[TLS] DTLS support of SCHC
Robert Moskowitz <rgm-sec@htt-consult.com> Tue, 14 June 2022 17:45 UTC
Return-Path: <rgm-sec@htt-consult.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E27ACC14F735 for <tls@ietfa.amsl.com>; Tue, 14 Jun 2022 10:45:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.909
X-Spam-Level:
X-Spam-Status: No, score=-6.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id L4BxmQwDp7k9 for <tls@ietfa.amsl.com>; Tue, 14 Jun 2022 10:45:43 -0700 (PDT)
Received: from z9m9z.htt-consult.com (z9m9z.htt-consult.com [23.123.122.147]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1804CC14F72E for <tls@ietf.org>; Tue, 14 Jun 2022 10:45:42 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by z9m9z.htt-consult.com (Postfix) with ESMTP id B66FF6275A for <tls@ietf.org>; Tue, 14 Jun 2022 13:44:56 -0400 (EDT)
X-Virus-Scanned: amavisd-new at htt-consult.com
Received: from z9m9z.htt-consult.com ([127.0.0.1]) by localhost (z9m9z.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id IckSTvqtBQ5l for <tls@ietf.org>; Tue, 14 Jun 2022 13:44:51 -0400 (EDT)
Received: from [192.168.160.11] (unknown [192.168.160.11]) (using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by z9m9z.htt-consult.com (Postfix) with ESMTPSA id 647FE626A8 for <tls@ietf.org>; Tue, 14 Jun 2022 13:44:49 -0400 (EDT)
Message-ID: <dbade200-d33e-534f-dda7-333aadfbf348@htt-consult.com>
Date: Tue, 14 Jun 2022 13:45:33 -0400
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.9.0
To: tls <tls@ietf.org>
Content-Language: en-US
From: Robert Moskowitz <rgm-sec@htt-consult.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/ZJjQiVcQ16nBFPJiwPXzLX0xIFw>
Subject: [TLS] DTLS support of SCHC
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Jun 2022 17:45:47 -0000
I have been doing more research on using SCHC with DTLS for general UDP applications. For this I am using MAVlink https://mavlink.io/en/ As my UDP app example. I see EKR's point on the small header design of DTLS 1.3 per RFC9147 fig 3. I will use: 2-byte CID 1-byte Seq# (same as MAVlink) 2-byte Length (max MAVlink after compression is 263 bytes) The SCHC rules allow for compressing 16 bytes within MAVlink and eliminating transport of the UDP header. The challenge is without the UDP header, and assuming NextHeader is UDP, how does the UDP layer handle this datagram? The UDP Destination Port is the DTLS Seq and 1st byte of the length. This seems to fraught with failure modes, and that the NextHeader really MUST be SCHC as I have defined in draft-moskowitz-lpwan-ipnumber. This is really the first question: Is there anyway to do this without adding SCHC as an IP Number? Next is does the RuleID need to be explicit in the packet or can it be implicit? I think that would depend on the IP Source Addr. If this is the ONLY SCHC RuleID from that addr, then, yes it can be implicit, saving the byte. Finally setting up SCHC. Is static configuration the only option? Well for MAVlink use, this is not so much an issue, as there is a limited pairing between UA/GCS. But should there be a DTLS SCHC negotiation as link in draft-mglt-ipsecme-ikev2-diet-esp-extension? I welcome your comments/observations. Oh, why work hard to save 24 bytes over the 'wire'? For some wireless links that might be all it takes to result in fragmentation and potentially doubling the link usage. Other UDP apps might have other savings. This might have general aviation usage beyond what I have looked at todate. Thanks. Bob
- [TLS] DTLS support of SCHC Robert Moskowitz