Re: [TLS] Solving the NAT expiring problem causing DTLS renegotiation with high power consumption in DTLS1.2

Sean Turner <sean@sn3rd.com> Wed, 12 July 2017 14:56 UTC

Return-Path: <sean@sn3rd.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 873F6131691 for <tls@ietfa.amsl.com>; Wed, 12 Jul 2017 07:56:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sn3rd.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wewIIG-GQjGS for <tls@ietfa.amsl.com>; Wed, 12 Jul 2017 07:56:36 -0700 (PDT)
Received: from mail-qt0-x22b.google.com (mail-qt0-x22b.google.com [IPv6:2607:f8b0:400d:c0d::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4854612F3D0 for <tls@ietf.org>; Wed, 12 Jul 2017 07:56:36 -0700 (PDT)
Received: by mail-qt0-x22b.google.com with SMTP id i2so14463212qta.3 for <tls@ietf.org>; Wed, 12 Jul 2017 07:56:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sn3rd.com; s=google; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=+tzyuejQG7pYOy51GJhARQryViSP4atux2Cy/9t6F/8=; b=gQ/BxpWRjHUm+dhTFI74kCyK4D33dlbsVK6BWFVAmdlkn5zMrOYaCvOv946Q3u0KCa //fqOqrcUm6LMatM/tMKCvVuND4A093T049Fe8STtfzLap4oo4eW4UIl2uwMqZe9vT3q TKe2AiNb9/RRL5PAxwWHzh0oCs8Kjc/dEhYrs=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=+tzyuejQG7pYOy51GJhARQryViSP4atux2Cy/9t6F/8=; b=irYEMN0KZGg1lR0vPXrgP7+s7JxBzFKrPjcTg4zSViAuKxraS6r2r5q8SbyKgtlM8Y 1Kb4vsGdx39KG8KPqQfJEiMgmSkN6IQFNLEWb/1mrBS5GhTTIjdTTmdFTbw6XcRgC6kd TIwLMH1LY2CCejhXCRZGcabKb0Rtkqq2wWlVtSRbcrIk+131ACjplv6CrYiQ6EgOkcR8 nPk3lA1CYtN/jXwTNOWFB1px8fB4w9UmIlW83OwMlezOLkFAHVDE5InmwF6c1cEgDycR RU6o9JRYvEyNjWRyc/4Un41qd4ZqiW6dnwu44bDdOf4GXuM4aqJw3HL096DQZ4poUyEC etNw==
X-Gm-Message-State: AIVw1115txOYu3EbbLnDTVF/9Oq0wvG7KSYIhawi1wUa3oRmFIQwP1eb hTRUnwdjydw0ylvC
X-Received: by 10.200.10.202 with SMTP id g10mr6593331qti.227.1499871395292; Wed, 12 Jul 2017 07:56:35 -0700 (PDT)
Received: from [172.16.0.18] ([96.231.216.165]) by smtp.gmail.com with ESMTPSA id n11sm2134894qtf.45.2017.07.12.07.56.33 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 12 Jul 2017 07:56:34 -0700 (PDT)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
From: Sean Turner <sean@sn3rd.com>
In-Reply-To: <DBDF9AE44733284D808F0E585E1919022C78B070@dggemi508-mbx.china.huawei.com>
Date: Wed, 12 Jul 2017 10:56:32 -0400
Cc: "tls@ietf.org" <tls@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <EF3E130D-1061-40A8-8A7E-89F251366D89@sn3rd.com>
References: <DBDF9AE44733284D808F0E585E1919022C78B070@dggemi508-mbx.china.huawei.com>
To: yinxinxing <yinxinxing@huawei.com>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/3uAkVxmPH7CtoIgrsAghZWSi39Y>
Subject: Re: [TLS] Solving the NAT expiring problem causing DTLS renegotiation with high power consumption in DTLS1.2
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Jul 2017 14:56:39 -0000

 
> On Jul 6, 2017, at 23:04, yinxinxing <yinxinxing@huawei.com>; wrote:
> 
> Hi all,
>  
> The NAT table expiring problem mentioned in the  following email should also be considered in DTLS1.2 as an extension.
>  
> The value and necessity are as follows.
>  
> 1. Essentially, NAT expiring problem causing DTLS renegotiation with high power consumption is existing in DTLS 1.2. Even if we solve this in DTLS1.3, this problem still exist for products using DTLS1.2.
> Currently, many IOT products using DTLS 1.2 are going to be deployed commercially, such as intelligent water/gas meter. These meters usually have limited battery and low cost. To be more accurate, the battery of the chip module of the intelligent water/gas meter are required to last for 10 years. These lead to an exercise strict control over the power consumption of the chip module. NAT expiring problem causing DTLS renegotiation with high power consumption is a bottleneck of these IOT devices. According to our experimental data, under the worst coverage level (ECL2), power consumption of the chip module when DTLS is embedded increases by nearly 60%. Therefore, there should be a solution to solve the urgent problem to match the low-cost and low-battery feature of the IOT devices in DTLS 1.2.

I have to ask whether these IoT devices are updatable?

> 2. DTLS 1.3 will be standardized in 2018, but the corresponding open source code will be available about one year later after the standardization. At present, large-scale commercial IOT industry deployment is urgent, it is too late to wait for DTLS 1.3. Thus, we hope that the above problem could be solved in DTLS 1.2 as soon as possible.

On this point, I’m hoping that you’ll be wrong ;). From the list of TLS implementations found here:
https://github.com/tlswg/tls13-spec/wiki/Implementations
and assuming there is as much enthusiasm to implement DTLS1.3 as there was for TLS1.3 then I’m hoping that the DTLS implementations will be ready much sooner than a year after publication (they might be ready before the RFC is published).

spt

> Any comment is appreciated.
>  
> Regards,
> Yin Xinxing
>  
>  
> 发件人: yinxinxing 
> 发送时间: 2017年6月27日 16:28
> 收件人: 'Eric Rescorla'
> 抄送: tls@ietf.org; Tobias Gondrom
> 主题: Re: [TLS] Yin Xinxing joins the TLS WG
>  
> Thanks Eric,
>  
> I have seen the CID scheme, and talked with Hannes(the author of the scheme).
>  
> CID scheme is a good idea to solve the problem I mentioned.
>  
> I think the length of CID (currently, it is 32 bits) can be longer so that it can support more DTLS sessions. It is known that for IOT scenario, 1 million connection is nothing.
>  
> Regards,
> Yin Xinxing
>  
> 发件人: Eric Rescorla [mailto:ekr@rtfm.com] 
> 发送时间: 2017年6月25日 21:33
> 收件人: yinxinxing
> 抄送: tls@ietf.org; Xiongxiaochun
> 主题: Re: [TLS] Yin Xinxing joins the TLS WG
>  
> Hi Yin,
>  
> The usual solution to this is to add a connection id. Please see:
> https://github.com/tlswg/dtls13-spec/issues/6
>  
> -Ekr
>  
>  
>  
>  
> On Sun, Jun 25, 2017 at 2:33 AM, yinxinxing <yinxinxing@huawei.com>; wrote:
> Hello everyone,
>  
> I am Yin Xinxing from Huawei company. I am glad to join the TLS WG.
>  
> For the DLTS 1.3 draft, I am interested and have some ideas to talk with you.
>  
> DTLS has a lot of application scenarios in IOT fields, but currently, there is some difficulty when DTLS 1.2 is applied to IOT devices, especially the battery-constrained IOT devices.
>  
> For example, when the IOT device wakes up from sleep mode, the NAT table may have expired.
> Then the IOT device has to establish a new DTLS session or at least launches a resume process with the server, the corresponding power consumption is too high for some power-constrained devices. 
> How can DTLS renegotiation be avoided in order to save battery?
>  
> I hope the contributors of DTLS 1.3 (or DTLS 1.2) can consider this problem and give a proper solution.  
>  
> Any comment or idea about this problem is welcome.
>  
> Regards,
> Yin Xinxing
> 
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
> 
>  
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls