Re: [TLS] SCHC for DTLS
Robert Moskowitz <rgm-sec@htt-consult.com> Mon, 30 May 2022 13:28 UTC
Return-Path: <rgm-sec@htt-consult.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7351BC15C0B0 for <tls@ietfa.amsl.com>; Mon, 30 May 2022 06:28:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.783
X-Spam-Level:
X-Spam-Status: No, score=-3.783 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, NICE_REPLY_A=-1.876, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NU9endmOgbd5 for <tls@ietfa.amsl.com>; Mon, 30 May 2022 06:28:03 -0700 (PDT)
Received: from z9m9z.htt-consult.com (z9m9z.htt-consult.com [23.123.122.147]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4E896C15C0AF for <tls@ietf.org>; Mon, 30 May 2022 06:28:03 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by z9m9z.htt-consult.com (Postfix) with ESMTP id 91B04625DA; Mon, 30 May 2022 09:27:15 -0400 (EDT)
X-Virus-Scanned: amavisd-new at htt-consult.com
Received: from z9m9z.htt-consult.com ([127.0.0.1]) by localhost (z9m9z.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id Mrrr7nrWrX3G; Mon, 30 May 2022 09:27:04 -0400 (EDT)
Received: from [192.168.160.11] (unknown [192.168.160.11]) (using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by z9m9z.htt-consult.com (Postfix) with ESMTPSA id DAC876256E; Mon, 30 May 2022 09:27:01 -0400 (EDT)
Content-Type: multipart/alternative; boundary="------------Pt1cKwPCQbyv5yyCcRwjpdCQ"
Message-ID: <55d0ed70-9f53-8d3c-c421-927065f33348@htt-consult.com>
Date: Mon, 30 May 2022 09:27:33 -0400
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.9.0
Content-Language: en-US
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>, Eric Rescorla <ekr@rtfm.com>
Cc: tls@ietf.org
References: <f92962a4-dd76-5fd0-2a4d-91d4de87d251@htt-consult.com> <CABcZeBPLHiSO8V88C-8bwgxsH6vcNBs1t3rb0bggzJBKZPMT3g@mail.gmail.com> <DBBPR08MB5915042FBEF11C5A93DB12C6FADD9@DBBPR08MB5915.eurprd08.prod.outlook.com>
From: Robert Moskowitz <rgm-sec@htt-consult.com>
In-Reply-To: <DBBPR08MB5915042FBEF11C5A93DB12C6FADD9@DBBPR08MB5915.eurprd08.prod.outlook.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/ag0e-d3z9uhT8cFt_02Ti_7pwMo>
Subject: Re: [TLS] SCHC for DTLS
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 30 May 2022 13:28:04 -0000
Greetings Hannes, This is for the record layer. And I really don't know how much would be gained. But as I would see it, this use of SCHC would be for UDP/DTLS/cipher. Since it is starting with UDP, SCHC would have to be an IP Protocol (not currently defined as such). So you loose 1 byte for the SCHC rule, against the 8 probably saved in compressing UDP to 0 bytes. Then there is the cipher. Try AES-GCM-12; what is currently used for the IV? Can something like rfc8750 be added to use the seq # in the DTLS header and gain maybe 16 bytes? I really don't know the DTLS header at all. I have tried to find some decent layout as I am use to for ESP in 4303 (Fig 1) for side-by-side comparison. But if it means being able to fit over some UHF carrier for unmanned aircraft (UA) Network Remote ID (Net-RID) and Command and Control (C2)? Worth the effort. So this is not something I could do myself, but something that I see using and thus pitching in on doing it. On 5/30/22 05:33, Hannes Tschofenig wrote: > > Bob, is this about compressing the DTLS record layer or the DTLS > handshake protocol? > > For the former, I wonder how much is there actually to compress (when > using DTLS 1.3)? > > *From:* TLS <tls-bounces@ietf.org> *On Behalf Of * Eric Rescorla > *Sent:* Friday, May 27, 2022 5:30 PM > *To:* Robert Moskowitz <rgm-sec@htt-consult.com> > *Cc:* <tls@ietf.org> <tls@ietf.org> > *Subject:* Re: [TLS] SCHC for DTLS > > On Fri, May 27, 2022 at 6:27 AM Robert Moskowitz > <rgm-sec@htt-consult.com> wrote: > > Is there any activity to define SCHC rules for DTLS? > > Not to my knowledge. > > -Ekr > > > I want this for Unmanned Aircraft (UA) Network Remote ID (Net-RID) > communications from the UA to the Net-RID Service Provider (SP). > > See > > https://datatracker.ietf.org/doc/draft-moskowitz-drip-secure-nrid-c2/ > > I am compressing ESP traffic using rfc 8750 and: > > https://datatracker.ietf.org/doc/draft-mglt-ipsecme-diet-esp/ > > SCHC is negotiated in IKE (and will be in HIP) and SA tables allow > the > ESP receiver to recognize a SCHC compressed ESP Header and act > properly. > > It is not so simple with DTLS. First UDP is below DTLS, so how do > you > compress it? The way I see it, SCHC would need to be assigned an IP > Protocol type so that the transport processing can start right up > with > the SCHC rule for UDP and then on to DTLS and then the cipher. > > Or at least how I see the challenge. > > So I am looking for any extant work on SCHC for DTLS and/or > interest in > this activity. > > The CoAP SCHC work, rfc 8824, dodge DTLS compression. Or that is > how I > read it. > > Thanks > > Bob > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls > > IMPORTANT NOTICE: The contents of this email and any attachments are > confidential and may also be privileged. If you are not the intended > recipient, please notify the sender immediately and do not disclose > the contents to any other person, use it for any purpose, or store or > copy the information in any medium. Thank you.
- [TLS] SCHC for DTLS Robert Moskowitz
- Re: [TLS] SCHC for DTLS Eric Rescorla
- Re: [TLS] SCHC for DTLS Hannes Tschofenig
- Re: [TLS] SCHC for DTLS Robert Moskowitz
- Re: [TLS] SCHC for DTLS Eric Rescorla
- Re: [TLS] SCHC for DTLS Robert Moskowitz
- Re: [TLS] SCHC for DTLS Eric Rescorla
- Re: [TLS] SCHC for DTLS Robert Moskowitz