IETF Logo Mail Archive

Re: [core] draft-ietf-core-coap-06 The CoAP/DTLS/CoAP Turkey Sandwich layer violation train wreck

Robert Cragie <robert.cragie@gridmerge.com> Tue, 10 May 2011 13:55 UTC

Return-Path: <robert.cragie@gridmerge.com>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D1B61E0693 for <core@ietfa.amsl.com>; Tue, 10 May 2011 06:55:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.302
X-Spam-Level:
X-Spam-Status: No, score=0.302 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, J_CHICKENPOX_31=0.6, MANGLED_BEST=2.3]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XF3CuN-mLEfb for <core@ietfa.amsl.com>; Tue, 10 May 2011 06:55:57 -0700 (PDT)
Received: from mail78.extendcp.co.uk (mail78.extendcp.co.uk [79.170.40.78]) by ietfa.amsl.com (Postfix) with ESMTP id 7FED1E0593 for <core@ietf.org>; Tue, 10 May 2011 06:55:50 -0700 (PDT)
Received: from client-86-23-111-162.brhm.adsl.virginmedia.com ([86.23.111.162] helo=[192.168.1.80]) by mail78.extendcp.com with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.73) id 1QJnPg-000498-Cc for core@ietf.org; Tue, 10 May 2011 14:55:48 +0100
Message-ID: <4DC943E8.2040901@gridmerge.com>
Date: Tue, 10 May 2011 14:55:52 +0100
From: Robert Cragie <robert.cragie@gridmerge.com>
Organization: Gridmerge Ltd.
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.17) Gecko/20110414 Lightning/1.0b2 Thunderbird/3.1.10
MIME-Version: 1.0
To: core@ietf.org
References: <1FFCF0B6-2DF8-4776-BC6B-47069737AD50@cisco.com> <2ECE1C68-6650-43D4-97B6-2D405143C845@tzi.org> <BANLkTin_gwk+eGxwcRRPb8YcVpvQe1UgxQ@mail.gmail.com> <EAE9DFEE-01E9-4BE7-8CA2-136945CB6340@tzi.org> <BANLkTik0MYry5_skJo8CwLAeDAxTxjRFSA@mail.gmail.com>
In-Reply-To: <BANLkTik0MYry5_skJo8CwLAeDAxTxjRFSA@mail.gmail.com>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha1"; boundary="------------ms010608060004000005060906"
X-Authenticated-As: robert.cragie@gridmerge.com
Subject: Re: [core] draft-ietf-core-coap-06 The CoAP/DTLS/CoAP Turkey Sandwich layer violation train wreck
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: robert.cragie@gridmerge.com
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/core>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 May 2011 13:55:58 -0000

I have never seen what the issue is with using two ports like HTTPS:

    * One port for CoAP over UDP
    * One port for CoAP over DTLS over UDP


Robert

Robert Cragie (Pacific Gas & Electric)

Gridmerge Ltd.
89 Greenfield Crescent,
Wakefield, WF4 4WA, UK
+44 1924 910888
+1 415 513 0064
http://www.gridmerge.com <http://www.gridmerge.com/>


On 06/05/2011 8:49 AM, Eric Rescorla wrote:
> On Thu, May 5, 2011 at 6:24 PM, Carsten Bormann<cabo@tzi.org>  wrote:
>> On May 6, 2011, at 02:51, Eric Rescorla wrote:
>>
>>> 1. Use STUN as-is.
>> Yep, we are doing that.
>> (The escaping stuff is insurance for a case that is rather unlikely.  We could take it out.)
>>
>> What is the status about STUN coexisting with DTLS?
> As far as I know, there's no problem, since the leading bytes plus cookies make
> collisions very unlikely.
>
>
>>> 2. Use a leading framing byte to distinguish DTLS and CoAP from STUN.
>>> If you're really worried
>>> about compactiness,
>> (Yes, we are.)
>>
>>> then pick only a single value to distinguish DTLS
>>> (e.g., 0xffffffff)
>> (That would be a bit long.)
> Sorry, brain failure. 0xff
>
>
>>> and use all
>>> the remaining values to give you a little more room in the rest of the packet.
>> Sure, we could do that.  It would mean spending another byte for all DTLS packets.
> Right. My argument is that that's not that big a deal because it only
> increases space
> by ~5%.
>
>
>> More importantly, it also means DTLS packets no longer look like DTLS packets, which complicates debugging.
> Yes, I agree that that's suboptimal. That's why I prefer separate ports...
> The material you're quoting above is just some other thoughts for dealing with
> the same port if people insist.
>
>
>> I would like to learn more about your plans to expand the DTLS ContentType space.
>> This hasn't changed since 1996.  Of course, it could, next month.
>> Again, the escaping stuff is insurance for this case.  We could take it out.
> I don't think there are any immediate plans to do so--though note that
> http://tools.ietf.org/html/draft-seggelmann-tls-dtls-heartbeat-01
> does contemplate one addition. And I would assume that we intend to
> assign the content-types towards the bottom of the range first. That said,
> I don't think TLS-WG has by any means decided to commit to not
> assigning a bunch more types.
>
> Bes,t
> -Ekr
> _______________________________________________
> core mailing list
> core@ietf.org
> https://www.ietf.org/mailman/listinfo/core
>

v2.23.0 | Report a Bug | By Email