Re: [TLS] SCHC header compression
<Hannes.Tschofenig@gmx.net> Wed, 18 December 2019 10:48 UTC
Return-Path: <Hannes.Tschofenig@gmx.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A064A120019; Wed, 18 Dec 2019 02:48:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=gmx.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3XMx8FADuifT; Wed, 18 Dec 2019 02:48:22 -0800 (PST)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CA6B41200F6; Wed, 18 Dec 2019 02:48:21 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net; s=badeba3b8450; t=1576666098; bh=94xx+9wv2xLCAtTO5/M9390vSB73QLuy7vN5a94a4C0=; h=X-UI-Sender-Class:From:To:Cc:References:In-Reply-To:Subject:Date; b=VDWNDRn49j5OKi1xN5pR6J+s0wQmnKvKTRraxIuFJwk9OTFADBKwp+9DmDea9K4Pz eJmn2GrreM6ocWr59YecGL7yrauHS4c4E1Rmf9pOTMxQw8iPOSsHGRifWiyUXcxAR5 m3WExVJe+0GGpQ/p0wi+RcM6n+igqDfhghC0SeP8=
X-UI-Sender-Class: 01bb95c1-4bf8-414a-932a-4f6e2808ef9c
Received: from E119863 ([195.149.223.43]) by mail.gmx.com (mrgmx004 [212.227.17.190]) with ESMTPSA (Nemesis) id 1MtOGa-1hpIb61PMU-00upR9; Wed, 18 Dec 2019 11:48:18 +0100
From: Hannes.Tschofenig@gmx.net
To: dominique.barthel@orange.com, tls@ietf.org
Cc: draft-ietf-lpwan-ipv6-static-context-hc@ietf.org
References: <19292_1574847682_5DDE44C2_19292_136_3_DA040352.6C797%dominique.barthel@orange.com>
In-Reply-To: <19292_1574847682_5DDE44C2_19292_136_3_DA040352.6C797%dominique.barthel@orange.com>
Date: Wed, 18 Dec 2019 11:48:16 +0100
Message-ID: <020901d5b590$a8789310$f969b930$@gmx.net>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_020A_01D5B599.0A3FBA30"
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQDTg/c8JsCNYgxOeGZyBqYSGle3IanEDFtg
Content-Language: en-us
x-ts-tracking-id: c91d09f3-29bb-4708-9576-8dce9af185a1.0
x-checkrecipientchecked: true
X-Provags-ID: V03:K1:IuH9AhlJCsgW+X2kz9hIldjT8R7FtjjodmxwYiMMQDxs9/zkvh/ lC9ULkXMumKBmRRX3Pp28UhaNHHk6dhIzXZuNX0R6zV8gwruiuU/iLwGNpq52mMDwzA3+s0 v191TiJITIDlgtTNKEocZMeFWsu6buzk+MWZqE4/oCR9UTkuYtRChIATfBcXyRwCsGXJVMp NGXy1uZzpifZUOkHrfyHA==
X-UI-Out-Filterresults: notjunk:1;V03:K0:0k8OjFvjodY=:gT+YuCGDcQlqVJiVi5J0m6 uGFcZYRtgE1xJX5u9Ji8i9+mtAbD1X4Mo97jH3gHszaerjgZ0ayvYQLwubko4O4n1R8kqvlWW TV9vvg/3Vw+tmPAg8L9wSFss+yVoSaj7sOjWJyFQWp1EV5R4K2F+3QeHXiyW8uAxYldtK0F7N bKL5B/jK0X7gh9ab2oBuKeQxXOOsc9Y9et4doJh/52aAMgz+nO1Dhf7src/nlkU71a8L2JFR7 4TEJz3GeZ2SMNiETWQDJRRq/wiPi2PfRGTw9ZPnVhr7CLbCI62XVrCiN6sr+04WQqgPp/v7oF btp9WsNi2gi9/ZDfmLJkcJPcHFpqsMEf5F3rks1rtN2IhsBt6e9a4K6MVHOEV0/JG8XNKVEp3 zTF4gMfIu0sk4w0E3lmAnT17w0BQef2j6Puzxo+TeppNdXDFISVTM5rjPIIkjnKrx+dVHXrt9 fq/P1E7cFGwJyHG1fIAFDzRIJWybQWyOup3qjFWTXeRFNY+VYnGh84N/P2l0Fe9Z2wRzmDePN MJzgF0RLzB2Bwcg7Qt3JbKc5OJQMY9GQGWUQamuefWyfAH8tweeFy9mhhOPNRg15BI3HvvYM0 nfvqt/EAIwEvtZAkE2c3I7TI5XBmr7yVNo33558tqBOmai6zOtjO32vFqC608x+y5MZQeco+h fJks+8iGyAbUqg74SKQ1PYMVMvdSzP4xYTICxJIeh0Xau/KiQIzQ+KNvELf66rWoL5t5BOGbf rBLlo+UzFTfNNt6tua8Il7aUWPRVCyXYyXaDmlLRbJJSh6LWODtprfcQ0HCSxqLBaeqET4YAh /7NwQJTiy1tkjzyhvvp4RXGHxBUL+9E92G/ylXWSXPzWEH8NTEkkcXqWj1WR7cf65zTgauir6 +Ps4Ysm4zwnYI5Lw/66ltf5A5HShd/ZD26CdBbse2KuOo6R7FcueMTFhcxJ0/nTS1r+/SBVuz or2zyxE+74IMLKOh82kHmAAO3r9zX5pz3wcLbNsYr7F8ZbwsWQnrfKK/PR9E4fWNMl82kmmyi eSGZtbbt7CCU89cZzQa1ltB8Y3SecNXPqXQonmQqDYMG7QDZlw5z3Gq8JKTc8JSVxIAOWa7v6 IJMfZTgRSftWXBEUpvZNZggbeJRwmArrVayFug52VuMZWij6mXEXRV/B6eHLQfKv+Bji7+dwh xjSJkjmY72QRu3D+lx4ftvtlgR3K5I31r5goDAaORbRUDa7jCcVfr0m6DOGjio3UwIESMPBmf 4jabjW7/Yn9mKqGoLcDAXAKsZ/ueguHG/fqQqONlCznJnlUrEU9PnELtEaFA=
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/swUgfMVEPZq5io2LR4rYvkC2EWs>
Subject: Re: [TLS] SCHC header compression
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Dec 2019 10:48:26 -0000
Thanks, Dominique. This is a useful clarification. The way the document is written does not made it clear that you indeed wanted to design a more generic compression algorithm. I don’t know whether there is still a chance for the LPWAN group to restructure the document because there is pretty much nothing in there that gives a reader the impression that the work has general applicability. As you have seen from my post to the LPWAN list I have been wondering about the overhead associated with SCHC because the LAKE community seems to be concerned about every byte (on the wire, and on flash). Unfortunately, there are no open source implementation in C available. Maybe the code in your demo may provide some insight into the extra code needed for this compression mechanism. This paper https://biblio.ugent.be/publication/8613162/file/8613540.pdf tells me that the overhead is roughly 6Kb of flash & 1Kb of RAM for the compressor/decompressor plus some code for the rules (maybe 3Kb). The paper focused on a different scenario and hence the results may vary based on applications. As you can imagine I can already hear someone in the LAKE group saying that they don’t have a SCHC stack on their device and the extra ~9Kb is a complete no-go for them. So, I am a bit careful about picking up a heavy cannon for removing a few fields in the handshake. After all, the biggest message in a TLS handshake is the Certificate message. The beauty of cTLS is that it does not change the TLS 1.3 security properties nor does it require a lot of changes to the implementations. As you may have seen in the cTLS draft we selectively pick fields that can be omitted or replaced. It is not obvious to me how SCHC would be integrated into a security protocol like TLS where you have to consider the downgrading protection in the compression. I am interested to learn more about your thoughts on this issue. I will re-read the draft to get a better understanding of the SCHC work and its applicability to TLS. Ciao Hannes From: TLS <tls-bounces@ietf.org> On Behalf Of dominique.barthel@orange.com Sent: Wednesday, November 27, 2019 10:41 AM To: tls@ietf.org Cc: draft-ietf-lpwan-ipv6-static-context-hc@ietf.org Subject: [TLS] SCHC header compression Hello Hannes, all, I'm a co-author of the SCHC draft (https://datatracker.ietf.org/doc/draft-ietf-lpwan-ipv6-static-context-hc/), which has passed IESG review. I may be unfortunate that the draft contains 3 distinct deliverables in one document - a generic header compression mechanism, which uses a static context for compression (Static Context Header Compression = SCHC) (Section 7) - a fragmentation protocol, which comes in 3 flavors, some of which have ack/retransmissions built-in. (Section 8) - an application of the compression mechanism to compress UDP+IPv6 headers (Section 10) This situation may lead to the conclusion that the header compression and fragmentation work together, or that SCHC only applies to UDP+IPv6 headers. The truth is different. The draft clearly states that fragmentation is optional: "If needed by the underlying layer, the optional SCHC Fragmentation MAY be applied to the SCHC Packet." Typically, some lower layers already have a fragmentation mechanism (e.g. NB-IoT), and don't need another one. As another data point, we have a demo showing the benefits of compressing CoAP headers, over a natively-IP network (LTE-m). We only use the generic compression mechanism of the above-mentioned draft, and we only use it to compress the CoAP headers. We believe that other protocols could benefit from the generic header compression framework established by SCHC and could save design time and code size by instantiating a set of SCHC compression rules for their own headers. If you are interested, we'd be happy to tell you a bit more about SCHC, either at an upcoming IETF meeting or during a dedicated conf call. Best regards, Dominique > Hi Hannes, > > My reading is that only compression/decompression applies to our case. > Fragmentation is optional and only concerns ipv6. I did not intent to make > the comment at an inappropriate time, but if so, please consider it when it > is appropriate. > > Yours, > Daniel > > On Thu, Nov 21, 2019 at 10:34 PM <Hannes.Tschofenig@gmx.net <mailto:Hannes.Tschofenig@gmx.net>> >; wrote: > > Hi Daniel > > > > Although inappropriate to discuss at the time of the adoption call I > wanted to point out that I looked at SCHC and was surprised to learn that > it is more than a compression scheme but also includes a protocol for > adding reliability. In my reading is essentially a replacement for 6lowpan. > Unfortunately, this design decision does not make it a well suited > mechanism for a generic compression mechanism. I am happy to get convinced > otherwise. > > > > Ciao > > Hannes > > > > *From:* TLS <tls-bounces@ietf.org <mailto:tls-bounces@ietf.org>> >; *On Behalf Of *Daniel Migault > *Sent:* Friday, November 22, 2019 10:20 AM > *To:* Panos Kampanakis (pkampana) <pkampana@cisco.com <mailto:pkampana@cisco.com>> >; > *Cc:* TLS List <tls@ietf.org <mailto:tls@ietf.org>> >; > *Subject:* Re: [TLS] Adoption call for draft-rescorla-tls-ctls > > > > I clearly support the adoption of the work, but it seems important to > ensure cTLS integrates or remains in line with the work on compression that > has been accomplished at the IETF - SCHC defined in lpwan might be a > starting point. It also seems important to me that cTLS defines mechanisms > that could be reused as TLS 1.3 evolves. > > > > Yours, > > Daniel _________________________________________________________________________________________________________________________ Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. This message and its attachments may contain confidential or privileged information that may be protected by law; they should not be distributed, used or copied without authorisation. If you have received this email in error, please notify the sender and delete this message and its attachments. As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. Thank you.
- [TLS] SCHC header compression dominique.barthel
- Re: [TLS] SCHC header compression Hannes.Tschofenig