IETF Logo Mail Archive

[core] DTLS-related comments on DoC

Thomas Fossati <thomas.fossati@linaro.org> Tue, 20 August 2024 12:23 UTC

Return-Path: <thomas.fossati@linaro.org>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2E328C151095 for <core@ietfa.amsl.com>; Tue, 20 Aug 2024 05:23:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=linaro.org
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xwGusuQOSoKk for <core@ietfa.amsl.com>; Tue, 20 Aug 2024 05:22:56 -0700 (PDT)
Received: from mail-lf1-x12a.google.com (mail-lf1-x12a.google.com [IPv6:2a00:1450:4864:20::12a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2424AC151096 for <core@ietf.org>; Tue, 20 Aug 2024 05:22:56 -0700 (PDT)
Received: by mail-lf1-x12a.google.com with SMTP id 2adb3069b0e04-53310adb4c3so6006714e87.3 for <core@ietf.org>; Tue, 20 Aug 2024 05:22:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1724156574; x=1724761374; darn=ietf.org; h=cc:to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=Ky2ZNYve8T2/7ylYabJlRiqcv1rDK8zTeqBhUA6YavY=; b=IoJLFN485biuOvAjPg4npwJibiKCU6IAJjbCEEEp8QMM8tghm6rJ/Mmaohyfx9pJJ1 2aF6UTqCz+mZjWcSV/0hXofDVVF8eCMermuGY+O4mI6fPooWpiRx383PjM5nzD5MKyPA NtDznTfQjTFliNGyZrLQwfrPuVlpORpf6DGL0TPUdLr5qrt0USBcie3pQSxYm/bR58Fg llRrvGUOIiOoLTCeFPMkpsMySnyzchDOsUluDwCuG0/e3Hv+ooUvPVmoUpixf3rU9XMm zEKFJVcHqn9xWqF+psw9YYqQMfNcCEgrN7RLUle6DsVQUc6e+7qHGj5MpwRXzWKZ59u2 XCaw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1724156574; x=1724761374; h=cc:to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=Ky2ZNYve8T2/7ylYabJlRiqcv1rDK8zTeqBhUA6YavY=; b=rIRNhdR4Kn+5TcV3uIB/lPlCPdBKE0+pnHjAcljmtc42kO44++y3rQJW5PPd4lSwfC HrrkVBaItd4iy9SAhjchyRmHKPhiYnHaBY1nSWhb3xwdOlM4xqG2g3f3b1uysGGOkpys nxohGvgSe0oPStgYNdOzYM8qqaYD1BfSWNOIN7NIrlBMFb7HsG4Iczvhj97x0SrAZj87 LBLxQQMbVpl1oSmYPmMVd+9PEHyvf/VoVbSs6X4QbN1KYP1JnJT7h0PbyhpRsNL0Tqyr edslwFyBk3xVKiNnfbPdzJIplVZrbmQHafDmhoU2sfvwyvm7tMYKnf4Usd9BMd1zDtLm xY/Q==
X-Forwarded-Encrypted: i=1; AJvYcCUHrPY2MZwzjCE6szPfxy/oPOsnYUiYqnMCv+fh0iusfJXORPiU6kQHkp7ts15h4xaFlTMl+kt1zPPVQQaE
X-Gm-Message-State: AOJu0Yy1qFQBAfLSYygIp2kUDJT8Z83luemqZc4A0MabW2oTNJYUy8ZW y/RYpTEEdMOyz0v1a+l9UVXXhNeAHZBKP1PrJyIEsCyKrgDcGLh3JtgmVV35uD26DnJ48NYgunJ l7xN2UPowDQFgghwdLIu6jvQvGYbFUpeiPgfTWIO4XyRRQqbk1HQ=
X-Google-Smtp-Source: AGHT+IEEnOloq/p8ssbSZK8K3BFxCXxx1MPDBvptbZ4iEKg/DYXDc7XrtvStkGXbmAdRyLOoehKxqAoCvTo5EslL2GA=
X-Received: by 2002:a05:6512:224e:b0:52c:daa7:8975 with SMTP id 2adb3069b0e04-5331c6a1c8bmr10463684e87.18.1724156574110; Tue, 20 Aug 2024 05:22:54 -0700 (PDT)
MIME-Version: 1.0
From: Thomas Fossati <thomas.fossati@linaro.org>
Date: Tue, 20 Aug 2024 14:22:37 +0200
Message-ID: <CA+1=6ydqQQC0AJOWf+ESbnAVjqEAjOkVFUyN0o+1S=ecqufhjw@mail.gmail.com>
To: draft-ietf-core-dns-over-coap@ietf.org, core@ietf.org
Content-Type: text/plain; charset="UTF-8"
Message-ID-Hash: 65GDWFX4IVQ5FXLU5QA2HGYBTQOQO4SZ
X-Message-ID-Hash: 65GDWFX4IVQ5FXLU5QA2HGYBTQOQO4SZ
X-MailFrom: thomas.fossati@linaro.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-core.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Hannes Tschofenig <hannes.tschofenig@gmx.net>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [core] DTLS-related comments on DoC
List-Id: "Constrained RESTful Environments (CoRE) Working Group list" <core.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/Md4gV_0tUq7K6uyIwCjuRHSJOaA>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Owner: <mailto:core-owner@ietf.org>
List-Post: <mailto:core@ietf.org>
List-Subscribe: <mailto:core-join@ietf.org>
List-Unsubscribe: <mailto:core-leave@ietf.org>

Hi authors!

Here are a few DTLS-related comments after giving DoC a quick scan:

1. Using DTLS CIDs [1] may provide some measurable improvements
latency- and energy-wise, at least in cases where the DoC client has a
long-lived connection with the server.

Implementation note: while CIDs are a native construct in DTLS 1.3,
they are an optional feature in 1.2 - with support in some popular IoT
stacks (mbedTLS, Californium, tinyDTLS).

That being said,

2. using CID in the context of DoC may also widen your DDoS surface.
Luckily, this can be mitigated by RRC [2].

3. Due to the limited off-the-shelf support for DTLS 1.3, it would be
beneficial to also mandate DTLS 1.2 (with all the relevant caveats
described in RFC7925 and BCP195).

cheers, thanks!

[1] https://datatracker.ietf.org/doc/html/RFC9146
[2] https://datatracker.ietf.org/doc/html/draft-ietf-tls-dtls-rrc

v2.38.3 | Report a Bug | By Email | System Status