, that this is not a problem as such since the >>>>> UTA work really has a different scope - they focus on >>>>> Web/Messaging/Email rather than the IoT space. I sent a mail to >>>>> their list to request the title to be adjusted. >>>>> >>>>> Ciao Hannes >>>>> >>>>> On 11/12/2014 01:37 AM, Russ Housley wrote: >>>>>> DICE document requires TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8. I >>>>>> have no problem with that choice. It makes a lot of sense for >>>>>> small devices. >>>>>> >>>>>> The HTTPbis is also taking a path that requires an AEAD >>>>>> algorithm. It would be really nice if the two groups came to a >>>>>> place that allowed interoperability, but HTTPbis seems to be on a >>>>>> path for AES-GCM. AES-CCM is better for small devices. >>>>>> >>>>>> It seems to me that the two groups should talk to each other >>>>>> before WG Last Call is over. >>>>>> >>>>>> Russ >>>> >>>> _______________________________________________ dtls-iot mailing >>>> list dtls-iot@ietf.org >>>> https://www.ietf.org/mailman/listinfo/dtls-iot >>>> >> >=20 > Zach Shelby > Director of Technical Marketing > ARM Internet of Things BU > www.arm.com > US: +1 (408) 203-9434 > Finland: +358 407796297 > Skype: zdshelby > LinkedIn: fi.linkedin.com/in/zachshelby/ >=20 >=20 > -- IMPORTANT NOTICE: The contents of this email and any attachments are= confidential and may also be privileged. If you are not the intended rec= ipient, please notify the sender immediately and do not disclose the cont= ents to any other person, use it for any purpose, or store or copy the in= formation in any medium. Thank you. >=20 > ARM Limited, Registered office 110 Fulbourn Road, Cambridge CB1 9NJ, Re= gistered in England & Wales, Company No: 2557590 > ARM Holdings plc, Registered office 110 Fulbourn Road, Cambridge CB1 9N= J, Registered in England & Wales, Company No: 2548782 >=20 --mGh1hdx3TNQxBvp5NVIMpFlQ7MkcKUCxf Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org iQEcBAEBCgAGBQJUdEjrAAoJEGhJURNOOiAtR6IH/1pGk0jeY7bWdUZJdrxFaS32 B6EAZiWqnJJfeceShX7Vc16t+qlfniAZS5fWr5fWurD8BiMPuLQu599Xk+d+/mTp hQGJJcFHkOUGqmAKcWgcXfJ9paIM12Iwnra0VV8jJARdt8ZNjHcb16jV27gFQ59b PQr/yX2VoAQIgRRVQ2whSoaXybcN35Nvplq7Gm61nw7cSMQ4cpTyQ/OncOpbfi+j qZj66cpO0an0vsXrpGr68LrLdFLEdhbHxTq4apqU4wdAgRSz5yp214jdyTx+VtZc s8hH61zF1LmvPDx98jPpTXCIIxDEsR0BA3GdRyTXEXkFBZ8r/D9J5HcJMDVhMvs= =AJQU -----END PGP SIGNATURE----- --mGh1hdx3TNQxBvp5NVIMpFlQ7MkcKUCxf-- From nobody Tue Nov 25 01:23:45 2014 Return-Path: X-Original-To: dtls-iot@ietfa.amsl.com Delivered-To: dtls-iot@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 786FE1A0084 for ; Tue, 25 Nov 2014 01:23:42 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.201 X-Spam-Level: X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xv_DxTptY8AP for ; Tue, 25 Nov 2014 01:23:39 -0800 (PST) Received: from service88.mimecast.com (service88.mimecast.com [195.130.217.12]) by ietfa.amsl.com (Postfix) with ESMTP id 4A0401A0089 for ; Tue, 25 Nov 2014 01:23:31 -0800 (PST) Received: from USA-SJC-GW2.usa.Arm.com (fw-tnat.snv.arm.com [217.140.100.22]) (Using TLS) by service88.mimecast.com; Tue, 25 Nov 2014 09:23:29 +0000 Received: from Spock.usa.Arm.com ([fe80::4116:859a:65b1:2f84]) by USA-SJC-GW2.usa.Arm.com ([::1]) with mapi; Tue, 25 Nov 2014 01:23:27 -0800 From: Zach Shelby To: Hannes Tschofenig Date: Tue, 25 Nov 2014 01:23:23 -0800 Thread-Topic: [Dtls-iot] WGLC for DTLS Profile draft: 11/11/2014 - 11/25/2014 Thread-Index: AdAIkXeCtq5q5nFwSua5bNNQta0RoA== Message-ID: References: <6F73BAEE-5FA3-4BCA-9A28-B98E1093CB95@gmail.com> <1B65AA0C-100B-4072-BC30-71B78C49FD32@vigilsec.com> <54665EC1.8020706@gmx.net> <54668854.1020503@cs.tcd.ie> <54743777.8000800@gmx.net> <547448EB.8070506@gmx.net> In-Reply-To: <547448EB.8070506@gmx.net> Accept-Language: en-US, en-GB Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US, en-GB MIME-Version: 1.0 X-MC-Unique: 114112509232915602 Content-Type: text/plain; charset=WINDOWS-1252 Content-Transfer-Encoding: quoted-printable Archived-At: http://mailarchive.ietf.org/arch/msg/dtls-iot/PE-sBrBLJieXpr_Putx7JIjGv2Q Cc: Dorothy Gellert , Russ Housley , "dtls-iot@ietf.org" , Stephen Farrell Subject: Re: [Dtls-iot] WGLC for DTLS Profile draft: 11/11/2014 - 11/25/2014 X-BeenThere: dtls-iot@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DTLS for IoT discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Nov 2014 09:23:42 -0000 Hannes, Agreed that makes sense, if it would be scoped correctly. Zach On Nov 25, 2014, at 11:16 AM, Hannes Tschofenig = wrote: > Hi Zach, > > it would be option #d in my list below. In fact, I have already dropped > a mail to the UTA list about their document and raised the issue of > scoping. Their document is really is about the Web. I fear that nobody > had really looked at their document in detail since otherwise someone > would have noticed that it also talks briefly about email and XMPP while > there is other work in the group that provides much greater detail on > those topic. In the same spirit I see the IoT case as something that > does not belong in their document at all. TLS (and DTLS) is just used in > a number of different deployments and they are a bit different. > > Ciao > Hannes > > > On 11/25/2014 09:25 AM, Zach Shelby wrote: >> In addition to actual hardware support for AES-CCM in the embedded SoC i= ndustry, which won't go away anytime soon, I would also point out that the = required cipher suites in CoAP are CCM based as well. We really do need to = support CCM in the DICE Profile. We could indicate support for GCM as well,= but I don't think that is particularly important. >> >> Regarding the UTA doc, considering that it is general recommendations fo= r TLS and DTLS, this should really align with the needs of the DICE and CoR= E working groups (and thus the IoT industry) as well. It is totally contrad= ictory to indicate in draft-ietf-uta-tls-bcp that GCM is recommended, and t= hen in several other RFCs dependent on DTLS recommend the use of CCM. At th= e minimum that document should have a reference to the use of CCM in IoT sp= ecifications. >> >> That would be option c from your list Hannes? >> >> Zach >> >> On Nov 25, 2014, at 10:01 AM, Hannes Tschofenig wrote: >> >>> Hi Stephen, >>> >>> I personally don't care too much about the different AES modes of >>> operation. I don't have a particularly preference since both will have >>> more or less the same code size and performance (particularly when we >>> talk about small message sizes). Of course, it would have been useful t= o >>> think about this issue earlier when CCM and GCM were developed (funny >>> enough by two IETF folks, Russ and David McGrew). In any case, I don't >>> want to get dragged into this "my algorithm is better than yours" debat= e. >>> >>> The issue is just that other SDOs have also selected AES-CCM, such as >>> Bluetooth Smart, Zigbee IP* (if that matters anymore today), and IEEE >>> 802.11i (which isn't necessarily a low power radio but still used in >>> certain IoT deployments). >>> >>> These silicon manufacturers then made these algorithms available for >>> developers as well (besides using them for the underlying radio >>> technology). Furthermore, they have also been added to SoCs even withou= t >>> the radio technology. >>> >>> In many cases these algorithm implementations cannot be updated (even i= f >>> they are just software running on the chip) rather than being really in >>> hardware. >>> >>> Whether it is useful to put the entire algorithm in hardware or instead >>> just some primitives is yet another story but I guess it is a bit too >>> late for that discussion. >>> >>> The question therefore is what could be done about this situation. Here >>> are the options: >>> >>> a) Change the recommendations in the UTA document to AES-CCM >>> b) Change the recommendations in the DTLS profile document to AES-GCM >>> c) Indicate support for both (AES-CCM and AES-GCM) >>> d) Leave the documents as they are since they target different industry >>> segments/use cases. >>> >>> As I argued earlier I think option (d) is the way to go. >>> >>> Ciao >>> Hannes >>> >>> *: According to my understanding Zigbee IP uses a variation of AES-CCM. >>> >>> On 11/14/2014 11:55 PM, Stephen Farrell wrote: >>>> >>>> Hi Russ, >>>> >>>> >>>> >>>> On 14/11/14 20:05, Russ Housley wrote: >>>>> Hannes: >>>>> >>>>> I understand the hardware situation. That was the point I was trying >>>>> to make when I said, "It makes a lot of sense for small devices." >>>>> Please explain this situation in HTTPbis. My hope is that they will >>>>> join you by either picking AES-CCM or picking both AES-GCM and >>>>> AES-CCM. >>>> >>>> I'm not getting why we see having two AES modes as advantageous. >>>> >>>> I get that there are devices out there with CCM and that that's >>>> unlikely to go away, and that the same is true for GCM, but that >>>> seems like a thing that's a pain to work around. >>>> >>>> Or am I over interpreting "hope" there? >>>> >>>> >>>> >>>> S. >>>> >>>> >>>>> >>>>> Russ >>>>> >>>>> >>>>> On Nov 14, 2014, at 2:57 PM, Hannes Tschofenig wrote: >>>>> >>>>>> Hi Russ, >>>>>> >>>>>> thanks for bringing this up. >>>>>> >>>>>> The ciphersuites selected for the DTLS profile draft have been >>>>>> heavily influenced by the work done in the CORE working group. >>>>>> >>>>>> We have been telling silicon partners that they should put AES-CCM >>>>>> into their chips and they have indeed following that >>>>>> recommendation. >>>>>> >>>>>> I believe, however, that this is not a problem as such since the >>>>>> UTA work really has a different scope - they focus on >>>>>> Web/Messaging/Email rather than the IoT space. I sent a mail to >>>>>> their list to request the title to be adjusted. >>>>>> >>>>>> Ciao Hannes >>>>>> >>>>>> On 11/12/2014 01:37 AM, Russ Housley wrote: >>>>>>> DICE document requires TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8. I >>>>>>> have no problem with that choice. It makes a lot of sense for >>>>>>> small devices. >>>>>>> >>>>>>> The HTTPbis is also taking a path that requires an AEAD >>>>>>> algorithm. It would be really nice if the two groups came to a >>>>>>> place that allowed interoperability, but HTTPbis seems to be on a >>>>>>> path for AES-GCM. AES-CCM is better for small devices. >>>>>>> >>>>>>> It seems to me that the two groups should talk to each other >>>>>>> before WG Last Call is over. >>>>>>> >>>>>>> Russ >>>>> >>>>> _______________________________________________ dtls-iot mailing >>>>> list dtls-iot@ietf.org >>>>> https://www.ietf.org/mailman/listinfo/dtls-iot >>>>> >>> >> >> Zach Shelby >> Director of Technical Marketing >> ARM Internet of Things BU >> www.arm.com >> US: +1 (408) 203-9434 >> Finland: +358 407796297 >> Skype: zdshelby >> LinkedIn: fi.linkedin.com/in/zachshelby/ >> >> >> -- IMPORTANT NOTICE: The contents of this email and any attachments are = confidential and may also be privileged. If you are not the intended recipi= ent, please notify the sender immediately and do not disclose the contents = to any other person, use it for any purpose, or store or copy the informati= on in any medium. Thank you. >> >> ARM Limited, Registered office 110 Fulbourn Road, Cambridge CB1 9NJ, Reg= istered in England & Wales, Company No: 2557590 >> ARM Holdings plc, Registered office 110 Fulbourn Road, Cambridge CB1 9NJ= , Registered in England & Wales, Company No: 2548782 >> > Zach Shelby Director of Technical Marketing ARM Internet of Things BU www.arm.com US: +1 (408) 203-9434 Finland: +358 407796297 Skype: zdshelby LinkedIn: fi.linkedin.com/in/zachshelby/ -- IMPORTANT NOTICE: The contents of this email and any attachments are con= fidential and may also be privileged. If you are not the intended recipient= , please notify the sender immediately and do not disclose the contents to = any other person, use it for any purpose, or store or copy the information = in any medium. Thank you. ARM Limited, Registered office 110 Fulbourn Road, Cambridge CB1 9NJ, Regist= ered in England & Wales, Company No: 2557590 ARM Holdings plc, Registered office 110 Fulbourn Road, Cambridge CB1 9NJ, R= egistered in England & Wales, Company No: 2548782 From nobody Tue Nov 25 01:27:26 2014 Return-Path: X-Original-To: dtls-iot@ietfa.amsl.com Delivered-To: dtls-iot@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E89791A007C for ; Tue, 25 Nov 2014 01:27:23 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.91 X-Spam-Level: X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ca_qgFyJHsDS for ; Tue, 25 Nov 2014 01:27:21 -0800 (PST) Received: from mout.gmx.net (mout.gmx.net [212.227.17.20]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 978FF1A006F for ; Tue, 25 Nov 2014 01:27:21 -0800 (PST) Received: from [192.168.131.131] ([80.92.115.84]) by mail.gmx.com (mrgmx102) with ESMTPSA (Nemesis) id 0MZwYd-1XdRrp3vxv-00LjaS; Tue, 25 Nov 2014 10:26:59 +0100 Message-ID: <54744B61.2090808@gmx.net> Date: Tue, 25 Nov 2014 10:26:57 +0100 From: Hannes Tschofenig User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0 MIME-Version: 1.0 To: Carsten Bormann References: <54742B21.7040806@gmx.net> <85CB26D0-CFE1-4622-B42C-72CBFCC80AA5@tzi.org> <54742EA2.3000708@gmx.net> <535A8E85-B962-42D6-9F4A-43CD96FE037E@tzi.org> <54743B8E.2000507@gmx.net> <1F50337D-E043-4A67-BB5E-E1467BF8CB75@tzi.org> In-Reply-To: <1F50337D-E043-4A67-BB5E-E1467BF8CB75@tzi.org> OpenPGP: id=4D776BC9 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="nK5jGkQNt4pgdq8oU4T0eMHVUg34rQNf8" X-Provags-ID: V03:K0:eIgBkLqVq6S2bs9iFUzOf1MXjqXk5gsM+ZcrEHT6hLbi+C4V2qM IYLZ9tTGdHkP6PuHz9chfYUL/BT6w+PAXeVY7NVw1vpL1/1HlAuUhv/02+FNpTg9g8DQi3d ascfJhSYaecN73mFbl4/rEIMGJ8Ew3/EkMoUSNz2lRouGJhHoI4PMD+r7Z/rpLaSN+sRqrz n1ukPnlSB7WVu3xTWPNwA== X-UI-Out-Filterresults: notjunk:1; Archived-At: http://mailarchive.ietf.org/arch/msg/dtls-iot/0KTM0nS59pebZmzQXAhI_l5yrwE Cc: kovatsch@inf.ethz.ch, Akbar.Rahman@InterDigital.com, "dtls-iot@ietf.org" Subject: Re: [Dtls-iot] Unconstrained DTLS servers X-BeenThere: dtls-iot@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DTLS for IoT discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Nov 2014 09:27:24 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --nK5jGkQNt4pgdq8oU4T0eMHVUg34rQNf8 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hi Carsten, On 11/25/2014 09:37 AM, Carsten Bormann wrote: >>=20 >> In order to provide a description that is interoperable one will >> have to explain what the client presents to the server to deal >> with authorization. >=20 > I still fail to see why this is somehow easy with a constrained > client and hard with a constrained server. The issue is not so much related to the constrained nature but more about the communication pattern. The current DTLS profile draft talks about an IoT device talking to a cloud infrastructure and also that the credentials needed for DTLS are pre-provisioned using ways that are in widespread use today (which are mostly configured into the firmware/hardware). The scenario where a constrained IoT device talks to another constrained IoT device in the local network in a sort-of peer-to-peer style is a less mature design pattern. Note that I am not saying that we shouldn't write this down. I am just saying that I rather prefer this document to get published with this scope rather than expanding the scope at this point in time. >=20 >> Just looking at the different solutions there are cases where the >> client provides a certificate at the DTLS layer, a shared secret at >> the at the DTLS layer but there are also solutions being presented >> that move this functionality to the application layer. >=20 > The DTLS profile would not cover the application layer approach, > obviously. And maybe the ACE work will lead to conclusion that the use of DTLS between constrained clients and servers isn't a good idea. >=20 >> In other cases, there may be no DTLS at all and only application >> layer security objects (as presented at the last IETF meeting). >=20 > Again, that is not something that the DTLS profile needs to worry > about. But we don't know yet what we will come up with in the end. You are essentially saying that we should standardize part of the story of ACE in DICE already before we even finalized the use cases. Why are we doing the use cases when we already know what the solution is going to be anyway? >=20 >> We also don't know whether we will have one solution only or more >> than one. Maybe we will have one solution that provides all types >> of credentials; maybe not. >>=20 >>>>> Conversely, I see nothing in DTLS that requires ACE to set up >>>>> a connection to a constrained server (the PSK mechanism >>>>> provides any decoupling between the two that might be >>>>> needed). >>>> We are still at the level of use cases in ACE and many of the >>>> solution related aspects are still under discussion. >>>=20 >>> Is your assumption that the usage of DTLS will significantly >>> change from the way defined in RFC 7252, as a result of the ACE >>> work? >>=20 >> RFC 7252 does not really provide enough details for these scenarios >> to build an interoperable solution. Hence, I wouldn't call it >> "change RFC 7252" but rather fill in the gaps. >=20 > Hmm, how is a single interoperable solution a prerequisite to having > a DTLS profile? The document as is clearly is open to many different > interoperable solutions for the constrained client case, and the same > should be true for the constrained server. >=20 > There is some hidden assumption in this argumentation that we still > need to uncover. Wouldn't it be nice if we had fewer solutions than more? Don't you think that will improve interoperability? Ciao Hannes >=20 > Gr=C3=BC=C3=9Fe, Carsten >=20 --nK5jGkQNt4pgdq8oU4T0eMHVUg34rQNf8 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org iQEcBAEBCgAGBQJUdEthAAoJEGhJURNOOiAtyIwH/iRDb24Sav3WLpbKk6b7aTaJ b74feKjKOAWjuaETX+UJI270yNksK92xgnVnj1kx33ih6WcGirwVe7fteOnadhKT eyiXBgVDff48blgfJGiA1CtiTEBLfqwS/jtFGkUivRNrticFI4xQ7zQrKTrQ6oKv iz0GOaMshLS6Kw6uAYxQZWiw+8X5fPVTMrF2zLNuK5JXd8q98u709G0pafu0hgvO 8+Vh0XCK4IDC/BcLqBr1YpJrowkD2e4tZPaOZ9Z2zsiETWlZbOmQyiMZWZ5sDT2x oTOI7VEUuX6ppla8SQtLYjSsiDfIt92TSPERDDx1hSoLbPWRVNKBDqlNJ0bZvYs= =GNc2 -----END PGP SIGNATURE----- --nK5jGkQNt4pgdq8oU4T0eMHVUg34rQNf8-- From nobody Tue Nov 25 01:55:54 2014 Return-Path: X-Original-To: dtls-iot@ietfa.amsl.com Delivered-To: dtls-iot@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 68E971A00A8 for ; Tue, 25 Nov 2014 01:55:52 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.91 X-Spam-Level: X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AlCP2kDYF5sD for ; Tue, 25 Nov 2014 01:55:50 -0800 (PST) Received: from mout.gmx.net (mout.gmx.net [212.227.17.22]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 844491A008D for ; Tue, 25 Nov 2014 01:55:50 -0800 (PST) Received: from [192.168.131.131] ([80.92.115.84]) by mail.gmx.com (mrgmx102) with ESMTPSA (Nemesis) id 0MWxtA-1XNGFz1A5U-00VxF3; Tue, 25 Nov 2014 10:55:47 +0100 Message-ID: <54745222.5010902@gmx.net> Date: Tue, 25 Nov 2014 10:55:46 +0100 From: Hannes Tschofenig User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0 MIME-Version: 1.0 To: "Kumar, Sandeep" , "dtls-iot@ietf.org" References: In-Reply-To: OpenPGP: id=4D776BC9 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="OoGFpqgxS0KkLlFoerde659m2g9pa0XwN" X-Provags-ID: V03:K0:coAIRmX+Nx0ZXtMsGmLVly82EGswRokZNDbrEKPr3yD/g0wah+X 8col5zRjNNazbyMrpIEeeUda7hM5Qxc8K64XtID4GaFQt57FBcihPVpPbT2kaCcCmCBFuON 92SjcGLWl7OlP7Kznt9m9OUhkkq28dtFBJVl7UCmXYnPDF/hiE6DPLoukX5k1m/OKZbiwm3 kI+zc0CytyCdAfO6m5c1w== X-UI-Out-Filterresults: notjunk:1; Archived-At: http://mailarchive.ietf.org/arch/msg/dtls-iot/wdiH2WrD6ByzWcLTYezzyOWo8lE Subject: Re: [Dtls-iot] AES-CCM nonces in DTLS records X-BeenThere: dtls-iot@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DTLS for IoT discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Nov 2014 09:55:52 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --OoGFpqgxS0KkLlFoerde659m2g9pa0XwN Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable Hi Sandeep, your observation is correct but I fear that changing the DTLS record layer (since you are not proposing to chance the length of the nonce) means to standardize a new ciphersuite in TLS. Ciao Hannes On 11/15/2014 04:44 AM, Kumar, Sandeep wrote: > Hi Hannes >=20 > =20 >=20 > I would like to point out one other improvement with AEAD mode ciphers > (presently AES-GCM and AES-CCM) that could go into the profile draft. >=20 > =20 >=20 > Presently both RFC5288 and RFC6655 mention that the >=20 > The nonce_explicit MAY be the 64-bit sequence number. >=20 > However this only means that GenericAEADCipher.nonce_explicit field in > the record layer is an exact copy of the sequence number (for DTLS: > epoch||sequence number). This leads to a duplication of 8-bytes per > record which can mean a lot for IEEE 802.15.4 networks. >=20 > =20 >=20 > ChaCha20 and Poly1305 based ciphersuite for TLS > (draft-agl-tls-chacha20poly1305-04) does remove this duplication by st= ating >=20 > When used in TLS, the "record_iv_length" is zero and the nonce is the >=20 > sequence number for the record, as an 8-byte, big-endian number. >=20 > =20 >=20 > The question to you (and to the group) is if we can make a similar > statement for improvement in AES-CCM preventing an 8-byte duplication > per packet. Unfortunately this might mean that an IoT profiled DTLS > using AES-CCM may not work with existing implementations unless there i= s > some form of signaling (for example with an extension). >=20 > =20 >=20 > Regards >=20 > Sandeep >=20 > =20 >=20 >=20 > -----------------------------------------------------------------------= - > The information contained in this message may be confidential and > legally protected under applicable law. The message is intended solely > for the addressee(s). If you are not the intended recipient, you are > hereby notified that any use, forwarding, dissemination, or reproductio= n > of this message is strictly prohibited and may be unlawful. If you are > not the intended recipient, please contact the sender by return e-mail > and destroy all copies of the original message. >=20 >=20 > _______________________________________________ > dtls-iot mailing list > dtls-iot@ietf.org > https://www.ietf.org/mailman/listinfo/dtls-iot >=20 --OoGFpqgxS0KkLlFoerde659m2g9pa0XwN Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org iQEcBAEBCgAGBQJUdFIiAAoJEGhJURNOOiAt96kH/0JVipxKxQCmzrphmAaEo6bb cshPL6Yar37Yc0SMil4BcQNcmkLZB5ll1OUdQgKByPSGqb2IF6AA77oSTcOakm/1 Pajhd77qEAB0Jja/k9nFadnz8NjSmctM7MEaTVtiDehFu/k/hdnwyUWuXsFhAh5t kLjSTLc4TkktAOfa0sGApqCcQCPxsU0tLCmz4Tx10zSEG2eYv5ntLrWjKRPTv2bN DPwbMPOJCwJBhPI/dLyoYfBaYMXnQN2ztph+QujwGU5kvy6vn48iN5WBWUGyNfeI fur7y8bS7hWHtfLO6XRcZMyuR9j8RRFZaEOqGFhozx+OY3t9xwWTuvI2xipistg= =jJNJ -----END PGP SIGNATURE----- --OoGFpqgxS0KkLlFoerde659m2g9pa0XwN-- From nobody Tue Nov 25 02:00:41 2014 Return-Path: X-Original-To: dtls-iot@ietfa.amsl.com Delivered-To: dtls-iot@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6E75C1A008D for ; Tue, 25 Nov 2014 02:00:40 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.91 X-Spam-Level: X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_RP_MATCHES_RCVD=-0.01] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6bQoLfmayZE8 for ; Tue, 25 Nov 2014 02:00:38 -0800 (PST) Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) by ietfa.amsl.com (Postfix) with ESMTP id 92E351A006F for ; Tue, 25 Nov 2014 02:00:36 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 07404BE8F; Tue, 25 Nov 2014 10:00:36 +0000 (GMT) X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Bm__7hju5TNh; Tue, 25 Nov 2014 10:00:33 +0000 (GMT) Received: from [10.87.48.5] (unknown [86.46.28.250]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 852B8BEC9; Tue, 25 Nov 2014 10:00:33 +0000 (GMT) Message-ID: <54745340.3090905@cs.tcd.ie> Date: Tue, 25 Nov 2014 10:00:32 +0000 From: Stephen Farrell User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0 MIME-Version: 1.0 To: Hannes Tschofenig , Zach Shelby References: <6F73BAEE-5FA3-4BCA-9A28-B98E1093CB95@gmail.com> <1B65AA0C-100B-4072-BC30-71B78C49FD32@vigilsec.com> <54665EC1.8020706@gmx.net> <54668854.1020503@cs.tcd.ie> <54743777.8000800@gmx.net> <547448EB.8070506@gmx.net> In-Reply-To: <547448EB.8070506@gmx.net> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Archived-At: http://mailarchive.ietf.org/arch/msg/dtls-iot/CwdatMQWUxFHDZpOhTzkDqPT5Hw Cc: Dorothy Gellert , Russ Housley , "dtls-iot@ietf.org" Subject: Re: [Dtls-iot] WGLC for DTLS Profile draft: 11/11/2014 - 11/25/2014 X-BeenThere: dtls-iot@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DTLS for IoT discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Nov 2014 10:00:40 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hannes, - - I don't think you're correct that the UTA BCP is only about the web but let's not debate that here. - - It's probably best to not complicate the UTA BCP with any specifics of devices that cannot do GCM. - - The GCM/CCM situation is IMO far from perfect but we have to live with it. - - Any attempts to "win" here (e.g. to try push for use of a mode where it won't work) would be a bad plan - we should look at this as an interop problem that needs to be worked around and not have a silly "my mode is better than yours" argument (not saying you're doing that) - - It'd be good if those developing systems and lower layer standards recognised the interop problem and tried to help make it better (that might already be happening, I'm not sure) S. On 25/11/14 09:16, Hannes Tschofenig wrote: > Hi Zach, > > it would be option #d in my list below. In fact, I have already > dropped a mail to the UTA list about their document and raised the > issue of scoping. Their document is really is about the Web. I fear > that nobody had really looked at their document in detail since > otherwise someone would have noticed that it also talks briefly > about email and XMPP while there is other work in the group that > provides much greater detail on those topic. In the same spirit I > see the IoT case as something that does not belong in their > document at all. TLS (and DTLS) is just used in a number of > different deployments and they are a bit different. > > Ciao Hannes > > > On 11/25/2014 09:25 AM, Zach Shelby wrote: >> In addition to actual hardware support for AES-CCM in the >> embedded SoC industry, which won't go away anytime soon, I would >> also point out that the required cipher suites in CoAP are CCM >> based as well. We really do need to support CCM in the DICE >> Profile. We could indicate support for GCM as well, but I don't >> think that is particularly important. >> >> Regarding the UTA doc, considering that it is general >> recommendations for TLS and DTLS, this should really align with >> the needs of the DICE and CoRE working groups (and thus the IoT >> industry) as well. It is totally contradictory to indicate in >> draft-ietf-uta-tls-bcp that GCM is recommended, and then in >> several other RFCs dependent on DTLS recommend the use of CCM. At >> the minimum that document should have a reference to the use of >> CCM in IoT specifications. >> >> That would be option c from your list Hannes? >> >> Zach >> >> On Nov 25, 2014, at 10:01 AM, Hannes Tschofenig >> wrote: >> >>> Hi Stephen, >>> >>> I personally don't care too much about the different AES modes >>> of operation. I don't have a particularly preference since both >>> will have more or less the same code size and performance >>> (particularly when we talk about small message sizes). Of >>> course, it would have been useful to think about this issue >>> earlier when CCM and GCM were developed (funny enough by two >>> IETF folks, Russ and David McGrew). In any case, I don't want >>> to get dragged into this "my algorithm is better than yours" >>> debate. >>> >>> The issue is just that other SDOs have also selected AES-CCM, >>> such as Bluetooth Smart, Zigbee IP* (if that matters anymore >>> today), and IEEE 802.11i (which isn't necessarily a low power >>> radio but still used in certain IoT deployments). >>> >>> These silicon manufacturers then made these algorithms >>> available for developers as well (besides using them for the >>> underlying radio technology). Furthermore, they have also been >>> added to SoCs even without the radio technology. >>> >>> In many cases these algorithm implementations cannot be updated >>> (even if they are just software running on the chip) rather >>> than being really in hardware. >>> >>> Whether it is useful to put the entire algorithm in hardware or >>> instead just some primitives is yet another story but I guess >>> it is a bit too late for that discussion. >>> >>> The question therefore is what could be done about this >>> situation. Here are the options: >>> >>> a) Change the recommendations in the UTA document to AES-CCM b) >>> Change the recommendations in the DTLS profile document to >>> AES-GCM c) Indicate support for both (AES-CCM and AES-GCM) d) >>> Leave the documents as they are since they target different >>> industry segments/use cases. >>> >>> As I argued earlier I think option (d) is the way to go. >>> >>> Ciao Hannes >>> >>> *: According to my understanding Zigbee IP uses a variation of >>> AES-CCM. >>> >>> On 11/14/2014 11:55 PM, Stephen Farrell wrote: >>>> >>>> Hi Russ, >>>> >>>> >>>> >>>> On 14/11/14 20:05, Russ Housley wrote: >>>>> Hannes: >>>>> >>>>> I understand the hardware situation. That was the point I >>>>> was trying to make when I said, "It makes a lot of sense >>>>> for small devices." Please explain this situation in >>>>> HTTPbis. My hope is that they will join you by either >>>>> picking AES-CCM or picking both AES-GCM and AES-CCM. >>>> >>>> I'm not getting why we see having two AES modes as >>>> advantageous. >>>> >>>> I get that there are devices out there with CCM and that >>>> that's unlikely to go away, and that the same is true for >>>> GCM, but that seems like a thing that's a pain to work >>>> around. >>>> >>>> Or am I over interpreting "hope" there? >>>> >>>> >>>> >>>> S. >>>> >>>> >>>>> >>>>> Russ >>>>> >>>>> >>>>> On Nov 14, 2014, at 2:57 PM, Hannes Tschofenig wrote: >>>>> >>>>>> Hi Russ, >>>>>> >>>>>> thanks for bringing this up. >>>>>> >>>>>> The ciphersuites selected for the DTLS profile draft have >>>>>> been heavily influenced by the work done in the CORE >>>>>> working group. >>>>>> >>>>>> We have been telling silicon partners that they should >>>>>> put AES-CCM into their chips and they have indeed >>>>>> following that recommendation. >>>>>> >>>>>> I believe, however, that this is not a problem as such >>>>>> since the UTA work really has a different scope - they >>>>>> focus on Web/Messaging/Email rather than the IoT space. I >>>>>> sent a mail to their list to request the title to be >>>>>> adjusted. >>>>>> >>>>>> Ciao Hannes >>>>>> >>>>>> On 11/12/2014 01:37 AM, Russ Housley wrote: >>>>>>> DICE document requires >>>>>>> TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8. I have no problem >>>>>>> with that choice. It makes a lot of sense for small >>>>>>> devices. >>>>>>> >>>>>>> The HTTPbis is also taking a path that requires an >>>>>>> AEAD algorithm. It would be really nice if the two >>>>>>> groups came to a place that allowed interoperability, >>>>>>> but HTTPbis seems to be on a path for AES-GCM. AES-CCM >>>>>>> is better for small devices. >>>>>>> >>>>>>> It seems to me that the two groups should talk to each >>>>>>> other before WG Last Call is over. >>>>>>> >>>>>>> Russ >>>>> >>>>> _______________________________________________ dtls-iot >>>>> mailing list dtls-iot@ietf.org >>>>> https://www.ietf.org/mailman/listinfo/dtls-iot >>>>> >>> >> >> Zach Shelby Director of Technical Marketing ARM Internet of >> Things BU www.arm.com US: +1 (408) 203-9434 Finland: +358 >> 407796297 Skype: zdshelby LinkedIn: >> fi.linkedin.com/in/zachshelby/ >> >> >> -- IMPORTANT NOTICE: The contents of this email and any >> attachments are confidential and may also be privileged. If you >> are not the intended recipient, please notify the sender >> immediately and do not disclose the contents to any other person, >> use it for any purpose, or store or copy the information in any >> medium. Thank you. >> >> ARM Limited, Registered office 110 Fulbourn Road, Cambridge CB1 >> 9NJ, Registered in England & Wales, Company No: 2557590 ARM >> Holdings plc, Registered office 110 Fulbourn Road, Cambridge CB1 >> 9NJ, Registered in England & Wales, Company No: 2548782 >> > > > > _______________________________________________ dtls-iot mailing > list dtls-iot@ietf.org > https://www.ietf.org/mailman/listinfo/dtls-iot > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJUdFM5AAoJEC88hzaAX42i29kH/3Zqs/yCbiHPvrutVDamGdFv 3OilgYSeaOxeOa5xlA04hrDuN312i0CW010DokkmuWiYQyT8nH4C4i5PWsVnS9E/ USeWuBBYOdfs34CJUKwBGSLcqOfxoomx+aUtbSh32ZwMOFho2HWpTbu2GZUlMFKG tvUqgwbtz1UNPUT0UtHODy7CsKb4fLdCpoXzzjy6C1mM6QH/+xGA5jBn1ZLeUOlO 71P8JnK5mO6F7dIDuYHyq+6Wq4qUMlCHi6VYEl/FAJ0+/NfPxSjRoVMvyfryTDwg 0rseyugM4e1zaPBplvpKPLpbrYGgCTB98Q4uyn+G+xcU+yKtLGg/fGukJFxQ2jk= =bDdV -----END PGP SIGNATURE----- From nobody Tue Nov 25 02:07:28 2014 Return-Path: X-Original-To: dtls-iot@ietfa.amsl.com Delivered-To: dtls-iot@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 94D001A0099 for ; Tue, 25 Nov 2014 02:07:26 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.91 X-Spam-Level: X-Spam-Status: No, score=-0.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, FREEMAIL_REPLY=1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ve3zQXRmJDaU for ; Tue, 25 Nov 2014 02:07:25 -0800 (PST) Received: from mout.gmx.net (mout.gmx.net [212.227.15.19]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C7F391A008D for ; Tue, 25 Nov 2014 02:07:24 -0800 (PST) Received: from [192.168.131.131] ([80.92.115.84]) by mail.gmx.com (mrgmx002) with ESMTPSA (Nemesis) id 0MTjua-1XSmC00wAC-00QUoL; Tue, 25 Nov 2014 11:07:20 +0100 Message-ID: <547454D7.3090209@gmx.net> Date: Tue, 25 Nov 2014 11:07:19 +0100 From: Hannes Tschofenig User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0 MIME-Version: 1.0 To: Rene Hummen , Dorothy Gellert References: <6F73BAEE-5FA3-4BCA-9A28-B98E1093CB95@gmail.com> In-Reply-To: OpenPGP: id=4D776BC9 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="Av84LicOR1ntghLEadHOObe5pqixsokld" X-Provags-ID: V03:K0:4FytMRNL5lh/FOqrXQdsI083/McKyYMsyQotqdgV205h0JWPj7z PRMwVRdTCLimonyTCNIqAPNYJd5qbilGK+zI7ycEundNRPlKXu4DnblkgOOPEq4mfZ+Bvk/ Gi+m5IGNewLgd0fodnCodwp911jyBfmFd2h5WhsHfK+L3sgWz8cHeuvWm2/KK7bctDvILWc T6zB3KhFKcQFU0idXbO2g== X-UI-Out-Filterresults: notjunk:1; Archived-At: http://mailarchive.ietf.org/arch/msg/dtls-iot/ufNZ-6QKl9kiij-B3-wezxiT9zo Cc: Zach Shelby , "dtls-iot@ietf.org" Subject: Re: [Dtls-iot] Retransmission timeout and PSK identity hint X-BeenThere: dtls-iot@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DTLS for IoT discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Nov 2014 10:07:26 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --Av84LicOR1ntghLEadHOObe5pqixsokld Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable Hi Rene, On 11/15/2014 08:05 AM, Rene Hummen wrote: > Besides the fact that I would have liked this draft to consider both a > constrained DTLS client and a constrained DTLS server, I created another discussion thread about this topic. It would be interesting to hear what use cases you have in mind and whether you believe that such a write-up can wait for ACE or whether you see this totally independent of ACE. > I have two main comments: >=20 > 1) From my experience, the recommended timeout values for DTLS often > lead to spurious retransmissions in constrained node networks. > Especially for constrained devices with software ECC support, network > delays in combination with ECDH and ECDSA operations quickly exceed a 1= > sec timeout. Similarly, for long message flights (i.e., > certificate-related flights), repeated loss of a handshake message > causes extensive handshake delays. As the specific timeout values may b= e > application dependent, pointing out these issues in sections 5.2 and 5.= 3 > would be very useful. Your point is well taken. In response to my presentation about DTLS over SMS this issue was also raised and the suggestion was made to include these timer-settings in the DTLS profile. >=20 > 2) Section 5.1: The paragraph about the =93PSK identity hint=94 is uncl= ear > to me. What is the rationale behind recommending against sending the > hint if the key selection is based on the domain name of the server in > contrast to any other means of identification? Moreover, how does this > tie in with the subsequent recommendation saying =93A server using the > identity hint needs to guide the selection based on a received SNI valu= e > from the client.=94? Thanks for asking. There are two types of "identities" (or identifiers as I would call them) in use. First, the client needs to tell the server some identifier so that it can select the right key when verifying the message. This is called the "PSK Identity". Then, there is also the capability in the TLS-PSK RFC to allow the server to indicate what key the client should use. This is the "PSK Identity Hint". Obviously, this is only an issue if the client has more than one PSK to begin with. The concept of this PSK identity hint was inspired by the realm parameter of the HTTP digest algorithm where a single server can host multiple resources and the server then challenges the client (or user) accordingly. In the IoT context the scenario is hopefully a bit simpler. I suspect that in normal circumstances the client will select the key based on the domain name. At the time when the TLS-PSK algorithm was written the concept of SNI did not exist since the use of hosted services wasn't that common. If someone would want to use a hosted environment for their IoT deployment then they would most likely support SNI. Does this make sense? >=20 >=20 > Some editorial comments (possibly personal preference): Thanks for the editorial remarks. Will incorporate them into the next draft version. Ciao Hannes > Ren=E9 >=20 >=20 > On 12 Nov 2014, at 00:18, Dorothy Gellert > wrote: >> Dear WG, >> >> As discussed during the Dice WG meeting at IETF#91, this email starts >> a WGLC for our DTLS profile draft: >> >> https://tools.ietf.org/html/draft-ietf-dice-profile-05 >> >> Please review. This WGLC will end on Tuesday, November 25, 2014. >> >> Best Regards, >> Dorothy and Zach >> _______________________________________________ >> dtls-iot mailing list >> dtls-iot@ietf.org >> https://www.ietf.org/mailman/listinfo/dtls-iot >=20 > -- > Dipl.-Inform. Rene Hummen, Ph.D. Student > Chair of Communication and Distributed Systems > RWTH Aachen University, Germany > tel: +49 241 80 21426 > web: http://www.comsys.rwth-aachen.de/team/rene-hummen/ >=20 >=20 >=20 > _______________________________________________ > dtls-iot mailing list > dtls-iot@ietf.org > https://www.ietf.org/mailman/listinfo/dtls-iot >=20 --Av84LicOR1ntghLEadHOObe5pqixsokld Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org iQEcBAEBCgAGBQJUdFTXAAoJEGhJURNOOiAtgWwH/16Xka7rkQGAhczttY59Kr3i 7tcfe6D78roThaDwQtRBC24nwCCqqnbaQjxO2+YS4WyXRzmn8dSlt9RJh3g8VjJG Z5TSzz6vArufJQvuoOhxT0CfdVILtU4grX6gYpU0f4C7TKejFPMPCSUMtK1sai+8 mN2QVip+m8YBXGf6lTmbAKBLHPWetw5RPb5Ovd0tr5c3GeK8sScUZqHIy1gRqp29 IO55XuKP4Q6Q6vCuU9le2pRhtBlKEeBoHcduCQbwdPIWLFiA0druSxnyThqQPkY4 xj5p7stL6nRnE0VVEG/Rhlbl7WtGcAK6UoQ3D9FRvNaI9yo7o71txyfPT9IcHzk= =xtSo -----END PGP SIGNATURE----- --Av84LicOR1ntghLEadHOObe5pqixsokld-- From nobody Tue Nov 25 02:19:04 2014 Return-Path: X-Original-To: dtls-iot@ietfa.amsl.com Delivered-To: dtls-iot@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1E36A1A00A8 for ; Tue, 25 Nov 2014 02:19:01 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.201 X-Spam-Level: X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gLBTgZuvpc5E for ; Tue, 25 Nov 2014 02:18:57 -0800 (PST) Received: from service88.mimecast.com (service88.mimecast.com [195.130.217.12]) by ietfa.amsl.com (Postfix) with ESMTP id 455E51A0092 for ; Tue, 25 Nov 2014 02:18:57 -0800 (PST) Received: from USA-SJC-GW1.usa.Arm.com (fw-tnat.snv.arm.com [217.140.100.22]) (Using TLS) by service88.mimecast.com; Tue, 25 Nov 2014 10:18:55 +0000 Received: from Spock.usa.Arm.com ([fe80::4116:859a:65b1:2f84]) by USA-SJC-GW1.usa.Arm.com ([::1]) with mapi; Tue, 25 Nov 2014 10:18:50 +0000 From: Zach Shelby To: Stephen Farrell Date: Tue, 25 Nov 2014 10:18:48 +0000 Thread-Topic: [Dtls-iot] WGLC for DTLS Profile draft: 11/11/2014 - 11/25/2014 Thread-Index: AdAImTTNfNMsUUfaRgepa1a0V5rCNA== Message-ID: <266F80F5-81AD-421C-99EB-77C4CDAD25D4@arm.com> References: <6F73BAEE-5FA3-4BCA-9A28-B98E1093CB95@gmail.com> <1B65AA0C-100B-4072-BC30-71B78C49FD32@vigilsec.com> <54665EC1.8020706@gmx.net> <54668854.1020503@cs.tcd.ie> <54743777.8000800@gmx.net> <547448EB.8070506@gmx.net> <54745340.3090905@cs.tcd.ie> In-Reply-To: <54745340.3090905@cs.tcd.ie> Accept-Language: en-US, en-GB Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US, en-GB MIME-Version: 1.0 X-MC-Unique: 114112510185504802 Content-Type: text/plain; charset=WINDOWS-1252 Content-Transfer-Encoding: quoted-printable Archived-At: http://mailarchive.ietf.org/arch/msg/dtls-iot/Dn4SUyi6QB5TWCc32zI_p586RvM Cc: Dorothy Gellert , Hannes Tschofenig , Russ Housley , "dtls-iot@ietf.org" Subject: Re: [Dtls-iot] WGLC for DTLS Profile draft: 11/11/2014 - 11/25/2014 X-BeenThere: dtls-iot@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DTLS for IoT discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Nov 2014 10:19:01 -0000 Stephen, I don't agree that the situation should just be left as-is. You are correct= that that UTA BCP is very broad ranging in scope in -07 of the draft. In o= rder to not totally contradict ourselves, there are two options. This isn't= about winning, just not confusing the community when they read our specifi= cations. Option 1 - Fix the scope of the UTA BCP to specifically not include IoT. I = think this is what Hannes was suggesting. Option 2 - Include a reference in the UTA BCP to the CCM based cipher suite= s already recommended for use with DTLS in CoAP, and other industry standar= ds. This could potentially cause interoperability if the specifications cause c= onfusion. But I don't see an interoperability problem today, for CoAP over = DTLS the must implement cipher suites are very clearly defined. Zach On Nov 25, 2014, at 12:00 PM, Stephen Farrell w= rote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > Hannes, > > - - I don't think you're correct that the UTA BCP is only > about the web but let's not debate that here. > - - It's probably best to not complicate the UTA BCP with > any specifics of devices that cannot do GCM. > - - The GCM/CCM situation is IMO far from perfect but we > have to live with it. > - - Any attempts to "win" here (e.g. to try push for use > of a mode where it won't work) would be a bad plan - we > should look at this as an interop problem that needs > to be worked around and not have a silly "my mode is > better than yours" argument (not saying you're doing > that) > - - It'd be good if those developing systems and lower > layer standards recognised the interop problem and > tried to help make it better (that might already be > happening, I'm not sure) > > S. > > On 25/11/14 09:16, Hannes Tschofenig wrote: >> Hi Zach, >> >> it would be option #d in my list below. In fact, I have already >> dropped a mail to the UTA list about their document and raised the >> issue of scoping. Their document is really is about the Web. I fear >> that nobody had really looked at their document in detail since >> otherwise someone would have noticed that it also talks briefly >> about email and XMPP while there is other work in the group that >> provides much greater detail on those topic. In the same spirit I >> see the IoT case as something that does not belong in their >> document at all. TLS (and DTLS) is just used in a number of >> different deployments and they are a bit different. >> >> Ciao Hannes >> >> >> On 11/25/2014 09:25 AM, Zach Shelby wrote: >>> In addition to actual hardware support for AES-CCM in the >>> embedded SoC industry, which won't go away anytime soon, I would >>> also point out that the required cipher suites in CoAP are CCM >>> based as well. We really do need to support CCM in the DICE >>> Profile. We could indicate support for GCM as well, but I don't >>> think that is particularly important. >>> >>> Regarding the UTA doc, considering that it is general >>> recommendations for TLS and DTLS, this should really align with >>> the needs of the DICE and CoRE working groups (and thus the IoT >>> industry) as well. It is totally contradictory to indicate in >>> draft-ietf-uta-tls-bcp that GCM is recommended, and then in >>> several other RFCs dependent on DTLS recommend the use of CCM. At >>> the minimum that document should have a reference to the use of >>> CCM in IoT specifications. >>> >>> That would be option c from your list Hannes? >>> >>> Zach >>> >>> On Nov 25, 2014, at 10:01 AM, Hannes Tschofenig >>> wrote: >>> >>>> Hi Stephen, >>>> >>>> I personally don't care too much about the different AES modes >>>> of operation. I don't have a particularly preference since both >>>> will have more or less the same code size and performance >>>> (particularly when we talk about small message sizes). Of >>>> course, it would have been useful to think about this issue >>>> earlier when CCM and GCM were developed (funny enough by two >>>> IETF folks, Russ and David McGrew). In any case, I don't want >>>> to get dragged into this "my algorithm is better than yours" >>>> debate. >>>> >>>> The issue is just that other SDOs have also selected AES-CCM, >>>> such as Bluetooth Smart, Zigbee IP* (if that matters anymore >>>> today), and IEEE 802.11i (which isn't necessarily a low power >>>> radio but still used in certain IoT deployments). >>>> >>>> These silicon manufacturers then made these algorithms >>>> available for developers as well (besides using them for the >>>> underlying radio technology). Furthermore, they have also been >>>> added to SoCs even without the radio technology. >>>> >>>> In many cases these algorithm implementations cannot be updated >>>> (even if they are just software running on the chip) rather >>>> than being really in hardware. >>>> >>>> Whether it is useful to put the entire algorithm in hardware or >>>> instead just some primitives is yet another story but I guess >>>> it is a bit too late for that discussion. >>>> >>>> The question therefore is what could be done about this >>>> situation. Here are the options: >>>> >>>> a) Change the recommendations in the UTA document to AES-CCM b) >>>> Change the recommendations in the DTLS profile document to >>>> AES-GCM c) Indicate support for both (AES-CCM and AES-GCM) d) >>>> Leave the documents as they are since they target different >>>> industry segments/use cases. >>>> >>>> As I argued earlier I think option (d) is the way to go. >>>> >>>> Ciao Hannes >>>> >>>> *: According to my understanding Zigbee IP uses a variation of >>>> AES-CCM. >>>> >>>> On 11/14/2014 11:55 PM, Stephen Farrell wrote: >>>>> >>>>> Hi Russ, >>>>> >>>>> >>>>> >>>>> On 14/11/14 20:05, Russ Housley wrote: >>>>>> Hannes: >>>>>> >>>>>> I understand the hardware situation. That was the point I >>>>>> was trying to make when I said, "It makes a lot of sense >>>>>> for small devices." Please explain this situation in >>>>>> HTTPbis. My hope is that they will join you by either >>>>>> picking AES-CCM or picking both AES-GCM and AES-CCM. >>>>> >>>>> I'm not getting why we see having two AES modes as >>>>> advantageous. >>>>> >>>>> I get that there are devices out there with CCM and that >>>>> that's unlikely to go away, and that the same is true for >>>>> GCM, but that seems like a thing that's a pain to work >>>>> around. >>>>> >>>>> Or am I over interpreting "hope" there? >>>>> >>>>> >>>>> >>>>> S. >>>>> >>>>> >>>>>> >>>>>> Russ >>>>>> >>>>>> >>>>>> On Nov 14, 2014, at 2:57 PM, Hannes Tschofenig wrote: >>>>>> >>>>>>> Hi Russ, >>>>>>> >>>>>>> thanks for bringing this up. >>>>>>> >>>>>>> The ciphersuites selected for the DTLS profile draft have >>>>>>> been heavily influenced by the work done in the CORE >>>>>>> working group. >>>>>>> >>>>>>> We have been telling silicon partners that they should >>>>>>> put AES-CCM into their chips and they have indeed >>>>>>> following that recommendation. >>>>>>> >>>>>>> I believe, however, that this is not a problem as such >>>>>>> since the UTA work really has a different scope - they >>>>>>> focus on Web/Messaging/Email rather than the IoT space. I >>>>>>> sent a mail to their list to request the title to be >>>>>>> adjusted. >>>>>>> >>>>>>> Ciao Hannes >>>>>>> >>>>>>> On 11/12/2014 01:37 AM, Russ Housley wrote: >>>>>>>> DICE document requires >>>>>>>> TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8. I have no problem >>>>>>>> with that choice. It makes a lot of sense for small >>>>>>>> devices. >>>>>>>> >>>>>>>> The HTTPbis is also taking a path that requires an >>>>>>>> AEAD algorithm. It would be really nice if the two >>>>>>>> groups came to a place that allowed interoperability, >>>>>>>> but HTTPbis seems to be on a path for AES-GCM. AES-CCM >>>>>>>> is better for small devices. >>>>>>>> >>>>>>>> It seems to me that the two groups should talk to each >>>>>>>> other before WG Last Call is over. >>>>>>>> >>>>>>>> Russ >>>>>> >>>>>> _______________________________________________ dtls-iot >>>>>> mailing list dtls-iot@ietf.org >>>>>> https://www.ietf.org/mailman/listinfo/dtls-iot >>>>>> >>>> >>> >>> Zach Shelby Director of Technical Marketing ARM Internet of >>> Things BU www.arm.com US: +1 (408) 203-9434 Finland: +358 >>> 407796297 Skype: zdshelby LinkedIn: >>> fi.linkedin.com/in/zachshelby/ >>> >>> >>> -- IMPORTANT NOTICE: The contents of this email and any >>> attachments are confidential and may also be privileged. If you >>> are not the intended recipient, please notify the sender >>> immediately and do not disclose the contents to any other person, >>> use it for any purpose, or store or copy the information in any >>> medium. Thank you. >>> >>> ARM Limited, Registered office 110 Fulbourn Road, Cambridge CB1 >>> 9NJ, Registered in England & Wales, Company No: 2557590 ARM >>> Holdings plc, Registered office 110 Fulbourn Road, Cambridge CB1 >>> 9NJ, Registered in England & Wales, Company No: 2548782 >>> >> >> >> >> _______________________________________________ dtls-iot mailing >> list dtls-iot@ietf.org >> https://www.ietf.org/mailman/listinfo/dtls-iot >> > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1 > > iQEcBAEBAgAGBQJUdFM5AAoJEC88hzaAX42i29kH/3Zqs/yCbiHPvrutVDamGdFv > 3OilgYSeaOxeOa5xlA04hrDuN312i0CW010DokkmuWiYQyT8nH4C4i5PWsVnS9E/ > USeWuBBYOdfs34CJUKwBGSLcqOfxoomx+aUtbSh32ZwMOFho2HWpTbu2GZUlMFKG > tvUqgwbtz1UNPUT0UtHODy7CsKb4fLdCpoXzzjy6C1mM6QH/+xGA5jBn1ZLeUOlO > 71P8JnK5mO6F7dIDuYHyq+6Wq4qUMlCHi6VYEl/FAJ0+/NfPxSjRoVMvyfryTDwg > 0rseyugM4e1zaPBplvpKPLpbrYGgCTB98Q4uyn+G+xcU+yKtLGg/fGukJFxQ2jk=3D > =3DbDdV > -----END PGP SIGNATURE----- > Zach Shelby Director of Technical Marketing ARM Internet of Things BU www.arm.com US: +1 (408) 203-9434 Finland: +358 407796297 Skype: zdshelby LinkedIn: fi.linkedin.com/in/zachshelby/ -- IMPORTANT NOTICE: The contents of this email and any attachments are con= fidential and may also be privileged. If you are not the intended recipient= , please notify the sender immediately and do not disclose the contents to = any other person, use it for any purpose, or store or copy the information = in any medium. Thank you. ARM Limited, Registered office 110 Fulbourn Road, Cambridge CB1 9NJ, Regist= ered in England & Wales, Company No: 2557590 ARM Holdings plc, Registered office 110 Fulbourn Road, Cambridge CB1 9NJ, R= egistered in England & Wales, Company No: 2548782 From nobody Tue Nov 25 02:19:33 2014 Return-Path: X-Original-To: dtls-iot@ietfa.amsl.com Delivered-To: dtls-iot@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5F4FC1A00B2 for ; Tue, 25 Nov 2014 02:19:31 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.91 X-Spam-Level: X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jrDVlq-mgU2f for ; Tue, 25 Nov 2014 02:19:28 -0800 (PST) Received: from mout.gmx.net (mout.gmx.net [212.227.17.21]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 91A681A00A3 for ; Tue, 25 Nov 2014 02:19:18 -0800 (PST) Received: from [192.168.131.131] ([80.92.115.84]) by mail.gmx.com (mrgmx102) with ESMTPSA (Nemesis) id 0MOTRh-1Xnxry3ukf-005rqT; Tue, 25 Nov 2014 11:18:28 +0100 Message-ID: <54745772.2090705@gmx.net> Date: Tue, 25 Nov 2014 11:18:26 +0100 From: Hannes Tschofenig User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0 MIME-Version: 1.0 To: Stephen Farrell , Zach Shelby References: <6F73BAEE-5FA3-4BCA-9A28-B98E1093CB95@gmail.com> <1B65AA0C-100B-4072-BC30-71B78C49FD32@vigilsec.com> <54665EC1.8020706@gmx.net> <54668854.1020503@cs.tcd.ie> <54743777.8000800@gmx.net> <547448EB.8070506@gmx.net> <54745340.3090905@cs.tcd.ie> In-Reply-To: <54745340.3090905@cs.tcd.ie> OpenPGP: id=4D776BC9 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="xBUfmhrEiTiA9J9Wkul9vKdgFNNDlm0b1" X-Provags-ID: V03:K0:tYJ85hvLSM2nkxKQqrGW/acHtgc2XXb5KcVKdfh/2coYEZQWvrq GHWw4Xe1gnhZx11wepq1JtBp3RB8vgCOwykn0AIi5DGpeXIuOiPKDVnqRg9SajE1GGeeFjK tH97WlFUhsV14fDny1d3K2bF6LbRqgvcbhk54J9eAzNISD0wE6SA9QWXGc+PuhtY7+N4FQ/ jc+hhtA+BwxmEaK0Dj7eA== X-UI-Out-Filterresults: notjunk:1; Archived-At: http://mailarchive.ietf.org/arch/msg/dtls-iot/B3ub4macIUE59OLi3rhhZTr-adg Cc: Dorothy Gellert , Russ Housley , "dtls-iot@ietf.org" Subject: Re: [Dtls-iot] WGLC for DTLS Profile draft: 11/11/2014 - 11/25/2014 X-BeenThere: dtls-iot@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DTLS for IoT discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Nov 2014 10:19:31 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --xBUfmhrEiTiA9J9Wkul9vKdgFNNDlm0b1 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hi Stephen, On 11/25/2014 11:00 AM, Stephen Farrell wrote: >=20 > Hannes, >=20 > - I don't think you're correct that the UTA BCP is only > about the web but let's not debate that here. Maybe a discussion for UTA but the scope of draft-ietf-uta-tls-bcp seems relevant here as well. > - It's probably best to not complicate the UTA BCP with > any specifics of devices that cannot do GCM. Fine with me. > - The GCM/CCM situation is IMO far from perfect but we > have to live with it. This is inline with my assessment. > - Any attempts to "win" here (e.g. to try push for use > of a mode where it won't work) would be a bad plan - we > should look at this as an interop problem that needs > to be worked around and not have a silly "my mode is > better than yours" argument (not saying you're doing > that) In full agreement. > - It'd be good if those developing systems and lower > layer standards recognised the interop problem and > tried to help make it better (that might already be > happening, I'm not sure) But what does this mean for me as a document editor? So far, the use of CCM was not seen as a problem for the IoT community. I could point out that there is this other mode of operation (GCM) and it is suggested in draft-ietf-uta-tls-bcp. But what should I recommend? ignore it? implement it? Ciao Hannes >=20 > S. >=20 > On 25/11/14 09:16, Hannes Tschofenig wrote: >> Hi Zach, >=20 >> it would be option #d in my list below. In fact, I have already >> dropped a mail to the UTA list about their document and raised the >> issue of scoping. Their document is really is about the Web. I fear >> that nobody had really looked at their document in detail since >> otherwise someone would have noticed that it also talks briefly >> about email and XMPP while there is other work in the group that >> provides much greater detail on those topic. In the same spirit I >> see the IoT case as something that does not belong in their >> document at all. TLS (and DTLS) is just used in a number of >> different deployments and they are a bit different. >=20 >> Ciao Hannes >=20 >=20 >> On 11/25/2014 09:25 AM, Zach Shelby wrote: >>> In addition to actual hardware support for AES-CCM in the >>> embedded SoC industry, which won't go away anytime soon, I would >>> also point out that the required cipher suites in CoAP are CCM >>> based as well. We really do need to support CCM in the DICE >>> Profile. We could indicate support for GCM as well, but I don't >>> think that is particularly important. >>> >>> Regarding the UTA doc, considering that it is general >>> recommendations for TLS and DTLS, this should really align with >>> the needs of the DICE and CoRE working groups (and thus the IoT >>> industry) as well. It is totally contradictory to indicate in >>> draft-ietf-uta-tls-bcp that GCM is recommended, and then in >>> several other RFCs dependent on DTLS recommend the use of CCM. At >>> the minimum that document should have a reference to the use of >>> CCM in IoT specifications. >>> >>> That would be option c from your list Hannes? >>> >>> Zach >>> >>> On Nov 25, 2014, at 10:01 AM, Hannes Tschofenig >>> wrote: >>> >>>> Hi Stephen, >>>> >>>> I personally don't care too much about the different AES modes >>>> of operation. I don't have a particularly preference since both >>>> will have more or less the same code size and performance >>>> (particularly when we talk about small message sizes). Of >>>> course, it would have been useful to think about this issue >>>> earlier when CCM and GCM were developed (funny enough by two >>>> IETF folks, Russ and David McGrew). In any case, I don't want >>>> to get dragged into this "my algorithm is better than yours" >>>> debate. >>>> >>>> The issue is just that other SDOs have also selected AES-CCM, >>>> such as Bluetooth Smart, Zigbee IP* (if that matters anymore >>>> today), and IEEE 802.11i (which isn't necessarily a low power >>>> radio but still used in certain IoT deployments). >>>> >>>> These silicon manufacturers then made these algorithms >>>> available for developers as well (besides using them for the >>>> underlying radio technology). Furthermore, they have also been >>>> added to SoCs even without the radio technology. >>>> >>>> In many cases these algorithm implementations cannot be updated >>>> (even if they are just software running on the chip) rather >>>> than being really in hardware. >>>> >>>> Whether it is useful to put the entire algorithm in hardware or >>>> instead just some primitives is yet another story but I guess >>>> it is a bit too late for that discussion. >>>> >>>> The question therefore is what could be done about this >>>> situation. Here are the options: >>>> >>>> a) Change the recommendations in the UTA document to AES-CCM b) >>>> Change the recommendations in the DTLS profile document to >>>> AES-GCM c) Indicate support for both (AES-CCM and AES-GCM) d) >>>> Leave the documents as they are since they target different >>>> industry segments/use cases. >>>> >>>> As I argued earlier I think option (d) is the way to go. >>>> >>>> Ciao Hannes >>>> >>>> *: According to my understanding Zigbee IP uses a variation of >>>> AES-CCM. >>>> >>>> On 11/14/2014 11:55 PM, Stephen Farrell wrote: >>>>> >>>>> Hi Russ, >>>>> >>>>> >>>>> >>>>> On 14/11/14 20:05, Russ Housley wrote: >>>>>> Hannes: >>>>>> >>>>>> I understand the hardware situation. That was the point I >>>>>> was trying to make when I said, "It makes a lot of sense >>>>>> for small devices." Please explain this situation in >>>>>> HTTPbis. My hope is that they will join you by either >>>>>> picking AES-CCM or picking both AES-GCM and AES-CCM. >>>>> >>>>> I'm not getting why we see having two AES modes as >>>>> advantageous. >>>>> >>>>> I get that there are devices out there with CCM and that >>>>> that's unlikely to go away, and that the same is true for >>>>> GCM, but that seems like a thing that's a pain to work >>>>> around. >>>>> >>>>> Or am I over interpreting "hope" there? >>>>> >>>>> >>>>> >>>>> S. >>>>> >>>>> >>>>>> >>>>>> Russ >>>>>> >>>>>> >>>>>> On Nov 14, 2014, at 2:57 PM, Hannes Tschofenig wrote: >>>>>> >>>>>>> Hi Russ, >>>>>>> >>>>>>> thanks for bringing this up. >>>>>>> >>>>>>> The ciphersuites selected for the DTLS profile draft have >>>>>>> been heavily influenced by the work done in the CORE >>>>>>> working group. >>>>>>> >>>>>>> We have been telling silicon partners that they should >>>>>>> put AES-CCM into their chips and they have indeed >>>>>>> following that recommendation. >>>>>>> >>>>>>> I believe, however, that this is not a problem as such >>>>>>> since the UTA work really has a different scope - they >>>>>>> focus on Web/Messaging/Email rather than the IoT space. I >>>>>>> sent a mail to their list to request the title to be >>>>>>> adjusted. >>>>>>> >>>>>>> Ciao Hannes >>>>>>> >>>>>>> On 11/12/2014 01:37 AM, Russ Housley wrote: >>>>>>>> DICE document requires >>>>>>>> TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8. I have no problem >>>>>>>> with that choice. It makes a lot of sense for small >>>>>>>> devices. >>>>>>>> >>>>>>>> The HTTPbis is also taking a path that requires an >>>>>>>> AEAD algorithm. It would be really nice if the two >>>>>>>> groups came to a place that allowed interoperability, >>>>>>>> but HTTPbis seems to be on a path for AES-GCM. AES-CCM >>>>>>>> is better for small devices. >>>>>>>> >>>>>>>> It seems to me that the two groups should talk to each >>>>>>>> other before WG Last Call is over. >>>>>>>> >>>>>>>> Russ >>>>>> >>>>>> _______________________________________________ dtls-iot >>>>>> mailing list dtls-iot@ietf.org=20 >>>>>> https://www.ietf.org/mailman/listinfo/dtls-iot >>>>>> >>>> >>> >>> Zach Shelby Director of Technical Marketing ARM Internet of >>> Things BU www.arm.com US: +1 (408) 203-9434 Finland: +358 >>> 407796297 Skype: zdshelby LinkedIn: >>> fi.linkedin.com/in/zachshelby/ >>> >>> >>> -- IMPORTANT NOTICE: The contents of this email and any >>> attachments are confidential and may also be privileged. If you >>> are not the intended recipient, please notify the sender >>> immediately and do not disclose the contents to any other person, >>> use it for any purpose, or store or copy the information in any >>> medium. Thank you. >>> >>> ARM Limited, Registered office 110 Fulbourn Road, Cambridge CB1 >>> 9NJ, Registered in England & Wales, Company No: 2557590 ARM >>> Holdings plc, Registered office 110 Fulbourn Road, Cambridge CB1 >>> 9NJ, Registered in England & Wales, Company No: 2548782 >>> >=20 >=20 >=20 >> _______________________________________________ dtls-iot mailing >> list dtls-iot@ietf.org=20 >> https://www.ietf.org/mailman/listinfo/dtls-iot >=20 >=20 --xBUfmhrEiTiA9J9Wkul9vKdgFNNDlm0b1 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org iQEcBAEBCgAGBQJUdFdyAAoJEGhJURNOOiAtLGQH/izmiesifanFhQGOMmytqCLK 5QquwZhicvc0irbLW+OWkx8xMIiIt+3cfHVAcxCUa8T4K0XAWe9NK19mE6l4HVqX J+LPRmGtEzCAIqOAijtjYPEOjNH9zHhdU9DbJpX6XoPIKHyA/eC/om9AvF0bsspe WAivH+7JWwUjMI4ZpYjMvhQj4NXH7Z1AeDAset8BEz2bMwrDOArcaFqjF8yAJErA o8HaaNnmNqU0KlgMzoDg8NVQKxYcUVgF6Wk046dWvoC95QxQExVzrir5I3I3pLEi LPIiqN9cjjE78+3+t0AelWsLdRIVCI7C0TtccQpkOR6cY9U0q8HdJwLF0UIRDnQ= =mWJp -----END PGP SIGNATURE----- --xBUfmhrEiTiA9J9Wkul9vKdgFNNDlm0b1-- From nobody Tue Nov 25 02:33:02 2014 Return-Path: X-Original-To: dtls-iot@ietfa.amsl.com Delivered-To: dtls-iot@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D0E211A00A9 for ; Tue, 25 Nov 2014 02:33:00 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.91 X-Spam-Level: X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_RP_MATCHES_RCVD=-0.01] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gTon9nXXoP9Y for ; Tue, 25 Nov 2014 02:32:57 -0800 (PST) Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) by ietfa.amsl.com (Postfix) with ESMTP id 41C4D1A00A8 for ; Tue, 25 Nov 2014 02:32:57 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id A5603BED3; Tue, 25 Nov 2014 10:32:56 +0000 (GMT) X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id g843UcjE-qwQ; Tue, 25 Nov 2014 10:32:54 +0000 (GMT) Received: from [10.87.48.5] (unknown [86.46.28.250]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id E4054BEAA; Tue, 25 Nov 2014 10:32:52 +0000 (GMT) Message-ID: <54745AD4.2000300@cs.tcd.ie> Date: Tue, 25 Nov 2014 10:32:52 +0000 From: Stephen Farrell User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0 MIME-Version: 1.0 To: Zach Shelby References: <6F73BAEE-5FA3-4BCA-9A28-B98E1093CB95@gmail.com> <1B65AA0C-100B-4072-BC30-71B78C49FD32@vigilsec.com> <54665EC1.8020706@gmx.net> <54668854.1020503@cs.tcd.ie> <54743777.8000800@gmx.net> <547448EB.8070506@gmx.net> <54745340.3090905@cs.tcd.ie> <266F80F5-81AD-421C-99EB-77C4CDAD25D4@arm.com> In-Reply-To: <266F80F5-81AD-421C-99EB-77C4CDAD25D4@arm.com> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Archived-At: http://mailarchive.ietf.org/arch/msg/dtls-iot/wl8HEyDZu31djNV-DZEmkS3tRsA Cc: Dorothy Gellert , Hannes Tschofenig , Russ Housley , "dtls-iot@ietf.org" Subject: Re: [Dtls-iot] WGLC for DTLS Profile draft: 11/11/2014 - 11/25/2014 X-BeenThere: dtls-iot@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DTLS for IoT discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Nov 2014 10:33:01 -0000 On 25/11/14 10:18, Zach Shelby wrote: > Stephen, > > I don't agree that the situation should just be left as-is. You are > correct that that UTA BCP is very broad ranging in scope in -07 of > the draft. In order to not totally contradict ourselves, there are > two options. This isn't about winning, just not confusing the > community when they read our specifications. > > Option 1 - Fix the scope of the UTA BCP to specifically not include > IoT. I think this is what Hannes was suggesting. The scope of the UTA BCP is not broken IMO. If you think it is you'll have an IETF LC shortly where saying that would be the thing to do. > > Option 2 - Include a reference in the UTA BCP to the CCM based cipher > suites already recommended for use with DTLS in CoAP, and other > industry standards. Was discussed and I think rejected on UTA list. That could have been done though as a footnote. > This could potentially cause interoperability if the specifications > cause confusion. But I don't see an interoperability problem today, Really? We have two pointlessly different modes that won't talk to one another? Seems like a crystal clear interop issue to me. There is no confusion though we just have devices that can't talk to the rest of the Internet easily because of this. > for CoAP over DTLS the must implement cipher suites are very clearly > defined. Sure. It's clear and it works. But I don't think I've seen any TLS usage stats that show up CCM ciphersuites whether for the web or mail or other applications. Might be useful to go looking but I'm not sure if folks have done that. The fact that CCM is required by CoAP or DICE is unfortunate and not a good thing since the rest of the Internet isn't afaik using CCM. (It's still probably the right thing, even if regrettable due to platform constraints.) S. > > Zach > > On Nov 25, 2014, at 12:00 PM, Stephen Farrell > wrote: > > > Hannes, > > - I don't think you're correct that the UTA BCP is only about the web > but let's not debate that here. - It's probably best to not > complicate the UTA BCP with any specifics of devices that cannot do > GCM. - The GCM/CCM situation is IMO far from perfect but we have to > live with it. - Any attempts to "win" here (e.g. to try push for use > of a mode where it won't work) would be a bad plan - we should look > at this as an interop problem that needs to be worked around and not > have a silly "my mode is better than yours" argument (not saying > you're doing that) - It'd be good if those developing systems and > lower layer standards recognised the interop problem and tried to > help make it better (that might already be happening, I'm not sure) > > S. > > On 25/11/14 09:16, Hannes Tschofenig wrote: >>>> Hi Zach, >>>> >>>> it would be option #d in my list below. In fact, I have >>>> already dropped a mail to the UTA list about their document and >>>> raised the issue of scoping. Their document is really is about >>>> the Web. I fear that nobody had really looked at their document >>>> in detail since otherwise someone would have noticed that it >>>> also talks briefly about email and XMPP while there is other >>>> work in the group that provides much greater detail on those >>>> topic. In the same spirit I see the IoT case as something that >>>> does not belong in their document at all. TLS (and DTLS) is >>>> just used in a number of different deployments and they are a >>>> bit different. >>>> >>>> Ciao Hannes >>>> >>>> >>>> On 11/25/2014 09:25 AM, Zach Shelby wrote: >>>>> In addition to actual hardware support for AES-CCM in the >>>>> embedded SoC industry, which won't go away anytime soon, I >>>>> would also point out that the required cipher suites in CoAP >>>>> are CCM based as well. We really do need to support CCM in >>>>> the DICE Profile. We could indicate support for GCM as well, >>>>> but I don't think that is particularly important. >>>>> >>>>> Regarding the UTA doc, considering that it is general >>>>> recommendations for TLS and DTLS, this should really align >>>>> with the needs of the DICE and CoRE working groups (and thus >>>>> the IoT industry) as well. It is totally contradictory to >>>>> indicate in draft-ietf-uta-tls-bcp that GCM is recommended, >>>>> and then in several other RFCs dependent on DTLS recommend >>>>> the use of CCM. At the minimum that document should have a >>>>> reference to the use of CCM in IoT specifications. >>>>> >>>>> That would be option c from your list Hannes? >>>>> >>>>> Zach >>>>> >>>>> On Nov 25, 2014, at 10:01 AM, Hannes Tschofenig >>>>> wrote: >>>>> >>>>>> Hi Stephen, >>>>>> >>>>>> I personally don't care too much about the different AES >>>>>> modes of operation. I don't have a particularly preference >>>>>> since both will have more or less the same code size and >>>>>> performance (particularly when we talk about small message >>>>>> sizes). Of course, it would have been useful to think about >>>>>> this issue earlier when CCM and GCM were developed (funny >>>>>> enough by two IETF folks, Russ and David McGrew). In any >>>>>> case, I don't want to get dragged into this "my algorithm >>>>>> is better than yours" debate. >>>>>> >>>>>> The issue is just that other SDOs have also selected >>>>>> AES-CCM, such as Bluetooth Smart, Zigbee IP* (if that >>>>>> matters anymore today), and IEEE 802.11i (which isn't >>>>>> necessarily a low power radio but still used in certain IoT >>>>>> deployments). >>>>>> >>>>>> These silicon manufacturers then made these algorithms >>>>>> available for developers as well (besides using them for >>>>>> the underlying radio technology). Furthermore, they have >>>>>> also been added to SoCs even without the radio technology. >>>>>> >>>>>> In many cases these algorithm implementations cannot be >>>>>> updated (even if they are just software running on the >>>>>> chip) rather than being really in hardware. >>>>>> >>>>>> Whether it is useful to put the entire algorithm in >>>>>> hardware or instead just some primitives is yet another >>>>>> story but I guess it is a bit too late for that >>>>>> discussion. >>>>>> >>>>>> The question therefore is what could be done about this >>>>>> situation. Here are the options: >>>>>> >>>>>> a) Change the recommendations in the UTA document to >>>>>> AES-CCM b) Change the recommendations in the DTLS profile >>>>>> document to AES-GCM c) Indicate support for both (AES-CCM >>>>>> and AES-GCM) d) Leave the documents as they are since they >>>>>> target different industry segments/use cases. >>>>>> >>>>>> As I argued earlier I think option (d) is the way to go. >>>>>> >>>>>> Ciao Hannes >>>>>> >>>>>> *: According to my understanding Zigbee IP uses a variation >>>>>> of AES-CCM. >>>>>> >>>>>> On 11/14/2014 11:55 PM, Stephen Farrell wrote: >>>>>>> >>>>>>> Hi Russ, >>>>>>> >>>>>>> >>>>>>> >>>>>>> On 14/11/14 20:05, Russ Housley wrote: >>>>>>>> Hannes: >>>>>>>> >>>>>>>> I understand the hardware situation. That was the >>>>>>>> point I was trying to make when I said, "It makes a lot >>>>>>>> of sense for small devices." Please explain this >>>>>>>> situation in HTTPbis. My hope is that they will join >>>>>>>> you by either picking AES-CCM or picking both AES-GCM >>>>>>>> and AES-CCM. >>>>>>> >>>>>>> I'm not getting why we see having two AES modes as >>>>>>> advantageous. >>>>>>> >>>>>>> I get that there are devices out there with CCM and that >>>>>>> that's unlikely to go away, and that the same is true >>>>>>> for GCM, but that seems like a thing that's a pain to >>>>>>> work around. >>>>>>> >>>>>>> Or am I over interpreting "hope" there? >>>>>>> >>>>>>> >>>>>>> >>>>>>> S. >>>>>>> >>>>>>> >>>>>>>> >>>>>>>> Russ >>>>>>>> >>>>>>>> >>>>>>>> On Nov 14, 2014, at 2:57 PM, Hannes Tschofenig wrote: >>>>>>>> >>>>>>>>> Hi Russ, >>>>>>>>> >>>>>>>>> thanks for bringing this up. >>>>>>>>> >>>>>>>>> The ciphersuites selected for the DTLS profile draft >>>>>>>>> have been heavily influenced by the work done in the >>>>>>>>> CORE working group. >>>>>>>>> >>>>>>>>> We have been telling silicon partners that they >>>>>>>>> should put AES-CCM into their chips and they have >>>>>>>>> indeed following that recommendation. >>>>>>>>> >>>>>>>>> I believe, however, that this is not a problem as >>>>>>>>> such since the UTA work really has a different scope >>>>>>>>> - they focus on Web/Messaging/Email rather than the >>>>>>>>> IoT space. I sent a mail to their list to request the >>>>>>>>> title to be adjusted. >>>>>>>>> >>>>>>>>> Ciao Hannes >>>>>>>>> >>>>>>>>> On 11/12/2014 01:37 AM, Russ Housley wrote: >>>>>>>>>> DICE document requires >>>>>>>>>> TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8. I have no >>>>>>>>>> problem with that choice. It makes a lot of sense >>>>>>>>>> for small devices. >>>>>>>>>> >>>>>>>>>> The HTTPbis is also taking a path that requires an >>>>>>>>>> AEAD algorithm. It would be really nice if the >>>>>>>>>> two groups came to a place that allowed >>>>>>>>>> interoperability, but HTTPbis seems to be on a path >>>>>>>>>> for AES-GCM. AES-CCM is better for small devices. >>>>>>>>>> >>>>>>>>>> It seems to me that the two groups should talk to >>>>>>>>>> each other before WG Last Call is over. >>>>>>>>>> >>>>>>>>>> Russ >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> dtls-iot mailing list dtls-iot@ietf.org >>>>>>>> https://www.ietf.org/mailman/listinfo/dtls-iot >>>>>>>> >>>>>> >>>>> >>>>> Zach Shelby Director of Technical Marketing ARM Internet of >>>>> Things BU www.arm.com US: +1 (408) 203-9434 Finland: +358 >>>>> 407796297 Skype: zdshelby LinkedIn: >>>>> fi.linkedin.com/in/zachshelby/ >>>>> >>>>> >>>>> -- IMPORTANT NOTICE: The contents of this email and any >>>>> attachments are confidential and may also be privileged. If >>>>> you are not the intended recipient, please notify the sender >>>>> immediately and do not disclose the contents to any other >>>>> person, use it for any purpose, or store or copy the >>>>> information in any medium. Thank you. >>>>> >>>>> ARM Limited, Registered office 110 Fulbourn Road, Cambridge >>>>> CB1 9NJ, Registered in England & Wales, Company No: 2557590 >>>>> ARM Holdings plc, Registered office 110 Fulbourn Road, >>>>> Cambridge CB1 9NJ, Registered in England & Wales, Company No: >>>>> 2548782 >>>>> >>>> >>>> >>>> >>>> _______________________________________________ dtls-iot >>>> mailing list dtls-iot@ietf.org >>>> https://www.ietf.org/mailman/listinfo/dtls-iot >>>> >> > > Zach Shelby Director of Technical Marketing ARM Internet of Things > BU www.arm.com US: +1 (408) 203-9434 Finland: +358 407796297 Skype: > zdshelby LinkedIn: fi.linkedin.com/in/zachshelby/ > > > -- IMPORTANT NOTICE: The contents of this email and any attachments > are confidential and may also be privileged. If you are not the > intended recipient, please notify the sender immediately and do not > disclose the contents to any other person, use it for any purpose, or > store or copy the information in any medium. Thank you. > > ARM Limited, Registered office 110 Fulbourn Road, Cambridge CB1 9NJ, > Registered in England & Wales, Company No: 2557590 ARM Holdings plc, > Registered office 110 Fulbourn Road, Cambridge CB1 9NJ, Registered in > England & Wales, Company No: 2548782 > > _______________________________________________ dtls-iot mailing > list dtls-iot@ietf.org > https://www.ietf.org/mailman/listinfo/dtls-iot > > From nobody Tue Nov 25 02:34:49 2014 Return-Path: X-Original-To: dtls-iot@ietfa.amsl.com Delivered-To: dtls-iot@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 268741A00B0 for ; Tue, 25 Nov 2014 02:34:48 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.901 X-Spam-Level: X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oijA0zkkdghw for ; Tue, 25 Nov 2014 02:34:45 -0800 (PST) Received: from emea01-am1-obe.outbound.protection.outlook.com (mail-am1on0760.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe00::760]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6831F1A00A8 for ; Tue, 25 Nov 2014 02:34:45 -0800 (PST) Received: from AM3PR04CA0049.eurprd04.prod.outlook.com (10.242.16.49) by AM2PR04MB0625.eurprd04.prod.outlook.com (25.160.32.151) with Microsoft SMTP Server (TLS) id 15.1.26.15; Tue, 25 Nov 2014 10:34:21 +0000 Received: from DB3FFO11FD053.protection.gbl (2a01:111:f400:7e04::165) by AM3PR04CA0049.outlook.office365.com (2a01:111:e400:8814::49) with Microsoft SMTP Server (TLS) id 15.1.26.15 via Frontend Transport; Tue, 25 Nov 2014 10:34:21 +0000 Received: from mail.philips.com (206.191.240.52) by DB3FFO11FD053.mail.protection.outlook.com (10.47.217.125) with Microsoft SMTP Server (TLS) id 15.1.6.13 via Frontend Transport; Tue, 25 Nov 2014 10:34:20 +0000 Received: from DBXPRD9003MB059.MGDPHG.emi.philips.com ([169.254.7.87]) by DBXPRD9003HT002.MGDPHG.emi.philips.com ([141.251.25.207]) with mapi id 14.16.0472.000; Tue, 25 Nov 2014 10:34:20 +0000 From: "Kumar, Sandeep" To: Hannes Tschofenig , "dtls-iot@ietf.org" Thread-Topic: [Dtls-iot] AES-CCM nonces in DTLS records Thread-Index: AdAAgPb6clYzdGscSKeAUJZGqRiWegIFQS8AAAEvmlA= Date: Tue, 25 Nov 2014 10:34:20 +0000 Message-ID: References: <54745222.5010902@gmx.net> In-Reply-To: <54745222.5010902@gmx.net> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [194.171.252.100] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-EOPAttributedMessage: 0 X-Forefront-Antispam-Report: CIP:206.191.240.52; CTRY:US; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(10019020)(6009001)(428002)(199003)(85714005)(24454002)(374574003)(51704005)(13464003)(377454003)(189002)(479174003)(81156004)(106466001)(92726001)(104016003)(92566001)(23726002)(50466002)(105586002)(20776003)(64706001)(77156002)(66066001)(101416001)(47776003)(77096003)(62966003)(31966008)(46406003)(46102003)(33656002)(19580395003)(19580405001)(4396001)(69596002)(68736004)(44976005)(120916001)(2656002)(99396003)(97756001)(15975445006)(97736003)(54356999)(76176999)(50986999)(84676001)(86362001)(95666004)(107046002)(107886001)(6806004)(87936001)(21056001)(55846006)(567094001); DIR:OUT; SFP:1102; SCL:1; SRVR:AM2PR04MB0625; H:mail.philips.com; FPR:; SPF:None; MLV:sfv; PTR:ErrorRetry; A:1; MX:1; LANG:en; X-Microsoft-Antispam: UriScan:; X-Microsoft-Antispam: BCL:0;PCL:0;RULEID:;SRVR:AM2PR04MB0625; X-Exchange-Antispam-Report-Test: UriScan:; X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:;SRVR:AM2PR04MB0625; X-Forefront-PRVS: 040655413E Received-SPF: None (protection.outlook.com: philips.com does not designate permitted sender hosts) Authentication-Results: spf=none (sender IP is 206.191.240.52) smtp.mailfrom=sandeep.kumar@philips.com; X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:;SRVR:AM2PR04MB0625; X-OriginatorOrg: philips.com Archived-At: http://mailarchive.ietf.org/arch/msg/dtls-iot/ZLp-xLno1gBXz-Rean__XZsQWvg Subject: Re: [Dtls-iot] AES-CCM nonces in DTLS records X-BeenThere: dtls-iot@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DTLS for IoT discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Nov 2014 10:34:48 -0000 Hi Hannes Indeed, to solve the nonce issue one would either require an extension or d= efine a new cipher suite variations of existing cipher suites which clearly= state that the nonce is the TLS sequence number. But as Carsten mentioned,= GHC (RFC7400) seems to take away the problem where it really matters (i.e.= IEEE 802.15.4 networks). I am okay if it is not in the profile anymore. Ch= aCha20+Poly1305 seems to have made a right choice and becoming more relevan= t in the embedded space anyways. Regards Sandeep > -----Original Message----- > From: Hannes Tschofenig [mailto:hannes.tschofenig@gmx.net] > Sent: Tuesday, November 25, 2014 10:56 AM > To: Kumar, Sandeep; dtls-iot@ietf.org > Subject: Re: [Dtls-iot] AES-CCM nonces in DTLS records > > Hi Sandeep, > > your observation is correct but I fear that changing the DTLS record laye= r > (since you are not proposing to chance the length of the nonce) means to > standardize a new ciphersuite in TLS. > > Ciao > Hannes > > On 11/15/2014 04:44 AM, Kumar, Sandeep wrote: > > Hi Hannes > > > > > > > > I would like to point out one other improvement with AEAD mode ciphers > > (presently AES-GCM and AES-CCM) that could go into the profile draft. > > > > > > > > Presently both RFC5288 and RFC6655 mention that the > > > > The nonce_explicit MAY be the 64-bit sequence number. > > > > However this only means that GenericAEADCipher.nonce_explicit field in > > the record layer is an exact copy of the sequence number (for DTLS: > > epoch||sequence number). This leads to a duplication of 8-bytes per > > record which can mean a lot for IEEE 802.15.4 networks. > > > > > > > > ChaCha20 and Poly1305 based ciphersuite for TLS > > (draft-agl-tls-chacha20poly1305-04) does remove this duplication by > > stating > > > > When used in TLS, the "record_iv_length" is zero and the nonce is the > > > > sequence number for the record, as an 8-byte, big-endian number. > > > > > > > > The question to you (and to the group) is if we can make a similar > > statement for improvement in AES-CCM preventing an 8-byte duplication > > per packet. Unfortunately this might mean that an IoT profiled DTLS > > using AES-CCM may not work with existing implementations unless there > > is some form of signaling (for example with an extension). > > > > > > > > Regards > > > > Sandeep > > > > > > > > > > ---------------------------------------------------------------------- > > -- The information contained in this message may be confidential and > > legally protected under applicable law. The message is intended solely > > for the addressee(s). If you are not the intended recipient, you are > > hereby notified that any use, forwarding, dissemination, or > > reproduction of this message is strictly prohibited and may be > > unlawful. If you are not the intended recipient, please contact the > > sender by return e-mail and destroy all copies of the original message. > > > > > > _______________________________________________ > > dtls-iot mailing list > > dtls-iot@ietf.org > > https://www.ietf.org/mailman/listinfo/dtls-iot > > ________________________________ The information contained in this message may be confidential and legally p= rotected under applicable law. The message is intended solely for the addre= ssee(s). If you are not the intended recipient, you are hereby notified tha= t any use, forwarding, dissemination, or reproduction of this message is st= rictly prohibited and may be unlawful. If you are not the intended recipien= t, please contact the sender by return e-mail and destroy all copies of the= original message. From nobody Tue Nov 25 02:39:14 2014 Return-Path: X-Original-To: dtls-iot@ietfa.amsl.com Delivered-To: dtls-iot@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1FB5C1A00B5 for ; Tue, 25 Nov 2014 02:39:11 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.91 X-Spam-Level: X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id x6QmVBr7r4dA for ; Tue, 25 Nov 2014 02:39:09 -0800 (PST) Received: from mout.gmx.net (mout.gmx.net [212.227.15.15]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0D40A1A00A8 for ; Tue, 25 Nov 2014 02:39:09 -0800 (PST) Received: from [192.168.131.131] ([80.92.115.84]) by mail.gmx.com (mrgmx002) with ESMTPSA (Nemesis) id 0MId0S-1XvPNZ2lUO-002FdT; Tue, 25 Nov 2014 11:39:05 +0100 Message-ID: <54745C48.2040203@gmx.net> Date: Tue, 25 Nov 2014 11:39:04 +0100 From: Hannes Tschofenig User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0 MIME-Version: 1.0 To: "Kumar, Sandeep" , "dtls-iot@ietf.org" References: <54745222.5010902@gmx.net> In-Reply-To: OpenPGP: id=4D776BC9 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="9m40rxk2DkinhF49K7LMljnWmuBJaAAlO" X-Provags-ID: V03:K0:t3rpv6M0NwyIDaYCz+wvKQR0uP+w6HkdJXrOFuzT5Hwgh+3ivc6 FPqhh+HjyMkfzeYi1zYyjrQ6y+qx0HX578vwxxVf36xfsTUxynZEmaSwEKamO/lY3yKI0Nn nHhDzq2WFr/X5ylS8B4t0QAnP8gYYMczRXa5QyXMwbU2d5KU5jyC2APabqCwJNoYXd4nraq ljDWmaIezd9R3Py/1euEA== X-UI-Out-Filterresults: notjunk:1; Archived-At: http://mailarchive.ietf.org/arch/msg/dtls-iot/jMYMeMXfHenfHwg7Hn9Mb3OLyow Subject: Re: [Dtls-iot] AES-CCM nonces in DTLS records X-BeenThere: dtls-iot@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DTLS for IoT discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Nov 2014 10:39:11 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --9m40rxk2DkinhF49K7LMljnWmuBJaAAlO Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable Thanks for your response, Sandeep. This statement below caught my attention in light of the AES-CCM vs. AES-GCM discussion. Reading your sentence below gives me the impression that instead of deciding about AES-CCM and AES-GCM we should instead recommend ChaCha20+Poly1305. Could you elaborate why you think ChaCha20+Poly1305 is becoming more relevant in the embedded space? On 11/25/2014 11:34 AM, Kumar, Sandeep wrote: > ChaCha20+Poly1305 seems to have made a right choice and becoming more r= elevant in the embedded space anyways. --9m40rxk2DkinhF49K7LMljnWmuBJaAAlO Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org iQEcBAEBCgAGBQJUdFxIAAoJEGhJURNOOiAtqSAIAJ/5A4ATNn/7eOKjeNEsB0tO irUQDD0gyyNSQJmVZDK+TiUCr+xSR51L4hnWhemMHDuL4e5eMD6Dw4B730CdCaxB uEUAUETtUDKfccFRu8/0mblpLfyowzDSm3O4IGIJxudyqt/Ql7/srywwOEPSVrwQ us8u1TTn90XJMsvaooGKCkR/vFV4Z/uSZNvPRwGxeCQT1ak22DGbsuPc18TseFWu GR0At0zry8emq0+QpfXAqzlYgFSfqpFvPBmsMBXX75aox0M+mOBh+pWrFSdPBQN+ OtI4lPOuzdP5BsDQsjVV3/6U1Q0Me93LMgWv4Xsr+PoRFp2/Ztk5Mht2C7wglek= =ld0f -----END PGP SIGNATURE----- --9m40rxk2DkinhF49K7LMljnWmuBJaAAlO-- From nobody Tue Nov 25 02:44:34 2014 Return-Path: X-Original-To: dtls-iot@ietfa.amsl.com Delivered-To: dtls-iot@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 22DC51A00B6 for ; Tue, 25 Nov 2014 02:44:32 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.91 X-Spam-Level: X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LpdhbmDzRdGu for ; Tue, 25 Nov 2014 02:44:30 -0800 (PST) Received: from mout.gmx.net (mout.gmx.net [212.227.17.21]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 63FA81A00BE for ; Tue, 25 Nov 2014 02:44:12 -0800 (PST) Received: from [192.168.131.131] ([80.92.115.84]) by mail.gmx.com (mrgmx103) with ESMTPSA (Nemesis) id 0LoEcP-1YQbPF34Ar-00gIgw; Tue, 25 Nov 2014 11:44:08 +0100 Message-ID: <54745D77.20500@gmx.net> Date: Tue, 25 Nov 2014 11:44:07 +0100 From: Hannes Tschofenig User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0 MIME-Version: 1.0 To: "Kumar, Sandeep" , Russ Housley , "dtls-iot@ietf.org" References: <6F73BAEE-5FA3-4BCA-9A28-B98E1093CB95@gmail.com> <1B65AA0C-100B-4072-BC30-71B78C49FD32@vigilsec.com> <54665EC1.8020706@gmx.net> <547447BB.6070001@gmx.net> In-Reply-To: OpenPGP: id=4D776BC9 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="xSGb6ToxVRlU5QDkcgamANX17pr6QT8K1" X-Provags-ID: V03:K0:Js70RyknkzNnTUN2jme1HCobCvZEm4UBK1UWDdcYliLFkT8x1du S9brUS2E4ZzMmz3Bjx+g0wt30ikfkj2FIRotiKYd1MkFbiB7YBmxNdpO/SdtBPhvDCijK+h ULafpEzdlFBPRcxxMhO9aPrsHnEouSw9OqQ321XHpsudRN00whwOAr/+22cV+YN1zEGMWJn 3gy6H+h+hJXcOkdP9seIw== X-UI-Out-Filterresults: notjunk:1; Archived-At: http://mailarchive.ietf.org/arch/msg/dtls-iot/fqavC-qWt9gfoP229Q52VFkoBYI Cc: Dorothy Gellert , Zach Shelby Subject: Re: [Dtls-iot] WGLC for DTLS Profile draft: 11/11/2014 - 11/25/2014 X-BeenThere: dtls-iot@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DTLS for IoT discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Nov 2014 10:44:32 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --xSGb6ToxVRlU5QDkcgamANX17pr6QT8K1 Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable > This is an IEEE 802.15.4 issue. Not sure what Bluetooth smart uses for = the nonce length, will have to check. A quick look at the specification tells me that the nonce in the Bluetooth 4.1 spec is also 13 octets. Ooops. --xSGb6ToxVRlU5QDkcgamANX17pr6QT8K1 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org iQEcBAEBCgAGBQJUdF13AAoJEGhJURNOOiAtnFsH/jvgKEO5tCjziPuLPdidue8K EnUJc/tKQ4Wp88aFRoi4fGzBWYzWp6Leh3wtZH1LIY3r+93Uzyv6HPxMus2duZpQ VgdCwkPQX1llo5/WLwvRHlVsftQrnlU7a7jZWeHsYeUtqsP5u7d2zLwWX3DtJY4T d/wQ5Ef6ahXFUZvgGBcLB4CO+xmgUU7OQCyClZhwcIu1Pyjhex005yGPppXqLvR1 91sIalGYVWM467f2wYRbSn7XgJ0Jfc8AyXaLFcTNHnSZknzRNWljH3HKpOFsWP6J XZgbL+Rz5itXUf5LmE3M4Ey54Gau+RYzMaOxiqGyOUvAAg/ws+pkfIZPREOFZUo= =MKBG -----END PGP SIGNATURE----- --xSGb6ToxVRlU5QDkcgamANX17pr6QT8K1-- From nobody Tue Nov 25 02:55:54 2014 Return-Path: X-Original-To: dtls-iot@ietfa.amsl.com Delivered-To: dtls-iot@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 32D831A00B9 for ; Tue, 25 Nov 2014 02:55:51 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.901 X-Spam-Level: X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KRKfITD4Hz_Y for ; Tue, 25 Nov 2014 02:55:40 -0800 (PST) Received: from emea01-am1-obe.outbound.protection.outlook.com (mail-am1on0774.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe00::774]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B710F1A00DE for ; Tue, 25 Nov 2014 02:55:39 -0800 (PST) Received: from AM3PR04CA0038.eurprd04.prod.outlook.com (10.242.16.38) by DB3PR04MB0634.eurprd04.prod.outlook.com (25.160.45.148) with Microsoft SMTP Server (TLS) id 15.1.26.15; Tue, 25 Nov 2014 10:55:16 +0000 Received: from DB3FFO11FD043.protection.gbl (2a01:111:f400:7e04::169) by AM3PR04CA0038.outlook.office365.com (2a01:111:e400:8814::38) with Microsoft SMTP Server (TLS) id 15.1.26.15 via Frontend Transport; Tue, 25 Nov 2014 10:55:15 +0000 Received: from mail.philips.com (206.191.240.52) by DB3FFO11FD043.mail.protection.outlook.com (10.47.217.74) with Microsoft SMTP Server (TLS) id 15.1.6.13 via Frontend Transport; Tue, 25 Nov 2014 10:55:15 +0000 Received: from DBXPRD9003MB059.MGDPHG.emi.philips.com ([169.254.7.87]) by DBXPRD9003HT003.MGDPHG.emi.philips.com ([141.251.25.208]) with mapi id 14.16.0472.000; Tue, 25 Nov 2014 10:55:14 +0000 From: "Kumar, Sandeep" To: Hannes Tschofenig , Rene Hummen , Dorothy Gellert Thread-Topic: [Dtls-iot] Retransmission timeout and PSK identity hint Thread-Index: AQHQCJeidh/v/l5s00uZYYLrCoXA7ZxxJe2Q Date: Tue, 25 Nov 2014 10:55:13 +0000 Message-ID: References: <6F73BAEE-5FA3-4BCA-9A28-B98E1093CB95@gmail.com> <547454D7.3090209@gmx.net> In-Reply-To: <547454D7.3090209@gmx.net> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [194.171.252.100] Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-EOPAttributedMessage: 0 X-Forefront-Antispam-Report: CIP:206.191.240.52; CTRY:US; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(10019020)(6009001)(428002)(13464003)(374574003)(24454002)(479174003)(377454003)(52604005)(51704005)(189002)(199003)(85714005)(106466001)(81156004)(84676001)(101416001)(54356999)(50466002)(33656002)(106116001)(23756003)(21056001)(4396001)(107046002)(92566001)(92726001)(46102003)(86362001)(55846006)(2656002)(105586002)(15202345003)(87936001)(62966003)(77096003)(77156002)(66066001)(31966008)(95666004)(44976005)(99396003)(6806004)(104016003)(76176999)(19580395003)(20776003)(50986999)(47776003)(19580405001)(64706001)(97736003)(120916001)(68736004)(69596002)(15975445006)(567094001); DIR:OUT; SFP:1102; SCL:1; SRVR:DB3PR04MB0634; H:mail.philips.com; FPR:; SPF:None; MLV:sfv; PTR:ErrorRetry; MX:1; A:1; LANG:en; X-Microsoft-Antispam: UriScan:; X-Microsoft-Antispam: BCL:0;PCL:0;RULEID:;SRVR:DB3PR04MB0634; X-Exchange-Antispam-Report-Test: UriScan:; X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:;SRVR:DB3PR04MB0634; X-Forefront-PRVS: 040655413E Received-SPF: None (protection.outlook.com: philips.com does not designate permitted sender hosts) Authentication-Results: spf=none (sender IP is 206.191.240.52) smtp.mailfrom=sandeep.kumar@philips.com; X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:;SRVR:DB3PR04MB0634; X-OriginatorOrg: philips.com Archived-At: http://mailarchive.ietf.org/arch/msg/dtls-iot/qOgY0CKTCmbVPgNa1Gdoa4DaO4I Cc: Zach Shelby , "dtls-iot@ietf.org" Subject: Re: [Dtls-iot] Retransmission timeout and PSK identity hint X-BeenThere: dtls-iot@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DTLS for IoT discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Nov 2014 10:55:51 -0000 Snip.. > The concept of this PSK identity hint was inspired by the realm parameter= of > the HTTP digest algorithm where a single server can host multiple resourc= es > and the server then challenges the client (or user) accordingly. This seems to be a good feature for authorization where the server can ask = if the client possesses a specific key to perform operations on specific re= sources. Maybe this is not straightforward but something to keep in mind fo= r ACE? Sandeep > -----Original Message----- > From: dtls-iot [mailto:dtls-iot-bounces@ietf.org] On Behalf Of Hannes > Tschofenig > Sent: Tuesday, November 25, 2014 11:07 AM > To: Rene Hummen; Dorothy Gellert > Cc: Zach Shelby; dtls-iot@ietf.org > Subject: Re: [Dtls-iot] Retransmission timeout and PSK identity hint > > Hi Rene, > > On 11/15/2014 08:05 AM, Rene Hummen wrote: > > Besides the fact that I would have liked this draft to consider both a > > constrained DTLS client and a constrained DTLS server, > > I created another discussion thread about this topic. > > It would be interesting to hear what use cases you have in mind and wheth= er > you believe that such a write-up can wait for ACE or whether you see this > totally independent of ACE. > > > I have two main comments: > > > > 1) From my experience, the recommended timeout values for DTLS often > > lead to spurious retransmissions in constrained node networks. > > Especially for constrained devices with software ECC support, network > > delays in combination with ECDH and ECDSA operations quickly exceed a > > 1 sec timeout. Similarly, for long message flights (i.e., > > certificate-related flights), repeated loss of a handshake message > > causes extensive handshake delays. As the specific timeout values may > > be application dependent, pointing out these issues in sections 5.2 > > and 5.3 would be very useful. > > Your point is well taken. In response to my presentation about DTLS over > SMS this issue was also raised and the suggestion was made to include the= se > timer-settings in the DTLS profile. > > > > > > 2) Section 5.1: The paragraph about the "PSK identity hint" is unclear > > to me. What is the rationale behind recommending against sending the > > hint if the key selection is based on the domain name of the server in > > contrast to any other means of identification? Moreover, how does this > > tie in with the subsequent recommendation saying "A server using the > > identity hint needs to guide the selection based on a received SNI > > value from the client."? > > Thanks for asking. > > There are two types of "identities" (or identifiers as I would call > them) in use. > > First, the client needs to tell the server some identifier so that it can= select > the right key when verifying the message. This is called the "PSK Identit= y". > > Then, there is also the capability in the TLS-PSK RFC to allow the server= to > indicate what key the client should use. This is the "PSK Identity Hint". > Obviously, this is only an issue if the client has more than one PSK to b= egin > with. > > The concept of this PSK identity hint was inspired by the realm parameter= of > the HTTP digest algorithm where a single server can host multiple resourc= es > and the server then challenges the client (or user) accordingly. > > In the IoT context the scenario is hopefully a bit simpler. I suspect tha= t in > normal circumstances the client will select the key based on the domain > name. > > At the time when the TLS-PSK algorithm was written the concept of SNI did > not exist since the use of hosted services wasn't that common. If someone > would want to use a hosted environment for their IoT deployment then they > would most likely support SNI. > > Does this make sense? > > > > > > > > Some editorial comments (possibly personal preference): > > Thanks for the editorial remarks. Will incorporate them into the next dra= ft > version. > > Ciao > Hannes > > > Ren=E9 > > > > > > On 12 Nov 2014, at 00:18, Dorothy Gellert > > wrote: > >> Dear WG, > >> > >> As discussed during the Dice WG meeting at IETF#91, this email starts > >> a WGLC for our DTLS profile draft: > >> > >> https://tools.ietf.org/html/draft-ietf-dice-profile-05 > >> > >> Please review. This WGLC will end on Tuesday, November 25, 2014. > >> > >> Best Regards, > >> Dorothy and Zach > >> _______________________________________________ > >> dtls-iot mailing list > >> dtls-iot@ietf.org > >> https://www.ietf.org/mailman/listinfo/dtls-iot > > > > -- > > Dipl.-Inform. Rene Hummen, Ph.D. Student Chair of Communication and > > Distributed Systems RWTH Aachen University, Germany > > tel: +49 241 80 21426 > > web: http://www.comsys.rwth-aachen.de/team/rene-hummen/ > > > > > > > > _______________________________________________ > > dtls-iot mailing list > > dtls-iot@ietf.org > > https://www.ietf.org/mailman/listinfo/dtls-iot > > ________________________________ The information contained in this message may be confidential and legally p= rotected under applicable law. The message is intended solely for the addre= ssee(s). If you are not the intended recipient, you are hereby notified tha= t any use, forwarding, dissemination, or reproduction of this message is st= rictly prohibited and may be unlawful. If you are not the intended recipien= t, please contact the sender by return e-mail and destroy all copies of the= original message. From nobody Tue Nov 25 03:03:48 2014 Return-Path: X-Original-To: dtls-iot@ietfa.amsl.com Delivered-To: dtls-iot@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 35EBD1A00C0 for ; Tue, 25 Nov 2014 03:03:46 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.901 X-Spam-Level: X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hCud7kF6yh77 for ; Tue, 25 Nov 2014 03:03:44 -0800 (PST) Received: from emea01-am1-obe.outbound.protection.outlook.com (mail-am1on0727.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe00::727]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 947541A00A9 for ; Tue, 25 Nov 2014 03:03:43 -0800 (PST) Received: from AM2PR04MB0627.eurprd04.prod.outlook.com (25.160.32.153) by AM2PR04MB0612.eurprd04.prod.outlook.com (25.160.32.150) with Microsoft SMTP Server (TLS) id 15.1.26.15; Tue, 25 Nov 2014 10:50:50 +0000 Received: from DB4PR04CA0032.eurprd04.prod.outlook.com (25.160.41.42) by AM2PR04MB0627.eurprd04.prod.outlook.com (25.160.32.153) with Microsoft SMTP Server (TLS) id 15.1.26.15; Tue, 25 Nov 2014 10:50:48 +0000 Received: from AM1FFO11FD035.protection.gbl (2a01:111:f400:7e00::165) by DB4PR04CA0032.outlook.office365.com (2a01:111:e400:9852::42) with Microsoft SMTP Server (TLS) id 15.1.26.15 via Frontend Transport; Tue, 25 Nov 2014 10:50:48 +0000 Received: from mail.philips.com (206.191.240.52) by AM1FFO11FD035.mail.protection.outlook.com (10.174.64.224) with Microsoft SMTP Server (TLS) id 15.1.6.13 via Frontend Transport; Tue, 25 Nov 2014 10:50:48 +0000 Received: from DBXPRD9003MB059.MGDPHG.emi.philips.com ([169.254.7.87]) by DBXPRD9003HT003.MGDPHG.emi.philips.com ([141.251.25.208]) with mapi id 14.16.0472.000; Tue, 25 Nov 2014 10:50:47 +0000 From: "Kumar, Sandeep" To: Hannes Tschofenig , "dtls-iot@ietf.org" Thread-Topic: [Dtls-iot] AES-CCM nonces in DTLS records Thread-Index: AdAAgPb6clYzdGscSKeAUJZGqRiWegIFQS8AAAEvmlAAAFOIAAAAKplg Date: Tue, 25 Nov 2014 10:50:46 +0000 Message-ID: References: <54745222.5010902@gmx.net> <54745C48.2040203@gmx.net> In-Reply-To: <54745C48.2040203@gmx.net> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [194.171.252.100] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-EOPAttributedMessage: 0 X-Forefront-Antispam-Report: CIP:206.191.240.52; CTRY:US; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(10019020)(6009001)(428002)(24454002)(189002)(51704005)(85714005)(199003)(374574003)(13464003)(479174003)(377454003)(46406003)(101416001)(120916001)(107046002)(97736003)(105586002)(106466001)(81156004)(95666004)(20776003)(99396003)(50466002)(47776003)(86362001)(68736004)(66066001)(62966003)(55846006)(87936001)(44976005)(54356999)(19580395003)(19580405001)(6806004)(15975445006)(76176999)(69596002)(84676001)(31966008)(23726002)(33656002)(46102003)(64706001)(50986999)(92566001)(104016003)(107886001)(77096003)(2656002)(97756001)(77156002)(4396001)(15202345003)(93886004)(92726001)(21056001)(567094001); DIR:OUT; SFP:1102; SCL:1; SRVR:AM2PR04MB0627; H:mail.philips.com; FPR:; SPF:None; MLV:sfv; PTR:ErrorRetry; MX:1; A:1; LANG:en; X-Microsoft-Antispam: UriScan:;UriScan:; X-Microsoft-Antispam: BCL:0;PCL:0;RULEID:;SRVR:AM2PR04MB0627; X-Exchange-Antispam-Report-Test: UriScan:; X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:;SRVR:AM2PR04MB0627; X-Forefront-PRVS: 040655413E Received-SPF: None (protection.outlook.com: philips.com does not designate permitted sender hosts) Authentication-Results: spf=none (sender IP is 206.191.240.52) smtp.mailfrom=sandeep.kumar@philips.com; X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:;SRVR:AM2PR04MB0627; X-Microsoft-Antispam: BCL:0;PCL:0;RULEID:;SRVR:AM2PR04MB0612; X-OriginatorOrg: philips.com Archived-At: http://mailarchive.ietf.org/arch/msg/dtls-iot/JD_QJFtmNva-8vThE-lWlDiw9Xk Subject: Re: [Dtls-iot] AES-CCM nonces in DTLS records X-BeenThere: dtls-iot@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DTLS for IoT discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Nov 2014 11:03:46 -0000 I would not go as far as recommending it right now. There is a clear trend by the big-players in the industry to prefer ChaCha2= 0+Pol1305 which will change the landscape in the coming years. Apple Homeki= t uses it http://devstreaming.apple.com/videos/wwdc/2014/701xx8n8ca3aq4j/70= 1/701_designing_accessories_for_ios_and_os_x.pdf?dl=3D1 (Slide 98) and Goog= le Chrome https://www.imperialviolet.org/2013/10/07/chacha20.html The choice is due to performance but now compatibility will help push other= players to move sooner too. My 2 cents Sandeep > -----Original Message----- > From: Hannes Tschofenig [mailto:hannes.tschofenig@gmx.net] > Sent: Tuesday, November 25, 2014 11:39 AM > To: Kumar, Sandeep; dtls-iot@ietf.org > Subject: Re: [Dtls-iot] AES-CCM nonces in DTLS records > > Thanks for your response, Sandeep. > > This statement below caught my attention in light of the AES-CCM vs. > AES-GCM discussion. Reading your sentence below gives me the impression > that instead of deciding about AES-CCM and AES-GCM we should instead > recommend ChaCha20+Poly1305. > > Could you elaborate why you think ChaCha20+Poly1305 is becoming more > relevant in the embedded space? > > On 11/25/2014 11:34 AM, Kumar, Sandeep wrote: > > ChaCha20+Poly1305 seems to have made a right choice and becoming > more relevant in the embedded space anyways. ________________________________ The information contained in this message may be confidential and legally p= rotected under applicable law. The message is intended solely for the addre= ssee(s). If you are not the intended recipient, you are hereby notified tha= t any use, forwarding, dissemination, or reproduction of this message is st= rictly prohibited and may be unlawful. If you are not the intended recipien= t, please contact the sender by return e-mail and destroy all copies of the= original message. From nobody Tue Nov 25 03:25:44 2014 Return-Path: X-Original-To: dtls-iot@ietfa.amsl.com Delivered-To: dtls-iot@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B33151A008B for ; Tue, 25 Nov 2014 03:25:41 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.91 X-Spam-Level: X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1MxIkyhyMaUK for ; Tue, 25 Nov 2014 03:25:39 -0800 (PST) Received: from mout.gmx.net (mout.gmx.net [212.227.15.15]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2BE211A00A9 for ; Tue, 25 Nov 2014 03:25:39 -0800 (PST) Received: from [192.168.131.131] ([80.92.115.84]) by mail.gmx.com (mrgmx001) with ESMTPSA (Nemesis) id 0LpKKr-1YNLrp2nrB-00fEEP; Tue, 25 Nov 2014 12:25:36 +0100 Message-ID: <5474672F.2060205@gmx.net> Date: Tue, 25 Nov 2014 12:25:35 +0100 From: Hannes Tschofenig User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0 MIME-Version: 1.0 To: "Kumar, Sandeep" , "dtls-iot@ietf.org" References: <54745222.5010902@gmx.net> <54745C48.2040203@gmx.net> In-Reply-To: OpenPGP: id=4D776BC9 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="30ONAKcSSeI1KOEvBPpiR0K3iwdcKSSDm" X-Provags-ID: V03:K0:CKlnBSplWY3VEX5fA78NGpTr94XJVKt0i+G7/OsrztMRIaW6F4y JMu1KyRC0dylZ6JS/XPPnemt87tMYIwKO3I2v3Rs9h9WNbANAU42mkbZEmUnAu2SdB8/w5o eIz7Adn8vZuyyJoVStBP0g4zsk1B4+8SXEsnSj5fN19Rch6K2HgMTD9rTdd16EpjeRzvvRI j+FD2P25hRojKyZukXycw== X-UI-Out-Filterresults: notjunk:1; Archived-At: http://mailarchive.ietf.org/arch/msg/dtls-iot/C7XOeBeGmJsfZDy6gq_9qkbGH94 Subject: Re: [Dtls-iot] AES-CCM nonces in DTLS records X-BeenThere: dtls-iot@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DTLS for IoT discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Nov 2014 11:25:41 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --30ONAKcSSeI1KOEvBPpiR0K3iwdcKSSDm Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable Hi Sandeep, I wouldn't call it a trend just because Apple does it in their new products but quite clearly the cryptographic algorithms evolve over time (btw, Curve25519 was listed as well). Looking at the slides, which list the supported other radio technologies, it is likely that some products will have to at least support AES-CCM as well (for WiFi and/or for Bluetooth Smart). As a product designer one has to make a conscious decision about the expected product lifetime, degree of interoperability with other devices, and the performance. A software-based crypto implementation, which allows you to update the algorithm more easily, would give you a potential performance hit but would score higher in the other categories.= When looking at teardowns of device it is clear that many of the IoT devices are not as constrained as we often like portrait them. Hence, having multiple implementations of different algorithms may not always be an issue. Maybe the recommendation in the document on this topic is to be aware of the need to switch to different ciphers over the lifetime of the product or to even support multiple ciphers (which calls for more flash and potentially a faster CPU when a software-based implementation is used). We have some text in there that talks about software updates but maybe this specific issue could be highlighted. Ciao Hannes On 11/25/2014 11:50 AM, Kumar, Sandeep wrote: > I would not go as far as recommending it right now. >=20 > There is a clear trend by the big-players in the industry to prefer Cha= Cha20+Pol1305 which will change the landscape in the coming years. Apple = Homekit uses it http://devstreaming.apple.com/videos/wwdc/2014/701xx8n8ca= 3aq4j/701/701_designing_accessories_for_ios_and_os_x.pdf?dl=3D1 (Slide 98= ) and Google Chrome https://www.imperialviolet.org/2013/10/07/chacha20.ht= ml > The choice is due to performance but now compatibility will help push o= ther players to move sooner too. >=20 > My 2 cents > Sandeep >=20 >=20 >> -----Original Message----- >> From: Hannes Tschofenig [mailto:hannes.tschofenig@gmx.net] >> Sent: Tuesday, November 25, 2014 11:39 AM >> To: Kumar, Sandeep; dtls-iot@ietf.org >> Subject: Re: [Dtls-iot] AES-CCM nonces in DTLS records >> >> Thanks for your response, Sandeep. >> >> This statement below caught my attention in light of the AES-CCM vs. >> AES-GCM discussion. Reading your sentence below gives me the impressio= n >> that instead of deciding about AES-CCM and AES-GCM we should instead >> recommend ChaCha20+Poly1305. >> >> Could you elaborate why you think ChaCha20+Poly1305 is becoming more >> relevant in the embedded space? >> >> On 11/25/2014 11:34 AM, Kumar, Sandeep wrote: >>> ChaCha20+Poly1305 seems to have made a right choice and becoming >> more relevant in the embedded space anyways. >=20 >=20 > ________________________________ > The information contained in this message may be confidential and legal= ly protected under applicable law. The message is intended solely for the= addressee(s). If you are not the intended recipient, you are hereby noti= fied that any use, forwarding, dissemination, or reproduction of this mes= sage is strictly prohibited and may be unlawful. If you are not the inten= ded recipient, please contact the sender by return e-mail and destroy all= copies of the original message. >=20 --30ONAKcSSeI1KOEvBPpiR0K3iwdcKSSDm Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org iQEcBAEBCgAGBQJUdGcwAAoJEGhJURNOOiAtiX8H/0g070OuFWejx5JMNmqtlyl5 4G+MU6C3pTNXzYZ26LUD5TsVm9TvvnzvlHzF8sUHl+RNwI38e3bkbXODj3NR0WR8 PvTZyzymH/hys5gKpV8iWRcUuO/VCAsE08qwJXLijjJYPy71FLd4ewOJqXpoJB09 rfDVXMJwFMk2IDkU304IHqiDtwRho+fCSsXBxQHPrScQ6Vg3h34zHqwbSSKOgwGe 8s16bfFBHn6hKggqsEFWHGGBCK127xcRcF8r73Z97p4R+R+S3hhR4nXnE4RZMxTs Tyzy+n3RvdE7h1PonDMLOZDK04yCsIW+MdiQdP4FgthHkf1pZWAxE8fE6LAlBMg= =H89/ -----END PGP SIGNATURE----- --30ONAKcSSeI1KOEvBPpiR0K3iwdcKSSDm-- From nobody Tue Nov 25 03:27:25 2014 Return-Path: X-Original-To: dtls-iot@ietfa.amsl.com Delivered-To: dtls-iot@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D1A461A00F0 for ; Tue, 25 Nov 2014 03:27:22 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.901 X-Spam-Level: X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kiLznuVHMc2C for ; Tue, 25 Nov 2014 03:27:19 -0800 (PST) Received: from emea01-am1-obe.outbound.protection.outlook.com (mail-am1on0722.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe00::722]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BC8101A00D0 for ; Tue, 25 Nov 2014 03:27:18 -0800 (PST) Received: from DB4PR04CA0007.eurprd04.prod.outlook.com (25.160.41.17) by DB3PR04MB0633.eurprd04.prod.outlook.com (25.160.45.147) with Microsoft SMTP Server (TLS) id 15.1.26.15; Tue, 25 Nov 2014 10:35:10 +0000 Received: from DB3FFO11FD042.protection.gbl (2a01:111:f400:7e04::194) by DB4PR04CA0007.outlook.office365.com (2a01:111:e400:9852::17) with Microsoft SMTP Server (TLS) id 15.1.26.15 via Frontend Transport; Tue, 25 Nov 2014 10:35:10 +0000 Received: from mail.philips.com (206.191.240.52) by DB3FFO11FD042.mail.protection.outlook.com (10.47.217.73) with Microsoft SMTP Server (TLS) id 15.1.6.13 via Frontend Transport; Tue, 25 Nov 2014 10:35:10 +0000 Received: from DBXPRD9003MB059.MGDPHG.emi.philips.com ([169.254.7.87]) by DBXPRD9003HT001.MGDPHG.emi.philips.com ([141.251.25.206]) with mapi id 14.16.0472.000; Tue, 25 Nov 2014 10:35:10 +0000 From: "Kumar, Sandeep" To: Hannes Tschofenig , Russ Housley , "dtls-iot@ietf.org" Thread-Topic: [Dtls-iot] WGLC for DTLS Profile draft: 11/11/2014 - 11/25/2014 Thread-Index: AQHP/hD7xvnAK6SEDkWOLiOtk7uDiJxgjmuAgAByf7CAECKEgIAABDhw Date: Tue, 25 Nov 2014 10:35:09 +0000 Message-ID: References: <6F73BAEE-5FA3-4BCA-9A28-B98E1093CB95@gmail.com> <1B65AA0C-100B-4072-BC30-71B78C49FD32@vigilsec.com> <54665EC1.8020706@gmx.net> <547447BB.6070001@gmx.net> In-Reply-To: <547447BB.6070001@gmx.net> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [194.171.252.100] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-EOPAttributedMessage: 0 X-Forefront-Antispam-Report: CIP:206.191.240.52; CTRY:US; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(10019020)(6009001)(428002)(189002)(5423002)(13464003)(199003)(85714005)(377454003)(51704005)(52604005)(374574003)(24454002)(479174003)(77156002)(55846006)(50986999)(21056001)(54356999)(76176999)(62966003)(97736003)(101416001)(104016003)(50466002)(47776003)(64706001)(20776003)(77096003)(46406003)(23726002)(46102003)(99396003)(44976005)(105586002)(4396001)(81156004)(2656002)(106466001)(95666004)(19580395003)(19580405001)(68736004)(69596002)(84676001)(120916001)(86362001)(15975445006)(31966008)(33656002)(66066001)(6806004)(107046002)(92726001)(87936001)(97756001)(106116001)(92566001)(93886004)(567094001); DIR:OUT; SFP:1102; SCL:1; SRVR:DB3PR04MB0633; H:mail.philips.com; FPR:; SPF:None; MLV:sfv; PTR:ErrorRetry; MX:1; A:1; LANG:en; X-Microsoft-Antispam: UriScan:; X-Microsoft-Antispam: BCL:0;PCL:0;RULEID:;SRVR:DB3PR04MB0633; X-Exchange-Antispam-Report-Test: UriScan:; X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:;SRVR:DB3PR04MB0633; X-Forefront-PRVS: 040655413E Received-SPF: None (protection.outlook.com: philips.com does not designate permitted sender hosts) Authentication-Results: spf=none (sender IP is 206.191.240.52) smtp.mailfrom=sandeep.kumar@philips.com; X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:;SRVR:DB3PR04MB0633; X-OriginatorOrg: philips.com Archived-At: http://mailarchive.ietf.org/arch/msg/dtls-iot/4Ml4iQM60B_BeDxsHbUlPS_NQ_o Cc: Dorothy Gellert , Zach Shelby Subject: Re: [Dtls-iot] WGLC for DTLS Profile draft: 11/11/2014 - 11/25/2014 X-BeenThere: dtls-iot@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DTLS for IoT discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Nov 2014 11:27:23 -0000 > > If it is the former, do you know if they are flexible enough to > > implement AES-CCM with different nonce lengths. The reason I ask is > > because AES-CCM in IEEE 802.15.4 uses a nonce length of 13-octets > > while DTLS uses 12-octets. I have heard of some15.4 chips that > > hard-code (in hardware) the 13-octet nonce length making it useless > > for DTLS. > Is the issue caused by IEEE 802.15.4 or by Zigbee IP? This is an IEEE 802.15.4 issue. Not sure what Bluetooth smart uses for the = nonce length, will have to check. Sandeep > -----Original Message----- > From: Hannes Tschofenig [mailto:hannes.tschofenig@gmx.net] > Sent: Tuesday, November 25, 2014 10:11 AM > To: Kumar, Sandeep; Russ Housley; dtls-iot@ietf.org > Cc: Dorothy Gellert; Zach Shelby > Subject: Re: [Dtls-iot] WGLC for DTLS Profile draft: 11/11/2014 - 11/25/2= 014 > > Hi Sandeep, > > > On 11/15/2014 04:02 AM, Kumar, Sandeep wrote: > > HI Hannes > > > > Can you clarify if the silicon vendors are implementing AES-CCM or > > plain AES in hardware (i.e. AES-ECB) with the CCM mode implemented in > > software? > > It is sometimes a bit hard to say whether functionality is implemented in > software or in hardware since everything is hidden on the chip. > > Just take the Nordic Semiconductor Bluetooth Smart SoC (nRF51822) > https://www.nordicsemi.com/eng/Products/Bluetooth-Smart-Bluetooth- > low-energy/nRF51822 > > Due to Bluetooth 4.1 specification it comes with AES-CCM support and the > firmware for this chip can be updated (and there are different versions o= f > the firmware available). What exactly can be updated is something I don't > know because the firmware image is provided by Nordic. > > Of course, the main purpose of this chip is to run Bluetooth Smart-based > applications and there may not be enough space to run your entire IoT > software stack. You might have other radio technologies running on other > chips as well. As such, in your final product you might end up having var= ious > places where you could run your cryptographic algorithms... > > When I looked at the specifications to answer your question I actually di= dn't > find the needed info. Maybe I have not searched enough. I will get in tou= ch > with the guys at Nordic to figure it out for this specific example. > > Your question is obviously quite good and I believe we should put more te= xt > into the draft about this topic to give silicon vendors some guidance abo= ut > what to provide. > > > > If it is the former, do you know if they are flexible enough to > > implement AES-CCM with different nonce lengths. The reason I ask is > > because AES-CCM in IEEE 802.15.4 uses a nonce length of 13-octets > > while DTLS uses 12-octets. I have heard of some15.4 chips that > > hard-code (in hardware) the 13-octet nonce length making it useless > > for DTLS. > Is the issue caused by IEEE 802.15.4 or by Zigbee IP? > > Ciao > Hannes > > > > > > Regards Sandeep > > > > > > > >> -----Original Message----- From: dtls-iot > >> [mailto:dtls-iot-bounces@ietf.org] On Behalf Of Hannes Tschofenig > >> Sent: Friday, November 14, 2014 9:58 AM To: Russ Housley; > >> dtls-iot@ietf.org Cc: Dorothy Gellert; Zach Shelby Subject: Re: > >> [Dtls-iot] WGLC for DTLS Profile draft: 11/11/2014 - 11/25/2014 > >> > >> Hi Russ, > >> > >> thanks for bringing this up. > >> > >> The ciphersuites selected for the DTLS profile draft have been > >> heavily influenced by the work done in the CORE working group. > >> > >> We have been telling silicon partners that they should put AES-CCM > >> into their chips and they have indeed following that recommendation. > >> > >> I believe, however, that this is not a problem as such since the UTA > >> work really has a different scope - they focus on Web/Messaging/Email > >> rather than the IoT space. I sent a mail to their list to request the > >> title to be adjusted. > >> > >> Ciao Hannes > >> > >> On 11/12/2014 01:37 AM, Russ Housley wrote: > >>> DICE document requires TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8. I > >> have no problem with that choice. It makes a lot of sense for small > >> devices. > >>> > >>> The HTTPbis is also taking a path that requires an AEAD algorithm. > >>> It would > >> be really nice if the two groups came to a place that allowed > >> interoperability, but HTTPbis seems to be on a path for AES-GCM. > >> AES-CCM is better for small devices. > >>> > >>> It seems to me that the two groups should talk to each other before > >>> WG > >> Last Call is over. > >>> > >>> Russ > >>> > >>> _______________________________________________ dtls-iot > mailing > >>> list dtls-iot@ietf.org > >>> https://www.ietf.org/mailman/listinfo/dtls-iot > >>> > > > > > > ________________________________ The information contained in > this > > message may be confidential and legally protected under applicable > > law. The message is intended solely for the addressee(s). If you are > > not the intended recipient, you are hereby notified that any use, > > forwarding, dissemination, or reproduction of this message is strictly > > prohibited and may be unlawful. If you are not the intended recipient, > > please contact the sender by return e-mail and destroy all copies of > > the original message. > > ________________________________ The information contained in this message may be confidential and legally p= rotected under applicable law. The message is intended solely for the addre= ssee(s). If you are not the intended recipient, you are hereby notified tha= t any use, forwarding, dissemination, or reproduction of this message is st= rictly prohibited and may be unlawful. If you are not the intended recipien= t, please contact the sender by return e-mail and destroy all copies of the= original message. From nobody Tue Nov 25 04:54:28 2014 Return-Path: X-Original-To: dtls-iot@ietfa.amsl.com Delivered-To: dtls-iot@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CF7E51A01D8 for ; Tue, 25 Nov 2014 04:54:26 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.91 X-Spam-Level: X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5uZ369BAVq4i for ; Tue, 25 Nov 2014 04:54:25 -0800 (PST) Received: from mout.gmx.net (mout.gmx.net [212.227.15.15]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D6B681A0203 for ; Tue, 25 Nov 2014 04:54:05 -0800 (PST) Received: from [192.168.131.131] ([80.92.115.84]) by mail.gmx.com (mrgmx003) with ESMTPSA (Nemesis) id 0M1W5x-1YDNoU3Sh7-00tXrE; Tue, 25 Nov 2014 13:54:00 +0100 Message-ID: <54747BE6.9010808@gmx.net> Date: Tue, 25 Nov 2014 13:53:58 +0100 From: Hannes Tschofenig User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0 MIME-Version: 1.0 To: kovatsch@inf.ethz.ch, Akbar.Rahman@InterDigital.com References: <54742B21.7040806@gmx.net> In-Reply-To: <54742B21.7040806@gmx.net> OpenPGP: id=4D776BC9 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="jcmDE7u0HGRujCOwj4lkRUeR8g4nsUGjA" X-Provags-ID: V03:K0:gc4HPCvC2vFXMIb7oJeTiKJU/S9y4NEk4SQgYa0scIUslNzixJo qCdYp5h68gV1N6TqnoBhUw/PIaxT+5FeP2nbOosulm4VytTkSqPXNtThUlxBhb5mdRB/vgf TVU+sRzzn6g+yx76yeC3TJ2iF03pSAuRD3ddtn1PnkUDY19zH4tg3gRPWW2C/qtVizV5YU3 6ZANBm11k1j7lyWXrOqKA== X-UI-Out-Filterresults: notjunk:1; Archived-At: http://mailarchive.ietf.org/arch/msg/dtls-iot/Qq1Jw6KQRuFrJP9v3uywHSACM_U Cc: "dtls-iot@ietf.org" Subject: Re: [Dtls-iot] Unconstrained DTLS servers X-BeenThere: dtls-iot@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DTLS for IoT discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Nov 2014 12:54:27 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --jcmDE7u0HGRujCOwj4lkRUeR8g4nsUGjA Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable I am responding to my own mail because I am still looking for the use cases for the case where a client (constrained or unconstrained) talks to a constrained server. Clearly, the cloud infrastructure can hardly be called "constrained" in our terminology. So, we can rule out that use case. From http://tschofenig.priv.at/ace/interim2014/Design-Patterns_HannesTschofeni= g.pdf I guess we would really be talking about a device-to-device scenario. This might be the situation where you have IoT devices in a local network waiting for each other to be discovered. (I am excluding the case where the devices are only one link layer hop away from each other.) In a true peer-to-peer scenario there wouldn't be an authorization server and hence the security model might be more trust on first use or maybe some form of out-of-band validation. A PSK mode wouldn't make a lot of sense (since the PSK is too long for a user to enter) but an SRP-alike concept does (as used in the Apple Homekit and Nest-alike devices). As shown already in Zigbee IP (and later in Thread) the problem is not only to connect to the other server but also to get the network attachment procedure executed in the first place (which might make use of some TLS/DTLS exchange). For a scenario where there is a trusted third party the story is quite different, namely with a CA-based model (such as with a hardware manufacturer provided certificate) the third party is the CA and DTLS could be executed nicely when authentication is the main concern and all devices are provisioned with the same trust anchors. For a more Kerberos/OAuth model there are more options in terms of credentials. PSK, and raw public keys would work fine. Certificates are most likely an overkill since the tokens/tickets already contain most of the relevant information. So, what environment have you had in mind? Ciao Hannes On 11/25/2014 08:09 AM, Hannes Tschofenig wrote: > Hi Akbar, Hi Matthias, > Hi all, >=20 > You both raised an issue that I would like to respond to separately: >=20 > =E2=80=9CThe document still implies that all IoT devices will be DTLS c= lients > and that DTLS servers will be unconstrained, somewhere in the cloud. > While I understand that this is one of the current use cases (from the > OMA LWM2M Client Registration Interface), this implication undermines > the idea and benefits of CoAP. The IoT devices are meant to be the > origin/resource servers, as their sensors and actuators provide the > information about the physical world.=E2=80=9D >=20 > You are completely correct that this is the assumption I made for the > document and I did it intentionally after consulting with the working > group earlier this year. >=20 > It is an issue of scoping. >=20 > I originally tried to cover both cases, namely a situation where the > client is constrained and the server side isn't as well as the situatio= n > where the server side is constrained but the client isn't. >=20 > Of course, both are completely valid and reasonable use cases. There wa= s > only one problem. The case where the server was constrained essentially= > fell into the category that ACE is trying to solve. So, I had a missing= > piece there with regard to the authentication and the authorization sto= ry. >=20 > For this reason I recommended to the working group to deal with the > constrained server case later when results from the ACE WG are availabl= e > since the issue is more than just the use of DTLS in that scenario. >=20 > I hope that this makes more sense and it might be worthwhile to actuall= y > explain the scoping in the document itself and to make an informative > reference to the work in the ACE working group. >=20 > Ciao > Hannes >=20 --jcmDE7u0HGRujCOwj4lkRUeR8g4nsUGjA Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org iQEcBAEBCgAGBQJUdHvmAAoJEGhJURNOOiAtjbIH/R+/bWwmQ860QGW2eiJM3WAX H8Wc2sAlphQG9Lrh3dYxrKDv96ttTLHWvLaVfwu7iwOqfHIgGEDykkoWpl8LWJ2g CAEsZHPmDngD5+Y4iDJ7XypHJnSncRWlv6vOLsSXOfVJslpVezaXh6EaO8sin/pu udoEhLWZnAGtlo2RhXFdlZlOIP1zavNSDKXj7sJ8VS1NTQZn7WED3NDbv8glg7y6 s2prPHULwHxIr1Ntn+dIpbPP1j1ZoJOLig6jGRc5UnGLL39WpMF9UPQUgVioR+q4 Abo5fGkTqfPQhybYSv+f8YcKoaILQhn7D2e18Tv9Eooc3gYaDHFoJq9rk/xHsGw= =yNDK -----END PGP SIGNATURE----- --jcmDE7u0HGRujCOwj4lkRUeR8g4nsUGjA-- From nobody Tue Nov 25 07:30:47 2014 Return-Path: X-Original-To: dtls-iot@ietfa.amsl.com Delivered-To: dtls-iot@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 603751A6ED9 for ; Tue, 25 Nov 2014 07:30:40 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.999 X-Spam-Level: X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wUePr_cBPWxq for ; Tue, 25 Nov 2014 07:30:34 -0800 (PST) Received: from mail-ie0-x22d.google.com (mail-ie0-x22d.google.com [IPv6:2607:f8b0:4001:c03::22d]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4E9AC1A6EE9 for ; Tue, 25 Nov 2014 07:30:30 -0800 (PST) Received: by mail-ie0-f173.google.com with SMTP id y20so734746ier.18 for ; Tue, 25 Nov 2014 07:30:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type; bh=pN+kfb+TDQ0nZ6Bw/4zcSiK8+SfPXFoKDtVH9OFt3ZE=; b=Vo+133O2ITtdUQEODa0cCpizw/LS+5W1G7vPEeW4K4LcUJ6GqItNIU5efsMAj2ltg3 ibEu63bFYNrCCBetMiWb9soDeWd6/n3Ep6GpFGNO22LG6tUHcCYhgRYrsIIKC/0+xla5 ddyaV07LrH5OCpc7oYcrOrZojoZYdPCVrvYaiQSYBnQJzYp72iL1lIaeJ50Jdy2a2Ykh BU9hVAllXEg1jYdIzIF7d1B5D409QG/WQ4X2IA/fvF36TxFrQZIxfPyvNmvSF5qWondj cuF2Ldg+wrdAE4XVgKJNww2xc30sUlDi7cn5Ny8pCIvtIoUSJSEeQGmwSNYn8sBuntEL x5Ug== X-Received: by 10.50.43.202 with SMTP id y10mr17815856igl.41.1416929428868; Tue, 25 Nov 2014 07:30:28 -0800 (PST) Received: from [192.168.0.10] (CPE7cb21b2cb904-CM7cb21b2cb901.cpe.net.cable.rogers.com. [99.231.49.38]) by mx.google.com with ESMTPSA id i3sm707774iod.19.2014.11.25.07.30.27 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 25 Nov 2014 07:30:28 -0800 (PST) Message-ID: <5474A08C.2010802@gmail.com> Date: Tue, 25 Nov 2014 10:30:20 -0500 From: Rene Struik User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0 MIME-Version: 1.0 To: Hannes Tschofenig , "Kumar, Sandeep" , Russ Housley , "dtls-iot@ietf.org" References: <6F73BAEE-5FA3-4BCA-9A28-B98E1093CB95@gmail.com> <1B65AA0C-100B-4072-BC30-71B78C49FD32@vigilsec.com> <54665EC1.8020706@gmx.net> <547447BB.6070001@gmx.net> In-Reply-To: <547447BB.6070001@gmx.net> Content-Type: multipart/alternative; boundary="------------040203070002070605000301" Archived-At: http://mailarchive.ietf.org/arch/msg/dtls-iot/C_wCHwXRZiC2TBlyfTIb_Lh2P3E Cc: Dorothy Gellert , Zach Shelby Subject: Re: [Dtls-iot] WGLC for DTLS Profile draft: 11/11/2014 - 11/25/2014 X-BeenThere: dtls-iot@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DTLS for IoT discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Nov 2014 15:30:41 -0000 This is a multi-part message in MIME format. --------------040203070002070605000301 Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit Hi Hannes: I raised the topic of deliberately incompatible nonce formats with draft-mcgrew-tls-aes-ccm-01 (August 5, 2011). At the time, people did not seem to care. For email archive, see, e.g., http://www.ietf.org/mail-archive/web/tls/current/msg07976.html. The decision how to implement an AEAD cipher is of course up to the manufacturer. I know of several cases where chip vendors implemented a cipher for a MAC radio in hardware without any interface that would allow reuse of the same engine by a higher layer (in at least one case forcing a complete chip redesign due to this oversight). Best regards, Rene On 11/25/2014 4:11 AM, Hannes Tschofenig wrote: > Hi Sandeep, > > > On 11/15/2014 04:02 AM, Kumar, Sandeep wrote: >> HI Hannes >> >> Can you clarify if the silicon vendors are implementing AES-CCM or >> plain AES in hardware (i.e. AES-ECB) with the CCM mode implemented in >> software? > It is sometimes a bit hard to say whether functionality is implemented > in software or in hardware since everything is hidden on the chip. > > Just take the Nordic Semiconductor Bluetooth Smart SoC (nRF51822) > https://www.nordicsemi.com/eng/Products/Bluetooth-Smart-Bluetooth-low-energy/nRF51822 > > Due to Bluetooth 4.1 specification it comes with AES-CCM support and the > firmware for this chip can be updated (and there are different versions > of the firmware available). What exactly can be updated is something I > don't know because the firmware image is provided by Nordic. > > Of course, the main purpose of this chip is to run Bluetooth Smart-based > applications and there may not be enough space to run your entire IoT > software stack. You might have other radio technologies running on other > chips as well. As such, in your final product you might end up having > various places where you could run your cryptographic algorithms... > > When I looked at the specifications to answer your question I actually > didn't find the needed info. Maybe I have not searched enough. I will > get in touch with the guys at Nordic to figure it out for this specific > example. > > Your question is obviously quite good and I believe we should put more > text into the draft about this topic to give silicon vendors some > guidance about what to provide. > > >> If it is the former, do you know if they are flexible >> enough to implement AES-CCM with different nonce lengths. The reason >> I ask is because AES-CCM in IEEE 802.15.4 uses a nonce length of >> 13-octets while DTLS uses 12-octets. I have heard of some15.4 chips >> that hard-code (in hardware) the 13-octet nonce length making it >> useless for DTLS. > Is the issue caused by IEEE 802.15.4 or by Zigbee IP? > > Ciao > Hannes > > >> Regards Sandeep >> >> >> >>> -----Original Message----- From: dtls-iot >>> [mailto:dtls-iot-bounces@ietf.org] On Behalf Of Hannes Tschofenig >>> Sent: Friday, November 14, 2014 9:58 AM To: Russ Housley; >>> dtls-iot@ietf.org Cc: Dorothy Gellert; Zach Shelby Subject: Re: >>> [Dtls-iot] WGLC for DTLS Profile draft: 11/11/2014 - 11/25/2014 >>> >>> Hi Russ, >>> >>> thanks for bringing this up. >>> >>> The ciphersuites selected for the DTLS profile draft have been >>> heavily influenced by the work done in the CORE working group. >>> >>> We have been telling silicon partners that they should put AES-CCM >>> into their chips and they have indeed following that >>> recommendation. >>> >>> I believe, however, that this is not a problem as such since the >>> UTA work really has a different scope - they focus on >>> Web/Messaging/Email rather than the IoT space. I sent a mail to >>> their list to request the title to be adjusted. >>> >>> Ciao Hannes >>> >>> On 11/12/2014 01:37 AM, Russ Housley wrote: >>>> DICE document requires TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8. I >>> have no problem with that choice. It makes a lot of sense for >>> small devices. >>>> The HTTPbis is also taking a path that requires an AEAD >>>> algorithm. It would >>> be really nice if the two groups came to a place that allowed >>> interoperability, but HTTPbis seems to be on a path for AES-GCM. >>> AES-CCM is better for small devices. >>>> It seems to me that the two groups should talk to each other >>>> before WG >>> Last Call is over. >>>> Russ >>>> >>>> _______________________________________________ dtls-iot mailing >>>> list dtls-iot@ietf.org >>>> https://www.ietf.org/mailman/listinfo/dtls-iot >>>> >> >> ________________________________ The information contained in this >> message may be confidential and legally protected under applicable >> law. The message is intended solely for the addressee(s). If you are >> not the intended recipient, you are hereby notified that any use, >> forwarding, dissemination, or reproduction of this message is >> strictly prohibited and may be unlawful. If you are not the intended >> recipient, please contact the sender by return e-mail and destroy all >> copies of the original message. >> > > > _______________________________________________ > dtls-iot mailing list > dtls-iot@ietf.org > https://www.ietf.org/mailman/listinfo/dtls-iot -- email: rstruik.ext@gmail.com | Skype: rstruik cell: +1 (647) 867-5658 | US: +1 (415) 690-7363 --------------040203070002070605000301 Content-Type: text/html; charset=windows-1252 Content-Transfer-Encoding: 8bit
Hi Hannes:

I raised the topic of deliberately incompatible nonce formats with draft-mcgrew-tls-aes-ccm-01 (August 5, 2011). At the time, people did not seem to care. For email archive, see, e.g.,  http://www.ietf.org/mail-archive/web/tls/current/msg07976.html.

The decision how to implement an AEAD cipher is of course up to the manufacturer. I know of several cases where chip vendors implemented a cipher for a MAC radio in hardware without any interface that would allow reuse of the same engine by a higher layer (in at least one case forcing a complete chip redesign due to this oversight).

Best regards, Rene



On 11/25/2014 4:11 AM, Hannes Tschofenig wrote:
Hi Sandeep,


On 11/15/2014 04:02 AM, Kumar, Sandeep wrote:

HI Hannes

Can you clarify if the silicon vendors are implementing AES-CCM or
plain AES in hardware (i.e. AES-ECB) with the CCM mode implemented in
software?

It is sometimes a bit hard to say whether functionality is implemented
in software or in hardware since everything is hidden on the chip.

Just take the Nordic Semiconductor Bluetooth Smart SoC (nRF51822)
https://www.nordicsemi.com/eng/Products/Bluetooth-Smart-Bluetooth-low-energy/nRF51822

Due to Bluetooth 4.1 specification it comes with AES-CCM support and the
firmware for this chip can be updated (and there are different versions
of the firmware available). What exactly can be updated is something I
don't know because the firmware image is provided by Nordic.

Of course, the main purpose of this chip is to run Bluetooth Smart-based
applications and there may not be enough space to run your entire IoT
software stack. You might have other radio technologies running on other
chips as well. As such, in your final product you might end up having
various places where you could run your cryptographic algorithms...

When I looked at the specifications to answer your question I actually
didn't find the needed info. Maybe I have not searched enough. I will
get in touch with the guys at Nordic to figure it out for this specific
example.

Your question is obviously quite good and I believe we should put more
text into the draft about this topic to give silicon vendors some
guidance about what to provide.



If it is the former, do you know if they are flexible
enough to implement AES-CCM with different nonce lengths. The reason
I ask is because AES-CCM in IEEE 802.15.4 uses a nonce length of
13-octets while DTLS uses 12-octets. I have heard of some15.4 chips
that hard-code (in hardware) the 13-octet nonce length making it
useless for DTLS.

Is the issue caused by IEEE 802.15.4 or by Zigbee IP?

Ciao
Hannes



Regards Sandeep




-----Original Message----- From: dtls-iot
[mailto:dtls-iot-bounces@ietf.org] On Behalf Of Hannes Tschofenig 
Sent: Friday, November 14, 2014 9:58 AM To: Russ Housley;
dtls-iot@ietf.org Cc: Dorothy Gellert; Zach Shelby Subject: Re:
[Dtls-iot] WGLC for DTLS Profile draft: 11/11/2014 - 11/25/2014

Hi Russ,

thanks for bringing this up.

The ciphersuites selected for the DTLS profile draft have been
heavily influenced by the work done in the CORE working group.

We have been telling silicon partners that they should put AES-CCM
into their chips and they have indeed following that
recommendation.

I believe, however, that this is not a problem as such since the
UTA work really has a different scope - they focus on
Web/Messaging/Email rather than the IoT space. I sent a mail to
their list to request the title to be adjusted.

Ciao Hannes

On 11/12/2014 01:37 AM, Russ Housley wrote:

DICE document requires TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8.  I

have no problem with that choice.  It makes a lot of sense for
small devices.

The HTTPbis is also taking a path that requires an AEAD
algorithm.  It would

be really nice if the two groups came to a place that allowed
interoperability, but HTTPbis seems to be on a path for AES-GCM.
AES-CCM is better for small devices.

It seems to me that the two groups should talk to each other
before WG

Last Call is over.

Russ

_______________________________________________ dtls-iot mailing
list dtls-iot@ietf.org 
https://www.ietf.org/mailman/listinfo/dtls-iot



________________________________ The information contained in this
message may be confidential and legally protected under applicable
law. The message is intended solely for the addressee(s). If you are
not the intended recipient, you are hereby notified that any use,
forwarding, dissemination, or reproduction of this message is
strictly prohibited and may be unlawful. If you are not the intended
recipient, please contact the sender by return e-mail and destroy all
copies of the original message.



      

      

      

      
_______________________________________________
dtls-iot mailing list
dtls-iot@ietf.org
https://www.ietf.org/mailman/listinfo/dtls-iot


    

    

    

    
-- 
email: rstruik.ext@gmail.com | Skype: rstruik
cell: +1 (647) 867-5658 | US: +1 (415) 690-7363

  


--------------040203070002070605000301--


From nobody Tue Nov 25 07:54:12 2014
Return-Path: 
X-Original-To: dtls-iot@ietfa.amsl.com
Delivered-To: dtls-iot@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D300F1A6FCA for ; Tue, 25 Nov 2014 07:54:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level: 
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KcXbi_FPeAha for ; Tue, 25 Nov 2014 07:54:08 -0800 (PST)
Received: from mout.gmx.net (mout.gmx.net [212.227.17.21]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ED83F1A6FC9 for ; Tue, 25 Nov 2014 07:54:07 -0800 (PST)
Received: from [192.168.131.131] ([80.92.115.84]) by mail.gmx.com (mrgmx103) with ESMTPSA (Nemesis) id 0LnxVE-1YQBPa4BVA-00g1jY; Tue, 25 Nov 2014 16:53:59 +0100
Message-ID: <5474A612.9030000@gmx.net>
Date: Tue, 25 Nov 2014 16:53:54 +0100
From: Hannes Tschofenig 
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0
MIME-Version: 1.0
To: "Kumar, Sandeep" ,  Rene Hummen , Dorothy Gellert 
References: <6F73BAEE-5FA3-4BCA-9A28-B98E1093CB95@gmail.com>  <547454D7.3090209@gmx.net> 
In-Reply-To: 
OpenPGP: id=4D776BC9
Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="IpOeeE156P08mhfJ4DPDO6vjg6jb8XBvI"
X-Provags-ID: V03:K0:rBdX7Bbs1mzIyqEAyixoRe6inuRCbF3y37TF3IS6LnNz7bWg2Rn rBfdrE4mer2CDfB45oRKiUHuKYbY5qiGvShRzXlUya8MhDXuk7ojniPXPHWWlNliEOltTix Jdy3oPtdxeKLpoImqThLQkUmy7GyiUcddfmMBTkhQYv2+bkKQ6W1fBlrMQAQ2WnQeGYcQtT eveRwmMLxRBH6BOezu31w==
X-UI-Out-Filterresults: notjunk:1;
Archived-At: http://mailarchive.ietf.org/arch/msg/dtls-iot/PHa4OggeKSCOAVH3b_Shk4DCrQw
Cc: Zach Shelby , "dtls-iot@ietf.org" 
Subject: Re: [Dtls-iot] Retransmission timeout and PSK identity hint
X-BeenThere: dtls-iot@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DTLS for IoT discussion list 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Tue, 25 Nov 2014 15:54:10 -0000

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--IpOeeE156P08mhfJ4DPDO6vjg6jb8XBvI
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable



On 11/25/2014 11:55 AM, Kumar, Sandeep wrote:
> This seems to be a good feature for authorization where the server
> can ask if the client possesses a specific key to perform operations
> on specific resources. Maybe this is not straightforward but
> something to keep in mind for ACE?

Might be worthwhile to keep in mind for the ACE work but I couldn't see
it as useful for the device-to-cloud communication.





--IpOeeE156P08mhfJ4DPDO6vjg6jb8XBvI
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org

iQEcBAEBCgAGBQJUdKYSAAoJEGhJURNOOiAt1mwH/0QEW7idnXG5A+56DGagHjjb
Qd95ZHWuT8k65nNdmGN8gQMLqvVuzELrA04FOuO+Sf29GySQ6ocd8ZUiX6ZvIeaM
8PFv4Db+8o2NWlZA9wX28oi/TEPnHtlbXK5sog8ry5VQGoJ+FSZPGbPIFv+vi8Yl
I/Ls/BTYlC9IRGOADzLJBEDyJXnG0kYDUeUyEIJVBMUEKgfTYQkOihYirYP9nAri
4piqgFOGWLMOB8Jdf+5OGuMSqbcKBgJ39S6U6DPyqt4bZ58i/TKHMsp90sDj6oGv
qBvpc2C+4f0GTfRa9T3q/0gU3RjPC8MM8sGkiDzkdwXpcFG9dXJpRstbqfOoX4c=
=Tgl3
-----END PGP SIGNATURE-----

--IpOeeE156P08mhfJ4DPDO6vjg6jb8XBvI--


From nobody Tue Nov 25 07:55:33 2014
Return-Path: 
X-Original-To: dtls-iot@ietfa.amsl.com
Delivered-To: dtls-iot@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 926911ABC0F for ; Tue, 25 Nov 2014 07:55:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level: 
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3mNsITgMRrXE for ; Tue, 25 Nov 2014 07:55:22 -0800 (PST)
Received: from mail-ig0-x235.google.com (mail-ig0-x235.google.com [IPv6:2607:f8b0:4001:c05::235]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AEB311A9128 for ; Tue, 25 Nov 2014 07:55:11 -0800 (PST)
Received: by mail-ig0-f181.google.com with SMTP id l13so979340iga.14 for ; Tue, 25 Nov 2014 07:55:10 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;  h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type; bh=1oBDDoMYGp51Zl8YhVC04gDuA4sy2VZaosRH6tr1dTY=; b=UeM1mOem2+y5kV+MwmR8rkNuzDWcNbDit2eSGqXWoGZtT5Gl/mGk//Yj8Y59iICUL5 mnBYCkuyPIg+g2RRg9yGThXEu3+AWFFcsqBLXUXMhKHJAgPAI8pvTwWrD1OgXhY+nPl8 Ky9YkNZg+CU2nsE4riciqnN1k5MAWdVGQ+pgS43bpDD/lrCxfdgsZ9qQJK/welGayVFi 8TOJj9M91M3eXBG3niujFEllNt/BMg3YGctMCag+yWnCH1tCil4JR2n99Uesp6gbx+eC oM7JnI7I/xekgXyy5umoU4xnfa9+TNJzOekCAcVpd3y/xAosBCpf56Q8tm3f1as6IGMB +Wmg==
X-Received: by 10.42.84.83 with SMTP id k19mr19286885icl.93.1416930910705; Tue, 25 Nov 2014 07:55:10 -0800 (PST)
Received: from [192.168.0.10] (CPE7cb21b2cb904-CM7cb21b2cb901.cpe.net.cable.rogers.com. [99.231.49.38]) by mx.google.com with ESMTPSA id u33sm748811ioi.6.2014.11.25.07.55.10 for  (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 25 Nov 2014 07:55:10 -0800 (PST)
Message-ID: <5474A656.3080805@gmail.com>
Date: Tue, 25 Nov 2014 10:55:02 -0500
From: Rene Struik 
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0
MIME-Version: 1.0
To: Hannes Tschofenig ,  "Kumar, Sandeep" , "dtls-iot@ietf.org" 
References:  <54745222.5010902@gmx.net>  <54745C48.2040203@gmx.net>  <5474672F.2060205@gmx.net>
In-Reply-To: <5474672F.2060205@gmx.net>
Content-Type: multipart/alternative; boundary="------------030104090309020508010305"
Archived-At: http://mailarchive.ietf.org/arch/msg/dtls-iot/B-LVCuyrRRGVta-w2gtsJl7NqC0
Subject: Re: [Dtls-iot] AES-CCM nonces in DTLS records
X-BeenThere: dtls-iot@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DTLS for IoT discussion list 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Tue, 25 Nov 2014 15:55:30 -0000

This is a multi-part message in MIME format.
--------------030104090309020508010305
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit

Dear colleagues:

I thought DICE was about constrained devices and networks. For those 
devices where energy constraints are at play, this would almost surely 
require hardware-assisted implementation used for packet processing, 
simply to make sure that most of the energy is used for communications, 
not computation.)

(Admittedly, it does not help that the term "internet of things" has 
become almost meaningless and now [witness the reference to Apple] 
apparently even applies to $600 dollar devices talking to each other. 
Extrapolating this number to the 2011 marketing forecasts of 50 billion 
interconnected devices Cisco and Intel would make this a $30 trillion 
market [or about the 2013 GDP of the USA, China, and Japan combined]. 
Clearly, something must be wrong here...)

Best regards, Rene


On 11/25/2014 6:25 AM, Hannes Tschofenig wrote:
> Hi Sandeep,
>
> I wouldn't call it a trend just because Apple does it in their new
> products but quite clearly the cryptographic algorithms evolve over time
> (btw, Curve25519 was listed as well).
>
> Looking at the slides, which list the supported other radio
> technologies, it is likely that some products will have to at least
> support AES-CCM as well (for WiFi and/or for Bluetooth Smart).
>
> As a product designer one has to make a conscious decision about the
> expected product lifetime, degree of interoperability with other
> devices, and the performance. A software-based crypto implementation,
> which allows you to update the algorithm more easily, would give you a
> potential performance hit but would score higher in the other categories.
>
> When looking at teardowns of device it is clear that many of the IoT
> devices are not as constrained as we often like portrait them. Hence,
> having multiple implementations of different algorithms may not always
> be an issue.
>
> Maybe the recommendation in the document on this topic is to be aware of
> the need to switch to different ciphers over the lifetime of the product
> or to even support multiple ciphers (which calls for more flash and
> potentially a faster CPU when a software-based implementation is used).
> We have some text in there that talks about software updates but maybe
> this specific issue could be highlighted.
>
> Ciao
> Hannes
>
> On 11/25/2014 11:50 AM, Kumar, Sandeep wrote:
>> I would not go as far as recommending it right now.
>>
>> There is a clear trend by the big-players in the industry to prefer ChaCha20+Pol1305 which will change the landscape in the coming years. Apple Homekit uses it http://devstreaming.apple.com/videos/wwdc/2014/701xx8n8ca3aq4j/701/701_designing_accessories_for_ios_and_os_x.pdf?dl=1 (Slide 98) and Google Chrome https://www.imperialviolet.org/2013/10/07/chacha20.html
>> The choice is due to performance but now compatibility will help push other players to move sooner too.
>>
>> My 2 cents
>> Sandeep
>>
>>
>>> -----Original Message-----
>>> From: Hannes Tschofenig [mailto:hannes.tschofenig@gmx.net]
>>> Sent: Tuesday, November 25, 2014 11:39 AM
>>> To: Kumar, Sandeep; dtls-iot@ietf.org
>>> Subject: Re: [Dtls-iot] AES-CCM nonces in DTLS records
>>>
>>> Thanks for your response, Sandeep.
>>>
>>> This statement below caught my attention in light of the AES-CCM vs.
>>> AES-GCM discussion. Reading your sentence below gives me the impression
>>> that instead of deciding about AES-CCM and AES-GCM we should instead
>>> recommend ChaCha20+Poly1305.
>>>
>>> Could you elaborate why you think ChaCha20+Poly1305 is becoming more
>>> relevant in the embedded space?
>>>
>>> On 11/25/2014 11:34 AM, Kumar, Sandeep wrote:
>>>> ChaCha20+Poly1305 seems to have made a right choice and becoming
>>> more relevant in the embedded space anyways.
>>
>> ________________________________
>> The information contained in this message may be confidential and legally protected under applicable law. The message is intended solely for the addressee(s). If you are not the intended recipient, you are hereby notified that any use, forwarding, dissemination, or reproduction of this message is strictly prohibited and may be unlawful. If you are not the intended recipient, please contact the sender by return e-mail and destroy all copies of the original message.
>>
>
>
> _______________________________________________
> dtls-iot mailing list
> dtls-iot@ietf.org
> https://www.ietf.org/mailman/listinfo/dtls-iot


-- 
email: rstruik.ext@gmail.com | Skype: rstruik
cell: +1 (647) 867-5658 | US: +1 (415) 690-7363


--------------030104090309020508010305
Content-Type: text/html; charset=windows-1252
Content-Transfer-Encoding: 7bit


  
    
  
  
    
Dear colleagues:

      

      I thought DICE was about constrained devices and networks. For
      those devices where energy constraints are at play, this would
      almost surely require hardware-assisted implementation used for
      packet processing, simply to make sure that most of the energy is
      used for communications, not computation.)

      

      (Admittedly, it does not help that the term "internet of things"
      has become almost meaningless and now [witness the reference to
      Apple] apparently even applies to $600 dollar devices talking to
      each other. Extrapolating this number to the 2011 marketing
      forecasts of 50 billion interconnected devices Cisco and Intel
      would make this a $30 trillion market [or about the 2013 GDP of
      the USA, China, and Japan combined]. Clearly, something must be
      wrong here...)

      

      Best regards, Rene

      

      

      On 11/25/2014 6:25 AM, Hannes Tschofenig wrote:

    

    

      
Hi Sandeep,

I wouldn't call it a trend just because Apple does it in their new
products but quite clearly the cryptographic algorithms evolve over time
(btw, Curve25519 was listed as well).

Looking at the slides, which list the supported other radio
technologies, it is likely that some products will have to at least
support AES-CCM as well (for WiFi and/or for Bluetooth Smart).

As a product designer one has to make a conscious decision about the
expected product lifetime, degree of interoperability with other
devices, and the performance. A software-based crypto implementation,
which allows you to update the algorithm more easily, would give you a
potential performance hit but would score higher in the other categories.

When looking at teardowns of device it is clear that many of the IoT
devices are not as constrained as we often like portrait them. Hence,
having multiple implementations of different algorithms may not always
be an issue.

Maybe the recommendation in the document on this topic is to be aware of
the need to switch to different ciphers over the lifetime of the product
or to even support multiple ciphers (which calls for more flash and
potentially a faster CPU when a software-based implementation is used).
We have some text in there that talks about software updates but maybe
this specific issue could be highlighted.

Ciao
Hannes

On 11/25/2014 11:50 AM, Kumar, Sandeep wrote:


      

        
I would not go as far as recommending it right now.

There is a clear trend by the big-players in the industry to prefer ChaCha20+Pol1305 which will change the landscape in the coming years. Apple Homekit uses it http://devstreaming.apple.com/videos/wwdc/2014/701xx8n8ca3aq4j/701/701_designing_accessories_for_ios_and_os_x.pdf?dl=1 (Slide 98) and Google Chrome https://www.imperialviolet.org/2013/10/07/chacha20.html
The choice is due to performance but now compatibility will help push other players to move sooner too.

My 2 cents
Sandeep




        

          
-----Original Message-----
From: Hannes Tschofenig [mailto:hannes.tschofenig@gmx.net]
Sent: Tuesday, November 25, 2014 11:39 AM
To: Kumar, Sandeep; dtls-iot@ietf.org
Subject: Re: [Dtls-iot] AES-CCM nonces in DTLS records

Thanks for your response, Sandeep.

This statement below caught my attention in light of the AES-CCM vs.
AES-GCM discussion. Reading your sentence below gives me the impression
that instead of deciding about AES-CCM and AES-GCM we should instead
recommend ChaCha20+Poly1305.

Could you elaborate why you think ChaCha20+Poly1305 is becoming more
relevant in the embedded space?

On 11/25/2014 11:34 AM, Kumar, Sandeep wrote:


          

            
ChaCha20+Poly1305 seems to have made a right choice and becoming


          

          
more relevant in the embedded space anyways.


        

        

________________________________
The information contained in this message may be confidential and legally protected under applicable law. The message is intended solely for the addressee(s). If you are not the intended recipient, you are hereby notified that any use, forwarding, dissemination, or reproduction of this message is strictly prohibited and may be unlawful. If you are not the intended recipient, please contact the sender by return e-mail and destroy all copies of the original message.



      

      

      

      

      

      
_______________________________________________
dtls-iot mailing list
dtls-iot@ietf.org
https://www.ietf.org/mailman/listinfo/dtls-iot


    

    

    

    
-- 
email: rstruik.ext@gmail.com | Skype: rstruik
cell: +1 (647) 867-5658 | US: +1 (415) 690-7363

  


--------------030104090309020508010305--


From nobody Tue Nov 25 08:06:55 2014
Return-Path: 
X-Original-To: dtls-iot@ietfa.amsl.com
Delivered-To: dtls-iot@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 592C81ACCE3 for ; Tue, 25 Nov 2014 08:06:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level: 
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G9Qohk4hrVj5 for ; Tue, 25 Nov 2014 08:06:43 -0800 (PST)
Received: from mout.gmx.net (mout.gmx.net [212.227.17.20]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5659E1AC3BE for ; Tue, 25 Nov 2014 08:03:56 -0800 (PST)
Received: from [192.168.131.131] ([80.92.115.84]) by mail.gmx.com (mrgmx102) with ESMTPSA (Nemesis) id 0M4kfR-1Y7ooq3twD-00yvwu; Tue, 25 Nov 2014 17:03:10 +0100
Message-ID: <5474A83C.5010209@gmx.net>
Date: Tue, 25 Nov 2014 17:03:08 +0100
From: Hannes Tschofenig 
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0
MIME-Version: 1.0
To: Rene Struik ,  "Kumar, Sandeep" , Russ Housley ,  "dtls-iot@ietf.org" 
References: <6F73BAEE-5FA3-4BCA-9A28-B98E1093CB95@gmail.com> <1B65AA0C-100B-4072-BC30-71B78C49FD32@vigilsec.com> <54665EC1.8020706@gmx.net>  <547447BB.6070001@gmx.net> <5474A08C.2010802@gmail.com>
In-Reply-To: <5474A08C.2010802@gmail.com>
OpenPGP: id=4D776BC9
Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="saS8Qo9EHkhR5PR3VKp7ShBhOhBmEU82B"
X-Provags-ID: V03:K0:afWFb8TW+ORobL2a3g6hiYyWkq3Glv/xF7ZyYPfSji6L/hirPrt A/ssQYQwjiG7xda40hOINHPFAkvKIVsTbWBgulaZvODNglCUTxxWq/szs2hifrOjxLIR852 Rs7jbiVLAGNKTHNe/UzKsrJYcfzs50qOGaRy/qrgcg0hSylxGERbbFJrNt0OS9eUt0ZgGaF w1e5z8AI6spGsCiJ+Hs/w==
X-UI-Out-Filterresults: notjunk:1;
Archived-At: http://mailarchive.ietf.org/arch/msg/dtls-iot/2xOLrv_wkzXGWkSTYYHttspqQHs
Cc: Dorothy Gellert , Zach Shelby 
Subject: Re: [Dtls-iot] WGLC for DTLS Profile draft: 11/11/2014 - 11/25/2014
X-BeenThere: dtls-iot@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DTLS for IoT discussion list 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Tue, 25 Nov 2014 16:06:53 -0000

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--saS8Qo9EHkhR5PR3VKp7ShBhOhBmEU82B
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable

Hi Rene,

On 11/25/2014 04:30 PM, Rene Struik wrote:
> Hi Hannes:
>=20
> I raised the topic of deliberately incompatible nonce formats with
> draft-mcgrew-tls-aes-ccm-01 (August 5, 2011). At the time, people did
> not seem to care. For email archive, see, e.g.,=20
> http://www.ietf.org/mail-archive/web/tls/current/msg07976.html.

Thanks for the pointer to the earlier discussion. I missed that
discussion thread.

>=20
> The decision how to implement an AEAD cipher is of course up to the
> manufacturer. I know of several cases where chip vendors implemented a
> cipher for a MAC radio in hardware without any interface that would
> allow reuse of the same engine by a higher layer (in at least one case
> forcing a complete chip redesign due to this oversight).

I could imagine.

We should encourage chip manufacturers to make these functions available
for higher layer protocols. Maybe they just haven't thought about the
use case. Again something to capture in the document.

Ciao
Hannes

>=20
> Best regards, Rene
>=20
>=20
>=20
> On 11/25/2014 4:11 AM, Hannes Tschofenig wrote:
>> Hi Sandeep,
>>
>>
>> On 11/15/2014 04:02 AM, Kumar, Sandeep wrote:
>>> HI Hannes
>>>
>>> Can you clarify if the silicon vendors are implementing AES-CCM or
>>> plain AES in hardware (i.e. AES-ECB) with the CCM mode implemented in=

>>> software?
>> It is sometimes a bit hard to say whether functionality is implemented=

>> in software or in hardware since everything is hidden on the chip.
>>
>> Just take the Nordic Semiconductor Bluetooth Smart SoC (nRF51822)
>> https://www.nordicsemi.com/eng/Products/Bluetooth-Smart-Bluetooth-low-=
energy/nRF51822
>>
>> Due to Bluetooth 4.1 specification it comes with AES-CCM support and t=
he
>> firmware for this chip can be updated (and there are different version=
s
>> of the firmware available). What exactly can be updated is something I=

>> don't know because the firmware image is provided by Nordic.
>>
>> Of course, the main purpose of this chip is to run Bluetooth Smart-bas=
ed
>> applications and there may not be enough space to run your entire IoT
>> software stack. You might have other radio technologies running on oth=
er
>> chips as well. As such, in your final product you might end up having
>> various places where you could run your cryptographic algorithms...
>>
>> When I looked at the specifications to answer your question I actually=

>> didn't find the needed info. Maybe I have not searched enough. I will
>> get in touch with the guys at Nordic to figure it out for this specifi=
c
>> example.
>>
>> Your question is obviously quite good and I believe we should put more=

>> text into the draft about this topic to give silicon vendors some
>> guidance about what to provide.
>>
>>
>>> If it is the former, do you know if they are flexible
>>> enough to implement AES-CCM with different nonce lengths. The reason
>>> I ask is because AES-CCM in IEEE 802.15.4 uses a nonce length of
>>> 13-octets while DTLS uses 12-octets. I have heard of some15.4 chips
>>> that hard-code (in hardware) the 13-octet nonce length making it
>>> useless for DTLS.
>> Is the issue caused by IEEE 802.15.4 or by Zigbee IP?
>>
>> Ciao
>> Hannes
>>
>>
>>> Regards Sandeep
>>>
>>>
>>>
>>>> -----Original Message----- From: dtls-iot
>>>> [mailto:dtls-iot-bounces@ietf.org] On Behalf Of Hannes Tschofenig=20
>>>> Sent: Friday, November 14, 2014 9:58 AM To: Russ Housley;
>>>> dtls-iot@ietf.org Cc: Dorothy Gellert; Zach Shelby Subject: Re:
>>>> [Dtls-iot] WGLC for DTLS Profile draft: 11/11/2014 - 11/25/2014
>>>>
>>>> Hi Russ,
>>>>
>>>> thanks for bringing this up.
>>>>
>>>> The ciphersuites selected for the DTLS profile draft have been
>>>> heavily influenced by the work done in the CORE working group.
>>>>
>>>> We have been telling silicon partners that they should put AES-CCM
>>>> into their chips and they have indeed following that
>>>> recommendation.
>>>>
>>>> I believe, however, that this is not a problem as such since the
>>>> UTA work really has a different scope - they focus on
>>>> Web/Messaging/Email rather than the IoT space. I sent a mail to
>>>> their list to request the title to be adjusted.
>>>>
>>>> Ciao Hannes
>>>>
>>>> On 11/12/2014 01:37 AM, Russ Housley wrote:
>>>>> DICE document requires TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8.  I
>>>> have no problem with that choice.  It makes a lot of sense for
>>>> small devices.
>>>>> The HTTPbis is also taking a path that requires an AEAD
>>>>> algorithm.  It would
>>>> be really nice if the two groups came to a place that allowed
>>>> interoperability, but HTTPbis seems to be on a path for AES-GCM.
>>>> AES-CCM is better for small devices.
>>>>> It seems to me that the two groups should talk to each other
>>>>> before WG
>>>> Last Call is over.
>>>>> Russ
>>>>>
>>>>> _______________________________________________ dtls-iot mailing
>>>>> list dtls-iot@ietf.org=20
>>>>> https://www.ietf.org/mailman/listinfo/dtls-iot
>>>>>
>>>
>>> ________________________________ The information contained in this
>>> message may be confidential and legally protected under applicable
>>> law. The message is intended solely for the addressee(s). If you are
>>> not the intended recipient, you are hereby notified that any use,
>>> forwarding, dissemination, or reproduction of this message is
>>> strictly prohibited and may be unlawful. If you are not the intended
>>> recipient, please contact the sender by return e-mail and destroy all=

>>> copies of the original message.
>>>
>>
>>
>> _______________________________________________
>> dtls-iot mailing list
>> dtls-iot@ietf.org
>> https://www.ietf.org/mailman/listinfo/dtls-iot
>=20
>=20
> --=20
> email: rstruik.ext@gmail.com | Skype: rstruik
> cell: +1 (647) 867-5658 | US: +1 (415) 690-7363
>=20


--saS8Qo9EHkhR5PR3VKp7ShBhOhBmEU82B
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org

iQEcBAEBCgAGBQJUdKg8AAoJEGhJURNOOiAtO6IIAIYRpKoddk4Kc1SdtD9AU8H4
psciJa1J/oFCXJ0/DGtPB/sTUE5+KjUt/4GvHsIMrhUXciCrSSeuDPQyW0RW4wLi
UiwYjyxfkJZcFTt0CMnjOIJ9QQ2OBfrU1Vfb+eXaIglHFDloq+tK/sREYTHyI4pN
TgJCMhbOnT947RtlqQzSJHkDC0+IF1phDWwOs6c4XUSwMP43PiJc9i9IciAxazqA
DIlS1GTFNKksB1aZH9SpmYoP7ZAtyh4J8lqV+daoCEuU6oyRnRPQC+1eZQUJvRhn
yeKcSXGzZgSAR2I36J4g1/SF45lLVufrTBSFd/QMHP79e61/oYy4Jl0V4Y2thBM=
=Ly8H
-----END PGP SIGNATURE-----

--saS8Qo9EHkhR5PR3VKp7ShBhOhBmEU82B--


From nobody Tue Nov 25 08:14:51 2014
Return-Path: 
X-Original-To: dtls-iot@ietfa.amsl.com
Delivered-To: dtls-iot@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 290CE1AC3B9 for ; Tue, 25 Nov 2014 08:14:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level: 
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9,  DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TLAiIfSV7kXk for ; Tue, 25 Nov 2014 08:14:46 -0800 (PST)
Received: from mail-ie0-x22b.google.com (mail-ie0-x22b.google.com [IPv6:2607:f8b0:4001:c03::22b]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6CDC41A701A for ; Tue, 25 Nov 2014 08:14:46 -0800 (PST)
Received: by mail-ie0-f171.google.com with SMTP id rl12so828838iec.16 for ; Tue, 25 Nov 2014 08:14:45 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;  h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=lGUsadYtYLdX8tUGMpF3dSxxrp/xuTj4oaTimVIMeG0=; b=zzChkNbMaVpLcCSeOSGdwT1p+S+K+XzkcBsWjBxOzAnpIPY5xTzFq9vDIPwL88OPzL 2x3UHtNPkEbLfUppghQXJsGDBOzqlQa1kYCyfgrT+F6yU1/tN9fEp02BcAwVC49h9Zei 0j+WJAJcyC5eIaU5fyAj3HeOXHmJZ7S/f51EiOX/k0mHULo5Q+UxbR6ZcEZptPLBbzAC 2kF5d3I7QI5hdYY5h3/onIFsgwN8028VWcYTSJKlnEkWJ3rcaR+Op4C87z1suXrn/IKV 2udBncdva2olHExoE4CezVNXXuVSy/NjFo51simwxWVv79QvZLtbaMm4rs0hsfn+1Eij L3wg==
X-Received: by 10.50.143.73 with SMTP id sc9mr18379766igb.27.1416932085100; Tue, 25 Nov 2014 08:14:45 -0800 (PST)
Received: from [192.168.0.10] (CPE7cb21b2cb904-CM7cb21b2cb901.cpe.net.cable.rogers.com. [99.231.49.38]) by mx.google.com with ESMTPSA id vf6sm1220105igb.6.2014.11.25.08.14.44 for  (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 25 Nov 2014 08:14:44 -0800 (PST)
Message-ID: <5474AAEC.6070305@gmail.com>
Date: Tue, 25 Nov 2014 11:14:36 -0500
From: Rene Struik 
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0
MIME-Version: 1.0
To: Stephen Farrell ,  Zach Shelby 
References: <6F73BAEE-5FA3-4BCA-9A28-B98E1093CB95@gmail.com> <1B65AA0C-100B-4072-BC30-71B78C49FD32@vigilsec.com> <54665EC1.8020706@gmx.net>  <54668854.1020503@cs.tcd.ie> <54743777.8000800@gmx.net>  <547448EB.8070506@gmx.net> <54745340.3090905@cs.tcd.ie> <266F80F5-81AD-421C-99EB-77C4CDAD25D4@arm.com> <54745AD4.2000300@cs.tcd.ie>
In-Reply-To: <54745AD4.2000300@cs.tcd.ie>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/dtls-iot/mlDyDBMMs-UW6_tyjCnnVhJHuJo
Cc: Dorothy Gellert , Hannes Tschofenig , Russ Housley , "dtls-iot@ietf.org" 
Subject: Re: [Dtls-iot] WGLC for DTLS Profile draft: 11/11/2014 - 11/25/2014
X-BeenThere: dtls-iot@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DTLS for IoT discussion list 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Tue, 25 Nov 2014 16:14:50 -0000

Hi Stephen:

Wifi devices (and, thereby, almost every consumer device on the planet that connects to the internet via a wireless link) use the CCM mode of operation. So, arguably your term "rest of the Internet" is somewhat imprecise.

BTW - while the CCM mode may be not that pretty from a mathematical appeal perspective, I do not see how it practically would fare worse than the GCM mode for typical IP packet sizes.

Best regards, Rene

==

The fact that CCM is required by CoAP or DICE is unfortunate
and not a good thing since the rest of the Internet isn't afaik
using CCM. (It's still probably the right thing, even if
regrettable due to platform constraints.)


On 11/25/2014 5:32 AM, Stephen Farrell wrote:
>
> On 25/11/14 10:18, Zach Shelby wrote:
>> Stephen,
>>
>> I don't agree that the situation should just be left as-is. You are
>> correct that that UTA BCP is very broad ranging in scope in -07 of
>> the draft. In order to not totally contradict ourselves, there are
>> two options. This isn't about winning, just not confusing the
>> community when they read our specifications.
>>
>> Option 1 - Fix the scope of the UTA BCP to specifically not include
>> IoT. I think this is what Hannes was suggesting.
> The scope of the UTA BCP is not broken IMO. If you think it is
> you'll have an IETF LC shortly where saying that would be the
> thing to do.
>
>> Option 2 - Include a reference in the UTA BCP to the CCM based cipher
>> suites already recommended for use with DTLS in CoAP, and other
>> industry standards.
> Was discussed and I think rejected on UTA list. That could
> have been done though as a footnote.
>
>> This could potentially cause interoperability if the specifications
>> cause confusion. But I don't see an interoperability problem today,
> Really? We have two pointlessly different modes that won't talk
> to one another? Seems like a crystal clear interop issue to me.
> There is no confusion though we just have devices that can't talk
> to the rest of the Internet easily because of this.
>
>> for CoAP over DTLS the must implement cipher suites are very clearly
>> defined.
> Sure. It's clear and it works. But I don't think I've seen any
> TLS usage stats that show up CCM ciphersuites whether for the
> web or mail or other applications. Might be useful to go looking
> but I'm not sure if folks have done that.
>
> The fact that CCM is required by CoAP or DICE is unfortunate
> and not a good thing since the rest of the Internet isn't afaik
> using CCM. (It's still probably the right thing, even if
> regrettable due to platform constraints.)
>
> S.
>
>> Zach
>>
>> On Nov 25, 2014, at 12:00 PM, Stephen Farrell
>>  wrote:
>>
>>
>> Hannes,
>>
>> - I don't think you're correct that the UTA BCP is only about the web
>> but let's not debate that here. - It's probably best to not
>> complicate the UTA BCP with any specifics of devices that cannot do
>> GCM. - The GCM/CCM situation is IMO far from perfect but we have to
>> live with it. - Any attempts to "win" here (e.g. to try push for use
>> of a mode where it won't work) would be a bad plan - we should look
>> at this as an interop problem that needs to be worked around and not
>> have a silly "my mode is better than yours" argument (not saying
>> you're doing that) - It'd be good if those developing systems and
>> lower layer standards recognised the interop problem and tried to
>> help make it better (that might already be happening, I'm not sure)
>>
>> S.
>>
>> On 25/11/14 09:16, Hannes Tschofenig wrote:
>>>>> Hi Zach,
>>>>>
>>>>> it would be option #d in my list below. In fact, I have
>>>>> already dropped a mail to the UTA list about their document and
>>>>> raised the issue of scoping. Their document is really is about
>>>>> the Web. I fear that nobody had really looked at their document
>>>>> in detail since otherwise someone would have noticed that it
>>>>> also talks briefly about email and XMPP while there is other
>>>>> work in the group that provides much greater detail on those
>>>>> topic. In the same spirit I see the IoT case as something that
>>>>> does not belong in their document at all. TLS (and DTLS) is
>>>>> just used in a number of different deployments and they are a
>>>>> bit different.
>>>>>
>>>>> Ciao Hannes
>>>>>
>>>>>
>>>>> On 11/25/2014 09:25 AM, Zach Shelby wrote:
>>>>>> In addition to actual hardware support for AES-CCM in the
>>>>>> embedded SoC industry, which won't go away anytime soon, I
>>>>>> would also point out that the required cipher suites in CoAP
>>>>>> are CCM based as well. We really do need to support CCM in
>>>>>> the DICE Profile. We could indicate support for GCM as well,
>>>>>> but I don't think that is particularly important.
>>>>>>
>>>>>> Regarding the UTA doc, considering that it is general
>>>>>> recommendations for TLS and DTLS, this should really align
>>>>>> with the needs of the DICE and CoRE working groups (and thus
>>>>>> the IoT industry) as well. It is totally contradictory to
>>>>>> indicate in draft-ietf-uta-tls-bcp that GCM is recommended,
>>>>>> and then in several other RFCs dependent on DTLS recommend
>>>>>> the use of CCM. At the minimum that document should have a
>>>>>> reference to the use of CCM in IoT specifications.
>>>>>>
>>>>>> That would be option c from your list Hannes?
>>>>>>
>>>>>> Zach
>>>>>>
>>>>>> On Nov 25, 2014, at 10:01 AM, Hannes Tschofenig
>>>>>>  wrote:
>>>>>>
>>>>>>> Hi Stephen,
>>>>>>>
>>>>>>> I personally don't care too much about the different AES
>>>>>>> modes of operation. I don't have a particularly preference
>>>>>>> since both will have more or less the same code size and
>>>>>>> performance (particularly when we talk about small message
>>>>>>> sizes). Of course, it would have been useful to think about
>>>>>>> this issue earlier when CCM and GCM were developed (funny
>>>>>>> enough by two IETF folks, Russ and David McGrew). In any
>>>>>>> case, I don't want to get dragged into this "my algorithm
>>>>>>> is better than yours" debate.
>>>>>>>
>>>>>>> The issue is just that other SDOs have also selected
>>>>>>> AES-CCM, such as Bluetooth Smart, Zigbee IP* (if that
>>>>>>> matters anymore today), and IEEE 802.11i (which isn't
>>>>>>> necessarily a low power radio but still used in certain IoT
>>>>>>> deployments).
>>>>>>>
>>>>>>> These silicon manufacturers then made these algorithms
>>>>>>> available for developers as well (besides using them for
>>>>>>> the underlying radio technology). Furthermore, they have
>>>>>>> also been added to SoCs even without the radio technology.
>>>>>>>
>>>>>>> In many cases these algorithm implementations cannot be
>>>>>>> updated (even if they are just software running on the
>>>>>>> chip) rather than being really in hardware.
>>>>>>>
>>>>>>> Whether it is useful to put the entire algorithm in
>>>>>>> hardware or instead just some primitives is yet another
>>>>>>> story but I guess it is a bit too late for that
>>>>>>> discussion.
>>>>>>>
>>>>>>> The question therefore is what could be done about this
>>>>>>> situation. Here are the options:
>>>>>>>
>>>>>>> a) Change the recommendations in the UTA document to
>>>>>>> AES-CCM b) Change the recommendations in the DTLS profile
>>>>>>> document to AES-GCM c) Indicate support for both (AES-CCM
>>>>>>> and AES-GCM) d) Leave the documents as they are since they
>>>>>>> target different industry segments/use cases.
>>>>>>>
>>>>>>> As I argued earlier I think option (d) is the way to go.
>>>>>>>
>>>>>>> Ciao Hannes
>>>>>>>
>>>>>>> *: According to my understanding Zigbee IP uses a variation
>>>>>>> of AES-CCM.
>>>>>>>
>>>>>>> On 11/14/2014 11:55 PM, Stephen Farrell wrote:
>>>>>>>> Hi Russ,
>>>>>>>>
>>>>>>>> 
>>>>>>>>
>>>>>>>> On 14/11/14 20:05, Russ Housley wrote:
>>>>>>>>> Hannes:
>>>>>>>>>
>>>>>>>>> I understand the hardware situation.  That was the
>>>>>>>>> point I was trying to make when I said, "It makes a lot
>>>>>>>>> of sense for small devices." Please explain this
>>>>>>>>> situation in HTTPbis.  My hope is that they will join
>>>>>>>>> you by either picking AES-CCM or picking both AES-GCM
>>>>>>>>> and AES-CCM.
>>>>>>>> I'm not getting why we see having two AES modes as
>>>>>>>> advantageous.
>>>>>>>>
>>>>>>>> I get that there are devices out there with CCM and that
>>>>>>>> that's unlikely to go away, and that the same is true
>>>>>>>> for GCM, but that seems like a thing that's a pain to
>>>>>>>> work around.
>>>>>>>>
>>>>>>>> Or am I over interpreting "hope" there?
>>>>>>>>
>>>>>>>> 
>>>>>>>>
>>>>>>>> S.
>>>>>>>>
>>>>>>>>
>>>>>>>>> Russ
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Nov 14, 2014, at 2:57 PM, Hannes Tschofenig wrote:
>>>>>>>>>
>>>>>>>>>> Hi Russ,
>>>>>>>>>>
>>>>>>>>>> thanks for bringing this up.
>>>>>>>>>>
>>>>>>>>>> The ciphersuites selected for the DTLS profile draft
>>>>>>>>>> have been heavily influenced by the work done in the
>>>>>>>>>> CORE working group.
>>>>>>>>>>
>>>>>>>>>> We have been telling silicon partners that they
>>>>>>>>>> should put AES-CCM into their chips and they have
>>>>>>>>>> indeed following that recommendation.
>>>>>>>>>>
>>>>>>>>>> I believe, however, that this is not a problem as
>>>>>>>>>> such since the UTA work really has a different scope
>>>>>>>>>> - they focus on Web/Messaging/Email rather than the
>>>>>>>>>> IoT space. I sent a mail to their list to request the
>>>>>>>>>> title to be adjusted.
>>>>>>>>>>
>>>>>>>>>> Ciao Hannes
>>>>>>>>>>
>>>>>>>>>> On 11/12/2014 01:37 AM, Russ Housley wrote:
>>>>>>>>>>> DICE document requires
>>>>>>>>>>> TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8.  I have no
>>>>>>>>>>> problem with that choice.  It makes a lot of sense
>>>>>>>>>>> for small devices.
>>>>>>>>>>>
>>>>>>>>>>> The HTTPbis is also taking a path that requires an
>>>>>>>>>>> AEAD algorithm.  It would be really nice if the
>>>>>>>>>>> two groups came to a place that allowed
>>>>>>>>>>> interoperability, but HTTPbis seems to be on a path
>>>>>>>>>>> for AES-GCM.  AES-CCM is better for small devices.
>>>>>>>>>>>
>>>>>>>>>>> It seems to me that the two groups should talk to
>>>>>>>>>>> each other before WG Last Call is over.
>>>>>>>>>>>
>>>>>>>>>>> Russ
>>>>>>>>> _______________________________________________
>>>>>>>>> dtls-iot mailing list dtls-iot@ietf.org
>>>>>>>>> https://www.ietf.org/mailman/listinfo/dtls-iot
>>>>>>>>>
>>>>>> Zach Shelby Director of Technical Marketing ARM Internet of
>>>>>> Things BU www.arm.com US: +1 (408) 203-9434 Finland: +358
>>>>>> 407796297 Skype: zdshelby LinkedIn:
>>>>>> fi.linkedin.com/in/zachshelby/
>>>>>>
>>>>>>
>>>>>> -- IMPORTANT NOTICE: The contents of this email and any
>>>>>> attachments are confidential and may also be privileged. If
>>>>>> you are not the intended recipient, please notify the sender
>>>>>> immediately and do not disclose the contents to any other
>>>>>> person, use it for any purpose, or store or copy the
>>>>>> information in any medium.  Thank you.
>>>>>>
>>>>>> ARM Limited, Registered office 110 Fulbourn Road, Cambridge
>>>>>> CB1 9NJ, Registered in England & Wales, Company No:  2557590
>>>>>> ARM Holdings plc, Registered office 110 Fulbourn Road,
>>>>>> Cambridge CB1 9NJ, Registered in England & Wales, Company No:
>>>>>> 2548782
>>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________ dtls-iot
>>>>> mailing list dtls-iot@ietf.org
>>>>> https://www.ietf.org/mailman/listinfo/dtls-iot
>>>>>
>> Zach Shelby Director of Technical Marketing ARM Internet of Things
>> BU www.arm.com US: +1 (408) 203-9434 Finland: +358 407796297 Skype:
>> zdshelby LinkedIn: fi.linkedin.com/in/zachshelby/
>>
>>
>> -- IMPORTANT NOTICE: The contents of this email and any attachments
>> are confidential and may also be privileged. If you are not the
>> intended recipient, please notify the sender immediately and do not
>> disclose the contents to any other person, use it for any purpose, or
>> store or copy the information in any medium.  Thank you.
>>
>> ARM Limited, Registered office 110 Fulbourn Road, Cambridge CB1 9NJ,
>> Registered in England & Wales, Company No:  2557590 ARM Holdings plc,
>> Registered office 110 Fulbourn Road, Cambridge CB1 9NJ, Registered in
>> England & Wales, Company No:  2548782
>>
>> _______________________________________________ dtls-iot mailing
>> list dtls-iot@ietf.org
>> https://www.ietf.org/mailman/listinfo/dtls-iot
>>
>>
> _______________________________________________
> dtls-iot mailing list
> dtls-iot@ietf.org
> https://www.ietf.org/mailman/listinfo/dtls-iot


-- 
email: rstruik.ext@gmail.com | Skype: rstruik
cell: +1 (647) 867-5658 | US: +1 (415) 690-7363


From nobody Tue Nov 25 09:04:25 2014
Return-Path: 
X-Original-To: dtls-iot@ietfa.amsl.com
Delivered-To: dtls-iot@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 69EDC1ACE73 for ; Tue, 25 Nov 2014 09:04:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.245
X-Spam-Level: 
X-Spam-Status: No, score=-1.245 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_SOFTFAIL=0.665, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 82KNpW3omPwt for ; Tue, 25 Nov 2014 09:04:20 -0800 (PST)
Received: from smtp-in1.interdigital.com (smtp-in1.interdigital.com [64.208.228.133]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5357C1ACEA5 for ; Tue, 25 Nov 2014 09:04:13 -0800 (PST)
X-ASG-Debug-ID: 1416935051-06daaa130d207100001-roOjxa
Received: from smtp-out1.interdigital.com (sahara.interdigital.com [10.0.128.27]) by smtp-in1.interdigital.com with ESMTP id xEcZGCd3hOG4ybyB for ; Tue, 25 Nov 2014 12:04:11 -0500 (EST)
X-Barracuda-Envelope-From: Akbar.Rahman@InterDigital.com
Received: from interdigital.com ([10.0.128.12]) by smtp-out1.interdigital.com with Microsoft SMTPSVC(6.0.3790.4675);  Tue, 25 Nov 2014 12:04:11 -0500
Received: from KYANITE.InterDigital.com ([10.1.64.253]) by interdigital.com with Microsoft SMTPSVC(6.0.3790.4675);  Tue, 25 Nov 2014 12:04:11 -0500
Received: from NALENITE.InterDigital.com (10.2.64.253) by KYANITE.InterDigital.com (10.1.64.253) with Microsoft SMTP Server (TLS) id 14.3.210.2; Tue, 25 Nov 2014 12:04:10 -0500
Received: from NABESITE.InterDigital.com ([fe80::4d8a:a889:67c2:f009]) by NALENITE.InterDigital.com ([::1]) with mapi id 14.03.0210.002; Tue, 25 Nov 2014 12:04:10 -0500
From: "Rahman, Akbar" 
To: Hannes Tschofenig , "kovatsch@inf.ethz.ch" 
Thread-Topic: Unconstrained DTLS servers
X-ASG-Orig-Subj: RE: Unconstrained DTLS servers
Thread-Index: AQHQCH7CJlkejXpj60iLOY/e3NAUt5xxoJUA///vZ/A=
Date: Tue, 25 Nov 2014 17:04:09 +0000
Message-ID: <36F5869FE31AB24485E5E3222C288E1F0819AF@NABESITE.InterDigital.com>
References: <54742B21.7040806@gmx.net> <54747BE6.9010808@gmx.net>
In-Reply-To: <54747BE6.9010808@gmx.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [10.3.1.235]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginalArrivalTime: 25 Nov 2014 17:04:11.0029 (UTC) FILETIME=[D51BA450:01D008D1]
X-Barracuda-Connect: sahara.interdigital.com[10.0.128.27]
X-Barracuda-Start-Time: 1416935051
X-Barracuda-URL: https://10.1.245.3:443/cgi-mod/mark.cgi
X-Virus-Scanned: by bsmtpd at interdigital.com
X-Barracuda-BRTS-Status: 1
X-Barracuda-Spam-Score: 0.00
X-Barracuda-Spam-Status: No, SCORE=0.00 using global scores of TAG_LEVEL=1000.0 QUARANTINE_LEVEL=1000.0 KILL_LEVEL=9.0 tests=
X-Barracuda-Spam-Report: Code version 3.2, rules version 3.2.3.12031 Rule breakdown below pts rule name              description ---- ---------------------- --------------------------------------------------
Archived-At: http://mailarchive.ietf.org/arch/msg/dtls-iot/1HRfUYt0Rsd_qlK-t964h075nw0
Cc: "dtls-iot@ietf.org" 
Subject: Re: [Dtls-iot] Unconstrained DTLS servers
X-BeenThere: dtls-iot@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DTLS for IoT discussion list 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Tue, 25 Nov 2014 17:04:22 -0000

SGkgSGFubmVzLA0KDQoNCj5JIGFtIHJlc3BvbmRpbmcgdG8gbXkgb3duIG1haWwgYmVjYXVzZSBJ
IGFtIHN0aWxsIGxvb2tpbmcgZm9yIHRoZSB1c2UgY2FzZXMgZm9yIHRoZSBjYXNlIHdoZXJlIGEg
Y2xpZW50IChjb25zdHJhaW5lZCBvciB1bmNvbnN0cmFpbmVkKSB0YWxrcyB0byBhIGNvbnN0cmFp
bmVkIHNlcnZlci4NCg0KTWF5YmUgd2UgYXJlIGp1c3QgdXNpbmcgZGlmZmVyZW50IGZyYW1lcyBv
ZiByZWZlcmVuY2UgaGVyZS4NCg0KLSBJbiBDb0FQLCB0aGUgc2VuZGVyIG9mIHRoZSBDb0FQIFJl
cXVlc3QgbWVzc2FnZSBpcyBhbHdheXMgdGhlIENsaWVudCBhbmQgdGhlIHJlY2VpdmVyIG9mIHRo
ZSBSZXF1ZXN0IG1lc3NhZ2UgaXMgYWx3YXlzIHRoZSBTZXJ2ZXIgKHNlZSBodHRwOi8vdG9vbHMu
aWV0Zi5vcmcvaHRtbC9yZmM3MjUyI3NlY3Rpb24tNSApLg0KDQotIFNvIGxldCdzIHNpbXBseSB0
YWtlIHRoZSBjYXNlIG9mIGEgc21hbGwgKGNvbnN0cmFpbmVkKSBzZW5zb3IgdGhhdCBvbmx5IG1l
YXN1cmVzIHRlbXBlcmF0dXJlLiAgIEluIHRoaXMgY2FzZSB0aGUgc2Vuc29yIHdpbGwgYWN0IGFz
IGEgY29uc3RyYWluZWQgc2VydmVyIGFzIHNvb24gYXMgaXQgaXMgcG9sbGVkIChHRVQpIGZvciBp
dHMgY3VycmVudCB0ZW1wZXJhdHVyZQ0KDQoNCkRvZXMgdGhhdCBoZWxwIGNsYXJpZnkgdGhpbmdz
IGEgYml0Pw0KDQoNCg0KQmVzdCBSZWdhcmRzLA0KDQoNCkFrYmFyDQoNCi0tLS0tT3JpZ2luYWwg
TWVzc2FnZS0tLS0tDQpGcm9tOiBIYW5uZXMgVHNjaG9mZW5pZyBbbWFpbHRvOmhhbm5lcy50c2No
b2ZlbmlnQGdteC5uZXRdIA0KU2VudDogVHVlc2RheSwgTm92ZW1iZXIgMjUsIDIwMTQgNzo1NCBB
TQ0KVG86IGtvdmF0c2NoQGluZi5ldGh6LmNoOyBSYWhtYW4sIEFrYmFyDQpDYzogZHRscy1pb3RA
aWV0Zi5vcmcNClN1YmplY3Q6IFJlOiBVbmNvbnN0cmFpbmVkIERUTFMgc2VydmVycw0KDQpJIGFt
IHJlc3BvbmRpbmcgdG8gbXkgb3duIG1haWwgYmVjYXVzZSBJIGFtIHN0aWxsIGxvb2tpbmcgZm9y
IHRoZSB1c2UgY2FzZXMgZm9yIHRoZSBjYXNlIHdoZXJlIGEgY2xpZW50IChjb25zdHJhaW5lZCBv
ciB1bmNvbnN0cmFpbmVkKSB0YWxrcyB0byBhIGNvbnN0cmFpbmVkIHNlcnZlci4NCg0KQ2xlYXJs
eSwgdGhlIGNsb3VkIGluZnJhc3RydWN0dXJlIGNhbiBoYXJkbHkgYmUgY2FsbGVkICJjb25zdHJh
aW5lZCIgaW4gb3VyIHRlcm1pbm9sb2d5LiBTbywgd2UgY2FuIHJ1bGUgb3V0IHRoYXQgdXNlIGNh
c2UuDQoNCkZyb20NCmh0dHA6Ly90c2Nob2ZlbmlnLnByaXYuYXQvYWNlL2ludGVyaW0yMDE0L0Rl
c2lnbi1QYXR0ZXJuc19IYW5uZXNUc2Nob2ZlbmlnLnBkZg0KSSBndWVzcyB3ZSB3b3VsZCByZWFs
bHkgYmUgdGFsa2luZyBhYm91dCBhIGRldmljZS10by1kZXZpY2Ugc2NlbmFyaW8uDQpUaGlzIG1p
Z2h0IGJlIHRoZSBzaXR1YXRpb24gd2hlcmUgeW91IGhhdmUgSW9UIGRldmljZXMgaW4gYSBsb2Nh
bCBuZXR3b3JrIHdhaXRpbmcgZm9yIGVhY2ggb3RoZXIgdG8gYmUgZGlzY292ZXJlZC4NCihJIGFt
IGV4Y2x1ZGluZyB0aGUgY2FzZSB3aGVyZSB0aGUgZGV2aWNlcyBhcmUgb25seSBvbmUgbGluayBs
YXllciBob3AgYXdheSBmcm9tIGVhY2ggb3RoZXIuKQ0KDQpJbiBhIHRydWUgcGVlci10by1wZWVy
IHNjZW5hcmlvIHRoZXJlIHdvdWxkbid0IGJlIGFuIGF1dGhvcml6YXRpb24gc2VydmVyIGFuZCBo
ZW5jZSB0aGUgc2VjdXJpdHkgbW9kZWwgbWlnaHQgYmUgbW9yZSB0cnVzdCBvbiBmaXJzdCB1c2Ug
b3IgbWF5YmUgc29tZSBmb3JtIG9mIG91dC1vZi1iYW5kIHZhbGlkYXRpb24uIEEgUFNLIG1vZGUg
d291bGRuJ3QgbWFrZSBhIGxvdCBvZiBzZW5zZSAoc2luY2UgdGhlIFBTSyBpcyB0b28gbG9uZyBm
b3IgYSB1c2VyIHRvIGVudGVyKSBidXQgYW4gU1JQLWFsaWtlIGNvbmNlcHQgZG9lcyAoYXMgdXNl
ZCBpbiB0aGUgQXBwbGUgSG9tZWtpdCBhbmQgTmVzdC1hbGlrZSBkZXZpY2VzKS4gQXMgc2hvd24g
YWxyZWFkeSBpbiBaaWdiZWUgSVAgKGFuZCBsYXRlciBpbiBUaHJlYWQpIHRoZSBwcm9ibGVtIGlz
IG5vdCBvbmx5IHRvIGNvbm5lY3QgdG8gdGhlIG90aGVyIHNlcnZlciBidXQgYWxzbyB0byBnZXQg
dGhlIG5ldHdvcmsgYXR0YWNobWVudCBwcm9jZWR1cmUgZXhlY3V0ZWQgaW4gdGhlIGZpcnN0IHBs
YWNlICh3aGljaCBtaWdodCBtYWtlIHVzZSBvZiBzb21lIFRMUy9EVExTIGV4Y2hhbmdlKS4NCg0K
Rm9yIGEgc2NlbmFyaW8gd2hlcmUgdGhlcmUgaXMgYSB0cnVzdGVkIHRoaXJkIHBhcnR5IHRoZSBz
dG9yeSBpcyBxdWl0ZSBkaWZmZXJlbnQsIG5hbWVseSB3aXRoIGEgQ0EtYmFzZWQgbW9kZWwgKHN1
Y2ggYXMgd2l0aCBhIGhhcmR3YXJlIG1hbnVmYWN0dXJlciBwcm92aWRlZCBjZXJ0aWZpY2F0ZSkg
dGhlIHRoaXJkIHBhcnR5IGlzIHRoZSBDQSBhbmQgRFRMUyBjb3VsZCBiZSBleGVjdXRlZCBuaWNl
bHkgd2hlbiBhdXRoZW50aWNhdGlvbiBpcyB0aGUgbWFpbiBjb25jZXJuIGFuZCBhbGwgZGV2aWNl
cyBhcmUgcHJvdmlzaW9uZWQgd2l0aCB0aGUgc2FtZSB0cnVzdCBhbmNob3JzLg0KDQpGb3IgYSBt
b3JlIEtlcmJlcm9zL09BdXRoIG1vZGVsIHRoZXJlIGFyZSBtb3JlIG9wdGlvbnMgaW4gdGVybXMg
b2YgY3JlZGVudGlhbHMuIFBTSywgYW5kIHJhdyBwdWJsaWMga2V5cyB3b3VsZCB3b3JrIGZpbmUu
IENlcnRpZmljYXRlcyBhcmUgbW9zdCBsaWtlbHkgYW4gb3ZlcmtpbGwgc2luY2UgdGhlIHRva2Vu
cy90aWNrZXRzIGFscmVhZHkgY29udGFpbiBtb3N0IG9mIHRoZSByZWxldmFudCBpbmZvcm1hdGlv
bi4NCg0KU28sIHdoYXQgZW52aXJvbm1lbnQgaGF2ZSB5b3UgaGFkIGluIG1pbmQ/DQoNCkNpYW8N
Ckhhbm5lcw0KDQoNCk9uIDExLzI1LzIwMTQgMDg6MDkgQU0sIEhhbm5lcyBUc2Nob2ZlbmlnIHdy
b3RlOg0KPiBIaSBBa2JhciwgSGkgTWF0dGhpYXMsDQo+IEhpIGFsbCwNCj4gDQo+IFlvdSBib3Ro
IHJhaXNlZCBhbiBpc3N1ZSB0aGF0IEkgd291bGQgbGlrZSB0byByZXNwb25kIHRvIHNlcGFyYXRl
bHk6DQo+IA0KPiDigJxUaGUgZG9jdW1lbnQgc3RpbGwgaW1wbGllcyB0aGF0IGFsbCBJb1QgZGV2
aWNlcyB3aWxsIGJlIERUTFMgY2xpZW50cyANCj4gYW5kIHRoYXQgRFRMUyBzZXJ2ZXJzIHdpbGwg
YmUgdW5jb25zdHJhaW5lZCwgc29tZXdoZXJlIGluIHRoZSBjbG91ZC4NCj4gV2hpbGUgSSB1bmRl
cnN0YW5kIHRoYXQgdGhpcyBpcyBvbmUgb2YgdGhlIGN1cnJlbnQgdXNlIGNhc2VzIChmcm9tIHRo
ZSANCj4gT01BIExXTTJNIENsaWVudCBSZWdpc3RyYXRpb24gSW50ZXJmYWNlKSwgdGhpcyBpbXBs
aWNhdGlvbiB1bmRlcm1pbmVzIA0KPiB0aGUgaWRlYSBhbmQgYmVuZWZpdHMgb2YgQ29BUC4gVGhl
IElvVCBkZXZpY2VzIGFyZSBtZWFudCB0byBiZSB0aGUgDQo+IG9yaWdpbi9yZXNvdXJjZSBzZXJ2
ZXJzLCBhcyB0aGVpciBzZW5zb3JzIGFuZCBhY3R1YXRvcnMgcHJvdmlkZSB0aGUgDQo+IGluZm9y
bWF0aW9uIGFib3V0IHRoZSBwaHlzaWNhbCB3b3JsZC7igJ0NCj4gDQo+IFlvdSBhcmUgY29tcGxl
dGVseSBjb3JyZWN0IHRoYXQgdGhpcyBpcyB0aGUgYXNzdW1wdGlvbiBJIG1hZGUgZm9yIHRoZSAN
Cj4gZG9jdW1lbnQgYW5kIEkgZGlkIGl0IGludGVudGlvbmFsbHkgYWZ0ZXIgY29uc3VsdGluZyB3
aXRoIHRoZSB3b3JraW5nIA0KPiBncm91cCBlYXJsaWVyIHRoaXMgeWVhci4NCj4gDQo+IEl0IGlz
IGFuIGlzc3VlIG9mIHNjb3BpbmcuDQo+IA0KPiBJIG9yaWdpbmFsbHkgdHJpZWQgdG8gY292ZXIg
Ym90aCBjYXNlcywgbmFtZWx5IGEgc2l0dWF0aW9uIHdoZXJlIHRoZSANCj4gY2xpZW50IGlzIGNv
bnN0cmFpbmVkIGFuZCB0aGUgc2VydmVyIHNpZGUgaXNuJ3QgYXMgd2VsbCBhcyB0aGUgDQo+IHNp
dHVhdGlvbiB3aGVyZSB0aGUgc2VydmVyIHNpZGUgaXMgY29uc3RyYWluZWQgYnV0IHRoZSBjbGll
bnQgaXNuJ3QuDQo+IA0KPiBPZiBjb3Vyc2UsIGJvdGggYXJlIGNvbXBsZXRlbHkgdmFsaWQgYW5k
IHJlYXNvbmFibGUgdXNlIGNhc2VzLiBUaGVyZSANCj4gd2FzIG9ubHkgb25lIHByb2JsZW0uIFRo
ZSBjYXNlIHdoZXJlIHRoZSBzZXJ2ZXIgd2FzIGNvbnN0cmFpbmVkIA0KPiBlc3NlbnRpYWxseSBm
ZWxsIGludG8gdGhlIGNhdGVnb3J5IHRoYXQgQUNFIGlzIHRyeWluZyB0byBzb2x2ZS4gU28sIEkg
DQo+IGhhZCBhIG1pc3NpbmcgcGllY2UgdGhlcmUgd2l0aCByZWdhcmQgdG8gdGhlIGF1dGhlbnRp
Y2F0aW9uIGFuZCB0aGUgYXV0aG9yaXphdGlvbiBzdG9yeS4NCj4gDQo+IEZvciB0aGlzIHJlYXNv
biBJIHJlY29tbWVuZGVkIHRvIHRoZSB3b3JraW5nIGdyb3VwIHRvIGRlYWwgd2l0aCB0aGUgDQo+
IGNvbnN0cmFpbmVkIHNlcnZlciBjYXNlIGxhdGVyIHdoZW4gcmVzdWx0cyBmcm9tIHRoZSBBQ0Ug
V0cgYXJlIA0KPiBhdmFpbGFibGUgc2luY2UgdGhlIGlzc3VlIGlzIG1vcmUgdGhhbiBqdXN0IHRo
ZSB1c2Ugb2YgRFRMUyBpbiB0aGF0IHNjZW5hcmlvLg0KPiANCj4gSSBob3BlIHRoYXQgdGhpcyBt
YWtlcyBtb3JlIHNlbnNlIGFuZCBpdCBtaWdodCBiZSB3b3J0aHdoaWxlIHRvIA0KPiBhY3R1YWxs
eSBleHBsYWluIHRoZSBzY29waW5nIGluIHRoZSBkb2N1bWVudCBpdHNlbGYgYW5kIHRvIG1ha2Ug
YW4gDQo+IGluZm9ybWF0aXZlIHJlZmVyZW5jZSB0byB0aGUgd29yayBpbiB0aGUgQUNFIHdvcmtp
bmcgZ3JvdXAuDQo+IA0KPiBDaWFvDQo+IEhhbm5lcw0KPiANCg0K


From nobody Tue Nov 25 12:41:39 2014
Return-Path: 
X-Original-To: dtls-iot@ietfa.amsl.com
Delivered-To: dtls-iot@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 58CB41A88D2 for ; Tue, 25 Nov 2014 12:39:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.911
X-Spam-Level: 
X-Spam-Status: No, score=-1.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 61CCGNMxO4Pa for ; Tue, 25 Nov 2014 12:39:45 -0800 (PST)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3621B1A88CB for ; Tue, 25 Nov 2014 12:39:45 -0800 (PST)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id E965B2009E for ; Tue, 25 Nov 2014 15:42:36 -0500 (EST)
Received: by sandelman.ca (Postfix, from userid 179) id D0AAF637F5; Tue, 25 Nov 2014 15:39:43 -0500 (EST)
Received: from sandelman.ca (localhost [127.0.0.1]) by sandelman.ca (Postfix) with ESMTP id B66FE63740 for ; Tue, 25 Nov 2014 15:39:43 -0500 (EST)
From: Michael Richardson 
To: "dtls-iot\@ietf.org" 
In-Reply-To: <36F5869FE31AB24485E5E3222C288E1F0761DF@NABESITE.InterDigital.com>
References: <6F73BAEE-5FA3-4BCA-9A28-B98E1093CB95@gmail.com> <55877B3AFB359744BA0F2140E36F52B52B8FF795@MBX110.d.ethz.ch> <36F5869FE31AB24485E5E3222C288E1F0761DF@NABESITE.InterDigital.com>
X-Mailer: MH-E 8.2; nmh 1.3-dev; GNU Emacs 23.4.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m
Sender: mcr@sandelman.ca
Archived-At: http://mailarchive.ietf.org/arch/msg/dtls-iot/JaohSQG8T8JJqTN6FsJc61DbsVY
Subject: Re: [Dtls-iot] WGLC for DTLS Profile draft: 11/11/2014 - 11/25/2014
X-BeenThere: dtls-iot@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DTLS for IoT discussion list 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Tue, 25 Nov 2014 20:39:47 -0000

--=-=-=
Content-Transfer-Encoding: quoted-printable


Rahman, Akbar  wrote:
    > 2) In the abstract and elsewhere there are references to a constrained
    > device providing sensor data.  I think that this should be clarified.
    > If you read the CoAP spec [RFC 7252] you will clearly see that the
    > constrained device may either be read (GET - which corresponds to your
    > sensor examples), or the device may have some data loaded onto it (PU=
T,
    > POST, DELETE - and thus may be an actuator for example).  So you shou=
ld
    > indicate the dual nature of constrained devices.

And isn't it also the case that a sensor might PUT/POST sensor data to the
device that wants it?  This is clearly the "lightswitch" -> "lightbulb"
situation, but also the (far too common today) sensor-behind-nat+cloud-stor=
age situation.

A lightbulb might also GET it's current state from the cloud.

It seems that all combinations are possible.




=2D-=20
Michael Richardson , Sandelman Software Works
 -=3D IPv6 IoT consulting =3D-




--=-=-=
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEVAwUBVHTpDICLcPvd0N1lAQKl0wf+MZfWQGZmPiRQClN5e+kx61NaOs1OOum5
k0Ytu0hhoTwMNMqRBA/YEFYkoXvU8jRSc4D8F+bGNOXxCAoSrnnqIUeX8hVmY6XP
eWsPerio4Wh1or79Bs5A2yYoZF20c4hw0liLjRyipz1FZgAgSnFU6h+qUTge0NdB
0Ny0P96wgLGNIESs4gdDgZev9P1WkMBxSJP1mJVwDvraxljYoxEWkZCxs0aLRRCq
aoIN7LCpZwspXMvunbModwyZuo+2iWQXzlK5Lgb31+UXK4phLS5yut9a8rtUsg7R
Hx0AI6gvGZC7jbUXpZK2lTeDL244hZrF+i/iHE0yByQDU8Lvi3DTRg==
=886E
-----END PGP SIGNATURE-----
--=-=-=--


From nobody Tue Nov 25 12:58:40 2014
Return-Path: 
X-Original-To: dtls-iot@ietfa.amsl.com
Delivered-To: dtls-iot@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 130131A87EA for ; Tue, 25 Nov 2014 12:56:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.911
X-Spam-Level: 
X-Spam-Status: No, score=-1.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0NytwPGbnJPc for ; Tue, 25 Nov 2014 12:56:43 -0800 (PST)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7BFA51A87E3 for ; Tue, 25 Nov 2014 12:56:43 -0800 (PST)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id AC0A52009E; Tue, 25 Nov 2014 15:59:35 -0500 (EST)
Received: by sandelman.ca (Postfix, from userid 179) id 92FDB637F5; Tue, 25 Nov 2014 15:56:42 -0500 (EST)
Received: from sandelman.ca (localhost [127.0.0.1]) by sandelman.ca (Postfix) with ESMTP id 7B21863740; Tue, 25 Nov 2014 15:56:42 -0500 (EST)
From: Michael Richardson 
To: "dtls-iot\@ietf.org" , Stephen Farrell 
In-Reply-To: <547448EB.8070506@gmx.net>
References: <6F73BAEE-5FA3-4BCA-9A28-B98E1093CB95@gmail.com> <1B65AA0C-100B-4072-BC30-71B78C49FD32@vigilsec.com> <54665EC1.8020706@gmx.net>  <54668854.1020503@cs.tcd.ie> <54743777.8000800@gmx.net>  <547448EB.8070506@gmx.net>
X-Mailer: MH-E 8.2; nmh 1.3-dev; GNU Emacs 23.4.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m
Sender: mcr@sandelman.ca
Archived-At: http://mailarchive.ietf.org/arch/msg/dtls-iot/nVe89uM3A9EJ-yvP6SesKR_fcag
Subject: Re: [Dtls-iot] WGLC for DTLS Profile draft: 11/11/2014 - 11/25/2014
X-BeenThere: dtls-iot@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DTLS for IoT discussion list 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Tue, 25 Nov 2014 20:56:45 -0000

--=-=-=
Content-Transfer-Encoding: quoted-printable


Hannes Tschofenig  wrote:
    > it would be option #d in my list below. In fact, I have already dropp=
ed
    > a mail to the UTA list about their document and raised the issue of
    > scoping. Their document is really is about the Web. I fear that nobody
    > had really looked at their document in detail since otherwise someone
    > would have noticed that it also talks briefly about email and XMPP
    > while there is other work in the group that provides much greater
    > detail on those topic. In the same spirit I see the IoT case as
    > something that does not belong in their document at all. TLS (and DTL=
S)
    > is just used in a number of different deployments and they are a bit
    > different.

There are DTLS uses in the Internet of "Web" which are not constrainted=20
and do have hardware acceleration concerns.  This would include:
radius/diameter, SIP, RTP (under webrtc and also under XMPP/Jingle), and I
understand that DPRIVE (DNS privacy) considers DTLS too.

=2D-=20
Michael Richardson , Sandelman Software Works
 -=3D IPv6 IoT consulting =3D-




--=-=-=
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEVAwUBVHTtCICLcPvd0N1lAQLGxwgAssg2pk+u9afNOzUBxQcBcLYIjKbnLY/v
MJWFmMm5zerEvDfgxLgHN4yq367DJzsjaYbP7vifSHINlJ4m1cjA3//oUicOH8Mx
xRdP933t+mD4rajLI/d9N4DmIJrthM/l+gKChez1tCsWrLsoADbyGe4/I/1IOBjI
65Eb8kNKzKUzilPdXNpW6vUt/duNsz93G80grQ7zMwXqZVWf2oZmAkFzKkVsECN+
P7nXoHjYC6deCF1l3c5sL+nJOWQUrMWXxtR5FCDopKmSYwSQE/JGkDJ3axuR0fOm
4DP8fpP1QjwXvOzGrSlL/dIw0X4oMenwpk+KNJct08H198FJOMhhpQ==
=fGcw
-----END PGP SIGNATURE-----
--=-=-=--


From nobody Tue Nov 25 14:49:54 2014
Return-Path: 
X-Original-To: dtls-iot@ietfa.amsl.com
Delivered-To: dtls-iot@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6F6BC1A1AAB for ; Tue, 25 Nov 2014 14:47:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level: 
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id L14ciy3bA929 for ; Tue, 25 Nov 2014 14:47:21 -0800 (PST)
Received: from mailscan1.extendcp.co.uk (mailscan6.extendcp.co.uk [79.170.43.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9DB2B1A1A64 for ; Tue, 25 Nov 2014 14:47:21 -0800 (PST)
Received: from mailscanlb0.hi.local ([10.0.44.160] helo=mailscan2.extendcp.co.uk) by mailscan-g64.hi.local with esmtp (Exim 4.80.1) (envelope-from ) id 1XtOtE-0007yC-5q for dtls-iot@ietf.org; Tue, 25 Nov 2014 22:47:20 +0000
Received: from mailscanlb0.hi.local ([10.0.44.160] helo=mail41.extendcp.co.uk) by mailscan2.extendcp.co.uk with esmtps (UNKNOWN:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.80.1) (envelope-from ) id 1XtOtB-0008MY-Hd for dtls-iot@ietf.org; Tue, 25 Nov 2014 22:47:20 +0000
Received: from host81-156-25-93.range81-156.btcentralplus.com ([81.156.25.93] helo=[192.168.0.2]) by mail41.extendcp.com with esmtpsa (TLSv1:DHE-RSA-AES128-SHA:128) (Exim 4.80.1) id 1XtOtA-0007bx-Sv for dtls-iot@ietf.org; Tue, 25 Nov 2014 22:47:17 +0000
Message-ID: <54750705.1000108@gridmerge.com>
Date: Tue, 25 Nov 2014 22:47:33 +0000
From: Robert Cragie 
Organization: Gridmerge Ltd.
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.5.0
MIME-Version: 1.0
To: dtls-iot@ietf.org
References:  <54745222.5010902@gmx.net>  <54745C48.2040203@gmx.net>  <5474672F.2060205@gmx.net>
In-Reply-To: <5474672F.2060205@gmx.net>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha1; boundary="------------ms070902080607060008010305"
X-Authenticated-As: robert.cragie@gridmerge.com
X-Extend-Src: mailout
Archived-At: http://mailarchive.ietf.org/arch/msg/dtls-iot/KIviElxkIWUqA-yF3tZ1Zgdw0iY
Subject: Re: [Dtls-iot] AES-CCM nonces in DTLS records
X-BeenThere: dtls-iot@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: robert.cragie@gridmerge.com
List-Id: DTLS for IoT discussion list 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Tue, 25 Nov 2014 22:47:26 -0000

This is a cryptographically signed message in MIME format.

--------------ms070902080607060008010305
Content-Type: multipart/alternative;
 boundary="------------020905000709090605000304"

This is a multi-part message in MIME format.
--------------020905000709090605000304
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: quoted-printable

With hindsight, it may have been a mistake not to avoid the duplication=20
of the sequence number and explicit nonce. However, at the time the aim=20
was to keep the CCM cipher suite as close as possible to the GCM cipher=20
suite.

Re. ChaCha and Poly - as Hannes says, things move on. CCM and GCM have=20
been around a while now. That's not necessarily a reason to discard them =

now in consideration of something else.

Robert

On 25/11/2014 11:25 AM, Hannes Tschofenig wrote:
> Hi Sandeep,
>
> I wouldn't call it a trend just because Apple does it in their new
> products but quite clearly the cryptographic algorithms evolve over tim=
e
> (btw, Curve25519 was listed as well).
>
> Looking at the slides, which list the supported other radio
> technologies, it is likely that some products will have to at least
> support AES-CCM as well (for WiFi and/or for Bluetooth Smart).
>
> As a product designer one has to make a conscious decision about the
> expected product lifetime, degree of interoperability with other
> devices, and the performance. A software-based crypto implementation,
> which allows you to update the algorithm more easily, would give you a
> potential performance hit but would score higher in the other categorie=
s.
>
> When looking at teardowns of device it is clear that many of the IoT
> devices are not as constrained as we often like portrait them. Hence,
> having multiple implementations of different algorithms may not always
> be an issue.
>
> Maybe the recommendation in the document on this topic is to be aware o=
f
> the need to switch to different ciphers over the lifetime of the produc=
t
> or to even support multiple ciphers (which calls for more flash and
> potentially a faster CPU when a software-based implementation is used).=

> We have some text in there that talks about software updates but maybe
> this specific issue could be highlighted.
>
> Ciao
> Hannes
>
> On 11/25/2014 11:50 AM, Kumar, Sandeep wrote:
>> I would not go as far as recommending it right now.
>>
>> There is a clear trend by the big-players in the industry to prefer Ch=
aCha20+Pol1305 which will change the landscape in the coming years. Apple=
 Homekit uses it http://devstreaming.apple.com/videos/wwdc/2014/701xx8n8c=
a3aq4j/701/701_designing_accessories_for_ios_and_os_x.pdf?dl=3D1 (Slide 9=
8) and Google Chrome https://www.imperialviolet.org/2013/10/07/chacha20.h=
tml
>> The choice is due to performance but now compatibility will help push =
other players to move sooner too.
>>
>> My 2 cents
>> Sandeep
>>
>>
>>> -----Original Message-----
>>> From: Hannes Tschofenig [mailto:hannes.tschofenig@gmx.net]
>>> Sent: Tuesday, November 25, 2014 11:39 AM
>>> To: Kumar, Sandeep; dtls-iot@ietf.org
>>> Subject: Re: [Dtls-iot] AES-CCM nonces in DTLS records
>>>
>>> Thanks for your response, Sandeep.
>>>
>>> This statement below caught my attention in light of the AES-CCM vs.
>>> AES-GCM discussion. Reading your sentence below gives me the impressi=
on
>>> that instead of deciding about AES-CCM and AES-GCM we should instead
>>> recommend ChaCha20+Poly1305.
>>>
>>> Could you elaborate why you think ChaCha20+Poly1305 is becoming more
>>> relevant in the embedded space?
>>>
>>> On 11/25/2014 11:34 AM, Kumar, Sandeep wrote:
>>>> ChaCha20+Poly1305 seems to have made a right choice and becoming
>>> more relevant in the embedded space anyways.
>>
>> ________________________________
>> The information contained in this message may be confidential and lega=
lly protected under applicable law. The message is intended solely for th=
e addressee(s). If you are not the intended recipient, you are hereby not=
ified that any use, forwarding, dissemination, or reproduction of this me=
ssage is strictly prohibited and may be unlawful. If you are not the inte=
nded recipient, please contact the sender by return e-mail and destroy al=
l copies of the original message.
>>
>
>
> _______________________________________________
> dtls-iot mailing list
> dtls-iot@ietf.org
> https://www.ietf.org/mailman/listinfo/dtls-iot


--------------020905000709090605000304
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable


  
    
  
  
    With hindsight, it may have been a mistake not to avoid the
    duplication of the sequence number and explicit nonce. However, at
    the time the aim was to keep the CCM cipher suite as close as
    possible to the GCM cipher suite.

    

    Re. ChaCha and Poly - as Hannes says, things move on. CCM and GCM
    have been around a while now. That's not necessarily a reason to
    discard them now in consideration of something else.

    

    Robert

    

    
On 25/11/2014 11:25 AM, Hannes
      Tschofenig wrote:

    

    

      
Hi Sandeep,

I wouldn't call it a trend just because Apple does it in their new
products but quite clearly the cryptographic algorithms evolve over time
(btw, Curve25519 was listed as well).

Looking at the slides, which list the supported other radio
technologies, it is likely that some products will have to at least
support AES-CCM as well (for WiFi and/or for Bluetooth Smart).

As a product designer one has to make a conscious decision about the
expected product lifetime, degree of interoperability with other
devices, and the performance. A software-based crypto implementation,
which allows you to update the algorithm more easily, would give you a
potential performance hit but would score higher in the other categories.=


When looking at teardowns of device it is clear that many of the IoT
devices are not as constrained as we often like portrait them. Hence,
having multiple implementations of different algorithms may not always
be an issue.

Maybe the recommendation in the document on this topic is to be aware of
the need to switch to different ciphers over the lifetime of the product
or to even support multiple ciphers (which calls for more flash and
potentially a faster CPU when a software-based implementation is used).
We have some text in there that talks about software updates but maybe
this specific issue could be highlighted.

Ciao
Hannes

On 11/25/2014 11:50 AM, Kumar, Sandeep wrote:


      

        
I would not go as far as recommending it right now=
=2E

There is a clear trend by the big-players in the industry to prefer ChaCh=
a20+Pol1305 which will change the landscape in the coming years. Apple Ho=
mekit uses it http://devstreaming.apple.com/videos/wwd=
c/2014/701xx8n8ca3aq4j/701/701_designing_accessories_for_ios_and_os_x.pdf=
?dl=3D1 (Slide 98) and Google Chrome https=
://www.imperialviolet.org/2013/10/07/chacha20.html
The choice is due to performance but now compatibility will help push oth=
er players to move sooner too.

My 2 cents
Sandeep




        

          
-----Original Message-----
From: Hannes Tschofenig [mailto:hannes.tschofenig@gmx.net]
Sent: Tuesday, November 25, 2014 11:39 AM
To: Kumar, Sandeep; dtls-iot@ietf.org
Subject: Re: [Dtls-iot] AES-CCM nonces in DTLS records

Thanks for your response, Sandeep.

This statement below caught my attention in light of the AES-CCM vs.
AES-GCM discussion. Reading your sentence below gives me the impression
that instead of deciding about AES-CCM and AES-GCM we should instead
recommend ChaCha20+Poly1305.

Could you elaborate why you think ChaCha20+Poly1305 is becoming more
relevant in the embedded space?

On 11/25/2014 11:34 AM, Kumar, Sandeep wrote:


          

            
ChaCha20+Poly1305 seems to have made a right c=
hoice and becoming


          

          
more relevant in the embedded space anyways.


        

        

________________________________
The information contained in this message may be confidential and legally=
 protected under applicable law. The message is intended solely for the a=
ddressee(s). If you are not the intended recipient, you are hereby notifi=
ed that any use, forwarding, dissemination, or reproduction of this messa=
ge is strictly prohibited and may be unlawful. If you are not the intende=
d recipient, please contact the sender by return e-mail and destroy all c=
opies of the original message.



      

      

      

      

      

      
_______________________________________________
dtls-iot mailing list
d=
tls-iot@ietf.org
https://www.ietf.org/mailman/listinfo/dtls-iot


    

    

  


--------------020905000709090605000304--

--------------ms070902080607060008010305
Content-Type: application/pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIRnzCC
BXQwggRcoAMCAQICECdm7lbrSfOOq9dwovyE3iIwDQYJKoZIhvcNAQEMBQAwbzELMAkGA1UE
BhMCU0UxFDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5h
bCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9vdDAeFw0w
MDA1MzAxMDQ4MzhaFw0yMDA1MzAxMDQ4MzhaMIGFMQswCQYDVQQGEwJHQjEbMBkGA1UECBMS
R3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01PRE8g
Q0EgTGltaXRlZDErMCkGA1UEAxMiQ09NT0RPIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0
eTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJHoVJLSClaxrA0k3cXPRGd0mSs3
o30jcABxvFPfxPoqEo9LfxBWvZ9wcrdhf8lLDxenPeOwBGHu/xGXx/SGPgr6Plz5k+Y0etkU
a+ecs4Wggnp2r3GQ1+z9DfqcbPrfsIL0FH75vsSmL09/mX+1/GdDcr0MANaJ62ss0+2PmBwU
q37l42782KjkkiTaQ2tiuFX96sG8bLaL8w6NmuSbbGmZ+HhIMEXVreENPEVg/DKWUSe8Z8PK
LrZr6kbHxyCgsR9l3kgIuqROqfKDRjeE6+jMgUhDZ05yKptcvUwbKIpcInu0q5jZ7uBRg8MJ
Rk5tPpn6lRfafDNXQTyNUe0LtlyvLGMa31fIP7zpXcSbr0WZ4qNaJLS6qVY9z2+q/0lYvvCo
//S4rek3+7q49As6+ehDQh6J2ITLE/HZu+GJYLiMKFasFB2cCudx688O3T2plqFIvTz3r7UN
IkzAEYHsVjv206LiW7eyBCJSlYCTaeiOTGXxkQMtcHQC6otnFSlpUgK7199QalVGv6CjKGF/
cNDDoqosIapHziicBkV2v4IYJ7TVrrTLUOZr9EyGcTDppt8WhuDY/0Dd+9BCiH+jMzouXB5B
EYFjzhhxayvspoq3MVw6akfgw3lZ1iAar/JqmKpyvFdK0kuduxD8sExB5e0dPV4onZzMv7NR
2qdH5YRTAgMBAAGjgfQwgfEwHwYDVR0jBBgwFoAUrb2YejS0Jvf6xCZU7wO94CTLVBowHQYD
VR0OBBYEFLuvfgI9+qbxPISOre44mOzZMjLUMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8E
BTADAQH/MBEGA1UdIAQKMAgwBgYEVR0gADBEBgNVHR8EPTA7MDmgN6A1hjNodHRwOi8vY3Js
LnVzZXJ0cnVzdC5jb20vQWRkVHJ1c3RFeHRlcm5hbENBUm9vdC5jcmwwNQYIKwYBBQUHAQEE
KTAnMCUGCCsGAQUFBzABhhlodHRwOi8vb2NzcC51c2VydHJ1c3QuY29tMA0GCSqGSIb3DQEB
DAUAA4IBAQBkv4PxX5qF0M24oSlXDeha99HpPvJ2BG7xUnC7Hjz/TQ10asyBgiXTw6AqXUz1
uouhbcRUCXXH4ycOXYR5N0ATd/W0rBzQO6sXEtbvNBh+K+l506tXRQyvKPrQ2+VQlYi734VX
aX2S2FLKc4G/HPPmuG5mEQWzHpQtf5GVklnxTM6jkXFMfEcMOwsZ9qGxbIY+XKrELoLL+QeW
ukhNkPKUyKlzousGeyOd3qLzTVWfemFFmBhox15AayP1eXrvjLVri7dvRvR78T1LBNiTgFla
4EEkHbKPFWBYR9vvbkb9FfXZX5qz29i45ECzzZc5roW7HY683Ieb0abv8TtvEDhvMIIF5jCC
A86gAwIBAgIQapvhODv/K2ufAdXZuKdSVjANBgkqhkiG9w0BAQwFADCBhTELMAkGA1UEBhMC
R0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgG
A1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNh
dGlvbiBBdXRob3JpdHkwHhcNMTMwMTEwMDAwMDAwWhcNMjgwMTA5MjM1OTU5WjCBlzELMAkG
A1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9y
ZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxPTA7BgNVBAMTNENPTU9ETyBSU0EgQ2xp
ZW50IEF1dGhlbnRpY2F0aW9uIGFuZCBTZWN1cmUgRW1haWwgQ0EwggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQC+s55XrCh2dUAWxzgDmNPGGHYhUPMleQtMtaDRfTpYPpynMS6n
9jR22YRq2tA9NEjk6vW7rN/5sYFLIP1of3l0NKZ6fLWfF2VgJ5cijKYy/qlAckY1wgOkUMgz
KlWlVJGyK+UlNEQ1/5ErCsHq9x9aU/x1KwTdF/LCrT03Rl/FwFrf1XTCwa2QZYL55AqLPikF
lgqOtzk06kb2qvGlnHJvijjI03BOrNpo+kZGpcHsgyO1/u1OZTaOo8wvEU17VVeP1cHWse9t
GKTDyUGg2hJZjrqck39UIm/nKbpDSZ0JsMoIw/JtOOg0JC56VzQgBo7ictReTQE5LFLG3yQK
+xS1AgMBAAGjggE8MIIBODAfBgNVHSMEGDAWgBS7r34CPfqm8TyEjq3uOJjs2TIy1DAdBgNV
HQ4EFgQUgq9sjPjF/pZhfOgfPStxSF7Ei8AwDgYDVR0PAQH/BAQDAgGGMBIGA1UdEwEB/wQI
MAYBAf8CAQAwEQYDVR0gBAowCDAGBgRVHSAAMEwGA1UdHwRFMEMwQaA/oD2GO2h0dHA6Ly9j
cmwuY29tb2RvY2EuY29tL0NPTU9ET1JTQUNlcnRpZmljYXRpb25BdXRob3JpdHkuY3JsMHEG
CCsGAQUFBwEBBGUwYzA7BggrBgEFBQcwAoYvaHR0cDovL2NydC5jb21vZG9jYS5jb20vQ09N
T0RPUlNBQWRkVHJ1c3RDQS5jcnQwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmNvbW9kb2Nh
LmNvbTANBgkqhkiG9w0BAQwFAAOCAgEAeFyygSg0TzzuX1bOn5dW7I+iaxf28/ZJCAbU2C81
zd9A/tNx4+jsQgwRGiHjZrAYayZrrm78hOx7aEpkfNPQIHGG6Fvq3EzWf/Lvx7/hk6zSPwIa
l9v5IkDcZoFD7f3iT7PdkHJY9B51csvU50rxpEg1OyOT8fk2zvvPBuM4qQNqbGWlnhMpIMwp
WZT89RY0wpJO+2V6eXEGGHsROs3njeP9DqqqAJaBa4wBeKOdGCWn1/Jp2oY6dyNmNppI4ZNM
UH4Tam85S1j6E95u4+1Nuru84OrMIzqvISE2HN/56ebTOWlcrurffade2022O/tUU1gb4jfW
CcyvB8czm12FgX/y/lRjmDbEA08QJNB2729Y+io1IYO3ztveBdvUCIYZojTq/OCR6MvnzS6X
72HP0PRLRTiOSEmIDsS5N5w/8IW1Hva5hEFy6fDAfd9yI+O+IMMAj1KcL/Zo9jzJ16HO5m60
ttl1Enk8MQkz/W3JlHaeI5iKFn4UJu1/cP2YHXYPiWf2JyBzsLBrGk1II+3yL8aorYew6CQv
dVifC3HtwlSam9V1niiCfOBe2C12TdKGu05LWIA3ZkFcWJGaNXOZ6Ggyh/TqvXG5v7zmEVDN
XFnHn9tFpMpOUvxhcsjycBtH0dZ0WrNw6gH+HF8TIhCnH3+zzWuDN0Rk6h9KVkfKehIwggY5
MIIFIaADAgECAhEAkJNVgmy0T3j/sFnejfTMyTANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UE
BhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEa
MBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxPTA7BgNVBAMTNENPTU9ETyBSU0EgQ2xpZW50
IEF1dGhlbnRpY2F0aW9uIGFuZCBTZWN1cmUgRW1haWwgQ0EwHhcNMTQwOTE2MDAwMDAwWhcN
MTcwOTE1MjM1OTU5WjCCATcxCzAJBgNVBAYTAkdCMRAwDgYDVQQREwdXRjQgNFdBMRcwFQYD
VQQIEw5XZXN0IFlvcmtzaGlyZTESMBAGA1UEBxMJV2FrZWZpZWxkMRQwEgYDVQQJEwtHcmFu
Z2UgTW9vcjEfMB0GA1UECRMWODkgR3JlZW5maWVsZCBDcmVzY2VudDEXMBUGA1UEChMOR3Jp
ZG1lcmdlIEx0ZC4xNDAyBgNVBAsTK0lzc3VlZCB0aHJvdWdoIEdyaWRtZXJnZSBMdGQuIEUt
UEtJIE1hbmFnZXIxHzAdBgNVBAsTFkNvcnBvcmF0ZSBTZWN1cmUgRW1haWwxFjAUBgNVBAMT
DVJvYmVydCBDcmFnaWUxKjAoBgkqhkiG9w0BCQEWG3JvYmVydC5jcmFnaWVAZ3JpZG1lcmdl
LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALTtrEYc/EYQZDn+/Byj786j
qzQJukVnEZ0qu6G8Y/QZphmITLPJJCxlCvJhRGCt5zRDfwG1lM0k77mTVP166mrPMKfEbhAF
mhW54app3f02j/E0T73Wkwqhc2xj+vs6ox+kXRZIiEa/VY1TXd8ALZZAJ2uPQm+3QByE0cO6
7Q7jr5dmZuXAuygh5Q7MvzxL0vKmxhJ1n0veVDwk+BifimRX+HHU3XTGrqySkiN4Amdm7ESD
qdO7UAoezIGZoA/fTJE9CS4f4tVXcKhfGlp/Tw3K9q9cp6cjYD802hnFoiSQ9PgLviP20lcH
CIGn91WkYhuYG9u8Fzgzmu0yVK5L0kkCAwEAAaOCAdswggHXMB8GA1UdIwQYMBaAFIKvbIz4
xf6WYXzoHz0rcUhexIvAMB0GA1UdDgQWBBTSD2iG48824eEQkBLu4BgdWzh49TAOBgNVHQ8B
Af8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDBAYIKwYBBQUHAwIw
RgYDVR0gBD8wPTA7BgwrBgEEAbIxAQIBAwUwKzApBggrBgEFBQcCARYdaHR0cHM6Ly9zZWN1
cmUuY29tb2RvLm5ldC9DUFMwWgYDVR0fBFMwUTBPoE2gS4ZJaHR0cDovL2NybC5jb21vZG9j
YS5jb20vQ09NT0RPUlNBQ2xpZW50QXV0aGVudGljYXRpb25hbmRTZWN1cmVFbWFpbENBLmNy
bDCBiwYIKwYBBQUHAQEEfzB9MFUGCCsGAQUFBzAChklodHRwOi8vY3J0LmNvbW9kb2NhLmNv
bS9DT01PRE9SU0FDbGllbnRBdXRoZW50aWNhdGlvbmFuZFNlY3VyZUVtYWlsQ0EuY3J0MCQG
CCsGAQUFBzABhhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20wJgYDVR0RBB8wHYEbcm9iZXJ0
LmNyYWdpZUBncmlkbWVyZ2UuY29tMA0GCSqGSIb3DQEBCwUAA4IBAQAq8C9mIiSV9Nj9ZjHa
1kupbDGYy57v5fCk9lT++uiwGBP9yIFd9Gr8wISOl+96l9OLo8E+5CcPLyt96H4ez/ksXjC1
5EhzuhUB7HNi2b9GLDenjiHW4vBmSoIAbt9Pnz6zZsPH7eBPBcqkIWLFuqKBYUoXKLpzrVtr
Kgv6PM3t2+4YakBnMWjpcqzinurEeGq4mh3gHTv03wcyT6eQVCu5k4yaJxoQReYtYIjv+W+m
LmT/ZW61ZATZb2adV8xPejUlWSq4+2bpRbXZpD9FAmomNC8fSvGUUhMfYq5t5IUPHfP0kEH5
WQVWgVfpcf6Q8rnpWznsMiJrucUpJf8ZenHtMYIEKDCCBCQCAQEwga0wgZcxCzAJBgNVBAYT
AkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAY
BgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMT0wOwYDVQQDEzRDT01PRE8gUlNBIENsaWVudCBB
dXRoZW50aWNhdGlvbiBhbmQgU2VjdXJlIEVtYWlsIENBAhEAkJNVgmy0T3j/sFnejfTMyTAJ
BgUrDgMCGgUAoIICTzAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEP
Fw0xNDExMjUyMjQ3MzNaMCMGCSqGSIb3DQEJBDEWBBQQQ2BfIVQA/P7du5ZMx4BI6410LDBs
BgkqhkiG9w0BCQ8xXzBdMAsGCWCGSAFlAwQBKjALBglghkgBZQMEAQIwCgYIKoZIhvcNAwcw
DgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsOAwIHMA0GCCqGSIb3DQMCAgEo
MIG+BgkrBgEEAYI3EAQxgbAwga0wgZcxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVy
IE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1p
dGVkMT0wOwYDVQQDEzRDT01PRE8gUlNBIENsaWVudCBBdXRoZW50aWNhdGlvbiBhbmQgU2Vj
dXJlIEVtYWlsIENBAhEAkJNVgmy0T3j/sFnejfTMyTCBwAYLKoZIhvcNAQkQAgsxgbCgga0w
gZcxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcT
B1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMT0wOwYDVQQDEzRDT01PRE8g
UlNBIENsaWVudCBBdXRoZW50aWNhdGlvbiBhbmQgU2VjdXJlIEVtYWlsIENBAhEAkJNVgmy0
T3j/sFnejfTMyTANBgkqhkiG9w0BAQEFAASCAQAiCzXxnROqluwRYCT84j06fmSBjcrBWoUs
DooNaPwv+ux8DV1gm4yKpVVKTu/pdxEBTkcZy10M3EPgG42KuicH61gtdiI8DedFy/3k6KmD
CRzDzqiaQmqaIcG101SA8Ijgduqq6NQ1fv5Khz8EmKz+TE4ckLcwC0BXgxfIXCb96kTi6B1l
a6Zw93RLZvoAhcrD8PFcNlo1eSXOkjHdtNWEdR6Xlpdsjfr6AjS0J1gWNGZs6duHfp3m5eUD
Aca41FwGtwZWIjgiyxrXf6hRfTnQNFAonAjUudjS+vufKPm+5q3t+NYyWIgBOpTMx3ruVHyn
TOYuwT43TZptLLNY1TZ8AAAAAAAA
--------------ms070902080607060008010305--


From nobody Wed Nov 26 00:01:42 2014
Return-Path: 
X-Original-To: dtls-iot@ietfa.amsl.com
Delivered-To: dtls-iot@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 11F7E1A0013 for ; Wed, 26 Nov 2014 00:01:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level: 
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JqDJ9cmX2cQH for ; Wed, 26 Nov 2014 00:01:38 -0800 (PST)
Received: from mout.gmx.net (mout.gmx.net [212.227.17.20]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3E35D1A1BCA for ; Wed, 26 Nov 2014 00:01:38 -0800 (PST)
Received: from [192.168.131.132] ([80.92.115.84]) by mail.gmx.com (mrgmx103) with ESMTPSA (Nemesis) id 0LpbfG-1YNfp32A22-00fU4f; Wed, 26 Nov 2014 09:01:35 +0100
Message-ID: <547588DE.30006@gmx.net>
Date: Wed, 26 Nov 2014 09:01:34 +0100
From: Hannes Tschofenig 
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0
MIME-Version: 1.0
To: "Rahman, Akbar" ,  "kovatsch@inf.ethz.ch" 
References: <54742B21.7040806@gmx.net> <54747BE6.9010808@gmx.net> <36F5869FE31AB24485E5E3222C288E1F0819AF@NABESITE.InterDigital.com>
In-Reply-To: <36F5869FE31AB24485E5E3222C288E1F0819AF@NABESITE.InterDigital.com>
OpenPGP: id=4D776BC9
Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="VhsWEk5ugF1U38eA1qh2dwTORXVECsQp4"
X-Provags-ID: V03:K0:bUjQLyeeAVLVRLHupmt5n3WYS+i/qNXk8cuFUxPaz9+T8wFCKiq KZp/BYucZcFzhtAbiFiIC510s+VioyMh2tNENPx4hQPwtxnOXl8X9qEeWQhyh9yufaXVvzN zDFBfoMfHDD4ns5Zyp8FaEamdf5y1TRdsywIE9NwHd3MqS9VskDu1kULaiPU/D5zZUWGM0d c2IHoV16zMCx78RGppW2A==
X-UI-Out-Filterresults: notjunk:1;
Archived-At: http://mailarchive.ietf.org/arch/msg/dtls-iot/Yp-XrDqW-22yLipzS2qIAf6W-oY
Cc: "dtls-iot@ietf.org" 
Subject: Re: [Dtls-iot] Unconstrained DTLS servers
X-BeenThere: dtls-iot@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DTLS for IoT discussion list 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Wed, 26 Nov 2014 08:01:41 -0000

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--VhsWEk5ugF1U38eA1qh2dwTORXVECsQp4
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

Hi Akbar,

thanks for your quick response.

A remark below.

On 11/25/2014 06:04 PM, Rahman, Akbar wrote:
> Hi Hannes,
>=20
>=20
>> I am responding to my own mail because I am still looking for the
>> use cases for the case where a client (constrained or
>> unconstrained) talks to a constrained server.
>=20
> Maybe we are just using different frames of reference here.
>=20
> - In CoAP, the sender of the CoAP Request message is always the
> Client and the receiver of the Request message is always the Server
> (see http://tools.ietf.org/html/rfc7252#section-5 ).
>=20
> - So let's simply take the case of a small (constrained) sensor that
> only measures temperature.   In this case the sensor will act as a
> constrained server as soon as it is polled (GET) for its current
> temperature

Of course, this is not the envisioned interaction when DTLS is used
because in this setup the sensor would suddenly become the DTLS server
and the roles would be reversed.

Despite the changed roles there are likely other problems, such as how
does the cloud server even know which sensor to talk to, how would the
request go through a firewall, what happens if NAT bindings expire and
the requests get dropped on the floor, etc.

Since you raised this issue it might be worthwhile to discuss it in the
draft as well.

Ciao
Hannes

>=20
>=20
> Does that help clarify things a bit?
>=20
>=20
>=20
> Best Regards,
>=20
>=20
> Akbar
>=20
> -----Original Message----- From: Hannes Tschofenig
> [mailto:hannes.tschofenig@gmx.net] Sent: Tuesday, November 25, 2014
> 7:54 AM To: kovatsch@inf.ethz.ch; Rahman, Akbar Cc:
> dtls-iot@ietf.org Subject: Re: Unconstrained DTLS servers
>=20
> I am responding to my own mail because I am still looking for the use
> cases for the case where a client (constrained or unconstrained)
> talks to a constrained server.
>=20
> Clearly, the cloud infrastructure can hardly be called "constrained"
> in our terminology. So, we can rule out that use case.
>=20
> From=20
> http://tschofenig.priv.at/ace/interim2014/Design-Patterns_HannesTschofe=
nig.pdf
>
>=20
I guess we would really be talking about a device-to-device scenario.
> This might be the situation where you have IoT devices in a local
> network waiting for each other to be discovered. (I am excluding the
> case where the devices are only one link layer hop away from each
> other.)
>=20
> In a true peer-to-peer scenario there wouldn't be an authorization
> server and hence the security model might be more trust on first use
> or maybe some form of out-of-band validation. A PSK mode wouldn't
> make a lot of sense (since the PSK is too long for a user to enter)
> but an SRP-alike concept does (as used in the Apple Homekit and
> Nest-alike devices). As shown already in Zigbee IP (and later in
> Thread) the problem is not only to connect to the other server but
> also to get the network attachment procedure executed in the first
> place (which might make use of some TLS/DTLS exchange).
>=20
> For a scenario where there is a trusted third party the story is
> quite different, namely with a CA-based model (such as with a
> hardware manufacturer provided certificate) the third party is the CA
> and DTLS could be executed nicely when authentication is the main
> concern and all devices are provisioned with the same trust anchors.
>=20
> For a more Kerberos/OAuth model there are more options in terms of
> credentials. PSK, and raw public keys would work fine. Certificates
> are most likely an overkill since the tokens/tickets already contain
> most of the relevant information.
>=20
> So, what environment have you had in mind?
>=20
> Ciao Hannes
>=20
>=20
> On 11/25/2014 08:09 AM, Hannes Tschofenig wrote:
>> Hi Akbar, Hi Matthias, Hi all,
>>=20
>> You both raised an issue that I would like to respond to
>> separately:
>>=20
>> =E2=80=9CThe document still implies that all IoT devices will be DTLS
>> clients and that DTLS servers will be unconstrained, somewhere in
>> the cloud. While I understand that this is one of the current use
>> cases (from the OMA LWM2M Client Registration Interface), this
>> implication undermines the idea and benefits of CoAP. The IoT
>> devices are meant to be the origin/resource servers, as their
>> sensors and actuators provide the information about the physical
>> world.=E2=80=9D
>>=20
>> You are completely correct that this is the assumption I made for
>> the document and I did it intentionally after consulting with the
>> working group earlier this year.
>>=20
>> It is an issue of scoping.
>>=20
>> I originally tried to cover both cases, namely a situation where
>> the client is constrained and the server side isn't as well as the
>>  situation where the server side is constrained but the client
>> isn't.
>>=20
>> Of course, both are completely valid and reasonable use cases.
>> There was only one problem. The case where the server was
>> constrained essentially fell into the category that ACE is trying
>> to solve. So, I had a missing piece there with regard to the
>> authentication and the authorization story.
>>=20
>> For this reason I recommended to the working group to deal with the
>>  constrained server case later when results from the ACE WG are=20
>> available since the issue is more than just the use of DTLS in that
>> scenario.
>>=20
>> I hope that this makes more sense and it might be worthwhile to=20
>> actually explain the scoping in the document itself and to make an
>>  informative reference to the work in the ACE working group.
>>=20
>> Ciao Hannes
>>=20
>=20
> _______________________________________________ dtls-iot mailing
> list dtls-iot@ietf.org=20
> https://www.ietf.org/mailman/listinfo/dtls-iot
>=20


--VhsWEk5ugF1U38eA1qh2dwTORXVECsQp4
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org

iQEcBAEBCgAGBQJUdYjeAAoJEGhJURNOOiAtEiEH/0vAYzcf7evSKliMor6xoajX
VqkMMB9IB8GgpJna4Ttd2sRL/maCt8a9cLnWctxPse4p4We4yFVtTwBGRusmiumY
FNQ/nDcP8hMK88fwCTNQDMs8Uki+Ue1nBGkOVNu4o2gUn3A9RDPsqtqJ0bk6vkIt
S0lFEpxw02hMi/J1S/aT7BFm4+Pm+H1idplbkDZoHSSVuLOkDMIRGTUp7CvL3UbI
0O4o053M/vAM+ijy0CC4iyWaJCCDpIGhmwtIqrrRZgX4OrC5TVkd3yY16VHlUPlj
PLCFXDRgcvPGCHyb5pztgBQUUjh/ZG1aKgjmS62hsXj5jluyJ+Ind4E/oT7qqEE=
=iFZ0
-----END PGP SIGNATURE-----

--VhsWEk5ugF1U38eA1qh2dwTORXVECsQp4--


From nobody Wed Nov 26 00:31:40 2014
Return-Path: 
X-Original-To: dtls-iot@ietfa.amsl.com
Delivered-To: dtls-iot@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 982291A0063 for ; Wed, 26 Nov 2014 00:31:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.55
X-Spam-Level: 
X-Spam-Status: No, score=-1.55 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_DE=0.35] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id r9RYnW7joQcb for ; Wed, 26 Nov 2014 00:31:37 -0800 (PST)
Received: from mailhost.informatik.uni-bremen.de (mailhost.informatik.uni-bremen.de [IPv6:2001:638:708:30c9::12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6DC4C1A0049 for ; Wed, 26 Nov 2014 00:31:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at informatik.uni-bremen.de
Received: from smtp-fb3.informatik.uni-bremen.de (smtp-fb3.informatik.uni-bremen.de [134.102.224.120]) by mailhost.informatik.uni-bremen.de (8.14.5/8.14.5) with ESMTP id sAQ8VXLa001022; Wed, 26 Nov 2014 09:31:33 +0100 (CET)
Received: from [192.168.217.149] (p54890E24.dip0.t-ipconnect.de [84.137.14.36]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp-fb3.informatik.uni-bremen.de (Postfix) with ESMTPSA id 878BB791; Wed, 26 Nov 2014 09:31:32 +0100 (CET)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 8.1 \(1993\))
From: Carsten Bormann 
In-Reply-To: <547588DE.30006@gmx.net>
Date: Wed, 26 Nov 2014 09:31:30 +0100
X-Mao-Original-Outgoing-Id: 438683488.632078-04a8a75d6b42ad6d630bb41446f31e3f
Content-Transfer-Encoding: quoted-printable
Message-Id: 
References: <54742B21.7040806@gmx.net> <54747BE6.9010808@gmx.net> <36F5869FE31AB24485E5E3222C288E1F0819AF@NABESITE.InterDigital.com> <547588DE.30006@gmx.net>
To: Hannes Tschofenig 
X-Mailer: Apple Mail (2.1993)
Archived-At: http://mailarchive.ietf.org/arch/msg/dtls-iot/ojNfq7WSGKmM_ynTERHILwKD8cE
Cc: "kovatsch@inf.ethz.ch" , "Rahman, Akbar" , "dtls-iot@ietf.org" 
Subject: Re: [Dtls-iot] Unconstrained DTLS servers
X-BeenThere: dtls-iot@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DTLS for IoT discussion list 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Wed, 26 Nov 2014 08:31:39 -0000

>>=20
>> - In CoAP, the sender of the CoAP Request message is always the
>> Client and the receiver of the Request message is always the Server
>> (see http://tools.ietf.org/html/rfc7252#section-5 ).
>>=20
>> - So let's simply take the case of a small (constrained) sensor that
>> only measures temperature.   In this case the sensor will act as a
>> constrained server as soon as it is polled (GET) for its current
>> temperature
>=20
> Of course, this is not the envisioned interaction when DTLS is used

I think it would be useful to address CoAP-based interactions in this =
draft.

> because in this setup the sensor would suddenly become the DTLS server
> and the roles would be reversed.

I=E2=80=99m not sure what that means.

A sensor has a resource that is being served to its clients.
I=E2=80=99m not seeing a role reversal here, unless it is somehow =
hardwired that =E2=80=9Cservers=E2=80=9D must be big gear.  (The =
classical PKI-based certificate usage may favor this view, but we are =
not bound to that usage.)

Of course, the question who is CoAP server does not predetermine who is =
DTLS server.
A CoAP server might very well be asked by a management mechanism =
(preconfigured or dynamic) to open a DTLS connection to one or more of =
its clients.

> Despite the changed roles there are likely other problems, such as how
> does the cloud server even know which sensor to talk to,

That is what the resource directory is there for.

> how would the
> request go through a firewall,

We haven=E2=80=99t built specific mechanisms for firewall traversal into =
CoAP, because people seemed to think there were enough ways to do this.  =
If the firewall traversal is conditioned on which side opens the DTLS =
connection, then I think you have much, much bigger problems.

> what happens if NAT bindings expire

(IPv6 deployments don=E2=80=99t have this problem.  For IPv4:)
UDP NAT binding expiry is independent of who opens a DTLS connection on =
top of that UDP five-tuple.
Of course, getting the NAT binding in the first place is an argument for =
initiating traffic from the inside of a NAT, but this, again, has little =
bearing on who has the DTLS client role.

> Since you raised this issue it might be worthwhile to discuss it in =
the
> draft as well.

That is useful if the draft doesn=E2=80=99t just stick to pre-conceived =
notions of what those roles are in the IPv4/HTTP web.

Gr=C3=BC=C3=9Fe, Carsten


From nobody Wed Nov 26 00:55:22 2014
Return-Path: 
X-Original-To: dtls-iot@ietfa.amsl.com
Delivered-To: dtls-iot@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7086A1A0063 for ; Wed, 26 Nov 2014 00:55:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_HELO_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XGwNMW1FqeNo for ; Wed, 26 Nov 2014 00:55:15 -0800 (PST)
Received: from emea01-am1-obe.outbound.protection.outlook.com (mail-am1on0734.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe00::734]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BA4CA1A0056 for ; Wed, 26 Nov 2014 00:55:14 -0800 (PST)
Received: from AM3PR04CA0037.eurprd04.prod.outlook.com (10.242.16.37) by AM3PR04MB0629.eurprd04.prod.outlook.com (10.255.133.150) with Microsoft SMTP Server (TLS) id 15.1.26.15; Wed, 26 Nov 2014 08:53:09 +0000
Received: from DB3FFO11FD054.protection.gbl (2a01:111:f400:7e04::166) by AM3PR04CA0037.outlook.office365.com (2a01:111:e400:8814::37) with Microsoft SMTP Server (TLS) id 15.1.26.15 via Frontend Transport; Wed, 26 Nov 2014 08:53:09 +0000
Received: from mail.philips.com (206.191.240.52) by DB3FFO11FD054.mail.protection.outlook.com (10.47.217.126) with Microsoft SMTP Server (TLS) id 15.1.6.13 via Frontend Transport; Wed, 26 Nov 2014 08:53:08 +0000
Received: from DBXPRD9003MB059.MGDPHG.emi.philips.com ([169.254.7.179]) by DBXPRD9003HT002.MGDPHG.emi.philips.com ([141.251.25.207]) with mapi id 14.16.0472.000; Wed, 26 Nov 2014 08:53:08 +0000
From: "Kumar, Sandeep" 
To: Rene Struik , Hannes Tschofenig , "dtls-iot@ietf.org" 
Thread-Topic: [Dtls-iot] AES-CCM nonces in DTLS records
Thread-Index: AdAAgPb6clYzdGscSKeAUJZGqRiWegIFQS8AAAEvmlAAAFOIAAAAKplgAAF1S4AACWkSAAAjH+Sw
Date: Wed, 26 Nov 2014 08:53:07 +0000
Message-ID: 
References:  <54745222.5010902@gmx.net>  <54745C48.2040203@gmx.net>  <5474672F.2060205@gmx.net> <5474A656.3080805@gmail.com>
In-Reply-To: <5474A656.3080805@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [194.171.252.100]
Content-Type: multipart/alternative; boundary="_000_BE6D13F6A4554947952B39008B0DC0153E9D92B8DBXPRD9003MB059_"
MIME-Version: 1.0
X-EOPAttributedMessage: 0
X-Forefront-Antispam-Report: CIP:206.191.240.52; CTRY:US; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(10019020)(428002)(189002)(199003)(55904004)(374574003)(479174003)(377454003)(24454002)(13464003)(85714005)(2656002)(87936001)(325944007)(92726001)(101416001)(46102003)(19580405001)(44976005)(6806004)(19580395003)(19625215002)(84676001)(86362001)(92566001)(84326002)(69596002)(68736004)(31966008)(76176999)(54356999)(55846006)(33656002)(19300405004)(15975445006)(93886004)(107886001)(107046002)(4396001)(19617315012)(104016003)(105586002)(106466001)(81156004)(95666004)(15202345003)(99396003)(120916001)(66066001)(50986999)(512954002)(97736003)(20776003)(64706001)(16236675004)(71186001)(77156002)(77096003)(62966003)(21056001)(567094001); DIR:OUT; SFP:1102; SCL:1; SRVR:AM3PR04MB0629; H:mail.philips.com; FPR:; SPF:None; MLV:sfv; PTR:ErrorRetry; MX:1; A:1; LANG:en; 
X-Microsoft-Antispam: UriScan:;
X-Microsoft-Antispam: BCL:0;PCL:0;RULEID:;SRVR:AM3PR04MB0629;
X-Exchange-Antispam-Report-Test: UriScan:;
X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:;SRVR:AM3PR04MB0629;
X-Forefront-PRVS: 04073E895A
Received-SPF: None (protection.outlook.com: philips.com does not designate permitted sender hosts)
Authentication-Results: spf=none (sender IP is 206.191.240.52) smtp.mailfrom=sandeep.kumar@philips.com; 
X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:;SRVR:AM3PR04MB0629;
X-OriginatorOrg: philips.com
Archived-At: http://mailarchive.ietf.org/arch/msg/dtls-iot/1jlePQ2V701MaIwddEHGxvB2Nbw
Subject: Re: [Dtls-iot] AES-CCM nonces in DTLS records
X-BeenThere: dtls-iot@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DTLS for IoT discussion list 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Wed, 26 Nov 2014 08:55:20 -0000

--_000_BE6D13F6A4554947952B39008B0DC0153E9D92B8DBXPRD9003MB059_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Hi Rene

From: dtls-iot [mailto:dtls-iot-bounces@ietf.org] On Behalf Of Rene Struik
Sent: Tuesday, November 25, 2014 4:55 PM
To: Hannes Tschofenig; Kumar, Sandeep; dtls-iot@ietf.org
Subject: Re: [Dtls-iot] AES-CCM nonces in DTLS records

Dear colleagues:

I thought DICE was about constrained devices and networks. For those device=
s where energy constraints are at play, this would almost surely require ha=
rdware-assisted implementation used for packet processing, simply to make s=
ure that most of the energy is used for communications, not computation.)

[> ] Constrained means different for different folks in the ecosystem, ener=
gy is only one axis. There will be devices which don't have that energy con=
straint (the famous light bulb) or are wired over a cheap twisted pair.

(Admittedly, it does not help that the term "internet of things" has become=
 almost meaningless and now [witness the reference to Apple] apparently eve=
n applies to $600 dollar devices talking to each other. Extrapolating this =
number to the 2011 marketing forecasts of 50 billion interconnected devices=
 Cisco and Intel would make this a $30 trillion market [or about the 2013 G=
DP of the USA, China, and Japan combined]. Clearly, something must be wrong=
 here...)

[> ] Maybe you are confused, the reference was not about what Apple does in=
 their $600 devices but what it is demanding from accessory developers (the=
 IoT devices you might be thinking) that need to connect to those $600 devi=
ces.
And btw if you are really interested in making market calculations, take a =
second look at those marketing documents that mention 50 billion interconne=
cted devices. They include anything from cars, trains to even cows (I am su=
re all of those are much more than $600).

regards
Sandeep

Best regards, Rene


On 11/25/2014 6:25 AM, Hannes Tschofenig wrote:

Hi Sandeep,



I wouldn't call it a trend just because Apple does it in their new

products but quite clearly the cryptographic algorithms evolve over time

(btw, Curve25519 was listed as well).



Looking at the slides, which list the supported other radio

technologies, it is likely that some products will have to at least

support AES-CCM as well (for WiFi and/or for Bluetooth Smart).



As a product designer one has to make a conscious decision about the

expected product lifetime, degree of interoperability with other

devices, and the performance. A software-based crypto implementation,

which allows you to update the algorithm more easily, would give you a

potential performance hit but would score higher in the other categories.



When looking at teardowns of device it is clear that many of the IoT

devices are not as constrained as we often like portrait them. Hence,

having multiple implementations of different algorithms may not always

be an issue.



Maybe the recommendation in the document on this topic is to be aware of

the need to switch to different ciphers over the lifetime of the product

or to even support multiple ciphers (which calls for more flash and

potentially a faster CPU when a software-based implementation is used).

We have some text in there that talks about software updates but maybe

this specific issue could be highlighted.



Ciao

Hannes



On 11/25/2014 11:50 AM, Kumar, Sandeep wrote:

I would not go as far as recommending it right now.



There is a clear trend by the big-players in the industry to prefer ChaCha2=
0+Pol1305 which will change the landscape in the coming years. Apple Homeki=
t uses it http://devstreaming.apple.com/videos/wwdc/2014/701xx8n8ca3aq4j/70=
1/701_designing_accessories_for_ios_and_os_x.pdf?dl=3D1 (Slide 98) and Goog=
le Chrome https://www.imperialviolet.org/2013/10/07/chacha20.html

The choice is due to performance but now compatibility will help push other=
 players to move sooner too.



My 2 cents

Sandeep





-----Original Message-----

From: Hannes Tschofenig [mailto:hannes.tschofenig@gmx.net]

Sent: Tuesday, November 25, 2014 11:39 AM

To: Kumar, Sandeep; dtls-iot@ietf.org

Subject: Re: [Dtls-iot] AES-CCM nonces in DTLS records



Thanks for your response, Sandeep.



This statement below caught my attention in light of the AES-CCM vs.

AES-GCM discussion. Reading your sentence below gives me the impression

that instead of deciding about AES-CCM and AES-GCM we should instead

recommend ChaCha20+Poly1305.



Could you elaborate why you think ChaCha20+Poly1305 is becoming more

relevant in the embedded space?



On 11/25/2014 11:34 AM, Kumar, Sandeep wrote:

ChaCha20+Poly1305 seems to have made a right choice and becoming

more relevant in the embedded space anyways.





________________________________

The information contained in this message may be confidential and legally p=
rotected under applicable law. The message is intended solely for the addre=
ssee(s). If you are not the intended recipient, you are hereby notified tha=
t any use, forwarding, dissemination, or reproduction of this message is st=
rictly prohibited and may be unlawful. If you are not the intended recipien=
t, please contact the sender by return e-mail and destroy all copies of the=
 original message.








_______________________________________________

dtls-iot mailing list

dtls-iot@ietf.org

https://www.ietf.org/mailman/listinfo/dtls-iot




--

email: rstruik.ext@gmail.com | Skype: rstruik

cell: +1 (647) 867-5658 | US: +1 (415) 690-7363

--_000_BE6D13F6A4554947952B39008B0DC0153E9D92B8DBXPRD9003MB059_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable











Hi Rene=



 <=
/p>







From: dtls-iot [mailto:dtls-iot-bounces@ietf.org]
On Behalf Of Rene Struik

Sent: Tuesday, November 25, 2014 4:55 PM

To: Hannes Tschofenig; Kumar, Sandeep; dtls-iot@ietf.org

Subject: Re: [Dtls-iot] AES-CCM nonces in DTLS records






 




Dear colleagues:



I thought DICE was about constrained devices and networks. For those device=
s where energy constraints are at play, this would almost surely require ha=
rdware-assisted implementation used for packet processing, simply to make s=
ure that most of the energy is used
 for communications, not computation.)






[> ] Constrained=
 means different for different folks in the ecosystem, energy is only one a=
xis. There will be devices which don’t have that energy constraint
 (the famous light bulb) or are wired over a cheap twisted pair. 




(Admittedly, it does not help that the term "internet of things" =
has become almost meaningless and now [witness the reference to Apple] appa=
rently even applies to $600 dollar devices talking to each other. Extrapola=
ting this number to the 2011 marketing forecasts
 of 50 billion interconnected devices Cisco and Intel would make this a $30=
 trillion market [or about the 2013 GDP of the USA, China, and Japan combin=
ed]. Clearly, something must be wrong here...)






[> ] Maybe you a=
re confused, the reference was not about what Apple does in their $600 devi=
ces but what it is demanding from accessory developers (the
 IoT devices you might be thinking) that need to connect to those $600 devi=
ces. 



And btw if you are =
really interested in making market calculations, take a second look at thos=
e marketing documents that mention 50 billion interconnected
 devices. They include anything from cars, trains to even cows (I am sure a=
ll of those are much more than $600).


 


regards<=
/span>


Sandeep<=
/span>




Best regards, Rene





On 11/25/2014 6:25 AM, Hannes Tschofenig wrote:






Hi Sandeep,


 


I wouldn't call it a trend just because Apple does it in their new


products but quite clearly the cryptographic algorithms evolve over ti=
me


(btw, Curve25519 was listed as well).


 


Looking at the slides, which list the supported other radio=



technologies, it is likely that some products will have to at least


support AES-CCM as well (for WiFi and/or for Bluetooth Smart).


 


As a product designer one has to make a conscious decision about the


expected product lifetime, degree of interoperability with other<=
/o:p>


devices, and the performance. A software-based crypto implementation,<=
o:p>


which allows you to update the algorithm more easily, would give you a=



potential performance hit but would score higher in the other categori=
es.


 


When looking at teardowns of device it is clear that many of the IoT


devices are not as constrained as we often like portrait them. Hence,<=
o:p>


having multiple implementations of different algorithms may not always=



be an issue.


 


Maybe the recommendation in the document on this topic is to be aware =
of


the need to switch to different ciphers over the lifetime of the produ=
ct


or to even support multiple ciphers (which calls for more flash and


potentially a faster CPU when a software-based implementation is used)=
.


We have some text in there that talks about software updates but maybe=



this specific issue could be highlighted.


 


Ciao


Hannes


 


On 11/25/2014 11:50 AM, Kumar, Sandeep wrote:




I would not go as far as recommending it right now.


 


There is a clear trend by the big-players in the industry to prefer Ch=
aCha20+Pol1305 which will change the landscape in the coming years. App=
le Homekit uses it http://devstreaming.apple.com/videos/wwdc/2014/701xx8n8ca3aq4j/701/701_de=
signing_accessories_for_ios_and_os_x.pdf?dl=3D1 (Slide 98) and Google C=
hrome h=
ttps://www.imperialviolet.org/2013/10/07/chacha20.html


The choice is due to performance but now compatibility will help push =
other players to move sooner too.


 


My 2 cents


Sandeep


 


 




-----Original Message-----


From: Hannes Tschofenig [=
mailto:hannes.tschofenig@gmx.net]


Sent: Tuesday, November 25, 2014 11:39 AM


To: Kumar, Sandeep; dtls-iot@ietf=
.org


Subject: Re: [Dtls-iot] AES-CCM nonces in DTLS records

 


Thanks for your response, Sandeep.


 


This statement below caught my attention in light of the AES-CCM vs.


AES-GCM discussion. Reading your sentence below gives me the impressio=
n


that instead of deciding about AES-CCM and AES-GCM we should instead


recommend ChaCha20+Poly1305.


 


Could you elaborate why you think ChaCha20+Poly1305 is becoming mo=
re


relevant in the embedded space?


 


On 11/25/2014 11:34 AM, Kumar, Sandeep wrote:




ChaCha20+Poly1305 seems to have made a right choice and becoming




more relevant in the embedded space anyways.




 


 


________________________________


The information contained in this message may be confidential and lega=
lly protected under applicable law. The message is intended solely for the =
addressee(s). If you are not the intended recipient, you are hereby notifie=
d that any use, forwarding, dissemination, or reproduction of this message =
is strictly prohibited and may be unlawful. If you are not the intended rec=
ipient, please contact the sender by return e-mail and destroy all copies o=
f the original message.


 




 











_______________________________________________


dtls-iot mailing list


dtls-iot@ietf.org<=
/pre>

https://www=
.ietf.org/mailman/listinfo/dtls-iot













-- 


email: rstruik.ext@gmail.com<=
/a> | Skype: rstruik


cell: +1 (647) 867-5658 | US: +1 (415) 690-7363







--_000_BE6D13F6A4554947952B39008B0DC0153E9D92B8DBXPRD9003MB059_--


From nobody Wed Nov 26 04:52:06 2014
Return-Path: 
X-Original-To: dtls-iot@ietfa.amsl.com
Delivered-To: dtls-iot@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C31DE1A8740 for ; Wed, 26 Nov 2014 04:52:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.91
X-Spam-Level: 
X-Spam-Status: No, score=-6.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Pz5bpGtL33su for ; Wed, 26 Nov 2014 04:52:02 -0800 (PST)
Received: from edge20.ethz.ch (edge20.ethz.ch [82.130.99.26]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0C7381A0104 for ; Wed, 26 Nov 2014 04:52:02 -0800 (PST)
Received: from CAS12.d.ethz.ch (172.31.38.212) by edge20.ethz.ch (82.130.99.26) with Microsoft SMTP Server (TLS) id 14.3.195.1; Wed, 26 Nov 2014 13:51:56 +0100
Received: from MBX210.d.ethz.ch ([fe80::ed77:7d47:9467:69a9]) by CAS12.d.ethz.ch ([fe80::7861:4ecb:7c42:cad4%10]) with mapi id 14.03.0195.001;  Wed, 26 Nov 2014 13:51:59 +0100
From: "Kovatsch  Matthias" 
To: Hannes Tschofenig , "Akbar.Rahman@InterDigital.com" 
Thread-Topic: Unconstrained DTLS servers
Thread-Index: AQHQCH6/94bz9geT7kqcbSCkL/bIf5xxPAAAgAAcFBA=
Date: Wed, 26 Nov 2014 12:51:59 +0000
Message-ID: <55877B3AFB359744BA0F2140E36F52B52B9EC497@MBX210.d.ethz.ch>
References: <54742B21.7040806@gmx.net> <54747BE6.9010808@gmx.net>
In-Reply-To: <54747BE6.9010808@gmx.net>
Accept-Language: en-US, de-CH
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [88.209.34.29]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/dtls-iot/kV2Ol2ZFXJQMjQ3mk1zZK3AyLtI
Cc: "dtls-iot@ietf.org" 
Subject: Re: [Dtls-iot] Unconstrained DTLS servers
X-BeenThere: dtls-iot@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DTLS for IoT discussion list 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Wed, 26 Nov 2014 12:52:05 -0000

RGVhciBIYW5uZXMNCg0KMSkgU2NvcGUgb2YgdGhlIERJQ0UgUHJvZmlsZQ0KDQpGb2N1c2luZyBv
biB0aGUgY29uc3RyYWluZWQgRFRMUyBjbGllbnQgY2FzZSBpcyBmaW5lIHdpdGggbWUuIEhvd2V2
ZXIsIHRoaXMgbXVzdCB0aGVuIGFsc28gYmUgbWFkZSBleHBsaWNpdCBpbiB0aGUgZG9jdW1lbnQg
YW5kIHByb2JhYmx5IGV2ZW4gaW4gdGhlIHRpdGxlLiBDdXJyZW50bHkgdGhlIGRyYWZ0IHNvbWV3
aGF0IHByb21vdGVzIHRoZSBjb25zdHJhaW5lZCBEVExTIGNsaWVudCB0YWxraW5nIHRvIHRoZSBj
bG91ZCBhcyB0aGUgb25seSB2YWxpZCBJb1Qgc2NlbmFyaW8uIFRoaXMgaXMgc2ltcGx5IGZhbHNl
LiBXZSBjYW4gYWltIGZvciBvbmUgcHJvZmlsZSB0byBkZWFsIHdpdGggdGhlIElQdjQgYW5kIE5B
VCB0cmF2ZXJzYWwgcHJvYmxlbXMgZm9yIHRoZSBjbG91ZCBzY2VuYXJpbyBhbmQgYWRkIG1vcmUg
cHJvZmlsZXMgbGF0ZXIuIEZvciBtZSwgdGhlIElvVCBpcyBzb21ldGhpbmcgZGlmZmVyZW50LCB0
aG91Z2gsIHdoZXJlIHdlIGRvIG5vdCBoYXZlIHN1Y2ggaXNvbGF0ZWQgc2lsb3MuIEluIG15IHZp
ZXcsIGFwcGxpY2F0aW9ucyBjb252ZXJnZSwgYW5kIGhlbmNlIHdlIHdpbGwgZmluZCBhbGwgdGhl
IHNjZW5hcmlvcyBpbiBhIHNpbmdsZSBkZXBsb3ltZW50IChlLmcuLCBsb2NhbCBjb250cm9sIGFu
ZCBwcm9jZXNzaW5nIHdpdGggc3RvcmFnZSBpbiB0aGUgY2xvdWQpLiBUaHVzLCBpdCB3b3VsZCBt
YWtlIHNlbnNlIHRvIGhhdmUgYSBzaW5nbGUgRElDRSBwcm9maWxlLg0KDQpXaXRoIHRoZSBjdXJy
ZW50IHZlcnNpb24gb2YgdGhlIGRyYWZ0LCBJIGRvIG5vdCBldmVuIHNlZSBhIHByb2JsZW0gYXMg
c2luZ2xlIHByb2ZpbGUsIGV4Y2VwdCB0aGF0IGl0IHByb21vdGVzIHRoZSAicHJlcHJvZ3JhbW1l
ZCBjbGllbnQgcHVzaGVzIGRhdGEgdG8gdGhlIGNsb3VkIiBzY2VuYXJpby4gSSBkbyBub3QgZXZl
biBzZWUgaG93IHdlIHdvdWxkIG5lZWQgaW50ZXJvcGVyYWJpbGl0eSBpbiB0aGlzIHNjZW5hcmlv
LCBzaW5jZSBhbGwgZGV2aWNlcyBhcmUgcHJlLXBhaXJlZCB3aXRoIGEgc2VydmljZSBieSB0aGUg
bWFudWZhY3R1cmVyIGFuZCBjYW4gcnVuIHRoZSBzYW1lIHByb3ByaWV0YXJ5IHNvZnR3YXJlIHN0
YWNrLg0KDQoyKSBTY2VuYXJpbyBmb3IgY29uc3RyYWluZWQgRFRMUyBzZXJ2ZXJzDQoNClRoZSBj
b25zdHJhaW5lZCBEVExTIHNlcnZlciBkaXJlY3RseSBmb2xsb3dzIHRoZSB3b3JrIGluIENvUkUu
IEhlcmUgdGhlIGRldmljZS10by1kZXZpY2UsIGJ1dCBhbHNvIHNvbWV0aGluZyBsaWtlIHNtYXJ0
cGhvbmUtdG8tZGV2aWNlIHNjZW5hcmlvIGFwcGxpZXMuIEEgcHJvZmlsZSBzaG91bGQgYmUgY29t
cGF0aWJsZSB3aXRoIGJvdGgsIGEgY29uc3RyYWluZWQgYW5kIGFuIHVuY29uc3RyYWluZWQgZGV2
aWNlIGNvbnRhY3RpbmcgYSBjb25zdHJhaW5lZCBEVExTIHNlcnZlciAodG8gaW50ZXJhY3Qgd2l0
aCB0aGUgQ29BUCBzZXJ2ZXIpLiBUaGUgcmVzb3VyY2UgZGlzY292ZXJ5IG1lY2hhbmlzbXMgd291
bGQgYmUgd29ydGhsZXNzIGlmIGRldmljZXMgb3Igc2VydmljZXMgY2Fubm90IGluaXRpYXRlIHRo
ZSBpbnRlcmFjdGlvbiB3aXRoIElvVCBkZXZpY2VzLiBMaWtlIGluIHRoZSBjdXJyZW50IERUTFMg
Y2xpZW50IHByb2ZpbGUsIHRoZSBxdWVzdGlvbiBhYm91dCBuZXR3b3JrIGF0dGFjaG1lbnQgYW5k
IGRpc3RyaWJ1dGlvbiBvZiB0aGUga2V5aW5nIG1hdGVyaWFsIHNob3VsZCBiZSBvdXQgb2Ygc2Nv
cGUuIFRoZSBsYXR0ZXIgaXMgYWxyZWFkeSBjb3ZlcmVkIGJ5IEFDRSwgZm9yIGluc3RhbmNlLg0K
DQpDb25jcmV0ZSB1c2UgY2FzZXMgYXJlOg0KDQphKSBBIG5ldyBjb25zdHJhaW5lZCBkZXZpY2Ug
am9pbnMgdGhlIGhvbWUgbmV0d29yayAobmV0d29yayBhdHRhY2htZW50IHByb2NlZHVyZSBvdXQt
b2Ytc2NvcGUpIGFuZCBwcm92aWRlcyBpdHMgc2VydmljZXMgYXMgQ29BUCBzZXJ2ZXIsIGUuZy4s
IHRlbXBlcmF0dXJlIGFuZCBodW1pZGl0eSBzZW5zaW5nLiBUaGUgbmV3IGRldmljZSBjYW4gYmUg
ZGlzY292ZXJlZCB0aHJvdWdoIG11bHRpY2FzdCBvciBhIGxvY2FsIHJlc291cmNlIGRpcmVjdG9y
eSB3aGVyZSBpdCByZWdpc3RlcmVkLiBBIHRoZXJtb3N0YXQgd2l0aCBvcHBvcnR1bmlzdGljIHNl
bnNpbmcgc3VwcG9ydCBkaXNjb3ZlcnMgdGhlIG5ldyBkZXZpY2UgYW5kIG9ic2VydmVzIHRoZSBz
ZW5zb3IgcmVhZGluZ3MgdGhyb3VnaCBhIHJlcXVlc3QgdG8gdGhlIGRldmljZS4gRm9yIHRoaXMs
IHRoZSBuZXcgZGV2aWNlIG11c3QgYWN0IGFzIERUTFMgc2VydmVyLg0KDQpiKSBBIHVzZXIgdXNl
cyBhIHNtYXJ0cGhvbmUgdG8gYmluZCBhIGxpZ2h0c3dpdGNoIHRvIHNwZWNpZmljIGxpZ2h0YnVs
YnMuIFNpbmNlIHN1Y2ggYmluZGluZ3MgY2Fubm90IGJlIHByZS1wcm9ncmFtbWVkIGF0IHRoZSBt
YW51ZmFjdHVyZXIsIGEgQ29BUCBjbGllbnQgKHRoZSBsaWdodHN3aXRjaCBzZW5kaW5nIChtdWx0
aWNhc3QpIHJlcXVlc3RzIHRvIGxpZ2h0YnVsYnMpIGFsc28gaG9zdHMgYSBDb0FQIHNlcnZlciB0
byBwcm92aWRlIHRoZSBjb25maWd1cmF0aW9uIGludGVyZmFjZS4gVGhlIGNvbnN0cmFpbmVkIGxp
Z2h0c3dpdGNoIG11c3QgYWdhaW4gYWN0IGFzIERUTFMgc2VydmVyIHRvIGFjY2VwdCByZXF1ZXN0
cyBmcm9tIHRoZSB1bmNvbnN0cmFpbmVkIHNtYXJ0cGhvbmUuDQoNClRoZSBuZXR3b3JrIGF0dGFj
aG1lbnQgYW5kIHRoZSBiaWcgYXV0aG9yaXphdGlvbiBxdWVzdGlvbiBhcmUgb3V0LW9mLXNjb3Bl
IGZvciBhIERJQ0UgcHJvZmlsZS4NCg0KQ2lhbw0KTWF0dGhpYXMNCg0K


From nobody Wed Nov 26 05:56:01 2014
Return-Path: 
X-Original-To: dtls-iot@ietfa.amsl.com
Delivered-To: dtls-iot@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1DDF41A011E for ; Wed, 26 Nov 2014 05:55:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level: 
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EPwjX2bp41me for ; Wed, 26 Nov 2014 05:55:55 -0800 (PST)
Received: from mail-ig0-x22f.google.com (mail-ig0-x22f.google.com [IPv6:2607:f8b0:4001:c05::22f]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F0E4D1A00BD for ; Wed, 26 Nov 2014 05:55:54 -0800 (PST)
Received: by mail-ig0-f175.google.com with SMTP id h15so6860842igd.14 for ; Wed, 26 Nov 2014 05:55:54 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;  h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type; bh=D1cYGcFT39dhAu5VtNWrM/A4moIyIYhUR1FvqHmYbyM=; b=xvbax2bAKzVYRhrf9Fhy/1q/mGFpUJu5Vs6wtheRXo+Qh1pkCgEoY8OnSGpxtz08qr Pi6v0KCt9cjmMogmmqkSRYSMEJcYFrTBiA2ZubZxNe/kW+onlvP4ox7YE6ngTjpX/AIb PAEgVBsIIjHYMuA5axiSI8z7Q4A2oyRZSxwnvtFkjffFB2b7Gnh2IIXP1A+DQp7dJD+g vgXcNbQjXpkuOym5vQfwT+cwgtxeRdDOiigUrk7gmZjq9Y9ClJWCZ6isv12jh3bPwFis H8I/Jng6VS+LFONpaU2DsNToG6VCgGyEaZOHWmfFbpgN2KJpInlqoRws67n5Hb/ca8cU I7CQ==
X-Received: by 10.50.134.225 with SMTP id pn1mr22758243igb.33.1417010153870; Wed, 26 Nov 2014 05:55:53 -0800 (PST)
Received: from [192.168.0.10] (CPE7cb21b2cb904-CM7cb21b2cb901.cpe.net.cable.rogers.com. [99.231.49.38]) by mx.google.com with ESMTPSA id k191sm2061949iok.1.2014.11.26.05.55.53 for  (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 26 Nov 2014 05:55:53 -0800 (PST)
Message-ID: <5475DBE8.4030006@gmail.com>
Date: Wed, 26 Nov 2014 08:55:52 -0500
From: Rene Struik 
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0
MIME-Version: 1.0
To: "Kumar, Sandeep" ,  Hannes Tschofenig , "dtls-iot@ietf.org" 
References:  <54745222.5010902@gmx.net>  <54745C48.2040203@gmx.net>  <5474672F.2060205@gmx.net> <5474A656.3080805@gmail.com> 
In-Reply-To: 
Content-Type: multipart/alternative; boundary="------------020706010701020604000201"
Archived-At: http://mailarchive.ietf.org/arch/msg/dtls-iot/dy__QqySqaztpj4ESjZMZLgRWYs
Subject: Re: [Dtls-iot] AES-CCM nonces in DTLS records
X-BeenThere: dtls-iot@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DTLS for IoT discussion list 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Wed, 26 Nov 2014 13:55:59 -0000

This is a multi-part message in MIME format.
--------------020706010701020604000201
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 8bit

Hi Sandeep:

The point of my note was to emphasize that the design has to be guided 
by the more constrained devices in a network (unconstrained devices and 
networks can fend for themselves). My cost figure (no matter how crude) 
illustrates that the average device cost has to be very low for 
marketing numbers to ever materialize, so constrained devices rule by 
numbers. Unfortunately, you seemed to have missed that point.

Rene

On 11/26/2014 3:53 AM, Kumar, Sandeep wrote:
>
> Hi Rene
>
> *From:*dtls-iot [mailto:dtls-iot-bounces@ietf.org] *On Behalf Of *Rene 
> Struik
> *Sent:* Tuesday, November 25, 2014 4:55 PM
> *To:* Hannes Tschofenig; Kumar, Sandeep; dtls-iot@ietf.org
> *Subject:* Re: [Dtls-iot] AES-CCM nonces in DTLS records
>
> Dear colleagues:
>
> I thought DICE was about constrained devices and networks. For those 
> devices where energy constraints are at play, this would almost surely 
> require hardware-assisted implementation used for packet processing, 
> simply to make sure that most of the energy is used for 
> communications, not computation.)
>
> */[> ] Constrained means different for different folks in the 
> ecosystem, energy is only one axis. There will be devices which don’t 
> have that energy constraint (the famous light bulb) or are wired over 
> a cheap twisted pair. /*
>
>
> (Admittedly, it does not help that the term "internet of things" has 
> become almost meaningless and now [witness the reference to Apple] 
> apparently even applies to $600 dollar devices talking to each other. 
> Extrapolating this number to the 2011 marketing forecasts of 50 
> billion interconnected devices Cisco and Intel would make this a $30 
> trillion market [or about the 2013 GDP of the USA, China, and Japan 
> combined]. Clearly, something must be wrong here...)
>
> */[> ] Maybe you are confused, the reference was not about what Apple 
> does in their $600 devices but what it is demanding from accessory 
> developers (the IoT devices you might be thinking) that need to 
> connect to those $600 devices. /*
>
> */And btw if you are really interested in making market calculations, 
> take a second look at those marketing documents that mention 50 
> billion interconnected devices. They include anything from cars, 
> trains to even cows (I am sure all of those are much more than $600)./*
>
> *//*
>
> */regards/*
>
> */Sandeep/*
>
>
> Best regards, Rene
>
>
> On 11/25/2014 6:25 AM, Hannes Tschofenig wrote:
>
>     Hi Sandeep,
>
>       
>
>     I wouldn't call it a trend just because Apple does it in their new
>
>     products but quite clearly the cryptographic algorithms evolve over time
>
>     (btw, Curve25519 was listed as well).
>
>       
>
>     Looking at the slides, which list the supported other radio
>
>     technologies, it is likely that some products will have to at least
>
>     support AES-CCM as well (for WiFi and/or for Bluetooth Smart).
>
>       
>
>     As a product designer one has to make a conscious decision about the
>
>     expected product lifetime, degree of interoperability with other
>
>     devices, and the performance. A software-based crypto implementation,
>
>     which allows you to update the algorithm more easily, would give you a
>
>     potential performance hit but would score higher in the other categories.
>
>       
>
>     When looking at teardowns of device it is clear that many of the IoT
>
>     devices are not as constrained as we often like portrait them. Hence,
>
>     having multiple implementations of different algorithms may not always
>
>     be an issue.
>
>       
>
>     Maybe the recommendation in the document on this topic is to be aware of
>
>     the need to switch to different ciphers over the lifetime of the product
>
>     or to even support multiple ciphers (which calls for more flash and
>
>     potentially a faster CPU when a software-based implementation is used).
>
>     We have some text in there that talks about software updates but maybe
>
>     this specific issue could be highlighted.
>
>       
>
>     Ciao
>
>     Hannes
>
>       
>
>     On 11/25/2014 11:50 AM, Kumar, Sandeep wrote:
>
>         I would not go as far as recommending it right now.
>
>           
>
>         There is a clear trend by the big-players in the industry to prefer ChaCha20+Pol1305 which will change the landscape in the coming years. Apple Homekit uses ithttp://devstreaming.apple.com/videos/wwdc/2014/701xx8n8ca3aq4j/701/701_designing_accessories_for_ios_and_os_x.pdf?dl=1  (Slide 98) and Google Chromehttps://www.imperialviolet.org/2013/10/07/chacha20.html
>
>         The choice is due to performance but now compatibility will help push other players to move sooner too.
>
>           
>
>         My 2 cents
>
>         Sandeep
>
>           
>
>           
>
>             -----Original Message-----
>
>             From: Hannes Tschofenig [mailto:hannes.tschofenig@gmx.net]
>
>             Sent: Tuesday, November 25, 2014 11:39 AM
>
>             To: Kumar, Sandeep;dtls-iot@ietf.org  
>
>             Subject: Re: [Dtls-iot] AES-CCM nonces in DTLS records
>
>               
>
>             Thanks for your response, Sandeep.
>
>               
>
>             This statement below caught my attention in light of the AES-CCM vs.
>
>             AES-GCM discussion. Reading your sentence below gives me the impression
>
>             that instead of deciding about AES-CCM and AES-GCM we should instead
>
>             recommend ChaCha20+Poly1305.
>
>               
>
>             Could you elaborate why you think ChaCha20+Poly1305 is becoming more
>
>             relevant in the embedded space?
>
>               
>
>             On 11/25/2014 11:34 AM, Kumar, Sandeep wrote:
>
>                 ChaCha20+Poly1305 seems to have made a right choice and becoming
>
>             more relevant in the embedded space anyways.
>
>           
>
>           
>
>         ________________________________
>
>         The information contained in this message may be confidential and legally protected under applicable law. The message is intended solely for the addressee(s). If you are not the intended recipient, you are hereby notified that any use, forwarding, dissemination, or reproduction of this message is strictly prohibited and may be unlawful. If you are not the intended recipient, please contact the sender by return e-mail and destroy all copies of the original message.
>
>           
>
>       
>
>
>
>
>     _______________________________________________
>
>     dtls-iot mailing list
>
>     dtls-iot@ietf.org  
>
>     https://www.ietf.org/mailman/listinfo/dtls-iot
>
>
>
>
> -- 
> email:rstruik.ext@gmail.com    | Skype: rstruik
> cell: +1 (647) 867-5658 | US: +1 (415) 690-7363


-- 
email: rstruik.ext@gmail.com | Skype: rstruik
cell: +1 (647) 867-5658 | US: +1 (415) 690-7363


--------------020706010701020604000201
Content-Type: text/html; charset=windows-1252
Content-Transfer-Encoding: 8bit


  
    
  
  
    
Hi Sandeep:

      

      The point of my note was to emphasize that the design has to be
      guided by the more constrained devices in a network (unconstrained
      devices and networks can fend for themselves). My cost figure (no
      matter how crude) illustrates that the average device cost has to
      be very low for marketing numbers to ever materialize, so
      constrained devices rule by numbers. Unfortunately, you seemed to
      have missed that point.

      

      Rene

      

      On 11/26/2014 3:53 AM, Kumar, Sandeep wrote:

    

    

      
      
      
      

        
Hi
            Rene

        
 

        

          

            

              
From:
                  dtls-iot [mailto:dtls-iot-bounces@ietf.org]
                  On Behalf Of Rene Struik

                  Sent: Tuesday, November 25, 2014 4:55 PM

                  To: Hannes Tschofenig; Kumar, Sandeep;
                  dtls-iot@ietf.org

                  Subject: Re: [Dtls-iot] AES-CCM nonces in DTLS
                  records

            

          

          
 

          

            
Dear colleagues:

              

              I thought DICE was about constrained devices and networks.
              For those devices where energy constraints are at play,
              this would almost surely require hardware-assisted
              implementation used for packet processing, simply to make
              sure that most of the energy is used for communications,
              not computation.)

              

              

            
[>
                    ] Constrained means different for different folks in
                    the ecosystem, energy is only one axis. There will
                    be devices which don’t have that energy constraint
                    (the famous light bulb) or are wired over a cheap
                    twisted pair. 

            


              (Admittedly, it does not help that the term "internet of
              things" has become almost meaningless and now [witness the
              reference to Apple] apparently even applies to $600 dollar
              devices talking to each other. Extrapolating this number
              to the 2011 marketing forecasts of 50 billion
              interconnected devices Cisco and Intel would make this a
              $30 trillion market [or about the 2013 GDP of the USA,
              China, and Japan combined]. Clearly, something must be
              wrong here...)

              

              

            
[>
                    ] Maybe you are confused, the reference was not
                    about what Apple does in their $600 devices but what
                    it is demanding from accessory developers (the IoT
                    devices you might be thinking) that need to connect
                    to those $600 devices. 
                    

            
And
                    btw if you are really interested in making market
                    calculations, take a second look at those marketing
                    documents that mention 50 billion interconnected
                    devices. They include anything from cars, trains to
                    even cows (I am sure all of those are much more than
                    $600).

            
 

            
regards

            
Sandeep

            


              Best regards, Rene

              

              

              On 11/25/2014 6:25 AM, Hannes Tschofenig wrote:

          

          

            
Hi Sandeep,

            
 

            
I wouldn't call it a trend just because Apple does it in their new

            
products but quite clearly the cryptographic algorithms evolve over time

            
(btw, Curve25519 was listed as well).

            
 

            
Looking at the slides, which list the supported other radio

            
technologies, it is likely that some products will have to at least

            
support AES-CCM as well (for WiFi and/or for Bluetooth Smart).

            
 

            
As a product designer one has to make a conscious decision about the

            
expected product lifetime, degree of interoperability with other

            
devices, and the performance. A software-based crypto implementation,

            
which allows you to update the algorithm more easily, would give you a

            
potential performance hit but would score higher in the other categories.

            
 

            
When looking at teardowns of device it is clear that many of the IoT

            
devices are not as constrained as we often like portrait them. Hence,

            
having multiple implementations of different algorithms may not always

            
be an issue.

            
 

            
Maybe the recommendation in the document on this topic is to be aware of

            
the need to switch to different ciphers over the lifetime of the product

            
or to even support multiple ciphers (which calls for more flash and

            
potentially a faster CPU when a software-based implementation is used).

            
We have some text in there that talks about software updates but maybe

            
this specific issue could be highlighted.

            
 

            
Ciao

            
Hannes

            
 

            
On 11/25/2014 11:50 AM, Kumar, Sandeep wrote:

            

              
I would not go as far as recommending it right now.

              
 

              
There is a clear trend by the big-players in the industry to prefer ChaCha20+Pol1305 which will change the landscape in the coming years. Apple Homekit uses it http://devstreaming.apple.com/videos/wwdc/2014/701xx8n8ca3aq4j/701/701_designing_accessories_for_ios_and_os_x.pdf?dl=1 (Slide 98) and Google Chrome https://www.imperialviolet.org/2013/10/07/chacha20.html

              
The choice is due to performance but now compatibility will help push other players to move sooner too.

              
 

              
My 2 cents

              
Sandeep

              
 

              
 

              

                
-----Original Message-----

                
From: Hannes Tschofenig [mailto:hannes.tschofenig@gmx.net]

                
Sent: Tuesday, November 25, 2014 11:39 AM

                
To: Kumar, Sandeep; dtls-iot@ietf.org

                
Subject: Re: [Dtls-iot] AES-CCM nonces in DTLS records

                
 

                
Thanks for your response, Sandeep.

                
 

                
This statement below caught my attention in light of the AES-CCM vs.

                
AES-GCM discussion. Reading your sentence below gives me the impression

                
that instead of deciding about AES-CCM and AES-GCM we should instead

                
recommend ChaCha20+Poly1305.

                
 

                
Could you elaborate why you think ChaCha20+Poly1305 is becoming more

                
relevant in the embedded space?

                
 

                
On 11/25/2014 11:34 AM, Kumar, Sandeep wrote:

                

                  
ChaCha20+Poly1305 seems to have made a right choice and becoming

                

                
more relevant in the embedded space anyways.

              

              
 

              
 

              
________________________________

              
The information contained in this message may be confidential and legally protected under applicable law. The message is intended solely for the addressee(s). If you are not the intended recipient, you are hereby notified that any use, forwarding, dissemination, or reproduction of this message is strictly prohibited and may be unlawful. If you are not the intended recipient, please contact the sender by return e-mail and destroy all copies of the original message.

              
 

            

            
 

            


              

              

              

            
_______________________________________________

            
dtls-iot mailing list

            
dtls-iot@ietf.org

            
https://www.ietf.org/mailman/listinfo/dtls-iot

          

          


            

            

            

          
-- 

          
email: rstruik.ext@gmail.com | Skype: rstruik

          
cell: +1 (647) 867-5658 | US: +1 (415) 690-7363

        

      

    

    

    

    
-- 
email: rstruik.ext@gmail.com | Skype: rstruik
cell: +1 (647) 867-5658 | US: +1 (415) 690-7363

  


--------------020706010701020604000201--


From nobody Thu Nov 27 01:04:09 2014
Return-Path: 
X-Original-To: dtls-iot@ietfa.amsl.com
Delivered-To: dtls-iot@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 093FD1A88AB for ; Thu, 27 Nov 2014 01:04:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.361
X-Spam-Level: 
X-Spam-Status: No, score=-0.361 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, HELO_EQ_SE=0.35, RCVD_IN_DNSWL_LOW=-0.7, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CJIp93v8opBg for ; Thu, 27 Nov 2014 01:04:05 -0800 (PST)
Received: from outbox.sics.se (outbox.sics.se [193.10.64.137]) by ietfa.amsl.com (Postfix) with ESMTP id 41A0E1A88AC for ; Thu, 27 Nov 2014 01:04:05 -0800 (PST)
Received: from e-mailfilter01.sunet.se (e-mailfilter01.sunet.se [192.36.171.201]) by outbox.sics.se (Postfix) with ESMTPS id DA29C17AA for ; Thu, 27 Nov 2014 10:04:02 +0100 (CET)
Received: from letter.sics.se (letter.sics.se [193.10.64.6]) by e-mailfilter01.sunet.se (8.14.4/8.14.4/Debian-4) with ESMTP id sAR942Ig024461 for ; Thu, 27 Nov 2014 10:04:02 +0100
Received: from norm.sics.se (norm.sics.se [193.10.64.192]) by letter.sics.se (Postfix) with ESMTPS id F24D340118 for ; Thu, 27 Nov 2014 10:04:02 +0100 (CET)
Received: from [192.168.0.108] (unknown [85.235.11.178]) by norm.sics.se (Postfix) with ESMTPSA id 5C39B3E for ; Thu, 27 Nov 2014 10:04:02 +0100 (CET)
Message-ID: <5476E901.50402@sics.se>
Date: Thu, 27 Nov 2014 10:04:01 +0100
From: Ludwig Seitz 
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0
MIME-Version: 1.0
To: dtls-iot@ietf.org
References: <6F73BAEE-5FA3-4BCA-9A28-B98E1093CB95@gmail.com> <55877B3AFB359744BA0F2140E36F52B52B8FF795@MBX110.d.ethz.ch> <36F5869FE31AB24485E5E3222C288E1F0761DF@NABESITE.InterDigital.com> <30082.1416947983@sandelman.ca>
In-Reply-To: <30082.1416947983@sandelman.ca>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha1; boundary="------------ms040504030909030307060603"
X-Bayes-Prob: 0.0001 (Score 0, tokens from: outbound, outbound-sics-se:default, sics-se:default, base:default, @@RPTN)
X-p0f-Info: os=Solaris 10, link=Ethernet or modem
X-CanIt-Geo: =?UTF-8?Q?ip=3D85.235.11.178; _country=3DSE; _region=3DSk=C3=A5ne; _city=3DLund; _latitude=3D55.7028; _longitude=3D13.1927; _http://maps.google.com/maps=3Fq=3D55.7028,13.1927&z=3D6?=
X-CanItPRO-Stream: outbound-sics-se:outbound (inherits from outbound-sics-se:default, sics-se:default, base:default)
X-Canit-Stats-ID: 09Nkx42WX - efa79a82cb23 - 20141127
X-Antispam-Training-Forget: https://canit.sunet.se/canit/b.php?i=09Nkx42WX&m=efa79a82cb23&t=20141127&c=f
X-Antispam-Training-Nonspam: https://canit.sunet.se/canit/b.php?i=09Nkx42WX&m=efa79a82cb23&t=20141127&c=n
X-Antispam-Training-Spam: https://canit.sunet.se/canit/b.php?i=09Nkx42WX&m=efa79a82cb23&t=20141127&c=s
X-CanIt-Archive-Cluster: PfMRe/vJWMiXwM2YIH5BVExnUnw
X-Scanned-By: CanIt (www . roaringpenguin . com) on 192.36.171.201
Archived-At: http://mailarchive.ietf.org/arch/msg/dtls-iot/SvZscYdaf7YeIdlD7nTxSNaNFyA
Subject: Re: [Dtls-iot] WGLC for DTLS Profile draft: 11/11/2014 - 11/25/2014
X-BeenThere: dtls-iot@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DTLS for IoT discussion list 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Thu, 27 Nov 2014 09:04:08 -0000

This is a cryptographically signed message in MIME format.

--------------ms040504030909030307060603
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: quoted-printable

On 11/25/2014 09:39 PM, Michael Richardson wrote:
>
> Rahman, Akbar  wrote:
>      > 2) In the abstract and elsewhere there are references to a const=
rained
>      > device providing sensor data.  I think that this should be clari=
fied.
>      > If you read the CoAP spec [RFC 7252] you will clearly see that t=
he
>      > constrained device may either be read (GET - which corresponds t=
o your
>      > sensor examples), or the device may have some data loaded onto i=
t (PUT,
>      > POST, DELETE - and thus may be an actuator for example).  So you=
 should
>      > indicate the dual nature of constrained devices.
>
> And isn't it also the case that a sensor might PUT/POST sensor data to =
the
> device that wants it?  This is clearly the "lightswitch" -> "lightbulb"=

> situation, but also the (far too common today) sensor-behind-nat+cloud-=
storage situation.
>

Just to support Michael's point:

Think about publish-subscribe scenarios, where the sensor might be the=20
publisher that PUT/POSTs data to it's subscribers (or to an aggregator=20
that manages the subscriptions).

/Ludwig



--=20
Ludwig Seitz, PhD
SICS Swedish ICT AB
Ideon Science Park
Building Beta 2
Scheelev=E4gen 17
SE-223 70 Lund

Phone +46(0)70-349 92 51
http://www.sics.se


--------------ms040504030909030307060603
Content-Type: application/pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIMVDCC
BhgwggUAoAMCAQICAwiRTjANBgkqhkiG9w0BAQsFADCBjDELMAkGA1UEBhMCSUwxFjAUBgNV
BAoTDVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsTIlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRl
IFNpZ25pbmcxODA2BgNVBAMTL1N0YXJ0Q29tIENsYXNzIDEgUHJpbWFyeSBJbnRlcm1lZGlh
dGUgQ2xpZW50IENBMB4XDTE0MDEwNzA3MjgzNVoXDTE1MDEwNzEyNTgyMlowODEXMBUGA1UE
AwwObHVkd2lnQHNpY3Muc2UxHTAbBgkqhkiG9w0BCQEWDmx1ZHdpZ0BzaWNzLnNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnLm1tc30QxHa9wtdVjC3NgxjLJicnccm0HD+
1X16kPMKGvwps8F1oDhYn7jXIe46p1AuJMzLK0GIioE4JwxCFGdvpz7cg2xyTyrdBVUzSqez
Dfqt4FOJq6hrdrIMS8MHEzl7Jk02gv9cTn/pHQvDpkiThRpbSLU5mlMqtEQ8gDQY5YyBX0Mv
5qculV08I2JU8HEeTt1oeqhvBImgQfOVYMDatHlWHUVVrmYd6iIo+cuiUGd5kiA0XuaLYX0E
oCoao/z5Wg9U0sQlx0hl4r96Q+NdoZZ1prfts3qtyBzJ2hu135aikigzJ6sueWHv/jbISUek
tOMm0xkx1GOqqWtEAwIDAQABo4IC1DCCAtAwCQYDVR0TBAIwADALBgNVHQ8EBAMCBLAwHQYD
VR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMB0GA1UdDgQWBBRZmjjBh8N3klra+mVQgC00
pl68ZTAfBgNVHSMEGDAWgBRTcu2SnODaywFcfH6WNU7y1LhRgjAZBgNVHREEEjAQgQ5sdWR3
aWdAc2ljcy5zZTCCAUwGA1UdIASCAUMwggE/MIIBOwYLKwYBBAGBtTcBAgMwggEqMC4GCCsG
AQUFBwIBFiJodHRwOi8vd3d3LnN0YXJ0c3NsLmNvbS9wb2xpY3kucGRmMIH3BggrBgEFBQcC
AjCB6jAnFiBTdGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTADAgEBGoG+VGhpcyBj
ZXJ0aWZpY2F0ZSB3YXMgaXNzdWVkIGFjY29yZGluZyB0byB0aGUgQ2xhc3MgMSBWYWxpZGF0
aW9uIHJlcXVpcmVtZW50cyBvZiB0aGUgU3RhcnRDb20gQ0EgcG9saWN5LCByZWxpYW5jZSBv
bmx5IGZvciB0aGUgaW50ZW5kZWQgcHVycG9zZSBpbiBjb21wbGlhbmNlIG9mIHRoZSByZWx5
aW5nIHBhcnR5IG9ibGlnYXRpb25zLjA2BgNVHR8ELzAtMCugKaAnhiVodHRwOi8vY3JsLnN0
YXJ0c3NsLmNvbS9jcnR1MS1jcmwuY3JsMIGOBggrBgEFBQcBAQSBgTB/MDkGCCsGAQUFBzAB
hi1odHRwOi8vb2NzcC5zdGFydHNzbC5jb20vc3ViL2NsYXNzMS9jbGllbnQvY2EwQgYIKwYB
BQUHMAKGNmh0dHA6Ly9haWEuc3RhcnRzc2wuY29tL2NlcnRzL3N1Yi5jbGFzczEuY2xpZW50
LmNhLmNydDAjBgNVHRIEHDAahhhodHRwOi8vd3d3LnN0YXJ0c3NsLmNvbS8wDQYJKoZIhvcN
AQELBQADggEBAHqEYmtWr83S+iLXE97KBnHJZiMr6PMuLKxmh0o6UJJwKgf+KTP2czxRnPSI
+whuqfQZdmz6g3A2K8AooMU0RXrzncnX1c4826APdnXkRxnGQxtZXI1wuhPn4z7iDKZ6ij9u
K5Pfn10JL/ERDig2qJQbqvhtIAx0RY7y7r+hLMvgXVq9mf3WRJYmGQeFW+N9t5Z1eEwG4m9R
KAZm0fnfeDn/Ai4kmxTckBH7dZwW2lTtwQqQ4su+PGCJ0e9ndBLpvTqaYGSAl+L7PO7vxPhS
/cS67Xa6BtnYJLTr3MaGXaN+CEUFSfwQHa9DKcAqh3kldErI3kCvnot0CigBl4aILOEwggY0
MIIEHKADAgECAgEeMA0GCSqGSIb3DQEBBQUAMH0xCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1T
dGFydENvbSBMdGQuMSswKQYDVQQLEyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWdu
aW5nMSkwJwYDVQQDEyBTdGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNzEw
MjQyMTAxNTVaFw0xNzEwMjQyMTAxNTVaMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3Rh
cnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmlu
ZzE4MDYGA1UEAxMvU3RhcnRDb20gQ2xhc3MgMSBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGll
bnQgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHCYPMzi3YGrEppC4Tq5a+
ijKDjKaIQZZVR63UbxIP6uq/I0fhCu+cQhoUfE6ERKKnu8zPf1Jwuk0tsvVCk6U9b+0UjM0d
Lep3ZdE1gblK/1FwYT5Pipsu2yOMluLqwvsuz9/9f1+1PKHG/FaR/wpbfuIqu54qzHDYeqiU
fsYzoVflR80DAC7hmJ+SmZnNTWyUGHJbBpA8Q89lGxahNvuryGaC/o2/ceD2uYDX9U8Eg5Dp
IpGQdcbQeGarV04WgAUjjXX5r/2dabmtxWMZwhZna//jdiSyrrSMTGKkDiXm6/3/4ebfeZuC
YKzN2P8O2F/Xe2AC/Y7zeEsnR7FOp+uXAgMBAAGjggGtMIIBqTAPBgNVHRMBAf8EBTADAQH/
MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUU3Ltkpzg2ssBXHx+ljVO8tS4UYIwHwYDVR0j
BBgwFoAUTgvvGqRAW6UXaYcwyjRoQ9BBrvIwZgYIKwYBBQUHAQEEWjBYMCcGCCsGAQUFBzAB
hhtodHRwOi8vb2NzcC5zdGFydHNzbC5jb20vY2EwLQYIKwYBBQUHMAKGIWh0dHA6Ly93d3cu
c3RhcnRzc2wuY29tL3Nmc2NhLmNydDBbBgNVHR8EVDBSMCegJaAjhiFodHRwOi8vd3d3LnN0
YXJ0c3NsLmNvbS9zZnNjYS5jcmwwJ6AloCOGIWh0dHA6Ly9jcmwuc3RhcnRzc2wuY29tL3Nm
c2NhLmNybDCBgAYDVR0gBHkwdzB1BgsrBgEEAYG1NwECATBmMC4GCCsGAQUFBwIBFiJodHRw
Oi8vd3d3LnN0YXJ0c3NsLmNvbS9wb2xpY3kucGRmMDQGCCsGAQUFBwIBFihodHRwOi8vd3d3
LnN0YXJ0c3NsLmNvbS9pbnRlcm1lZGlhdGUucGRmMA0GCSqGSIb3DQEBBQUAA4ICAQAKgwh9
eKssBly4Y4xerhy5I3dNoXHYfYa8PlVLL/qtXnkFgdtY1o95CfegFJTwqBBmf8pyTUnFsukD
FUI22zF5bVHzuJ+GxhnSqN2sD1qetbYwBYK2iyYA5Pg7Er1A+hKMIzEzcduRkIMmCeUTyMyi
kfbUFvIBivtvkR8ZFAk22BZy+pJfAoedO61HTz4qSfQoCRcLN5A0t4DkuVhTMXIzuQ8Cnykh
ExD6x4e6ebIbrjZLb7L+ocR0y4YjCl/Pd4MXU91y0vTipgr/O75CDUHDRHCCKBVmz/Rzkc/b
970MEeHt5LC3NiWTgBSvrLEuVzBKM586YoRD9Dy3OHQgWI270g+5MYA8GfgI/EPT5G7xPbCD
z+zjdH89PeR3U4So4lSXur6H6vp+m9TQXPF3a0LwZrp8MQ+Z77U1uL7TelWO5lApsbAonrqA
SfTpaprFVkL4nyGH+NHST2ZJPWIBk81i6Vw0ny0qZW2Niy/QvVNKbb43A43ny076khXO7cNb
BIRdJ/6qQNq9Bqb5C0Q5nEsFcj75oxQRqlKf6TcvGbjxkJh8BYtv9ePsXklAxtm8J7GCUBth
HSQgepbkOexhJ0wP8imUkyiPHQ0GvEnd83129fZjoEhdGwXV27ioRKbj/cIq7JRXun0NbeY+
UdMYu9jGfIpDLtUUGSgsg2zMGs5R4jGCA90wggPZAgEBMIGUMIGMMQswCQYDVQQGEwJJTDEW
MBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlm
aWNhdGUgU2lnbmluZzE4MDYGA1UEAxMvU3RhcnRDb20gQ2xhc3MgMSBQcmltYXJ5IEludGVy
bWVkaWF0ZSBDbGllbnQgQ0ECAwiRTjAJBgUrDgMCGgUAoIICHTAYBgkqhkiG9w0BCQMxCwYJ
KoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0xNDExMjcwOTA0MDFaMCMGCSqGSIb3DQEJBDEW
BBQWGdLseHA8rPpmXhcZNfXTT6ZkkTBsBgkqhkiG9w0BCQ8xXzBdMAsGCWCGSAFlAwQBKjAL
BglghkgBZQMEAQIwCgYIKoZIhvcNAwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFA
MAcGBSsOAwIHMA0GCCqGSIb3DQMCAgEoMIGlBgkrBgEEAYI3EAQxgZcwgZQwgYwxCzAJBgNV
BAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQLEyJTZWN1cmUgRGlnaXRh
bCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYDVQQDEy9TdGFydENvbSBDbGFzcyAxIFByaW1h
cnkgSW50ZXJtZWRpYXRlIENsaWVudCBDQQIDCJFOMIGnBgsqhkiG9w0BCRACCzGBl6CBlDCB
jDELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsTIlNlY3Vy
ZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxODA2BgNVBAMTL1N0YXJ0Q29tIENsYXNz
IDEgUHJpbWFyeSBJbnRlcm1lZGlhdGUgQ2xpZW50IENBAgMIkU4wDQYJKoZIhvcNAQEBBQAE
ggEAGmhbNCrFVIHrKQbkmS601CR94UgZF63ZDbm8Hoqs9lMgpSFpS/+pPwA5kJCWswtZHN/A
yk0YDJX1AJQJlMjkayhqTT04MusNuoHbB4f095KeOhLw0nFcU2k+uoFxPIZDtVFpoyOH55YC
8owk1ITw+jpz8hEnuD9iV0AXT8GqW3tbyDSDB2WZpxZxjm6B22NVP7/FPeSsWQFFmMn54Vqx
kCqhJfDMKeC6+xWUPZC/ab7d3wpiEtGEa3ckdrOFzwc+TGgu5nADueTuD//HAoDaf1pI7Eb/
yaEztxE2AKY4Xbt38+txdWtQLmRokrvTqp/+O/aP/Z4bEO+pQGIUlwIWjgAAAAAAAA==
--------------ms040504030909030307060603--


From nobody Thu Nov 27 01:41:04 2014
Return-Path: 
X-Original-To: dtls-iot@ietfa.amsl.com
Delivered-To: dtls-iot@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 482881A88B8 for ; Thu, 27 Nov 2014 01:41:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level: 
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3FtHOsC8VxoU for ; Thu, 27 Nov 2014 01:41:01 -0800 (PST)
Received: from mout.gmx.net (mout.gmx.net [212.227.17.21]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 75E441A1B4F for ; Thu, 27 Nov 2014 01:41:01 -0800 (PST)
Received: from [192.168.131.133] ([80.92.115.84]) by mail.gmx.com (mrgmx103) with ESMTPSA (Nemesis) id 0MA9FV-1XnZli0z0r-00BNnM; Thu, 27 Nov 2014 10:40:59 +0100
Message-ID: <5476F1A9.5020200@gmx.net>
Date: Thu, 27 Nov 2014 10:40:57 +0100
From: Hannes Tschofenig 
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0
MIME-Version: 1.0
To: Ludwig Seitz , dtls-iot@ietf.org
References: <6F73BAEE-5FA3-4BCA-9A28-B98E1093CB95@gmail.com> <55877B3AFB359744BA0F2140E36F52B52B8FF795@MBX110.d.ethz.ch> <36F5869FE31AB24485E5E3222C288E1F0761DF@NABESITE.InterDigital.com> <30082.1416947983@sandelman.ca> <5476E901.50402@sics.se>
In-Reply-To: <5476E901.50402@sics.se>
OpenPGP: id=4D776BC9
Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="BUOtEifBaGMhiPWc64E8wsRrnegHWJdJf"
X-Provags-ID: V03:K0:Yr7Z8tde+9m49oObYENyhmlwISC9K3Ioj7EeLx3m1LVIxBNKeKZ oIYpyj/9NXPXIX0yP6SVh0r3gBgxFyIdm1BY3XfegMPrasuPVDGxSkV0A0sf3ZIb5l1Z0zF 6mhb0MSnThCt/aXobgnbGzRfgigNNgw2lfHQodtYEva5oihR4yRmh2JX3iakd+9Gnacol7O Q52eTKsPPsYr4SiIJQrIg==
X-UI-Out-Filterresults: notjunk:1;
Archived-At: http://mailarchive.ietf.org/arch/msg/dtls-iot/gr2O3oZbZeuvKTeQgATRahV71xc
Subject: Re: [Dtls-iot] WGLC for DTLS Profile draft: 11/11/2014 - 11/25/2014
X-BeenThere: dtls-iot@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DTLS for IoT discussion list 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Thu, 27 Nov 2014 09:41:03 -0000

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--BUOtEifBaGMhiPWc64E8wsRrnegHWJdJf
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable

Hi Ludwig,

I also do not see a problem with using PUT/POST by a sensor for
uploading data to some non-constrained server.

In an earlier message Akbar had, however, a different message exchange
in mind where the server-side issues a GET towards the sensor (instead
of having the sensor upload the data to the server):
http://www.ietf.org/mail-archive/web/dtls-iot/current/msg00469.html

In http://trac.tools.ietf.org/wg/dice/trac/ticket/16 I made an attempt
to explain how his exchange can also be supported by the document as is.

Ciao
Hannes

On 11/27/2014 10:04 AM, Ludwig Seitz wrote:
> On 11/25/2014 09:39 PM, Michael Richardson wrote:
>>
>> Rahman, Akbar  wrote:
>>      > 2) In the abstract and elsewhere there are references to a
>> constrained
>>      > device providing sensor data.  I think that this should be
>> clarified.
>>      > If you read the CoAP spec [RFC 7252] you will clearly see that =
the
>>      > constrained device may either be read (GET - which corresponds
>> to your
>>      > sensor examples), or the device may have some data loaded onto
>> it (PUT,
>>      > POST, DELETE - and thus may be an actuator for example).  So
>> you should
>>      > indicate the dual nature of constrained devices.
>>
>> And isn't it also the case that a sensor might PUT/POST sensor data to=

>> the
>> device that wants it?  This is clearly the "lightswitch" -> "lightbulb=
"
>> situation, but also the (far too common today)
>> sensor-behind-nat+cloud-storage situation.
>>
>=20
> Just to support Michael's point:
>=20
> Think about publish-subscribe scenarios, where the sensor might be the
> publisher that PUT/POSTs data to it's subscribers (or to an aggregator
> that manages the subscriptions).
>=20
> /Ludwig
>=20
>=20
>=20
>=20
>=20
> _______________________________________________
> dtls-iot mailing list
> dtls-iot@ietf.org
> https://www.ietf.org/mailman/listinfo/dtls-iot
>=20


--BUOtEifBaGMhiPWc64E8wsRrnegHWJdJf
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org

iQEcBAEBCgAGBQJUdvGpAAoJEGhJURNOOiAtqWwH/007h72NQRh8q6hCLVffzJvt
o+EhVenNBenjZJbBx3Nvf62V11n/esh20Bue5bXkoLHceXde/ES+TJnagDTqYqqq
YZ+mCJ/jjL49Ga4rUmvzJkfHuupkZoTs772iOjej7Tq/ajzgSGP2pqNGUULvnEmF
mlV5X8gQrEyQrY8vE3NPf+Qjivgomf7zLXCBXcNXX6uMn5owO5Wy+q7Cj2ktPF5L
iwSh4BMxnfGvz6P/ASfm9xXA62yQmdawGZz207/RqSInw3Fg4UyTN+o/h19lRKC3
qll6xT3vZA2Q67LYaiivmewu/1q7/YlopEzvnsrFmK8ox8+rSxblLaM4q5WRqoI=
=rhcm
-----END PGP SIGNATURE-----

--BUOtEifBaGMhiPWc64E8wsRrnegHWJdJf--


From nobody Thu Nov 27 04:54:38 2014
Return-Path: 
X-Original-To: dtls-iot@ietfa.amsl.com
Delivered-To: dtls-iot@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EAEEA1A88F2 for ; Thu, 27 Nov 2014 04:54:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.91
X-Spam-Level: 
X-Spam-Status: No, score=-6.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4G3hD1RUxrfr for ; Thu, 27 Nov 2014 04:54:35 -0800 (PST)
Received: from edge20.ethz.ch (edge20.ethz.ch [82.130.99.26]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D0EFC1A88ED for ; Thu, 27 Nov 2014 04:54:33 -0800 (PST)
Received: from CAS20.d.ethz.ch (172.31.51.110) by edge20.ethz.ch (82.130.99.26) with Microsoft SMTP Server (TLS) id 14.3.195.1; Thu, 27 Nov 2014 13:54:27 +0100
Received: from MBX210.d.ethz.ch ([fe80::ed77:7d47:9467:69a9]) by CAS20.d.ethz.ch ([fe80::2cd8:4907:7776:c56d%10]) with mapi id 14.03.0195.001;  Thu, 27 Nov 2014 13:54:31 +0100
From: "Kovatsch  Matthias" 
To: Hannes Tschofenig , Ludwig Seitz , "dtls-iot@ietf.org" 
Thread-Topic: [Dtls-iot] WGLC for DTLS Profile draft: 11/11/2014 - 11/25/2014
Thread-Index: AQHQCHyIslPldWHl8UOiD8uO79zDkZxxviWAgAJiSoCAAApRgIAARR9Q
Date: Thu, 27 Nov 2014 12:54:30 +0000
Message-ID: <55877B3AFB359744BA0F2140E36F52B52B9F3ACC@MBX210.d.ethz.ch>
References: <6F73BAEE-5FA3-4BCA-9A28-B98E1093CB95@gmail.com> <55877B3AFB359744BA0F2140E36F52B52B8FF795@MBX110.d.ethz.ch> <36F5869FE31AB24485E5E3222C288E1F0761DF@NABESITE.InterDigital.com> <30082.1416947983@sandelman.ca> <5476E901.50402@sics.se> <5476F1A9.5020200@gmx.net>
In-Reply-To: <5476F1A9.5020200@gmx.net>
Accept-Language: en-US, de-CH
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [129.132.130.252]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/dtls-iot/U50OyygWScGUv8jMoa4K7liLqBc
Subject: Re: [Dtls-iot] WGLC for DTLS Profile draft: 11/11/2014 - 11/25/2014
X-BeenThere: dtls-iot@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DTLS for IoT discussion list 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Thu, 27 Nov 2014 12:54:37 -0000

> I also do not see a problem with using PUT/POST by a sensor for uploading=
 data to some non-constrained server.

The main problem is that such devices must be pre-programmed with the addre=
ss of the could service. It is somewhat the old model where you can actuall=
y use any kind of protocol since your device is tightly coupled with the se=
rvice. No need for interoperability whatsoever.

For an infrastructure of IoT devices that can serve any application, you ne=
ed the server role, both for DTLS and CoAP. The CoAP server can also serve =
for configuration of the client role to later act on some initiative and se=
nd requests. That means, the IoT device will also need DTLS client and serv=
er capabilities (just like many envisioned devices are also CoAP clients an=
d servers; see core-interfaces for instance).

Ciao
Matthias


From nobody Fri Nov 28 03:56:30 2014
Return-Path: 
X-Original-To: dtls-iot@ietfa.amsl.com
Delivered-To: dtls-iot@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A764B1A1B3B for ; Fri, 28 Nov 2014 03:56:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level: 
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id c41i2vsUa3Iy for ; Fri, 28 Nov 2014 03:56:24 -0800 (PST)
Received: from mout.gmx.net (mout.gmx.net [212.227.17.21]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DB88C1A1B07 for ; Fri, 28 Nov 2014 03:56:23 -0800 (PST)
Received: from [192.168.131.133] ([80.92.115.84]) by mail.gmx.com (mrgmx103) with ESMTPSA (Nemesis) id 0MO7Ca-1Xr2uH2n1Y-005bLL for ; Fri, 28 Nov 2014 12:56:22 +0100
Message-ID: <547862E4.2030301@gmx.net>
Date: Fri, 28 Nov 2014 12:56:20 +0100
From: Hannes Tschofenig 
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0
MIME-Version: 1.0
To: "dtls-iot@ietf.org" 
OpenPGP: id=4D776BC9
Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="pJUingF8HB0Av6q9Vxc50KXWbIoWb1CK3"
X-Provags-ID: V03:K0:pL2oQZ1E+/WsF9kjz1LtoyI1FnQqtXd2X6VJPkym1190yM9DIOS qr/eiFKwZF9qFcjMXUCWTWnapm2RLf56jqn1PepchMVjZVAXgzty+QIPrmGCuGy/lqgGsb6 ZT/G4X0r3hZNBoKe9ANUTbD3KyrlQM5vYIxH83lpXbNDHPloiEpyaycLOACevhPs8qVDCRS 0WPpjzT8ed3k3DMr86DSA==
X-UI-Out-Filterresults: notjunk:1;
Archived-At: http://mailarchive.ietf.org/arch/msg/dtls-iot/aDYAidFfDa1qE2ZndwqJGXz28iQ
Subject: [Dtls-iot] Tracking Review Feedback for the DTLS Profile Document
X-BeenThere: dtls-iot@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DTLS for IoT discussion list 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Fri, 28 Nov 2014 11:56:27 -0000

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--pJUingF8HB0Av6q9Vxc50KXWbIoWb1CK3
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

Hi all,

I went through the review comments and the discussions on the list and
added issues to the tracker. You can find the complete list here:
https://tools.ietf.org/wg/dice/trac/report/1

- Issue#12: Updated text for the PFS section
https://tools.ietf.org/wg/dice/trac/ticket/12

- Issue#16: New section explaining how to deal with constrained servers
(as discussed on the list)
https://tools.ietf.org/wg/dice/trac/ticket/16

- Issue#15: New section giving guidance on timeouts
https://tools.ietf.org/wg/dice/trac/ticket/15

- Issue#13: New section with key length recommendations
https://tools.ietf.org/wg/dice/trac/ticket/13

- Issue#11: Question about applicability of text to TLS
https://tools.ietf.org/wg/dice/trac/ticket/11

- Issue#14: New section about the signature algorithm extension
https://tools.ietf.org/wg/dice/trac/ticket/14

- Issue#17: AES-CCM nonces in DTLS records.
https://tools.ietf.org/wg/dice/trac/ticket/17

- Issue#18: AES-CCM: 12-octet or 13-octet nonce
https://tools.ietf.org/wg/dice/trac/ticket/18

- Issue#19: Issue about AES-CCM vs. AES-GCM
https://tools.ietf.org/wg/dice/trac/ticket/19

I suspect that issue #16 and #11 could trigger some discussion. Issue
#19 does not have a resolution yet.

I thought that the tracker would send mails to the list but it did not
seem so. Instead of copying all the issues to the list take a look at
the tracker.

I am planning to release a new draft snapshot late next week.

Ciao
Hannes

PS: I am also in the process of incorporating various editorial
suggestions. Here is the draft snapshot:
https://github.com/hannestschofenig/tschofenig-ids/blob/master/dice-profi=
le/draft-ietf-dice-profile-06.txt


--pJUingF8HB0Av6q9Vxc50KXWbIoWb1CK3
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org

iQEcBAEBCgAGBQJUeGLkAAoJEGhJURNOOiAtDzsH/jPkSgy/PHdld5JX2Yilw5gX
Mf4qm8oGn9Ej+PYnu03zIDvCPJofLyXfNXvQD5cOjXAXNtpRvd6xqqrrN8YO4kYt
KZOgEp/C3z5kT5zAG5uFDxcYAgGDrA1CfFyobNUOBXz91Ftu6lQc5/ujFUKjAk41
KQvXcvXBn6bhNM6YHj6XwBEtLlQJbYDzGHTTRpgDB/OcEH8Ue0bIiO+SY9UfTzuq
d4wX7imcSc++PZ2D+DfeQBVWZFjBTpctaz4DlzuYxELKJi8KfQ6ULmKjHD+YPWy8
7Px+OQF0ORjUgTjmPPzIxabHbpiLIISeMUPGACca+92fCzIhQkzPKKerNve7LqA=
=5xE8
-----END PGP SIGNATURE-----

--pJUingF8HB0Av6q9Vxc50KXWbIoWb1CK3--


From nobody Fri Nov 28 04:07:41 2014
Return-Path: 
X-Original-To: dtls-iot@ietfa.amsl.com
Delivered-To: dtls-iot@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1BB9D1A1B45 for ; Fri, 28 Nov 2014 04:07:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.91
X-Spam-Level: 
X-Spam-Status: No, score=-0.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, FREEMAIL_REPLY=1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id M7XM87QtryMI for ; Fri, 28 Nov 2014 04:07:34 -0800 (PST)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.15]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 88DD71A1B3B for ; Fri, 28 Nov 2014 04:07:34 -0800 (PST)
Received: from [192.168.131.133] ([80.92.115.84]) by mail.gmx.com (mrgmx003) with ESMTPSA (Nemesis) id 0M9JYE-1XkwvR2M7q-00Cfu4; Fri, 28 Nov 2014 13:07:27 +0100
Message-ID: <5478657E.4030106@gmx.net>
Date: Fri, 28 Nov 2014 13:07:26 +0100
From: Hannes Tschofenig 
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0
MIME-Version: 1.0
To: Alexey Melnikov ,  Dorothy Gellert 
References: <6F73BAEE-5FA3-4BCA-9A28-B98E1093CB95@gmail.com> 
In-Reply-To: 
OpenPGP: id=4D776BC9
Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="L8aLhGgl6CAnhoxwKqoR6uAWM8nclnQGE"
X-Provags-ID: V03:K0:jlgE/l08GcXHjkbhEhmLo/gfKTO09qNKqFtWWe03dEhYPhoyzGN MQ/z73/KzhklFwjXRnb7gM3FWDH9BEXhvcDmga0ltPLboiLAC1Xwhs7KQylEmvHLMJvwGz/ FEjTSkYBu5HCZlwNJvTVNUgWVYGQMdY5ChuPbfP99m9FmizTzMkMhaZZowqEht8Y/wz9M2U Z1Rn/2LAk1+5WtU5OtiEQ==
X-UI-Out-Filterresults: notjunk:1;
Archived-At: http://mailarchive.ietf.org/arch/msg/dtls-iot/aU2cYfMl17r8MD-HMct6zKAJ_zo
Cc: Zach Shelby , "dtls-iot@ietf.org" 
Subject: Re: [Dtls-iot] WGLC for DTLS Profile draft: 11/11/2014 - 11/25/2014
X-BeenThere: dtls-iot@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DTLS for IoT discussion list 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Fri, 28 Nov 2014 12:07:37 -0000

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--L8aLhGgl6CAnhoxwKqoR6uAWM8nclnQGE
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

Hi Alexey,

thanks for the great review.

I incorporated most of your comments. A few remarks below.

On 11/22/2014 08:08 PM, Alexey Melnikov wrote:
> Hi,
> My detailed comments are below.
>=20
> On 11 Nov 2014, at 23:18, Dorothy Gellert  > wrote:
>=20
>> Dear WG,
>>
>> As discussed during the Dice WG meeting at IETF#91, this email starts
>> a WGLC  for our DTLS profile draft:
>>
>> https://tools.ietf.org/html/draft-ietf-dice-profile-05
>>
>> Please review.  This WGLC will end on Tuesday, November 25, 2014.
>=20
> While I think this document is on the right track (and mostly fine),
> there is a number of editorial issues that makes figuring out some
> requirements difficult. I suggest a revision before IETF LC.
>=20
> On page 4: I suggest this document reference TLS WG document about
> deprecating RC4.

Good point.


>=20
> In Section 3, beginning of 3rd para:
>=20
>    Clients are provisioned with information about the servers they need=

>    to initiate their DTLS exchange with and with credentials.
>=20
> Did you mean "with and without"?

I changed the entire paragraph to

"
   Before a client can initiate the DTLS handshake it needs to know the
   IP address of that server and what credentials to use.  Application
   layer protocols, such as CoAP, conveyed on top of DTLS may need
   additional information, such information about URLs of the endpoints
   the CoAP needs to register and publish information to.  This
   configuration information (including credentials) may be conveyed to
   clients as part of a firmware/software package or via a configuration
   protocol.
"

>=20
> Section 4 is a good tutorial. Lots of Informative references are missin=
g
> (e.g. for SHA1, SHA-256, AES, HMAC, CCM, GCM, etc)

Added.

>=20
> In 5.1: is use of something like False Start common in IoT environment?=

> As it reduces number of round trips, it might be advantageous and you
> should consider mentioning it.

Good question. I added it to the issue tracker:
https://tools.ietf.org/wg/dice/trac/ticket/20


>=20
> In 5.2, the following paragraph seems out of place:
>=20
>    Since many IoT devices will either have limited ways to log error or=

>    no ability at all, any error will lead to implementations attempting=

>    to re-try the exchange.  Implementers have to carefully evaluate the=

>    impact of errors and ways to remedy the situation since a commonly
>    used approach for delegating decision making to users is difficult i=
n
>    a timely fashion (or impossible).
>=20
> In particular, does it also apply to 5.1 and 5.3? Maybe you should move=

> it somewhere else so that it is clear that it applies to all cases.
>=20

Fixed.


> In 5.3:
>    Support of the cached info extension is
>    required.
>=20
> Should this be REQUIRED?

Fixed.

>=20
>    When DTLS is used to secure CoAP messages then the server provided
>    certificates MUST contain the fully qualified DNS domain name or
>    "FQDN".  The coaps URI scheme is described in Section 6.2 of
>    [RFC7252].  This FQDN is stored
>=20
> In order to avoid any doubt, I would insert "as dNSName" here.

Done.

>=20
>     in the SubjectAltName or in the CN,
>=20
> I think the correct way to say that is: "or in the leftmost CN componen=
t
> of subject name"

Done.

>=20
>    as explained in Section 9.1.3.3 of [RFC7252],
>=20
> At the end of section 7:
>=20
>    Since the communication model described in Section 3 does not assume=

>    that the server is constrained.  RFC 5077 [RFC5077] describing TLS
>=20
> I think you didn't intend dot here, maybe comma?

Fixed.

>=20
>    session resumption without server-side state is not utilized by this=

>    profile.
>=20
> In Section 10:
>=20
> Client-Initiated, Regular Data Uploads
>=20
>       This is a variation of the previous case whereby data gets
>       uploaded on a regular basis, for example, based on frequent
>       temperature readings.  With such regular exchange it can be
>       assumed that the DTLS context is still in kept=20
>=20
> Delete "in"?

Fixed.

>=20
>       at the IoT device.
>=20
>       For this message exchange pattern the use of DTLS heartbeat
>       messages is quite useful.  The MTU discovery mechanism, on the
>       other hand, is less likely to be relevant since for many IoT
>       deployments the must constrained link is the wireless interface a=
t
>=20
> I couldn't figure out what you are trying to say here.

Changed the wording of the paragraph to:

"
   Server-Initiated Messages

      In the two previous scenarios the client initiated the protocol
      interaction but in this case we consider server-initiated
      messages.  Since messages to the client may get blocked by
      intermediaries, such as NATs (including IPv4/IPv6 protocol
      translators) and stateful packet filtering firewalls, the initial
      connection setup is triggered by the client and then kept alive.
      Since state at middleboxes expires fairly quickly (according to
      measurements described in [HomeGateway]), regular heartbeats are
      necessary whereby these keep-alive messages may be exchanged at
      the application layer or within DTLS itself.

      For this message exchange pattern the use of DTLS heartbeat
      messages is quite useful.  The MTU discovery mechanism, which is
      also part of [RFC6520], is less likely to be relevant since for
      many IoT deployments the most constrained link is the wireless
      interface between the IoT device and the network itself (rather
      than some links along the end-to-end path).  Only in more complex
      network topologies, such as multi-hop mesh networks, the situation
      is.
"


>=20
>       the IoT device itself rather than somewhere in the network.
>=20
> In Section 17:
>=20
>    Recommendation: Client implementations SHOULD implement this
>    extension support this extension
>=20
> Drop "support this extension".

Fixed.

>=20
>    even though the ciphersuites
>    recommended by this profile are not vulnerable this attack.
>=20
> Missing "to".
>=20
Fixed.

> In Section 18:
>=20
>    CoAP demands version 1.2 of DTLS to be used and the earlier version
>    of DTLS is not supported.  As such, there is no risk of downgrading
>    to an older version of DTLS.  The work described in
>    [I-D.bmoeller-tls-downgrade-scsv] is therefore also not applicable t=
o
>    this environment since there is no legacy server infrastructure to
>    worry about.
>=20
> While I-D.bmoeller-tls-downgrade-scsv is not currently needed, it might=

> be useful when TLS 1.3/etc gets deployed and problems are found in TLS
> 1.2. Is this something we need to worry about in long term?
>=20

I created an issue for this item:
https://tools.ietf.org/wg/dice/trac/ticket/21


>    TLS
>    and DTLS allows a client and a server who already have a TLS
>    connection to negotiate new parameters, generate new keys, etc by
>    initiating a TLS handshake using a ClientHello message.
>    Renegotiation happens in the existing TLS connection, with the new
>    handshake packets being encrypted along with application data.
>=20
> It is not clear what the above is trying to say. If this is explaining
> what renegotiation is, then it should be moved to the beginning of the
> same paragraph (I didn't include the first sentence of it). If this is =
a
> recommendation not to use renegotiation, then it needs rewording to mak=
e
> that clear.

I changed the text to:

"
18.  Re-Negotiation Attacks

   TLS and DTLS allows a client and a server who already have a TLS
   connection to negotiate new parameters, generate new keys, etc by
   using a feature in TLS called re-negotiation.  Renegotiation happens
   in the existing TLS connection, with the new handshake packets being
   encrypted along with application data.  Upon completion of the re-
   negotiation procedure the new channel replaces the old channel.

   As described in RFC 5746 [RFC5746] there is no cryptographic binding
   between the two handshakes, although the new handshake is carried out
   using the cryptographic parameters established by the original
   handshake.

   To prevent the TLS re-negotiation attack [RFC5746] this specification
   RECOMMENDS not to use the TLS re-negotiation feature.  Clients MUST
   respond to server-initiated renegotiation attempts with an Alert
   message (no_renegotiation) and clients MUST NOT initiate them.
"

Ciao
Hannes

>=20
> Best Regards,
> Alexey
>=20


--L8aLhGgl6CAnhoxwKqoR6uAWM8nclnQGE
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org

iQEcBAEBCgAGBQJUeGV+AAoJEGhJURNOOiAtYbYH/2LituONXl2Fr+3KBy5Fy6Hr
XUnPns192GBDnx8GAd6rzhKElWcf+dnANCoxzLWFFdNnmgapb2yamb1CnbXKle8R
Xe5wtMZGv5lRsaxJyVJBGINtwLluwTs7Mk2TJIFaChugnF6UnMGyNp428jwwwRJ5
Wgj6sYYTy7HXD32wQIBwX89XxlLjIup9g/Tg32py8FtEkj3gYWd8hKNWsOJiy5ai
l9kv0PfdvjUf9oFEmB0NS8ZWny8GLifNifcUbixMJbej9M2QiwFXcjDzSRqu3V2H
x2aMBIzfNGWtxbmtG1GDcVs3aA1+niKDWehIY3ksVQ70QnuipuiClZQrF8xN1+o=
=HwOm
-----END PGP SIGNATURE-----

--L8aLhGgl6CAnhoxwKqoR6uAWM8nclnQGE--


From nobody Fri Nov 28 04:57:08 2014
Return-Path: 
X-Original-To: dtls-iot@ietfa.amsl.com
Delivered-To: dtls-iot@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 065591A1B4B for ; Fri, 28 Nov 2014 04:57:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.91
X-Spam-Level: 
X-Spam-Status: No, score=-0.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, FREEMAIL_REPLY=1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0YBaI7aNuuKY for ; Fri, 28 Nov 2014 04:57:06 -0800 (PST)
Received: from mout.gmx.net (mout.gmx.net [212.227.17.22]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 355D71A1B49 for ; Fri, 28 Nov 2014 04:57:06 -0800 (PST)
Received: from [192.168.131.133] ([80.92.115.84]) by mail.gmx.com (mrgmx101) with ESMTPSA (Nemesis) id 0MEKZg-1Xethn0WRk-00FVEk; Fri, 28 Nov 2014 13:57:03 +0100
Message-ID: <5478711E.5040700@gmx.net>
Date: Fri, 28 Nov 2014 13:57:02 +0100
From: Hannes Tschofenig 
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0
MIME-Version: 1.0
To: Rene Hummen ,  Dorothy Gellert 
References: <6F73BAEE-5FA3-4BCA-9A28-B98E1093CB95@gmail.com> 
In-Reply-To: 
OpenPGP: id=4D776BC9
Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="3vRVpqo6P7IiqcEdHUAF5PlWgVg4QqC6D"
X-Provags-ID: V03:K0:PJRZldtdPQ4Ls1JsKxwR81SJuJnPoji42xoxuloh8+jsinbHtoj LTkfXYZ9qgk4FzLzYWTSf63sGedfSLfFHnZYApDvtbWC2MNoDUnW28d2WId+HeaRdRDflIF 7gWyWgDABRoG2xx+zUHeso6Vwo0ahrZbo6jRqGpGJJ6tTI1JYzgFn1jMaphX71LpvdxM+DT r/enI9sYL9CuxH4gsj3Kg==
X-UI-Out-Filterresults: notjunk:1;
Archived-At: http://mailarchive.ietf.org/arch/msg/dtls-iot/7LxbO1Q9FI_50ZgGXG4dLLmxqww
Cc: Zach Shelby , "dtls-iot@ietf.org" 
Subject: Re: [Dtls-iot] Retransmission timeout and PSK identity hint
X-BeenThere: dtls-iot@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DTLS for IoT discussion list 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Fri, 28 Nov 2014 12:57:08 -0000

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--3vRVpqo6P7IiqcEdHUAF5PlWgVg4QqC6D
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable

Hi Rene,

although I responded to your remarks already I wanted to get back to you.=


On 11/15/2014 08:05 AM, Rene Hummen wrote:
> Besides the fact that I would have liked this draft to consider both a
> constrained DTLS client and a constrained DTLS server, I have two main
> comments:
>=20
> 1) From my experience, the recommended timeout values for DTLS often
> lead to spurious retransmissions in constrained node networks.
> Especially for constrained devices with software ECC support, network
> delays in combination with ECDH and ECDSA operations quickly exceed a 1=

> sec timeout. Similarly, for long message flights (i.e.,
> certificate-related flights), repeated loss of a handshake message
> causes extensive handshake delays. As the specific timeout values may b=
e
> application dependent, pointing out these issues in sections 5.2 and 5.=
3
> would be very useful.

Here is suggested text based on your remark, the feedback during the
last IETF meeting and from the DTLS over SMS draft:
http://trac.tools.ietf.org/wg/dice/trac/ticket/15


>=20
> 2) Section 5.1: The paragraph about the =93PSK identity hint=94 is uncl=
ear
> to me. What is the rationale behind recommending against sending the
> hint if the key selection is based on the domain name of the server in
> contrast to any other means of identification? Moreover, how does this
> tie in with the subsequent recommendation saying =93A server using the
> identity hint needs to guide the selection based on a received SNI valu=
e
> from the client.=94?

Here is my earlier feedback:
http://www.ietf.org/mail-archive/web/dtls-iot/current/msg00452.html

>=20
>=20
> Some editorial comments (possibly personal preference):
>=20
> - The end of the introduction starting from =93The design of DTLS is
> intentionally very similar to TLS.=94 could be moved into an own sectio=
n,
> e.g., called =93Overview of the DTLS Protocol=94. In my opinion, this w=
ould
> further improve readability.
>=20
> - In the third bullet point of the same paragraph, I would also remove
> the sentence about IKEv2 as this information is distracting with respec=
t
> to the subsequent recommendation. To highlight what I mean, I am copyin=
g
> the text from the draft here:
> =93... [The HelloVerifyRequest] is sent by the server and includes a
> stateless cookie, which is returned in a ClientHello message back to th=
e
> server. This type of DoS protection mechanism has been incorporated int=
o
> the design of IKEv2. Although the exchange is optional for the server t=
o
> execute, a client implementation has to be prepared to respond to it.".=

>=20
> - It would may helpful for implementors to have a brief summary of the
> most important general recommendations at the end of the introduction.
> Something along the lines: =93An implementation complying to this profi=
le
> i) MUST not use compression for DTLS handshake messages, ii) MUST not
> use DTLS < 1.2, and MAY use any of the following authentication modes:
> PSK, raw public-key, certificates. Specific recommendations for each of=

> these modes are given in sections 5 - 18.=94
>=20
> - Section 5.1: =93Furthermore, credentials are provisioned into trusted=

> hardware modules or in the firmware by the developers.=94 -> add
> =93often/commonly/typically=94 as there may also be other forms of prov=
isioning.

Here is the updated draft version:
https://github.com/hannestschofenig/tschofenig-ids/blob/master/dice-profi=
le/draft-ietf-dice-profile-06.txt

I added this additional overview section and made the suggested wording
changes.

Ciao
Hannes

>=20
> Ren=E9
>=20
>=20
> On 12 Nov 2014, at 00:18, Dorothy Gellert  > wrote:
>> Dear WG,
>>
>> As discussed during the Dice WG meeting at IETF#91, this email starts
>> a WGLC  for our DTLS profile draft:
>>
>> https://tools.ietf.org/html/draft-ietf-dice-profile-05
>>
>> Please review.  This WGLC will end on Tuesday, November 25, 2014.
>>
>> Best Regards,
>> Dorothy and Zach
>> _______________________________________________
>> dtls-iot mailing list
>> dtls-iot@ietf.org 
>> https://www.ietf.org/mailman/listinfo/dtls-iot
>=20
> --
> Dipl.-Inform. Rene Hummen, Ph.D. Student
> Chair of Communication and Distributed Systems
> RWTH Aachen University, Germany
> tel: +49 241 80 21426
> web: http://www.comsys.rwth-aachen.de/team/rene-hummen/
>=20


--3vRVpqo6P7IiqcEdHUAF5PlWgVg4QqC6D
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org

iQEcBAEBCgAGBQJUeHEeAAoJEGhJURNOOiAttQoH/2o1PNJnErz16v2NNgqjQVdl
OAZrwa4/qDIpCM4eJ2nZq7CHO5PmIOOE85v5zmZMyoINBXDFZcz0AcdjUd1ceJlt
sAl9DkrcgF1DPRo1JGfeOqMX/kwbVOktjYzMEWLwz8mPHn/M7KQQTn+N352iy5cb
41TgLl4/ywqMIGI2b2MU3IbaAVctOEm3de9YPxdFQy4gckk25k1hry7gH17Yb0J0
Fgpbe56TwIJhUjdSHJPBI2sGbNR4PJDJzwWaq/MVCGn1Ebi00OPVtEM2bp2SB9JK
v47L+Z80bT0Osqeo+f4WXEMHMfB3kBK8G2H8X+uVzVMkwhHSVDZ7Mo3VfUtA1uA=
=9PLg
-----END PGP SIGNATURE-----

--3vRVpqo6P7IiqcEdHUAF5PlWgVg4QqC6D--


From nobody Fri Nov 28 11:18:43 2014
Return-Path: 
X-Original-To: dtls-iot@ietfa.amsl.com
Delivered-To: dtls-iot@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B79601A0119 for ; Fri, 28 Nov 2014 11:18:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level: 
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3z7FXg_RQsGU for ; Fri, 28 Nov 2014 11:18:26 -0800 (PST)
Received: from mout.gmx.net (mout.gmx.net [212.227.17.22]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EF06B1A00C5 for ; Fri, 28 Nov 2014 11:18:24 -0800 (PST)
Received: from [192.168.131.133] ([80.92.115.84]) by mail.gmx.com (mrgmx101) with ESMTPSA (Nemesis) id 0LsPwa-1Y0r3813SS-01205U; Fri, 28 Nov 2014 20:18:22 +0100
Message-ID: <5478CA79.6010102@gmx.net>
Date: Fri, 28 Nov 2014 20:18:17 +0100
From: Hannes Tschofenig 
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0
MIME-Version: 1.0
To: Alexey Melnikov ,  Dorothy Gellert 
References: <6F73BAEE-5FA3-4BCA-9A28-B98E1093CB95@gmail.com>  <5478657E.4030106@gmx.net>
In-Reply-To: <5478657E.4030106@gmx.net>
OpenPGP: id=4D776BC9
Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="OcCrOb67KGEsoCtqajdkNIfOxBUWomaXQ"
X-Provags-ID: V03:K0:nKJLyy6ArK+ttK6P2OBDg3ieYt+B3y7PIoWv9vJXuZBtuax4PJF 5ski9b9UIibxdRNbruJkOY2RWgVFn62vSlouF87/1TEG2TM5RZKut621Fee1zyQADTdpDxe /myZ3VJfVz+DIF+1ZeAQCO0SbTZIVBMRbqfRBWQCtIM+7VXcNflTR7aeP37cdEiKi3PJi+N qjdcOKNsm/Hv1RfrdNnbg==
X-UI-Out-Filterresults: notjunk:1;
Archived-At: http://mailarchive.ietf.org/arch/msg/dtls-iot/BR4-_pUSJYXCKnzxXcSNZwMuJIM
Cc: Zach Shelby , "dtls-iot@ietf.org" 
Subject: [Dtls-iot] TLS False Start ... Re: WGLC for DTLS Profile draft: 11/11/2014 - 11/25/2014
X-BeenThere: dtls-iot@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DTLS for IoT discussion list 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Fri, 28 Nov 2014 19:18:30 -0000

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--OcCrOb67KGEsoCtqajdkNIfOxBUWomaXQ
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

Hi Alexey,

On 11/28/2014 01:07 PM, Hannes Tschofenig wrote:
>> In 5.1: is use of something like False Start common in IoT environment=
?
>> > As it reduces number of round trips, it might be advantageous and yo=
u
>> > should consider mentioning it.
> Good question. I added it to the issue tracker:
> https://tools.ietf.org/wg/dice/trac/ticket/20
>=20
>=20

I believe TLS False Start would be a good fit. I added a section about
it into the draft. Here is the text:

-----

25.  TLS False Start

   A full TLS handshake as specified in [RFC5246] requires two full
   protocol rounds (four flights) before the handshake is complete and
   the protocol parties may begin to send application data.

   An abbreviated handshake (resuming an earlier TLS session) is
   complete after three flights, thus adding just one round-trip time if
   the client sends application data first.

   If the conditions outlined in [I-D.bmoeller-tls-falsestart] are met,
   application data can be transmitted when the sender has sent its own
   "ChangeCipherSpec" and "Finished" messages.  This achieves an
   improvement of one round-trip time for full handshakes if the client
   sends application data first, and for abbreviated handshakes if the
   server sends application data first.

   The conditions for using the TLS False Start mechanism are met by the
   public-key-based ciphersuites in this document.  In summary, the
   conditions are

   o  Modern symmetric ciphers with an effective key length of 128 bits,
      such as AES-128-CCM

   o  Client certificate types, such as ECDHE_ECDSA

   o  Key exchange methods: ecdsa_sign

   Based on the improvement over a full roundtrip for the full TLS/DTLS
   exchange this specification RECOMMENDS the use of the TLS False Start
   mechanism when clients send application data first.

-----

Ciao
Hannes


--OcCrOb67KGEsoCtqajdkNIfOxBUWomaXQ
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org

iQEbBAEBCgAGBQJUeMp5AAoJEGhJURNOOiAt6ZQH+Nj8yCzEqcn2YT3D9I0YxZ2b
TCoThI4GgWnAAoFTDtG/zv4VckRlpr7XlwAU0vxUnkHia1CM12Y4Kj8h2jSd3X4o
lpQoAr1WyXiOC/ZvU4tJSKYn22HNgiQ12Aqm8gg/Fobnplpate+S14gX6oRN3vz2
4SwKlNBO2skUU9qmleFKVo8fWmW0Aqpd/gxO5fYRRxLnYqXZm4n699uSu3df3e2Z
xXA7tfAnZ3pOmSvqCv9zshWpFutkEL1jBVx8dFtm0Ni2I1X5c1rOo1Ev2ZG7VJO0
+xEJATm/YmschNz8alcSSkX9Oxkif0M6hNMcLroLWuT1N4N+MRdYkAxzBz7eVw==
=knNo
-----END PGP SIGNATURE-----

--OcCrOb67KGEsoCtqajdkNIfOxBUWomaXQ--


From nobody Fri Nov 28 11:46:57 2014
Return-Path: 
X-Original-To: dtls-iot@ietfa.amsl.com
Delivered-To: dtls-iot@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 758CD1A0126 for ; Fri, 28 Nov 2014 11:46:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level: 
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id k0TonNY9_1Ha for ; Fri, 28 Nov 2014 11:46:53 -0800 (PST)
Received: from mout.gmx.net (mout.gmx.net [212.227.17.21]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7523C1A00AA for ; Fri, 28 Nov 2014 11:46:53 -0800 (PST)
Received: from [192.168.131.133] ([80.92.115.84]) by mail.gmx.com (mrgmx102) with ESMTPSA (Nemesis) id 0MGFz9-1XjBtH0jId-00FFLj; Fri, 28 Nov 2014 20:46:40 +0100
Message-ID: <5478D11B.4000309@gmx.net>
Date: Fri, 28 Nov 2014 20:46:35 +0100
From: Hannes Tschofenig 
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0
MIME-Version: 1.0
To: Michael Richardson ,  "dtls-iot@ietf.org" , Stephen Farrell 
References: <6F73BAEE-5FA3-4BCA-9A28-B98E1093CB95@gmail.com> <1B65AA0C-100B-4072-BC30-71B78C49FD32@vigilsec.com> <54665EC1.8020706@gmx.net>  <54668854.1020503@cs.tcd.ie> <54743777.8000800@gmx.net>  <547448EB.8070506@gmx.net> <1033.1416949002@sandelman.ca>
In-Reply-To: <1033.1416949002@sandelman.ca>
OpenPGP: id=4D776BC9
Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="qWvpIeUpSAhlN2DaROQc6pJoCmMDB3jKn"
X-Provags-ID: V03:K0:m1ETlhWI5mwBFwT17H9aLkRird0BPQMqjUZd9p10B9UKTyFCJcM o6vpIV9qNxCgd2iuTBiW8Q0LMSgVTDzmNDLMiOWFAEHromNVLuGl3Wz7EkvF09q0i6g5cLl 9b/lp3VmD7YvhJgRs1JpGlnjLhND7KRtKc1T3xWxNE3Zz+UDq3Uv21vM7EsZyMe2+0HXxkz Cs6/msGRQ3aZsYYhB9GZg==
X-UI-Out-Filterresults: notjunk:1;
Archived-At: http://mailarchive.ietf.org/arch/msg/dtls-iot/HUKHb7BEFKJeXnQC6lClUDzlH10
Subject: Re: [Dtls-iot] WGLC for DTLS Profile draft: 11/11/2014 - 11/25/2014
X-BeenThere: dtls-iot@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DTLS for IoT discussion list 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Fri, 28 Nov 2014 19:46:55 -0000

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--qWvpIeUpSAhlN2DaROQc6pJoCmMDB3jKn
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable

Hi Michael,

a quick response to your remarks.

On 11/25/2014 09:56 PM, Michael Richardson wrote:
>=20
> Hannes Tschofenig  wrote:
>     > it would be option #d in my list below. In fact, I have already d=
ropped
>     > a mail to the UTA list about their document and raised the issue =
of
>     > scoping. Their document is really is about the Web. I fear that n=
obody
>     > had really looked at their document in detail since otherwise som=
eone
>     > would have noticed that it also talks briefly about email and XMP=
P
>     > while there is other work in the group that provides much greater=

>     > detail on those topic. In the same spirit I see the IoT case as
>     > something that does not belong in their document at all. TLS (and=
 DTLS)
>     > is just used in a number of different deployments and they are a =
bit
>     > different.
>=20
> There are DTLS uses in the Internet of "Web" which are not constrainted=
=20
> and do have hardware acceleration concerns.  This would include:
> radius/diameter,

Diameter does not use UDP.

https://tools.ietf.org/html/rfc7360 defines DTLS protection for RADIUS
but I do not know how widely it is used. I am also not sure whether any
deployment experience had been taken into account with regard to RADIUS
in the UTA document. If I remember correctly then there was more
interest in supporting a TCP/TLS transport in RADIUS since the large
EAP-TLS packets caused problems for network access authentication.

 SIP, RTP (under webrtc and also under XMPP/Jingle), and I

There has indeed been work on SRTP-based media security that used DTLS
and I was involved in that work. I have not followed it closely during
the last few years and the WebRTC work is a recent addition to it. I
believe a separate document would be needed to describe that use of DTLS
in form of a BCP since the communication model is somewhat different to
the others currently captured in the UTA documents. With VoIP we are
talking about a p2p exchange between two SIP devices/two browsers rather
than the classical client-server interaction. I believe there are enough
differences to cover that in a separate document.

> understand that DPRIVE (DNS privacy) considers DTLS too.
This work has just been started and it might be a bit premature to put
it into a BCP document.

Ciao
Hannes



--qWvpIeUpSAhlN2DaROQc6pJoCmMDB3jKn
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org

iQEcBAEBCgAGBQJUeNEbAAoJEGhJURNOOiAtJMEH/iB4ZH4SbroGJfo2lilWaYqA
mv1/HnCmSJD7Ey9ZIstqXry8ybo/Gxv9InXikFcPUGXFPSR45SA5tmytjYODpExw
GemzDKkh94Go06ojqGUQQIHVqXlwpCcmr3d89+nlY8/9cU9OLuYqkTukdECQZbmr
btkVxMQTAbtB0cnTyI6BayKteMOT0F7JuqdIXa3r+fIAG3QG++n6HbAJErdfHA+i
gXDkqfTCB+RHbbN1DEh1rV8CrmGS/QWnNM1vHtb1DgKeaebW2ZjUdoR6jq4M0k5z
i1SV3S2pT2JHpS2bM0Uj/PBCvbqXdv1ba11Hz4mqrKzluX4BSqAPT1P2XQWqs8c=
=brx0
-----END PGP SIGNATURE-----

--qWvpIeUpSAhlN2DaROQc6pJoCmMDB3jKn--


From nobody Fri Nov 28 12:38:18 2014
Return-Path: 
X-Original-To: dtls-iot@ietfa.amsl.com
Delivered-To: dtls-iot@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AAEEE1A0183 for ; Fri, 28 Nov 2014 12:38:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5DaUbc8LGIRw for ; Fri, 28 Nov 2014 12:38:14 -0800 (PST)
Received: from mail-wg0-x232.google.com (mail-wg0-x232.google.com [IPv6:2a00:1450:400c:c00::232]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6DBE21A0196 for ; Fri, 28 Nov 2014 12:38:14 -0800 (PST)
Received: by mail-wg0-f50.google.com with SMTP id k14so9661479wgh.9 for ; Fri, 28 Nov 2014 12:38:13 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;  h=sender:message-id:subject:from:to:cc:date:in-reply-to:references :content-type:mime-version:content-transfer-encoding; bh=MqMioFWiaSlB7+fPW6x87rvhKLN5jgr6cu58VBqxFTM=; b=acM2orn7tbVt5rur1n4+QvgKnUhSRnhjGUPwy6YaJeLlvnLeE+tcPNgVzjVm8wtUSe Odfp8/YBlyBL1Kw0vQwOZ1OH5tfzoJfj7wT7fs3Sik2oVnGBFUquRpojeA6cly782TYK iH/ogI/DF0/tmXu9lBTFYGdQ/RQf+tJTZ2nWy1jnkIKUdxM5vakqlEgyaVGfr1laYx22 N5g7sat5XlMNRwHTwxcayC+HRPoUA7lUdmgb23tqpcduOXNZnjRawvTrjG8jraKwavKi 0nj11EBumPP0gh2LMrVPRdZuo4IbcbeeE2wCozqaD1LiudwOdgzfriOtjHhUOzjG8qf+ EVVw==
X-Received: by 10.180.228.72 with SMTP id sg8mr53655295wic.48.1417207093209; Fri, 28 Nov 2014 12:38:13 -0800 (PST)
Received: from nomad (ip-94-112-138-148.net.upcbroadband.cz. [94.112.138.148]) by mx.google.com with ESMTPSA id wz5sm16433745wjc.29.2014.11.28.12.38.11 for  (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 28 Nov 2014 12:38:12 -0800 (PST)
Sender: Nikos Mavrogiannopoulos 
Message-ID: <1417207091.9790.1.camel@gnutls.org>
From: Nikos Mavrogiannopoulos 
To: Hannes Tschofenig 
Date: Fri, 28 Nov 2014 21:38:11 +0100
In-Reply-To: <5478CA79.6010102@gmx.net>
References: <6F73BAEE-5FA3-4BCA-9A28-B98E1093CB95@gmail.com>  <5478657E.4030106@gmx.net> <5478CA79.6010102@gmx.net>
Content-Type: text/plain; charset="UTF-8"
X-Mailer: Evolution 3.12.7-1 
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/dtls-iot/_dRBrbUTo7ow7MkIro1PPBRqd1U
Cc: Dorothy Gellert , Alexey Melnikov , "dtls-iot@ietf.org" , Zach Shelby 
Subject: Re: [Dtls-iot] TLS False Start ... Re: WGLC for DTLS Profile draft: 11/11/2014 - 11/25/2014
X-BeenThere: dtls-iot@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DTLS for IoT discussion list 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Fri, 28 Nov 2014 20:38:17 -0000

On Fri, 2014-11-28 at 20:18 +0100, Hannes Tschofenig wrote:
> Hi Alexey,
> 
> On 11/28/2014 01:07 PM, Hannes Tschofenig wrote:
> >> In 5.1: is use of something like False Start common in IoT environment?
> >> > As it reduces number of round trips, it might be advantageous and you
> >> > should consider mentioning it.
> > Good question. I added it to the issue tracker:
> > https://tools.ietf.org/wg/dice/trac/ticket/20
> I believe TLS False Start would be a good fit. I added a section about
> it into the draft. Here is the text:
>    Based on the improvement over a full roundtrip for the full TLS/DTLS
>    exchange this specification RECOMMENDS the use of the TLS False Start
>    mechanism when clients send application data first.

TLS false start is only described in an expired draft since 2010. Apart
from taking the TLS security guarantees to its limits (attacks that may
require significant online effort on TLS can be converted to off-line
attacks with false start), and having very little review from crypto
community, there is no guarantee that an IETF false start (or even an
informational RFC of the same document) would be compatible with it. So
at least a more stable reference should available before recommending it
in a standard's track document.

regards,
Nikos



From nobody Sat Nov 29 01:09:03 2014
Return-Path: 
X-Original-To: dtls-iot@ietfa.amsl.com
Delivered-To: dtls-iot@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 096DF1A01F6 for ; Sat, 29 Nov 2014 01:09:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level: 
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4aXvxc9Z6CNE for ; Sat, 29 Nov 2014 01:08:59 -0800 (PST)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.15]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3A4CF1A01F2 for ; Sat, 29 Nov 2014 01:08:59 -0800 (PST)
Received: from [192.168.131.133] ([80.92.115.84]) by mail.gmx.com (mrgmx001) with ESMTPSA (Nemesis) id 0MMCFR-1XosCS01jp-0085Gb; Sat, 29 Nov 2014 10:08:49 +0100
Message-ID: <54798D1F.9070705@gmx.net>
Date: Sat, 29 Nov 2014 10:08:47 +0100
From: Hannes Tschofenig 
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0
MIME-Version: 1.0
To: Nikos Mavrogiannopoulos 
References: <6F73BAEE-5FA3-4BCA-9A28-B98E1093CB95@gmail.com>  <5478657E.4030106@gmx.net> <5478CA79.6010102@gmx.net> <1417207091.9790.1.camel@gnutls.org>
In-Reply-To: <1417207091.9790.1.camel@gnutls.org>
OpenPGP: id=4D776BC9
Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="5TQcSkScML1cxFj9TAvJ9fufdGaWXk506"
X-Provags-ID: V03:K0:xvaOko6sntdaPj0uR8+DHDY4fXC+3j8kOIKKETYUoK3L7YRmKkg l73srZjp2IyNbt9dqWhm7VlVa8tFQoObYAYj9sbBwQWz79YOrewhvJBSFcFXbvSAl1d1scI 9U5eC/ffNGopUwk73+xcblYsoIW8ssPLI+lPyT1Du/kJaz16prgangD0wXAnshY38i+MoZ/ HttgxtU3oON9YSC8qFASw==
X-UI-Out-Filterresults: notjunk:1;
Archived-At: http://mailarchive.ietf.org/arch/msg/dtls-iot/X4m44hEtZxQkx4GCBqpYuWf0sdc
Cc: Dorothy Gellert , Alexey Melnikov , "dtls-iot@ietf.org" , Zach Shelby 
Subject: Re: [Dtls-iot] TLS False Start ... Re: WGLC for DTLS Profile draft: 11/11/2014 - 11/25/2014
X-BeenThere: dtls-iot@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DTLS for IoT discussion list 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Sat, 29 Nov 2014 09:09:01 -0000

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--5TQcSkScML1cxFj9TAvJ9fufdGaWXk506
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable

Hi Nikos,

when I attend the TLS interim meeting in Paris I got a different
perception about the status of the TLS False Start work.

First, I was told that TLS False Start is widely deployed.

Second, the TLS chairs asked Bodo to resubmit his document and to push
it through the standardization process.

Here is a recent mail to the TLS mailing list on that topic:
http://www.ietf.org/mail-archive/web/tls/current/msg14530.html

Here is the recently submitted draft:
http://tools.ietf.org/html/draft-bmoeller-tls-falsestart-01

Finally, the text I propose for the DTLS profile draft recommends its
usage but does not mandate the implementation nor the deployment.

I did, however, had questions when reading through the draft in terms of
applicability for the IoT context, which I raised on the TLS mailing
list yesterday:
http://www.ietf.org/mail-archive/web/tls/current/msg14787.html

Ciao
Hannes

On 11/28/2014 09:38 PM, Nikos Mavrogiannopoulos wrote:
> On Fri, 2014-11-28 at 20:18 +0100, Hannes Tschofenig wrote:
>> Hi Alexey,
>>
>> On 11/28/2014 01:07 PM, Hannes Tschofenig wrote:
>>>> In 5.1: is use of something like False Start common in IoT environme=
nt?
>>>>> As it reduces number of round trips, it might be advantageous and y=
ou
>>>>> should consider mentioning it.
>>> Good question. I added it to the issue tracker:
>>> https://tools.ietf.org/wg/dice/trac/ticket/20
>> I believe TLS False Start would be a good fit. I added a section about=

>> it into the draft. Here is the text:
>>    Based on the improvement over a full roundtrip for the full TLS/DTL=
S
>>    exchange this specification RECOMMENDS the use of the TLS False Sta=
rt
>>    mechanism when clients send application data first.
>=20
> TLS false start is only described in an expired draft since 2010. Apart=

> from taking the TLS security guarantees to its limits (attacks that may=

> require significant online effort on TLS can be converted to off-line
> attacks with false start), and having very little review from crypto
> community, there is no guarantee that an IETF false start (or even an
> informational RFC of the same document) would be compatible with it. So=

> at least a more stable reference should available before recommending i=
t
> in a standard's track document.
>=20
> regards,
> Nikos
>=20
>=20
> _______________________________________________
> dtls-iot mailing list
> dtls-iot@ietf.org
> https://www.ietf.org/mailman/listinfo/dtls-iot
>=20


--5TQcSkScML1cxFj9TAvJ9fufdGaWXk506
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org

iQEcBAEBCgAGBQJUeY0fAAoJEGhJURNOOiAt2hoH/A0FyteR97Q/8GyMPi5pldWN
LYGP35RezYHZC9KMgCiw5xfyNmnYFQjcZxql0EOkU48Mpqo0n2k7JQejAeWRPJ+m
7V4jUo08XXz8/Au1+O+1qWguiir0E2FjwvUolqZfU5TGqLqs8s8SkBOMop4588JR
2jtshoV7StWLHq2VLYz8tVKKi3kc0rsQSXbNz0IT11KXjXvlW3XHoL7h8gaBItxK
EG0eH6KlG2iD0TKz0LAjPTQUQdvoyCJca/Ctzdq4qTOcRfrNiZJrANIXvSqo/QmK
4ibZEmzhqAd/HAOJwZ75xXRvVmVHwwoWhs1uKYVkvM/95FKlAl1IcXZcTlrolR0=
=GSxG
-----END PGP SIGNATURE-----

--5TQcSkScML1cxFj9TAvJ9fufdGaWXk506--


From nobody Sat Nov 29 09:36:30 2014
Return-Path: 
X-Original-To: dtls-iot@ietfa.amsl.com
Delivered-To: dtls-iot@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DB1BC1A01CB for ; Sat, 29 Nov 2014 09:36:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0
X-Spam-Level: 
X-Spam-Status: No, score=0 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OPWxbII86SUr for ; Sat, 29 Nov 2014 09:36:23 -0800 (PST)
Received: from mailscan1.extendcp.co.uk (mailscan5.extendcp.co.uk [79.170.43.33]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B46291A01AA for ; Sat, 29 Nov 2014 09:36:22 -0800 (PST)
Received: from mailscanlb0.hi.local ([10.0.44.160] helo=mailscan2.extendcp.co.uk) by mailscan-g66.hi.local with esmtp (Exim 4.80.1) (envelope-from ) id 1XulwS-0003DM-MP for dtls-iot@ietf.org; Sat, 29 Nov 2014 17:36:20 +0000
Received: from mailscanlb0.hi.local ([10.0.44.160] helo=mail41.extendcp.co.uk) by mailscan2.extendcp.co.uk with esmtps (UNKNOWN:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.80.1) (envelope-from ) id 1XulwP-00056L-Ik for dtls-iot@ietf.org; Sat, 29 Nov 2014 17:36:20 +0000
Received: from host86-140-196-71.range86-140.btcentralplus.com ([86.140.196.71] helo=[192.168.0.2]) by mail41.extendcp.com with esmtpsa (TLSv1:DHE-RSA-AES128-SHA:128) (Exim 4.80.1) id 1XulwN-0000Zl-Ps for dtls-iot@ietf.org; Sat, 29 Nov 2014 17:36:16 +0000
Message-ID: <547A041D.2070205@gridmerge.com>
Date: Sat, 29 Nov 2014 17:36:29 +0000
From: Robert Cragie 
Organization: Gridmerge Ltd.
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.5.0
MIME-Version: 1.0
To: dtls-iot@ietf.org
References: <547862E4.2030301@gmx.net>
In-Reply-To: <547862E4.2030301@gmx.net>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha1; boundary="------------ms010107080600090009020905"
X-Authenticated-As: robert.cragie@gridmerge.com
X-Extend-Src: mailout
Archived-At: http://mailarchive.ietf.org/arch/msg/dtls-iot/qeC2SdmYwDxUM-5L2GSaGv66bCc
Subject: Re: [Dtls-iot] Tracking Review Feedback for the DTLS Profile Document
X-BeenThere: dtls-iot@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: robert.cragie@gridmerge.com
List-Id: DTLS for IoT discussion list 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Sat, 29 Nov 2014 17:36:29 -0000

This is a cryptographically signed message in MIME format.

--------------ms010107080600090009020905
Content-Type: multipart/alternative;
 boundary="------------000903080709080504060408"

This is a multi-part message in MIME format.
--------------000903080709080504060408
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: quoted-printable

Hi Hannes,

Firstly, I will start by outlining some general considerations in=20
respect of the charter and the profile document. I do this to frame some =

of the responses I give later.

Consider the charter text. It is quite general: "focuses on supporting=20
the use of DTLS Transport-Layer Security in these [constrained]=20
environments". So, what is DTLS (or more generally, TLS) used for in=20
constrained environments? Primarily it is used for securing application=20
layer communication. However, it is also being considered for network=20
access as well due to DTLS' general properties of providing=20
authentication via the handshake and a subsequent secure channel. The=20
primary reason for this overloading is code re-use through use of a DTLS =

library, which can be used for both application layer and network access =

security.

The current profile draft does not mention DTLS use for network access=20
security and there has already been some discussion about narrowing the=20
focus for particular communication patterns. I don't see this as a=20
problem providing the credentials relating to the cipher suites are=20
dealt with in a general way (which they are). It may also help to at=20
least acknowledge that there may be a desire to to re-use cipher suites=20
and indeed credentials for network access purposes. With regard to the=20
communication patterns, it is probably more relevant to consider client=20
and server roles as it is possible that once a secure channel has been=20
set up, client and server roles may reverse when it comes to application =

layer transactions. Again, I think the document does generally do this=20
but it might help to clarify the role of client and server in the=20
document and distinguish their roles wrt. authentication and=20
authorization and subsequent application layer transactions.

Re-use is a recurring theme when considering constrained environments=20
and is behind a lot of the directions taken in developments for=20
constrained environments. The corollary of re-use is to not add=20
functionality if it can be avoided. For example, the development of the=20
CCM cipher suites instead of selecting the GCM cipher suites was=20
predicated on:

* The use of CCM for lower layer security (often with accompanying=20
hardware accleration) and the ability to re-use it
* Eliminating the need for additional functionality required by GCM,=20
namely GF2^128 multiplier

So whilst such a direction does not guarantee re-use in a particular=20
implementation, it certainly makes it more likely to be achievable.

With regard to the particular tickets raised:

- Issue#12: Updated text for the PFS section
https://tools.ietf.org/wg/dice/trac/ticket/12

Regarding the list of possible cipher suites, It is possible that PAKEs=20
may be used in the future as well, although these are more likely for=20
network access.

- Issue#16: New section explaining how to deal with constrained servers
(as discussed on the list)
https://tools.ietf.org/wg/dice/trac/ticket/16

This goes some of the way to address the comment I have above re. client =

and server roles as it clearly shows the sensor as the DTLS client but=20
acting more as a constrained server with regard to the actual=20
application layer transactions.

- Issue#15: New section giving guidance on timeouts
https://tools.ietf.org/wg/dice/trac/ticket/15

Some suggested changes:

---
"DTLS added a fragmentation and reassembly mechanism to TLS since each=20
DTLS message must fit within a single transport layer datagram, as=20
described in Section 4.2.3 of [RFC6347], and the underlying transport=20
protocol does not provide such capabilities. Since handshake messages=20
are potentially bigger than the maximum record size the mechanism for=20
fragmenting a handshake message over a number of records, each of which=20
can be transmitted separately, avoids IP fragmentation."

to

"The DTLS handshake protocol adds a fragmentation and reassembly=20
mechanism to the TLS handshake protocol since each DTLS record must fit=20
within a single transport layer datagram, as described in Section 4.2.3=20
of [RFC6347]. Since handshake messages are potentially bigger than the=20
maximum record size, the mechanism fragments a handshake message over a=20
number of DTLS records, each of which can be transmitted separately."

Rationale: A datagram is the element (PDU) of the transport layer=20
therefore there is no concept of fragmenting it further at the transport =

layer. IP fragmentation doesn't really come into it - a transport layer=20
PDU could still be fragmented at the IP layer and it would make no=20
difference.

---
"To deal with the unreliable message delivery provided by UDP DTLS added =

timeouts and re-transmissions, as described in Section 4.2.4 of=20
[RFC6347]. Although the timeout values are implementation specific=20
recommendations are provided in Section 4.2.4.1 of [RFC6347] with an=20
initial timer value of 1 second and twice the value at each=20
retransmission, up to no less than 60 seconds. Due to the nature of some =

radio technologies these values are too aggressive and lead to spurious=20
timeouts when messages in flight need longer."

to

"To deal with the unreliable message delivery provided by UDP, DTLS adds =

timeouts and re-transmissions, as described in Section 4.2.4 of=20
[RFC6347]. Although the timeout values are implementation specific,=20
recommendations are provided in Section 4.2.4.1 of [RFC6347], with an=20
initial timer value of 1 second and twice the value at each=20
retransmission up to no less than 60 seconds. Due to the nature of some=20
radio technologies, these values are too aggressive and lead to spurious =

failures when messages in flight need longer."

Rationale: Mostly grammatical cleanups; changed "timeouts" to "failures" =

as the timeouts themselves aren't spurious but the rate at which they=20
occur causes the spurious failure of sending the message by the DTLS=20
handshake protocol.

---
"each of which is then mapped on to one or more lower layer PDUs using=20
the segmentation and reassembly (SaR)"

to

"each of which is then mapped on to one or more DTLS records using the=20
segmentation and reassembly (SaR)"

Rationale: "lower layer PDU" is not really the right term here. It is=20
specifically the DTLS record.

---
"In fact, Record Layer messages are never fragmented and MUST fit within =

a single transport layer datagram, whatever be the limit imposed by the=20
underlying transport."

to

"In fact, DTLS records are never fragmented and MUST fit within a single =

transport layer datagram."

Rationale: "DTLS record" is the right term. No need to elaborate on limit=
s.

---
Regarding the discussion about concatenated SMS messages, surely this=20
applies more to the UDP datagram size as opposed to the DTLS record=20
size? Also, it doesn't seem obviously clear that SMS SaR shouldn't be=20
used; this is only like using 6LoWPAN fragmentation, which also carries=20
an overhead. I don't think we would necessarily say a DTLS record has to =

fit into one 802.15.4 packet?

---
In Section A.2, (1) If the SMS user has some robust SaR mechanism then=20
that would be a reason not to use the Concatenated SMS, however DTLS=20
really makes no difference as there is no recovery mechanism using DTLS=20
handshake protocol. (2) is a valid reason for not using Concatenated=20
SMS. I can't see (3) making much of a difference either - reordering=20
could occur anyway, you would just handle it at a different layer.

- Issue#13: New section with key length recommendations
https://tools.ietf.org/wg/dice/trac/ticket/13

NIST SP 800-57 and NIST SP 800-131 give comprehensive guidance on key=20
lengths - it may be worth referencing those documents.

- Issue#11: Question about applicability of text to TLS
https://tools.ietf.org/wg/dice/trac/ticket/11

I agree that TLS should be mentioned as well.

- Issue#14: New section about the signature algorithm extension
https://tools.ietf.org/wg/dice/trac/ticket/14

I agree with the proposed text.

- Issue#17: AES-CCM nonces in DTLS records.
https://tools.ietf.org/wg/dice/trac/ticket/17

As mentioned on the mailing list, the CCM cipher suites were based on=20
the GCM cipher suites, which has the same issue. Header compression=20
(RFC7400) would solve this. It might be an idea to show how this could=20
be achieved.

- Issue#18: AES-CCM: 12-octet or 13-octet nonce
https://tools.ietf.org/wg/dice/trac/ticket/18

I think this is probably a non-issue. AES-CCM use with DTLS is to secure =

the DTLS record. Many of the AES-CCM hardware implementations are aimed=20
at securing layer 2 packets and the ability to re-use the full AES-CCM=20
engine is limited. In these cases, it may still be possible to use the=20
basic AES-128 block cipher and the construction of the higher layer=20
packet may dictate a different approach to how it may be done at layer-2 =

anyway. Therefore, the different length nonces for DTLS using a CCM=20
cipher suite and the use of CCM at layer 2 is unlikely to be that=20
significant even if the layer-2 oriented AES-CCM engine is hardcoded to=20
use 13-byte nonces.

- Issue#19: Issue about AES-CCM vs. AES-GCM
https://tools.ietf.org/wg/dice/trac/ticket/19

Regarding the UTA document generally, I believe it is short-sighted not=20
to consider the wider uses of TLS/DTLS beyond web application security.=20
For example, EAP-TLS already specifies the use of TLS in a different=20
scenario (AAA) and to me there is no reason to also consider TLS/DTLS=20
use in constrained environments in IoT-type uses as well, including AAA=20
and locally-authorized network access. Had these been considered in the=20
UTA document, greater consideration might have been given to the fact=20
that CCM cipher suites were developed for constrained environments for=20
the re-use reasons given earlier. However, also note the layering=20
discussion for Issue #18; in practice, it may not actually be an issue=20
for implementations using DTLS/TLS with AES-GCM at the transport layer=20
and AES-CCM at layer 2.

Robert

On 28/11/2014 11:56 AM, Hannes Tschofenig wrote:
> Hi all,
>
> I went through the review comments and the discussions on the list and
> added issues to the tracker. You can find the complete list here:
> https://tools.ietf.org/wg/dice/trac/report/1
>
> - Issue#12: Updated text for the PFS section
> https://tools.ietf.org/wg/dice/trac/ticket/12
>
> - Issue#16: New section explaining how to deal with constrained servers=

> (as discussed on the list)
> https://tools.ietf.org/wg/dice/trac/ticket/16
>
> - Issue#15: New section giving guidance on timeouts
> https://tools.ietf.org/wg/dice/trac/ticket/15
>
> - Issue#13: New section with key length recommendations
> https://tools.ietf.org/wg/dice/trac/ticket/13
>
> - Issue#11: Question about applicability of text to TLS
> https://tools.ietf.org/wg/dice/trac/ticket/11
>
> - Issue#14: New section about the signature algorithm extension
> https://tools.ietf.org/wg/dice/trac/ticket/14
>
> - Issue#17: AES-CCM nonces in DTLS records.
> https://tools.ietf.org/wg/dice/trac/ticket/17
>
> - Issue#18: AES-CCM: 12-octet or 13-octet nonce
> https://tools.ietf.org/wg/dice/trac/ticket/18
>
> - Issue#19: Issue about AES-CCM vs. AES-GCM
> https://tools.ietf.org/wg/dice/trac/ticket/19
>
> I suspect that issue #16 and #11 could trigger some discussion. Issue
> #19 does not have a resolution yet.
>
> I thought that the tracker would send mails to the list but it did not
> seem so. Instead of copying all the issues to the list take a look at
> the tracker.
>
> I am planning to release a new draft snapshot late next week.
>
> Ciao
> Hannes
>
> PS: I am also in the process of incorporating various editorial
> suggestions. Here is the draft snapshot:
> https://github.com/hannestschofenig/tschofenig-ids/blob/master/dice-pro=
file/draft-ietf-dice-profile-06.txt
>
>
>
> _______________________________________________
> dtls-iot mailing list
> dtls-iot@ietf.org
> https://www.ietf.org/mailman/listinfo/dtls-iot


--------------000903080709080504060408
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable


  
    
  
  
    Hi Hannes,

    

    Firstly, I will start by outlining some general considerations in
    respect of the charter and the profile document. I do this to frame
    some of the responses I give later.

     

    Consider the charter text. It is quite general: "focuses on
    supporting the use of DTLS Transport-Layer Security in these
    [constrained] environments". So, what is DTLS (or more generally,
    TLS) used for in constrained environments? Primarily it is used for
    securing application layer communication. However, it is also being
    considered for network access as well due to DTLS' general
    properties of providing authentication via the handshake and a
    subsequent secure channel. The primary reason for this overloading
    is code re-use through use of a DTLS library, which can be used for
    both application layer and network access security.

    

    The current profile draft does not mention DTLS use for network
    access security and there has already been some discussion about
    narrowing the focus for particular communication patterns. I don't
    see this as a problem providing the credentials relating to the
    cipher suites are dealt with in a general way (which they are). It
    may also help to at least acknowledge that there may be a desire to
    to re-use cipher suites and indeed credentials for network access
    purposes. With regard to the communication patterns, it is probably
    more relevant to consider client and server roles as it is possible
    that once a secure channel has been set up, client and server roles
    may reverse when it comes to application layer transactions. Again,
    I think the document does generally do this but it might help to
    clarify the role of client and server in the document and
    distinguish their roles wrt. authentication and authorization and
    subsequent application layer transactions.

    

    Re-use is a recurring theme when considering constrained
    environments and is behind a lot of the directions taken in
    developments for constrained environments. The corollary of re-use
    is to not add functionality if it can be avoided. For example, the
    development of the CCM cipher suites instead of selecting the GCM
    cipher suites was predicated on:

    

    * The use of CCM for lower layer security (often with accompanying
    hardware accleration) and the ability to re-use it

    * Eliminating the need for additional functionality required by GCM,
    namely GF2^128 multiplier

    

    So whilst such a direction does not guarantee re-use in a particular
    implementation, it certainly makes it more likely to be achievable.&n=
bsp;
    

    

    With regard to the particular tickets raised:

    

    - Issue#12: Updated text for the PFS section

    https://tools.ietf.org/wg/dice/trac/ticket/12
    

    Regarding the list of possible cipher suites, It is possible that
    PAKEs may be used in the future as well, although these are more
    likely for network access.

    

    - Issue#16: New section explaining how to deal with constrained
    servers

    (as discussed on the list)

    https://tools.ietf.org/wg/dice/trac/ticket/16
    

    This goes some of the way to address the comment I have above re.
    client and server roles as it clearly shows the sensor as the DTLS
    client but acting more as a constrained server with regard to the
    actual application layer transactions.

    

    - Issue#15: New section giving guidance on timeouts

    https://tools.ietf.org/wg/dice/trac/ticket/15
    

    Some suggested changes:

    

    ---

    "DTLS added a fragmentation and reassembly mechanism to TLS since
    each DTLS message must fit within a single transport layer datagram,
    as described in Section 4.2.3 of [RFC6347], and the underlying
    transport protocol does not provide such capabilities. Since
    handshake messages are potentially bigger than the maximum record
    size the mechanism for fragmenting a handshake message over a number
    of records, each of which can be transmitted separately, avoids IP
    fragmentation."

    

    to

    

    "The DTLS handshake protocol adds a fragmentation and reassembly
    mechanism to the TLS handshake protocol since each DTLS record must
    fit within a single transport layer datagram, as described in
    Section 4.2.3 of [RFC6347]. Since handshake messages are potentially
    bigger than the maximum record size, the mechanism fragments a
    handshake message over a number of DTLS records, each of which can
    be transmitted separately."

    

    Rationale: A datagram is the element (PDU) of the transport layer
    therefore there is no concept of fragmenting it further at the
    transport layer. IP fragmentation doesn't really come into it - a
    transport layer PDU could still be fragmented at the IP layer and it
    would make no difference.

    

    ---

    "To deal with the unreliable message delivery provided by UDP DTLS
    added timeouts and re-transmissions, as described in Section 4.2.4
    of [RFC6347]. Although the timeout values are implementation
    specific recommendations are provided in Section 4.2.4.1 of
    [RFC6347] with an initial timer value of 1 second and twice the
    value at each retransmission, up to no less than 60 seconds. Due to
    the nature of some radio technologies these values are too
    aggressive and lead to spurious timeouts when messages in flight
    need longer."

    

    to

    

    "To deal with the unreliable message delivery provided by UDP, DTLS
    adds timeouts and re-transmissions, as described in Section 4.2.4 of
    [RFC6347]. Although the timeout values are implementation specific,
    recommendations are provided in Section 4.2.4.1 of [RFC6347], with
    an initial timer value of 1 second and twice the value at each
    retransmission up to no less than 60 seconds. Due to the nature of
    some radio technologies, these values are too aggressive and lead to
    spurious failures when messages in flight need longer."

    

    Rationale: Mostly grammatical cleanups; changed "timeouts" to
    "failures" as the timeouts themselves aren't spurious but the rate
    at which they occur causes the spurious failure of sending the
    message by the DTLS handshake protocol.

    

    ---

    "each of which is then mapped on to one or more lower layer PDUs
    using the segmentation and reassembly (SaR)"

    

    to 

    

    "each of which is then mapped on to one or more DTLS records using
    the segmentation and reassembly (SaR)"

    

    Rationale: "lower layer PDU" is not really the right term here. It
    is specifically the DTLS record.

    

    ---

    "In fact, Record Layer messages are never fragmented and MUST fit
    within a single transport layer datagram, whatever be the limit
    imposed by the underlying transport."

    

    to 

    

    "In fact, DTLS records are never fragmented and MUST fit within a
    single transport layer datagram."

    

    Rationale: "DTLS record" is the right term. No need to elaborate on
    limits.

    

    ---

    Regarding the discussion about concatenated SMS messages, surely
    this applies more to the UDP datagram size as opposed to the DTLS
    record size? Also, it doesn't seem obviously clear that SMS SaR
    shouldn't be used; this is only like using 6LoWPAN fragmentation,
    which also carries an overhead. I don't think we would necessarily
    say a DTLS record has to fit into one 802.15.4 packet?

    

    ---

    In Section A.2, (1) If the SMS user has some robust SaR mechanism
    then that would be a reason not to use the Concatenated SMS, however
    DTLS really makes no difference as there is no recovery mechanism
    using DTLS handshake protocol. (2) is a valid reason for not using
    Concatenated SMS. I can't see (3) making much of a difference either
    - reordering could occur anyway, you would just handle it at a
    different layer.

    

    - Issue#13: New section with key length recommendations

    https://tools.ietf.org/wg/dice/trac/ticket/13
    

    NIST SP 800-57 and NIST SP 800-131 give comprehensive guidance on
    key lengths - it may be worth referencing those documents.

    

    - Issue#11: Question about applicability of text to TLS

    https://tools.ietf.org/wg/dice/trac/ticket/11
    

    I agree that TLS should be mentioned as well.

    

    - Issue#14: New section about the signature algorithm extension

    https://tools.ietf.org/wg/dice/trac/ticket/14
    

    I agree with the proposed text.

    

    - Issue#17: AES-CCM nonces in DTLS records.

    https://tools.ietf.org/wg/dice/trac/ticket/17
    

    As mentioned on the mailing list, the CCM cipher suites were based
    on the GCM cipher suites, which has the same issue. Header
    compression (RFC7400) would solve this. It might be an idea to show
    how this could be achieved. 

    

    - Issue#18: AES-CCM: 12-octet or 13-octet nonce

    https://tools.ietf.org/wg/dice/trac/ticket/18
    

    I think this is probably a non-issue. AES-CCM use with DTLS is to
    secure the DTLS record. Many of the AES-CCM hardware implementations
    are aimed at securing layer 2 packets and the ability to re-use the
    full AES-CCM engine is limited. In these cases, it may still be
    possible to use the basic AES-128 block cipher and the construction
    of the higher layer packet may dictate a different approach to how
    it may be done at layer-2 anyway. Therefore, the different length
    nonces for DTLS using a CCM cipher suite and the use of CCM at layer
    2 is unlikely to be that significant even if the layer-2 oriented
    AES-CCM engine is hardcoded to use 13-byte nonces.

    

    - Issue#19: Issue about AES-CCM vs. AES-GCM

    https://tools.ietf.org/wg/dice/trac/ticket/19
    

    Regarding the UTA document generally, I believe it is short-sighted
    not to consider the wider uses of TLS/DTLS beyond web application
    security. For example, EAP-TLS already specifies the use of TLS in a
    different scenario (AAA) and to me there is no reason to also
    consider TLS/DTLS use in constrained environments in IoT-type uses
    as well, including AAA and locally-authorized network access. Had
    these been considered in the UTA document, greater consideration
    might have been given to the fact that CCM cipher suites were
    developed for constrained environments for the re-use reasons given
    earlier. However, also note the layering discussion for Issue #18;
    in practice, it may not actually be an issue for implementations
    using DTLS/TLS with AES-GCM at the transport layer and AES-CCM at
    layer 2.

    

    Robert

    

    
On 28/11/2014 11:56 AM, Hannes
      Tschofenig wrote:

    

    

      
Hi all,

I went through the review comments and the discussions on the list and
added issues to the tracker. You can find the complete list here:
https://tools.ietf.org/wg/dice/trac/report/1

- Issue#12: Updated text for the PFS section
https://tools.ietf.org/wg/dice/trac/ticket/12

- Issue#16: New section explaining how to deal with constrained servers
(as discussed on the list)
https://tools.ietf.org/wg/dice/trac/ticket/16

- Issue#15: New section giving guidance on timeouts
https://tools.ietf.org/wg/dice/trac/ticket/15

- Issue#13: New section with key length recommendations
https://tools.ietf.org/wg/dice/trac/ticket/13

- Issue#11: Question about applicability of text to TLS
https://tools.ietf.org/wg/dice/trac/ticket/11

- Issue#14: New section about the signature algorithm extension
https://tools.ietf.org/wg/dice/trac/ticket/14

- Issue#17: AES-CCM nonces in DTLS records.
https://tools.ietf.org/wg/dice/trac/ticket/17

- Issue#18: AES-CCM: 12-octet or 13-octet nonce
https://tools.ietf.org/wg/dice/trac/ticket/18

- Issue#19: Issue about AES-CCM vs. AES-GCM
https://tools.ietf.org/wg/dice/trac/ticket/19

I suspect that issue #16 and #11 could trigger some discussion. Issue
#19 does not have a resolution yet.

I thought that the tracker would send mails to the list but it did not
seem so. Instead of copying all the issues to the list take a look at
the tracker.

I am planning to release a new draft snapshot late next week.

Ciao
Hannes

PS: I am also in the process of incorporating various editorial
suggestions. Here is the draft snapshot:
https://github.com/hannestschofenig/tschofenig-ids/blob/master/dice-=
profile/draft-ietf-dice-profile-06.txt



      

      

      

      
_______________________________________________
dtls-iot mailing list
d=
tls-iot@ietf.org
https://www.ietf.org/mailman/listinfo/dtls-iot


    

    

  


--------------000903080709080504060408--

--------------ms010107080600090009020905
Content-Type: application/pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIRnzCC
BXQwggRcoAMCAQICECdm7lbrSfOOq9dwovyE3iIwDQYJKoZIhvcNAQEMBQAwbzELMAkGA1UE
BhMCU0UxFDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5h
bCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9vdDAeFw0w
MDA1MzAxMDQ4MzhaFw0yMDA1MzAxMDQ4MzhaMIGFMQswCQYDVQQGEwJHQjEbMBkGA1UECBMS
R3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01PRE8g
Q0EgTGltaXRlZDErMCkGA1UEAxMiQ09NT0RPIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0
eTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJHoVJLSClaxrA0k3cXPRGd0mSs3
o30jcABxvFPfxPoqEo9LfxBWvZ9wcrdhf8lLDxenPeOwBGHu/xGXx/SGPgr6Plz5k+Y0etkU
a+ecs4Wggnp2r3GQ1+z9DfqcbPrfsIL0FH75vsSmL09/mX+1/GdDcr0MANaJ62ss0+2PmBwU
q37l42782KjkkiTaQ2tiuFX96sG8bLaL8w6NmuSbbGmZ+HhIMEXVreENPEVg/DKWUSe8Z8PK
LrZr6kbHxyCgsR9l3kgIuqROqfKDRjeE6+jMgUhDZ05yKptcvUwbKIpcInu0q5jZ7uBRg8MJ
Rk5tPpn6lRfafDNXQTyNUe0LtlyvLGMa31fIP7zpXcSbr0WZ4qNaJLS6qVY9z2+q/0lYvvCo
//S4rek3+7q49As6+ehDQh6J2ITLE/HZu+GJYLiMKFasFB2cCudx688O3T2plqFIvTz3r7UN
IkzAEYHsVjv206LiW7eyBCJSlYCTaeiOTGXxkQMtcHQC6otnFSlpUgK7199QalVGv6CjKGF/
cNDDoqosIapHziicBkV2v4IYJ7TVrrTLUOZr9EyGcTDppt8WhuDY/0Dd+9BCiH+jMzouXB5B
EYFjzhhxayvspoq3MVw6akfgw3lZ1iAar/JqmKpyvFdK0kuduxD8sExB5e0dPV4onZzMv7NR
2qdH5YRTAgMBAAGjgfQwgfEwHwYDVR0jBBgwFoAUrb2YejS0Jvf6xCZU7wO94CTLVBowHQYD
VR0OBBYEFLuvfgI9+qbxPISOre44mOzZMjLUMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8E
BTADAQH/MBEGA1UdIAQKMAgwBgYEVR0gADBEBgNVHR8EPTA7MDmgN6A1hjNodHRwOi8vY3Js
LnVzZXJ0cnVzdC5jb20vQWRkVHJ1c3RFeHRlcm5hbENBUm9vdC5jcmwwNQYIKwYBBQUHAQEE
KTAnMCUGCCsGAQUFBzABhhlodHRwOi8vb2NzcC51c2VydHJ1c3QuY29tMA0GCSqGSIb3DQEB
DAUAA4IBAQBkv4PxX5qF0M24oSlXDeha99HpPvJ2BG7xUnC7Hjz/TQ10asyBgiXTw6AqXUz1
uouhbcRUCXXH4ycOXYR5N0ATd/W0rBzQO6sXEtbvNBh+K+l506tXRQyvKPrQ2+VQlYi734VX
aX2S2FLKc4G/HPPmuG5mEQWzHpQtf5GVklnxTM6jkXFMfEcMOwsZ9qGxbIY+XKrELoLL+QeW
ukhNkPKUyKlzousGeyOd3qLzTVWfemFFmBhox15AayP1eXrvjLVri7dvRvR78T1LBNiTgFla
4EEkHbKPFWBYR9vvbkb9FfXZX5qz29i45ECzzZc5roW7HY683Ieb0abv8TtvEDhvMIIF5jCC
A86gAwIBAgIQapvhODv/K2ufAdXZuKdSVjANBgkqhkiG9w0BAQwFADCBhTELMAkGA1UEBhMC
R0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgG
A1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNh
dGlvbiBBdXRob3JpdHkwHhcNMTMwMTEwMDAwMDAwWhcNMjgwMTA5MjM1OTU5WjCBlzELMAkG
A1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9y
ZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxPTA7BgNVBAMTNENPTU9ETyBSU0EgQ2xp
ZW50IEF1dGhlbnRpY2F0aW9uIGFuZCBTZWN1cmUgRW1haWwgQ0EwggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQC+s55XrCh2dUAWxzgDmNPGGHYhUPMleQtMtaDRfTpYPpynMS6n
9jR22YRq2tA9NEjk6vW7rN/5sYFLIP1of3l0NKZ6fLWfF2VgJ5cijKYy/qlAckY1wgOkUMgz
KlWlVJGyK+UlNEQ1/5ErCsHq9x9aU/x1KwTdF/LCrT03Rl/FwFrf1XTCwa2QZYL55AqLPikF
lgqOtzk06kb2qvGlnHJvijjI03BOrNpo+kZGpcHsgyO1/u1OZTaOo8wvEU17VVeP1cHWse9t
GKTDyUGg2hJZjrqck39UIm/nKbpDSZ0JsMoIw/JtOOg0JC56VzQgBo7ictReTQE5LFLG3yQK
+xS1AgMBAAGjggE8MIIBODAfBgNVHSMEGDAWgBS7r34CPfqm8TyEjq3uOJjs2TIy1DAdBgNV
HQ4EFgQUgq9sjPjF/pZhfOgfPStxSF7Ei8AwDgYDVR0PAQH/BAQDAgGGMBIGA1UdEwEB/wQI
MAYBAf8CAQAwEQYDVR0gBAowCDAGBgRVHSAAMEwGA1UdHwRFMEMwQaA/oD2GO2h0dHA6Ly9j
cmwuY29tb2RvY2EuY29tL0NPTU9ET1JTQUNlcnRpZmljYXRpb25BdXRob3JpdHkuY3JsMHEG
CCsGAQUFBwEBBGUwYzA7BggrBgEFBQcwAoYvaHR0cDovL2NydC5jb21vZG9jYS5jb20vQ09N
T0RPUlNBQWRkVHJ1c3RDQS5jcnQwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmNvbW9kb2Nh
LmNvbTANBgkqhkiG9w0BAQwFAAOCAgEAeFyygSg0TzzuX1bOn5dW7I+iaxf28/ZJCAbU2C81
zd9A/tNx4+jsQgwRGiHjZrAYayZrrm78hOx7aEpkfNPQIHGG6Fvq3EzWf/Lvx7/hk6zSPwIa
l9v5IkDcZoFD7f3iT7PdkHJY9B51csvU50rxpEg1OyOT8fk2zvvPBuM4qQNqbGWlnhMpIMwp
WZT89RY0wpJO+2V6eXEGGHsROs3njeP9DqqqAJaBa4wBeKOdGCWn1/Jp2oY6dyNmNppI4ZNM
UH4Tam85S1j6E95u4+1Nuru84OrMIzqvISE2HN/56ebTOWlcrurffade2022O/tUU1gb4jfW
CcyvB8czm12FgX/y/lRjmDbEA08QJNB2729Y+io1IYO3ztveBdvUCIYZojTq/OCR6MvnzS6X
72HP0PRLRTiOSEmIDsS5N5w/8IW1Hva5hEFy6fDAfd9yI+O+IMMAj1KcL/Zo9jzJ16HO5m60
ttl1Enk8MQkz/W3JlHaeI5iKFn4UJu1/cP2YHXYPiWf2JyBzsLBrGk1II+3yL8aorYew6CQv
dVifC3HtwlSam9V1niiCfOBe2C12TdKGu05LWIA3ZkFcWJGaNXOZ6Ggyh/TqvXG5v7zmEVDN
XFnHn9tFpMpOUvxhcsjycBtH0dZ0WrNw6gH+HF8TIhCnH3+zzWuDN0Rk6h9KVkfKehIwggY5
MIIFIaADAgECAhEAkJNVgmy0T3j/sFnejfTMyTANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UE
BhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEa
MBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxPTA7BgNVBAMTNENPTU9ETyBSU0EgQ2xpZW50
IEF1dGhlbnRpY2F0aW9uIGFuZCBTZWN1cmUgRW1haWwgQ0EwHhcNMTQwOTE2MDAwMDAwWhcN
MTcwOTE1MjM1OTU5WjCCATcxCzAJBgNVBAYTAkdCMRAwDgYDVQQREwdXRjQgNFdBMRcwFQYD
VQQIEw5XZXN0IFlvcmtzaGlyZTESMBAGA1UEBxMJV2FrZWZpZWxkMRQwEgYDVQQJEwtHcmFu
Z2UgTW9vcjEfMB0GA1UECRMWODkgR3JlZW5maWVsZCBDcmVzY2VudDEXMBUGA1UEChMOR3Jp
ZG1lcmdlIEx0ZC4xNDAyBgNVBAsTK0lzc3VlZCB0aHJvdWdoIEdyaWRtZXJnZSBMdGQuIEUt
UEtJIE1hbmFnZXIxHzAdBgNVBAsTFkNvcnBvcmF0ZSBTZWN1cmUgRW1haWwxFjAUBgNVBAMT
DVJvYmVydCBDcmFnaWUxKjAoBgkqhkiG9w0BCQEWG3JvYmVydC5jcmFnaWVAZ3JpZG1lcmdl
LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALTtrEYc/EYQZDn+/Byj786j
qzQJukVnEZ0qu6G8Y/QZphmITLPJJCxlCvJhRGCt5zRDfwG1lM0k77mTVP166mrPMKfEbhAF
mhW54app3f02j/E0T73Wkwqhc2xj+vs6ox+kXRZIiEa/VY1TXd8ALZZAJ2uPQm+3QByE0cO6
7Q7jr5dmZuXAuygh5Q7MvzxL0vKmxhJ1n0veVDwk+BifimRX+HHU3XTGrqySkiN4Amdm7ESD
qdO7UAoezIGZoA/fTJE9CS4f4tVXcKhfGlp/Tw3K9q9cp6cjYD802hnFoiSQ9PgLviP20lcH
CIGn91WkYhuYG9u8Fzgzmu0yVK5L0kkCAwEAAaOCAdswggHXMB8GA1UdIwQYMBaAFIKvbIz4
xf6WYXzoHz0rcUhexIvAMB0GA1UdDgQWBBTSD2iG48824eEQkBLu4BgdWzh49TAOBgNVHQ8B
Af8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDBAYIKwYBBQUHAwIw
RgYDVR0gBD8wPTA7BgwrBgEEAbIxAQIBAwUwKzApBggrBgEFBQcCARYdaHR0cHM6Ly9zZWN1
cmUuY29tb2RvLm5ldC9DUFMwWgYDVR0fBFMwUTBPoE2gS4ZJaHR0cDovL2NybC5jb21vZG9j
YS5jb20vQ09NT0RPUlNBQ2xpZW50QXV0aGVudGljYXRpb25hbmRTZWN1cmVFbWFpbENBLmNy
bDCBiwYIKwYBBQUHAQEEfzB9MFUGCCsGAQUFBzAChklodHRwOi8vY3J0LmNvbW9kb2NhLmNv
bS9DT01PRE9SU0FDbGllbnRBdXRoZW50aWNhdGlvbmFuZFNlY3VyZUVtYWlsQ0EuY3J0MCQG
CCsGAQUFBzABhhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20wJgYDVR0RBB8wHYEbcm9iZXJ0
LmNyYWdpZUBncmlkbWVyZ2UuY29tMA0GCSqGSIb3DQEBCwUAA4IBAQAq8C9mIiSV9Nj9ZjHa
1kupbDGYy57v5fCk9lT++uiwGBP9yIFd9Gr8wISOl+96l9OLo8E+5CcPLyt96H4ez/ksXjC1
5EhzuhUB7HNi2b9GLDenjiHW4vBmSoIAbt9Pnz6zZsPH7eBPBcqkIWLFuqKBYUoXKLpzrVtr
Kgv6PM3t2+4YakBnMWjpcqzinurEeGq4mh3gHTv03wcyT6eQVCu5k4yaJxoQReYtYIjv+W+m
LmT/ZW61ZATZb2adV8xPejUlWSq4+2bpRbXZpD9FAmomNC8fSvGUUhMfYq5t5IUPHfP0kEH5
WQVWgVfpcf6Q8rnpWznsMiJrucUpJf8ZenHtMYIEKDCCBCQCAQEwga0wgZcxCzAJBgNVBAYT
AkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAY
BgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMT0wOwYDVQQDEzRDT01PRE8gUlNBIENsaWVudCBB
dXRoZW50aWNhdGlvbiBhbmQgU2VjdXJlIEVtYWlsIENBAhEAkJNVgmy0T3j/sFnejfTMyTAJ
BgUrDgMCGgUAoIICTzAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEP
Fw0xNDExMjkxNzM2MjlaMCMGCSqGSIb3DQEJBDEWBBSLoAR1R2TkwTYOajLrODLmTCOu3jBs
BgkqhkiG9w0BCQ8xXzBdMAsGCWCGSAFlAwQBKjALBglghkgBZQMEAQIwCgYIKoZIhvcNAwcw
DgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsOAwIHMA0GCCqGSIb3DQMCAgEo
MIG+BgkrBgEEAYI3EAQxgbAwga0wgZcxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVy
IE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1p
dGVkMT0wOwYDVQQDEzRDT01PRE8gUlNBIENsaWVudCBBdXRoZW50aWNhdGlvbiBhbmQgU2Vj
dXJlIEVtYWlsIENBAhEAkJNVgmy0T3j/sFnejfTMyTCBwAYLKoZIhvcNAQkQAgsxgbCgga0w
gZcxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcT
B1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMT0wOwYDVQQDEzRDT01PRE8g
UlNBIENsaWVudCBBdXRoZW50aWNhdGlvbiBhbmQgU2VjdXJlIEVtYWlsIENBAhEAkJNVgmy0
T3j/sFnejfTMyTANBgkqhkiG9w0BAQEFAASCAQA3b3soOK/d8go5zPWgS25tWLdYtB9POyYA
sV1FsXdTuSL2f/avVecUAXs41ftRF9o02slvJ+uZmLaviCfOjTq1NAldwddL8+pdyE622b0a
bmBsFoyy4riLkloB7B9i/TKRUSJoPp1xL5NSb372n3QMJiwAco43tRQg5c2NWySbtf5TsepM
Jco3DEotySOgyAMvRsxdb1n8coYPLLZooQsoIKpCtEBs/jmM6rJrIxEMWaZeoYKaZfPEBHf4
0fBOnucyoiNdqEZJTWW9O7ZUOhcfClzfkBUw1EVDY3k4xvatCcmvMrfiqTh37U/wUuiR8vl2
BM28KQZOlDdmMVOGAPFeAAAAAAAA
--------------ms010107080600090009020905--


From nobody Sat Nov 29 11:15:56 2014
Return-Path: 
X-Original-To: dtls-iot@ietfa.amsl.com
Delivered-To: dtls-iot@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D1A521A1DE1 for ; Sat, 29 Nov 2014 11:15:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level: 
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KmGJEmqcOPu4 for ; Sat, 29 Nov 2014 11:15:51 -0800 (PST)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.18]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D6FDF1A00C2 for ; Sat, 29 Nov 2014 11:15:50 -0800 (PST)
Received: from [192.168.131.133] ([80.92.115.84]) by mail.gmx.com (mrgmx003) with ESMTPSA (Nemesis) id 0LaFmY-1YJiB829Es-00m0sf; Sat, 29 Nov 2014 20:15:48 +0100
Message-ID: <547A1B64.2030709@gmx.net>
Date: Sat, 29 Nov 2014 20:15:48 +0100
From: Hannes Tschofenig 
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0
MIME-Version: 1.0
To: robert.cragie@gridmerge.com, dtls-iot@ietf.org
References: <547862E4.2030301@gmx.net> <547A041D.2070205@gridmerge.com>
In-Reply-To: <547A041D.2070205@gridmerge.com>
OpenPGP: id=4D776BC9
Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="C8t9TrVoWn8UN0s0BaFOQ5HRoI1DEcmKO"
X-Provags-ID: V03:K0:DKykyNeIQEo5z/ect4kqGHg5tuv8fX/HqabNhrphw/z6HYdFnxN y2y11JYFIjQ9Q9EmRQ1/LeeQpQDs/Qg4NrlAk8RjkFTUz7z1a487tlQDcZSSSwXQ4bcf6+G Z2HFPpImND6RV3+i6CB2f0UuWBvVbkJZjbEcprDV5xX2FtufO07wWg5bWYJQd2/PPFPq2QX CURcecRQiryV4W/SGXH2w==
X-UI-Out-Filterresults: notjunk:1;
Archived-At: http://mailarchive.ietf.org/arch/msg/dtls-iot/sg_ArB0Mm7ZK_0ZvoeTOs3VEO78
Subject: Re: [Dtls-iot] Tracking Review Feedback for the DTLS Profile Document
X-BeenThere: dtls-iot@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DTLS for IoT discussion list 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Sat, 29 Nov 2014 19:15:55 -0000

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--C8t9TrVoWn8UN0s0BaFOQ5HRoI1DEcmKO
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable

Hi Robert,

thanks for your detailed review.

A few remarks inline:

On 11/29/2014 06:36 PM, Robert Cragie wrote:
> Hi Hannes,
>=20
> Firstly, I will start by outlining some general considerations in
> respect of the charter and the profile document. I do this to frame som=
e
> of the responses I give later.
> =20
> Consider the charter text. It is quite general: "focuses on supporting
> the use of DTLS Transport-Layer Security in these [constrained]
> environments". So, what is DTLS (or more generally, TLS) used for in
> constrained environments? Primarily it is used for securing application=

> layer communication. However, it is also being considered for network
> access as well due to DTLS' general properties of providing
> authentication via the handshake and a subsequent secure channel. The
> primary reason for this overloading is code re-use through use of a DTL=
S
> library, which can be used for both application layer and network acces=
s
> security.
>=20
> The current profile draft does not mention DTLS use for network access
> security and there has already been some discussion about narrowing the=

> focus for particular communication patterns. I don't see this as a
> problem providing the credentials relating to the cipher suites are
> dealt with in a general way (which they are). It may also help to at
> least acknowledge that there may be a desire to to re-use cipher suites=

> and indeed credentials for network access purposes. With regard to the
> communication patterns, it is probably more relevant to consider client=

> and server roles as it is possible that once a secure channel has been
> set up, client and server roles may reverse when it comes to applicatio=
n
> layer transactions. Again, I think the document does generally do this
> but it might help to clarify the role of client and server in the
> document and distinguish their roles wrt. authentication and
> authorization and subsequent application layer transactions.

It is indeed good to mention the use of network access authentication
and I should probably do that in the introduction and maybe also in an
example.

I created a ticket for this issue:
http://trac.tools.ietf.org/wg/dice/trac/ticket/22

>=20
> Re-use is a recurring theme when considering constrained environments
> and is behind a lot of the directions taken in developments for
> constrained environments. The corollary of re-use is to not add
> functionality if it can be avoided. For example, the development of the=

> CCM cipher suites instead of selecting the GCM cipher suites was
> predicated on:
>=20
> * The use of CCM for lower layer security (often with accompanying
> hardware accleration) and the ability to re-use it
> * Eliminating the need for additional functionality required by GCM,
> namely GF2^128 multiplier
>=20
> So whilst such a direction does not guarantee re-use in a particular
> implementation, it certainly makes it more likely to be achievable.=20
>=20
> With regard to the particular tickets raised:
>=20
> - Issue#12: Updated text for the PFS section
> https://tools.ietf.org/wg/dice/trac/ticket/12
>=20
> Regarding the list of possible cipher suites, It is possible that PAKEs=

> may be used in the future as well, although these are more likely for
> network access.

Are you suggesting to add a PAKE ciphersuite to the list of credential
types that were considered?

I would actually add it as a separate item (in addition to certificates,
raw public keys, and PSKs) since it is qualitatively different.

The problem I see is what exactly should we reference (which is a
question I already have for the earlier suggestion about considering
network access authentication)?

>=20
> - Issue#16: New section explaining how to deal with constrained servers=

> (as discussed on the list)
> https://tools.ietf.org/wg/dice/trac/ticket/16
>=20
> This goes some of the way to address the comment I have above re. clien=
t
> and server roles as it clearly shows the sensor as the DTLS client but
> acting more as a constrained server with regard to the actual
> application layer transactions.

While I hadn't gotten any feedback on the text proposal I indeed think
that adding a few message exchanges helps to clarify the exchanges (and
as you mention, also the roles).

If we add network access authentication then I believe an example would
be appropriate as well.

>=20
> - Issue#15: New section giving guidance on timeouts
> https://tools.ietf.org/wg/dice/trac/ticket/15
>=20
> Some suggested changes:
>=20
> ---
> "DTLS added a fragmentation and reassembly mechanism to TLS since each
> DTLS message must fit within a single transport layer datagram, as
> described in Section 4.2.3 of [RFC6347], and the underlying transport
> protocol does not provide such capabilities. Since handshake messages
> are potentially bigger than the maximum record size the mechanism for
> fragmenting a handshake message over a number of records, each of which=

> can be transmitted separately, avoids IP fragmentation."
>=20
> to
>=20
> "The DTLS handshake protocol adds a fragmentation and reassembly
> mechanism to the TLS handshake protocol since each DTLS record must fit=

> within a single transport layer datagram, as described in Section 4.2.3=

> of [RFC6347]. Since handshake messages are potentially bigger than the
> maximum record size, the mechanism fragments a handshake message over a=

> number of DTLS records, each of which can be transmitted separately."
>=20
> Rationale: A datagram is the element (PDU) of the transport layer
> therefore there is no concept of fragmenting it further at the transpor=
t
> layer. IP fragmentation doesn't really come into it - a transport layer=

> PDU could still be fragmented at the IP layer and it would make no
> difference.
>=20
> ---
> "To deal with the unreliable message delivery provided by UDP DTLS adde=
d
> timeouts and re-transmissions, as described in Section 4.2.4 of
> [RFC6347]. Although the timeout values are implementation specific
> recommendations are provided in Section 4.2.4.1 of [RFC6347] with an
> initial timer value of 1 second and twice the value at each
> retransmission, up to no less than 60 seconds. Due to the nature of som=
e
> radio technologies these values are too aggressive and lead to spurious=

> timeouts when messages in flight need longer."
>=20
> to
>=20
> "To deal with the unreliable message delivery provided by UDP, DTLS add=
s
> timeouts and re-transmissions, as described in Section 4.2.4 of
> [RFC6347]. Although the timeout values are implementation specific,
> recommendations are provided in Section 4.2.4.1 of [RFC6347], with an
> initial timer value of 1 second and twice the value at each
> retransmission up to no less than 60 seconds. Due to the nature of some=

> radio technologies, these values are too aggressive and lead to spuriou=
s
> failures when messages in flight need longer."
>=20
> Rationale: Mostly grammatical cleanups; changed "timeouts" to "failures=
"
> as the timeouts themselves aren't spurious but the rate at which they
> occur causes the spurious failure of sending the message by the DTLS
> handshake protocol.
>=20
> ---
> "each of which is then mapped on to one or more lower layer PDUs using
> the segmentation and reassembly (SaR)"
>=20
> to
>=20
> "each of which is then mapped on to one or more DTLS records using the
> segmentation and reassembly (SaR)"
>=20
> Rationale: "lower layer PDU" is not really the right term here. It is
> specifically the DTLS record.
>=20
> ---
> "In fact, Record Layer messages are never fragmented and MUST fit withi=
n
> a single transport layer datagram, whatever be the limit imposed by the=

> underlying transport."
>=20
> to
>=20
> "In fact, DTLS records are never fragmented and MUST fit within a singl=
e
> transport layer datagram."
>=20
> Rationale: "DTLS record" is the right term. No need to elaborate on lim=
its.
>=20
> ---
> Regarding the discussion about concatenated SMS messages, surely this
> applies more to the UDP datagram size as opposed to the DTLS record
> size? Also, it doesn't seem obviously clear that SMS SaR shouldn't be
> used; this is only like using 6LoWPAN fragmentation, which also carries=

> an overhead. I don't think we would necessarily say a DTLS record has t=
o
> fit into one 802.15.4 packet?
>=20
> ---
> In Section A.2, (1) If the SMS user has some robust SaR mechanism then
> that would be a reason not to use the Concatenated SMS, however DTLS
> really makes no difference as there is no recovery mechanism using DTLS=

> handshake protocol. (2) is a valid reason for not using Concatenated
> SMS. I can't see (3) making much of a difference either - reordering
> could occur anyway, you would just handle it at a different layer.

Thanks for the text proposals. I have incorporated them into the document=
=2E

Here is the updated version:
https://github.com/hannestschofenig/tschofenig-ids/blob/master/dice-profi=
le/draft-ietf-dice-profile-06.txt

I have re-read Appendix A.2 and I have to admit that I agree with your
assessment. I have changed the text accordingly and focused on item #2
and the fact that the same mechanism is already applied at the DTLS
layer anyway.

Reason (1) is really only true if DTLS would provide selective
acknowledgements and the ability to re-send fragments. The reordering
aspect (3) and the buffering (4) aren't really issues that are too
different to DTLS either.

>=20
> - Issue#13: New section with key length recommendations
> https://tools.ietf.org/wg/dice/trac/ticket/13
>=20
> NIST SP 800-57 and NIST SP 800-131 give comprehensive guidance on key
> lengths - it may be worth referencing those documents.

I included this reference to http://www.keylength.com/en/ and it does
reference the NIST work and other relevant documents. Of course, it
might be better to just reference the original specifications instead.

What would you prefer? Maybe I could reference a recent ENISA document
that surveys the requirements from various bodies. Here is the link to
that document:
http://www.enisa.europa.eu/activities/identity-and-trust/library/delivera=
bles/algorithms-key-sizes-and-parameters-report

> - Issue#11: Question about applicability of text to TLS
> https://tools.ietf.org/wg/dice/trac/ticket/11
>=20
> I agree that TLS should be mentioned as well.

Thanks. That was my understanding as well. Particularly when we consider
the network access authentication context things get pretty muddy
anyway. For example, in context of EAP-TLS the underlying transport
isn't TCP but, similarly to the SMS context, some other protocol.

>=20
> - Issue#14: New section about the signature algorithm extension
> https://tools.ietf.org/wg/dice/trac/ticket/14
>=20
> I agree with the proposed text.

Thanks.

> - Issue#17: AES-CCM nonces in DTLS records.
> https://tools.ietf.org/wg/dice/trac/ticket/17
>=20
> As mentioned on the mailing list, the CCM cipher suites were based on
> the GCM cipher suites, which has the same issue. Header compression
> (RFC7400) would solve this. It might be an idea to show how this could
> be achieved.

I will take a look at RFC 7400 to figure out how text could look like.

>=20
> - Issue#18: AES-CCM: 12-octet or 13-octet nonce
> https://tools.ietf.org/wg/dice/trac/ticket/18
>=20
> I think this is probably a non-issue. AES-CCM use with DTLS is to secur=
e
> the DTLS record. Many of the AES-CCM hardware implementations are aimed=

> at securing layer 2 packets and the ability to re-use the full AES-CCM
> engine is limited. In these cases, it may still be possible to use the
> basic AES-128 block cipher and the construction of the higher layer
> packet may dictate a different approach to how it may be done at layer-=
2
> anyway. Therefore, the different length nonces for DTLS using a CCM
> cipher suite and the use of CCM at layer 2 is unlikely to be that
> significant even if the layer-2 oriented AES-CCM engine is hardcoded to=

> use 13-byte nonces.

It would be an interesting exercise to figure out whether chip
manufacturers make their AES hardware implementation accessible without
actually using the entire AES-CCM bundle.

In any case, it might be worthwhile to make the recommendation to chip
manufacturers to make their AES hardware implementation accessible to
developers working on security implementations at higher layers.

This case would serve as a nice example for why this is indeed useful
(and maybe not entirely obvious at first sight).

> - Issue#19: Issue about AES-CCM vs. AES-GCM
> https://tools.ietf.org/wg/dice/trac/ticket/19
>=20
> Regarding the UTA document generally, I believe it is short-sighted not=

> to consider the wider uses of TLS/DTLS beyond web application security.=

> For example, EAP-TLS already specifies the use of TLS in a different
> scenario (AAA) and to me there is no reason to also consider TLS/DTLS
> use in constrained environments in IoT-type uses as well, including AAA=

> and locally-authorized network access. Had these been considered in the=

> UTA document, greater consideration might have been given to the fact
> that CCM cipher suites were developed for constrained environments for
> the re-use reasons given earlier.=20

I think having a scope is a good thing for the UTA document. You want to
make the document readable for the target audience and there are subtle
issues when using TLS / DTLS in different context.

On top of that the UTA group has already started to write application
specific guidance document as well (see XMPP document at
draft-ietf-uta-xmpp-04). You would like to at least avoid overlap
between specifications in your own working group....


> However, also note the layering
> discussion for Issue #18; in practice, it may not actually be an issue
> for implementations using DTLS/TLS with AES-GCM at the transport layer
> and AES-CCM at layer 2.

That's a good point. We could say that the common aspect is the AES and
that might be good enough already.

Ciao
Hannes

>=20
> Robert
>=20
> On 28/11/2014 11:56 AM, Hannes Tschofenig wrote:
>> Hi all,
>>
>> I went through the review comments and the discussions on the list and=

>> added issues to the tracker. You can find the complete list here:
>> https://tools.ietf.org/wg/dice/trac/report/1
>>
>> - Issue#12: Updated text for the PFS section
>> https://tools.ietf.org/wg/dice/trac/ticket/12
>>
>> - Issue#16: New section explaining how to deal with constrained server=
s
>> (as discussed on the list)
>> https://tools.ietf.org/wg/dice/trac/ticket/16
>>
>> - Issue#15: New section giving guidance on timeouts
>> https://tools.ietf.org/wg/dice/trac/ticket/15
>>
>> - Issue#13: New section with key length recommendations
>> https://tools.ietf.org/wg/dice/trac/ticket/13
>>
>> - Issue#11: Question about applicability of text to TLS
>> https://tools.ietf.org/wg/dice/trac/ticket/11
>>
>> - Issue#14: New section about the signature algorithm extension
>> https://tools.ietf.org/wg/dice/trac/ticket/14
>>
>> - Issue#17: AES-CCM nonces in DTLS records.
>> https://tools.ietf.org/wg/dice/trac/ticket/17
>>
>> - Issue#18: AES-CCM: 12-octet or 13-octet nonce
>> https://tools.ietf.org/wg/dice/trac/ticket/18
>>
>> - Issue#19: Issue about AES-CCM vs. AES-GCM
>> https://tools.ietf.org/wg/dice/trac/ticket/19
>>
>> I suspect that issue #16 and #11 could trigger some discussion. Issue
>> #19 does not have a resolution yet.
>>
>> I thought that the tracker would send mails to the list but it did not=

>> seem so. Instead of copying all the issues to the list take a look at
>> the tracker.
>>
>> I am planning to release a new draft snapshot late next week.
>>
>> Ciao
>> Hannes
>>
>> PS: I am also in the process of incorporating various editorial
>> suggestions. Here is the draft snapshot:
>> https://github.com/hannestschofenig/tschofenig-ids/blob/master/dice-pr=
ofile/draft-ietf-dice-profile-06.txt
>>
>>
>>
>> _______________________________________________
>> dtls-iot mailing list
>> dtls-iot@ietf.org
>> https://www.ietf.org/mailman/listinfo/dtls-iot
>=20
>=20
>=20
> _______________________________________________
> dtls-iot mailing list
> dtls-iot@ietf.org
> https://www.ietf.org/mailman/listinfo/dtls-iot
>=20


--C8t9TrVoWn8UN0s0BaFOQ5HRoI1DEcmKO
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org

iQEcBAEBCgAGBQJUehtkAAoJEGhJURNOOiAtet8IAJijHN9B1EJA5C8sJoV9zvr9
L3Z3CwtUt0H0BhxzvquzxRc7YgycvOjC80e5e18jTy4jOZx7NpsO/h0cbcJcaNmU
CeqlH/Cnuhr4iPB85Fajg0u6v/SzoXoc1krRAWBgpha0YYwCrCRLK7II861ugwI2
U3N3KYiybfDGoFk9nRaq6silv3MeAeWoL+x7we3EpGVuleBlMMw5aRBdeaFG1z3N
NJqJX0MLEakOP9IRl0I7ToIWSJYQkENr+RKrp8UAI3sI57/Ic0jlWNFWiU6fl86E
JVx/3FYLpSlmJneaKorju0DK2otN0EbwBGnw7tO7ML1Jt2Qz6dA1opaKI/kX1Sw=
=oAk7
-----END PGP SIGNATURE-----

--C8t9TrVoWn8UN0s0BaFOQ5HRoI1DEcmKO--