Re: [TLS] [ALU] Re: extending the un-authenticated DTLS header

"Kraus Achim (INST/ESY1)" <> Wed, 16 November 2016 10:21 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 047391296F3 for <>; Wed, 16 Nov 2016 02:21:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -6.901
X-Spam-Status: No, score=-6.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id rmFyNiQk_yz1 for <>; Wed, 16 Nov 2016 02:21:14 -0800 (PST)
Received: from ( [IPv6:2a03:cc00:ff0:100::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id B2DD0129537 for <>; Wed, 16 Nov 2016 02:21:13 -0800 (PST)
Received: from (unknown []) by (Postfix) with ESMTP id EDEBCD801DB for <>; Wed, 16 Nov 2016 11:21:10 +0100 (CET)
Received: from ( []) by (Postfix) with ESMTP id 66C2EA40CAE for <>; Wed, 16 Nov 2016 11:21:10 +0100 (CET)
Received: from ([fe80::d052:f355:928e:e5ba]) by ([::1]) with mapi id 14.03.0319.002; Wed, 16 Nov 2016 11:21:41 +0100
From: "Kraus Achim (INST/ESY1)" <>
To: "" <>
Thread-Topic: [TLS] [ALU] Re: extending the un-authenticated DTLS header
Thread-Index: AQHSPw8nFDjstdrZ902zFk9/+RE1u6DbZUXA
Date: Wed, 16 Nov 2016 10:21:41 +0000
Message-ID: <>
References: <> <> <> <> <>
In-Reply-To: <>
Accept-Language: de-DE, en-US
Content-Language: de-DE
x-originating-ip: []
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-TM-AS-MML: disable
X-TM-AS-Product-Ver: IMSS-
X-TMASE-MatchedRID: qo4kGEUleplLfdwP+8LWGxmiTJb38WRepfVcx39Kq+4wFVxto+mLMHkp Nl+k3Px70i41U+l4JIhPqT/xzbGJfWTFilzGBdRxqJst3mlmdq4YlE/kjooKo7J3rmpkUU+TWU4 PVaxZEWP+cTYjc30iLS83Rst4LUB+mNrlAIQG7r/bNDWQseUeZcmZx4YdgiXB/9WTKGBWZFOoAb qESdJED3si3gD9jR5He4C1EulbDB1CMOF2vSwLTPHkpkyUphL9IcCiCHZJTlep7t/yrVnxkCZ9x AZfX8Ihakml/g8mox3DBBlXSY941TItqiewRFZO8lHxQZgd6ADNbZoHWAcdk1pbYq2f4jz+WbzY 4GA2m4u4f1A2F1rkO7Bdb9rysz6qW9DaXGhRJeDwtZfBooJ6awuK1hIitSIH51ONI4UL++qjxYy RBa/qJSw7AP50bcPJQs9S/5dKsKXdB/CxWTRRuyUIayx+Skid
Archived-At: <>
Subject: Re: [TLS] [ALU] Re: extending the un-authenticated DTLS header
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 16 Nov 2016 10:21:17 -0000


I'm still wondering, why the "clashing" calculations (section 4) are only based on the number of clients and not also on the length of the hash chain.
As I understood the hash chain, the DTLS server and client calculates a list of CIDs. Though the client chose one, the server has to prepare for the (left) list of CIDs. So even assuming that in average half of the list is already used, I think the length of that list has influence on the clashing.

Mit freundlichen Grüßen / Best regards

Achim Kraus

Bosch Software Innovations GmbH
Communications (INST/ESY1)
Stuttgarter Straße 130
71332 Waiblingen

Registered office: Berlin, Register court: Amtsgericht Charlottenburg, HRB 148411 B
Executives: Dr.-Ing. Rainer Kallenbach; Michael Hahn

-----Ursprüngliche Nachricht-----
Von: TLS [] Im Auftrag von Fossati, Thomas (Nokia - GB)
Gesendet: Dienstag, 15. November 2016 08:08
An: Martin Thomson <>; Eric Rescorla <>
Cc: Hannes Tschofenig <>;
Betreff: Re: [TLS] [ALU] Re: extending the un-authenticated DTLS header

On 15/11/2016 03:51, "TLS on behalf of Martin Thomson"
< on behalf of> wrote:
>On 15 November 2016 at 10:16, Eric Rescorla <> wrote:
>>> I'd be interested in an analysis of the potential privacy impacts of 
>>> this. Isn't this more or less the same as doing SPUD-for-DTLS? (If 
>>> not, sorry for dragging in controversy:-)
>> It would no doubt depend what you put there.
>Which is why I'm interested in seeing Nikos' (unpublished?) draft.


Working copy:

Slides for today, "DTLS Optimizations for IoT Deployments":

TLS mailing list