Re: [T2TRG] dtls resume
Daniel Lux <daniel@seluxit.com> Thu, 03 November 2016 21:33 UTC
Return-Path: <daniel@seluxit.com>
X-Original-To: t2trg@ietfa.amsl.com
Delivered-To: t2trg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 88D591298D9 for <t2trg@ietfa.amsl.com>; Thu, 3 Nov 2016 14:33:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.494
X-Spam-Level:
X-Spam-Status: No, score=-0.494 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DC_PNG_UNO_LARGO=0.001, HTML_IMAGE_ONLY_28=1.404, HTML_MESSAGE=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ea5mivs5ixJB for <t2trg@ietfa.amsl.com>; Thu, 3 Nov 2016 14:33:22 -0700 (PDT)
Received: from mail.seluxit.com (mail.viasens.com [85.10.205.146]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C5D8D129929 for <t2trg@irtf.org>; Thu, 3 Nov 2016 14:33:09 -0700 (PDT)
Received: from daniel-ThinkPad-T440p.lan (0x3ec67450.inet.dsl.telianet.dk [62.198.116.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.seluxit.com (Postfix) with ESMTPSA id 49709FE27B8; Thu, 3 Nov 2016 22:33:08 +0100 (CET)
Message-ID: <1478208787.3545.10.camel@seluxit.com>
From: Daniel Lux <daniel@seluxit.com>
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>, "t2trg@irtf.org" <t2trg@irtf.org>
Date: Thu, 03 Nov 2016 22:33:07 +0100
In-Reply-To: <136ca589-91da-b40f-5d22-e846cb7593a4@gmx.net>
References: <1478162371.13408.8.camel@seluxit.com> <136ca589-91da-b40f-5d22-e846cb7593a4@gmx.net>
Organization: Seluxit
Content-Type: multipart/related; type="multipart/alternative"; boundary="=-qrTdaliqAKdPdBNfiybp"
X-Mailer: Evolution 3.18.5.2-0ubuntu3
Mime-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/t2trg/ZZ6o5_MOSlKvT_Ac7mkgw_Y-qNE>
Subject: Re: [T2TRG] dtls resume
X-BeenThere: t2trg@irtf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "IRTF Thing-to-Thing \(T2T\) Research-Group-in-creation" <t2trg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/t2trg>, <mailto:t2trg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/t2trg/>
List-Post: <mailto:t2trg@irtf.org>
List-Help: <mailto:t2trg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/t2trg>, <mailto:t2trg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Nov 2016 21:33:23 -0000
Thanks, I was searching for that document. He is however if I read it right, suggesting to change the DTLS record layer header and not the nonce used for the cipher. Making a specific cipher for constrained devices, where the nonce is reduced to 6 or even only 5 bytes (requiring re- negotiation when roll over is approaching), would not require to change the DTLS record layer header. I don't know however what is easier to push through, changing the header or introducing a new cipher? /daniel On Thu, 2016-11-03 at 20:09 +0100, Hannes Tschofenig wrote: > Section 4 of > https://tools.ietf.org/html/draft-fossati-tls-iot-optimizations-00 > > Ciao > Hannes > > > On 11/03/2016 09:39 AM, Daniel Lux wrote: > > > > During our meeting in Ludwigsuburg at the implementers workshop we > > discussed the DTLS resume problem. > > This problem occurs when a constrained device behind a NAT > > communicates > > with a server and the NAT changes the > > UDP source port or the IP address of the sending constrained > > device, > > while the server uses the source address and port number > > to identify the DTLS connection. > > > > One other solution than adding a parameter to the DTLS records > > would be > > to construct the IV/NONCE in a way that > > allows the server to identify the session from that information. > > This would mean that we would need to specify a new cipher suite, > > but > > otherwise it might be an elegant solution. > > Has anybody suggested this kind of solution to the resume problem? > > > > Kind regards > > > > Daniel -- Daniel Lux Tlf: (+45)-46 922 722 Seluxit Hjulmagervej 32B 9000 Aalborg Denmark We are currently working on: * New gateway version * ENCOURAGE EU project * Mobile Phone program
- [T2TRG] dtls resume Daniel Lux
- Re: [T2TRG] dtls resume Olaf Bergmann
- Re: [T2TRG] dtls resume Daniel Lux
- Re: [T2TRG] dtls resume Joerg Ott
- Re: [T2TRG] dtls resume Hannes Tschofenig
- Re: [T2TRG] dtls resume Daniel Lux
- Re: [T2TRG] dtls resume Daniel Lux
- Re: [T2TRG] dtls resume Behcet Sarikaya
- Re: [T2TRG] dtls resume Daniel Lux
- Re: [T2TRG] dtls resume Hannes Tschofenig
- Re: [T2TRG] dtls resume --- used for bootstrap Michael Richardson
- [T2TRG] NAT problems with DTLS record format (was… Michael Richardson