IETF Logo Mail Archive

Re: [core] draft-ietf-core-coap-06 The CoAP/DTLS/CoAP Turkey Sandwich layer violation train wreck

Thomas Herbst <therbst@silverspringnet.com> Wed, 11 May 2011 18:28 UTC

Return-Path: <therbst@silverspringnet.com>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 75949E0823 for <core@ietfa.amsl.com>; Wed, 11 May 2011 11:28:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.148
X-Spam-Level:
X-Spam-Status: No, score=-1.148 tagged_above=-999 required=5 tests=[AWL=-1.450, BAYES_00=-2.599, HTML_MESSAGE=0.001, J_CHICKENPOX_31=0.6, MANGLED_BEST=2.3]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VM7MEt33Juez for <core@ietfa.amsl.com>; Wed, 11 May 2011 11:28:32 -0700 (PDT)
Received: from it-ipcorp-01.silverspringnet.com (it-ipcorp-01.silverspringnet.com [74.121.22.25]) by ietfa.amsl.com (Postfix) with ESMTP id 73594E07EB for <core@ietf.org>; Wed, 11 May 2011 11:28:32 -0700 (PDT)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: ApwEAJnUyk0KyAE8/2dsb2JhbACCZaQVyDiCLXmCagSGQ41xij0
X-IronPort-AV: E=Sophos;i="4.64,354,1301900400"; d="scan'208,217";a="4389739"
Received: from unknown (HELO IT-EXCA-01.silverspringnet.com) ([10.200.1.60]) by it-ipcorp-01.silverspringnet.com with ESMTP/TLS/AES128-SHA; 11 May 2011 11:28:32 -0700
Received: from IT-EXMB-01.silverspringnet.com ([fe80::b81e:2d5b:d263:6c44]) by IT-EXCA-01.silverspringnet.com ([::1]) with mapi; Wed, 11 May 2011 11:28:31 -0700
From: Thomas Herbst <therbst@silverspringnet.com>
To: "robert.cragie@gridmerge.com" <robert.cragie@gridmerge.com>, "core@ietf.org" <core@ietf.org>
Date: Wed, 11 May 2011 11:28:30 -0700
Thread-Topic: [core] draft-ietf-core-coap-06 The CoAP/DTLS/CoAP Turkey Sandwich layer violation train wreck
Thread-Index: AcwQCTrHjCKz4vHiTxmnUhmcxV5wog==
Message-ID: <C9F02359.AB1F%therbst@silverspringnet.com>
In-Reply-To: <4DC943E8.2040901@gridmerge.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.10.0.110310
acceptlanguage: en-US
Content-Type: multipart/alternative; boundary="_000_C9F02359AB1Ftherbstsilverspringnetcom_"
MIME-Version: 1.0
Subject: Re: [core] draft-ietf-core-coap-06 The CoAP/DTLS/CoAP Turkey Sandwich layer violation train wreck
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/core>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 May 2011 18:28:33 -0000

+1

From: Robert Cragie <robert.cragie@gridmerge.com<mailto:robert.cragie@gridmerge.com>>
Reply-To: "robert.cragie@gridmerge.com<mailto:robert.cragie@gridmerge.com>" <robert.cragie@gridmerge.com<mailto:robert.cragie@gridmerge.com>>
Date: Tue, 10 May 2011 06:55:52 -0700
To: "core@ietf.org<mailto:core@ietf.org>" <core@ietf.org<mailto:core@ietf.org>>
Subject: Re: [core] draft-ietf-core-coap-06 The CoAP/DTLS/CoAP Turkey Sandwich layer violation train wreck

I have never seen what the issue is with using two ports like HTTPS:


 *   One port for CoAP over UDP
 *   One port for CoAP over DTLS over UDP

Robert

Robert Cragie (Pacific Gas & Electric)

Gridmerge Ltd.
89 Greenfield Crescent,
Wakefield, WF4 4WA, UK
+44 1924 910888
+1 415 513 0064
http://www.gridmerge.com<http://www.gridmerge.com/>

On 06/05/2011 8:49 AM, Eric Rescorla wrote:

On Thu, May 5, 2011 at 6:24 PM, Carsten Bormann <cabo@tzi.org><mailto:cabo@tzi.org> wrote:


On May 6, 2011, at 02:51, Eric Rescorla wrote:



1. Use STUN as-is.


Yep, we are doing that.
(The escaping stuff is insurance for a case that is rather unlikely.  We could take it out.)

What is the status about STUN coexisting with DTLS?


As far as I know, there's no problem, since the leading bytes plus cookies make
collisions very unlikely.




2. Use a leading framing byte to distinguish DTLS and CoAP from STUN.
If you're really worried
about compactiness,


(Yes, we are.)



then pick only a single value to distinguish DTLS
(e.g., 0xffffffff)


(That would be a bit long.)


Sorry, brain failure. 0xff




and use all
the remaining values to give you a little more room in the rest of the packet.


Sure, we could do that.  It would mean spending another byte for all DTLS packets.


Right. My argument is that that's not that big a deal because it only
increases space
by ~5%.




More importantly, it also means DTLS packets no longer look like DTLS packets, which complicates debugging.


Yes, I agree that that's suboptimal. That's why I prefer separate ports...
The material you're quoting above is just some other thoughts for dealing with
the same port if people insist.




I would like to learn more about your plans to expand the DTLS ContentType space.
This hasn't changed since 1996.  Of course, it could, next month.
Again, the escaping stuff is insurance for this case.  We could take it out.


I don't think there are any immediate plans to do so--though note that
http://tools.ietf.org/html/draft-seggelmann-tls-dtls-heartbeat-01
does contemplate one addition. And I would assume that we intend to
assign the content-types towards the bottom of the range first. That said,
I don't think TLS-WG has by any means decided to commit to not
assigning a bunch more types.

Bes,t
-Ekr
_______________________________________________
core mailing list
core@ietf.org<mailto:core@ietf.org>https://www.ietf.org/mailman/listinfo/core

v2.23.0 | Report a Bug | By Email