[lp-wan] FW: [TLS] SCHC for DTLS
dominique.barthel@orange.com Mon, 30 May 2022 14:14 UTC
Return-Path: <dominique.barthel@orange.com>
X-Original-To: lp-wan@ietfa.amsl.com
Delivered-To: lp-wan@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D594CC13CDFF for <lp-wan@ietfa.amsl.com>; Mon, 30 May 2022 07:14:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.107
X-Spam-Level:
X-Spam-Status: No, score=-7.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=orange.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id H9_-MX1TqfuE for <lp-wan@ietfa.amsl.com>; Mon, 30 May 2022 07:14:01 -0700 (PDT)
Received: from relais-inet.orange.com (relais-inet.orange.com [80.12.66.40]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9BA0CC15C00E for <lp-wan@ietf.org>; Mon, 30 May 2022 07:13:41 -0700 (PDT)
Received: from opfedar06.francetelecom.fr (unknown [xx.xx.xx.8]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by opfedar27.francetelecom.fr (ESMTP service) with ESMTPS id 4LBcpC3ZVPz2xKd for <lp-wan@ietf.org>; Mon, 30 May 2022 16:13:39 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=orange.com; s=ORANGE001; t=1653920019; bh=K3e5xPbPPtgvy8K5rgDCjQjRDXXRyPYRwiBTIW1FUGA=; h=From:To:Subject:Date:Message-ID:Content-Type:MIME-Version; b=JRn1UTZtC7sdfbb3QSDt3mOA8WsAKZmNCD4Mt7Wq5dB0S8vPn+eLU0jxj4r+xFq2x NbqBxbY3gozyffovwCnN3t6+T/feQYS1t6675m7fy7CcgzkpVjo6rVNXFFyLtVmcss 7pr8mNe5gjQkSOCeQiIbLIVz3nSkLDxXFLTALJmfr+tjQqPiEynFZSdEFdys7sgTpJ gJmbUVUPs4a0Kl4fV/+mrb40Z1r6gNW6mgyjpg60L1t1m7iHggAethd1HGCOD0/03I froSfQZI2hHYKu52U+hvtLnaNelXrwhNhq2mFOzCyH2cGpvYxESi6/p9ESK6eGnBpL jR6JiHrO+mnLw==
From: dominique.barthel@orange.com
To: lp-wan <lp-wan@ietf.org>
Thread-Topic: [TLS] SCHC for DTLS
Thread-Index: AQHYcc163oQU1+xUFkOtF2V9Pl7foq0yuBEAgARThwCAAEFPgIAALldw
Date: Mon, 30 May 2022 14:13:39 +0000
Message-ID: <13475_1653920019_6294D113_13475_214_1_1def41fad77346acbdd0bbc4a7361ba4@orange.com>
References: <f92962a4-dd76-5fd0-2a4d-91d4de87d251@htt-consult.com> <CABcZeBPLHiSO8V88C-8bwgxsH6vcNBs1t3rb0bggzJBKZPMT3g@mail.gmail.com> <DBBPR08MB5915042FBEF11C5A93DB12C6FADD9@DBBPR08MB5915.eurprd08.prod.outlook.com> <55d0ed70-9f53-8d3c-c421-927065f33348@htt-consult.com>
In-Reply-To: <55d0ed70-9f53-8d3c-c421-927065f33348@htt-consult.com>
Accept-Language: fr-FR, en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [10.115.27.51]
Content-Type: multipart/mixed; boundary="_004_1def41fad77346acbdd0bbc4a7361ba4orangecom_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/lp-wan/awUKPIfTkphe3oqNWHsW4FLta8Q>
Subject: [lp-wan] FW: [TLS] SCHC for DTLS
X-BeenThere: lp-wan@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: "Low-Power Wide Area Networking \(LP-WAN\), also known as LPWA or Low-Rate WAN \(LR-WAN\)" <lp-wan.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lp-wan>, <mailto:lp-wan-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lp-wan/>
List-Post: <mailto:lp-wan@ietf.org>
List-Help: <mailto:lp-wan-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lp-wan>, <mailto:lp-wan-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 30 May 2022 14:14:05 -0000
Hello lpwaners, I’m crossposting this conversation taking place on the TLS mailing list, for those of you who have not subscribed to it. Any takers to discuss DTLS compression with SCHC? Dominique From: TLS [mailto:tls-bounces@ietf.org] On Behalf Of Robert Moskowitz Sent: 30 May 2022 15:28 To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>; Eric Rescorla <ekr@rtfm.com> Cc: tls@ietf.org Subject: Re: [TLS] SCHC for DTLS Greetings Hannes, This is for the record layer. And I really don't know how much would be gained. But as I would see it, this use of SCHC would be for UDP/DTLS/cipher. Since it is starting with UDP, SCHC would have to be an IP Protocol (not currently defined as such). So you loose 1 byte for the SCHC rule, against the 8 probably saved in compressing UDP to 0 bytes. Then there is the cipher. Try AES-GCM-12; what is currently used for the IV? Can something like rfc8750 be added to use the seq # in the DTLS header and gain maybe 16 bytes? I really don't know the DTLS header at all. I have tried to find some decent layout as I am use to for ESP in 4303 (Fig 1) for side-by-side comparison. But if it means being able to fit over some UHF carrier for unmanned aircraft (UA) Network Remote ID (Net-RID) and Command and Control (C2)? Worth the effort. So this is not something I could do myself, but something that I see using and thus pitching in on doing it. On 5/30/22 05:33, Hannes Tschofenig wrote: Bob, is this about compressing the DTLS record layer or the DTLS handshake protocol? For the former, I wonder how much is there actually to compress (when using DTLS 1.3)? From: TLS <tls-bounces@ietf.org><mailto:tls-bounces@ietf.org> On Behalf Of Eric Rescorla Sent: Friday, May 27, 2022 5:30 PM To: Robert Moskowitz <rgm-sec@htt-consult.com><mailto:rgm-sec@htt-consult.com> Cc: <tls@ietf.org><mailto:tls@ietf.org> <tls@ietf.org><mailto:tls@ietf.org> Subject: Re: [TLS] SCHC for DTLS On Fri, May 27, 2022 at 6:27 AM Robert Moskowitz <rgm-sec@htt-consult.com<mailto:rgm-sec@htt-consult.com>> wrote: Is there any activity to define SCHC rules for DTLS? Not to my knowledge. -Ekr I want this for Unmanned Aircraft (UA) Network Remote ID (Net-RID) communications from the UA to the Net-RID Service Provider (SP). See https://datatracker.ietf.org/doc/draft-moskowitz-drip-secure-nrid-c2/ I am compressing ESP traffic using rfc 8750 and: https://datatracker.ietf.org/doc/draft-mglt-ipsecme-diet-esp/ SCHC is negotiated in IKE (and will be in HIP) and SA tables allow the ESP receiver to recognize a SCHC compressed ESP Header and act properly. It is not so simple with DTLS. First UDP is below DTLS, so how do you compress it? The way I see it, SCHC would need to be assigned an IP Protocol type so that the transport processing can start right up with the SCHC rule for UDP and then on to DTLS and then the cipher. Or at least how I see the challenge. So I am looking for any extant work on SCHC for DTLS and/or interest in this activity. The CoAP SCHC work, rfc 8824, dodge DTLS compression. Or that is how I read it. Thanks Bob _______________________________________________ TLS mailing list TLS@ietf.org<mailto:TLS@ietf.org> https://www.ietf.org/mailman/listinfo/tls IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. _________________________________________________________________________________________________________________________ Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. This message and its attachments may contain confidential or privileged information that may be protected by law; they should not be distributed, used or copied without authorisation. If you have received this email in error, please notify the sender and delete this message and its attachments. As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. Thank you.
- [lp-wan] FW: [TLS] SCHC for DTLS dominique.barthel
- Re: [lp-wan] FW: [TLS] SCHC for DTLS Robert Moskowitz
- Re: [lp-wan] FW: [TLS] SCHC for DTLS dominique.barthel
- Re: [lp-wan] FW: [TLS] SCHC for DTLS Robert Moskowitz
- Re: [lp-wan] FW: [TLS] SCHC for DTLS Thibaut Artis