Re: [TLS] SCHC for DTLS
Robert Moskowitz <rgm-sec@htt-consult.com> Mon, 30 May 2022 18:30 UTC
Return-Path: <rgm-sec@htt-consult.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5A51FC15BE7E for <tls@ietfa.amsl.com>; Mon, 30 May 2022 11:30:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.782
X-Spam-Level:
X-Spam-Status: No, score=-8.782 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, NICE_REPLY_A=-1.876, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Wi6GX6euZNgf for <tls@ietfa.amsl.com>; Mon, 30 May 2022 11:30:31 -0700 (PDT)
Received: from z9m9z.htt-consult.com (z9m9z.htt-consult.com [23.123.122.147]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 19D38C15AAD3 for <tls@ietf.org>; Mon, 30 May 2022 11:30:30 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by z9m9z.htt-consult.com (Postfix) with ESMTP id 11ACE625DA; Mon, 30 May 2022 14:29:44 -0400 (EDT)
X-Virus-Scanned: amavisd-new at htt-consult.com
Received: from z9m9z.htt-consult.com ([127.0.0.1]) by localhost (z9m9z.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id Db-IJiqlDqOe; Mon, 30 May 2022 14:29:34 -0400 (EDT)
Received: from [192.168.24.67] (67.sub-174-240-151.myvzw.com [174.240.151.67]) (using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by z9m9z.htt-consult.com (Postfix) with ESMTPSA id 991456247F; Mon, 30 May 2022 14:29:33 -0400 (EDT)
Content-Type: multipart/alternative; boundary="------------sMrX4QMQAf8TBAn9p0yPkVdW"
Message-ID: <54f443c0-e9c0-b701-b456-8d90a923d875@htt-consult.com>
Date: Mon, 30 May 2022 14:30:15 -0400
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.9.0
Content-Language: en-US
To: Eric Rescorla <ekr@rtfm.com>
Cc: Hannes Tschofenig <Hannes.Tschofenig@arm.com>, tls@ietf.org
References: <f92962a4-dd76-5fd0-2a4d-91d4de87d251@htt-consult.com> <CABcZeBPLHiSO8V88C-8bwgxsH6vcNBs1t3rb0bggzJBKZPMT3g@mail.gmail.com> <DBBPR08MB5915042FBEF11C5A93DB12C6FADD9@DBBPR08MB5915.eurprd08.prod.outlook.com> <55d0ed70-9f53-8d3c-c421-927065f33348@htt-consult.com> <CABcZeBNVkTVzLEwmkt1arT0jeGnz3+Tarx+v0e33EcTgucfOYQ@mail.gmail.com> <6e85e9f0-8ebc-6554-cb7c-26011b23c42c@htt-consult.com> <CABcZeBOefy0Kbt=Rbkd51UfyLoMBcpT9N3ACoRoY+99BgaQ=6A@mail.gmail.com>
From: Robert Moskowitz <rgm-sec@htt-consult.com>
In-Reply-To: <CABcZeBOefy0Kbt=Rbkd51UfyLoMBcpT9N3ACoRoY+99BgaQ=6A@mail.gmail.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/wlC71e-v0lqd_qq47xaYp9P0tTw>
Subject: Re: [TLS] SCHC for DTLS
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 30 May 2022 18:30:36 -0000
On 5/30/22 13:03, Eric Rescorla wrote: > > > On Mon, May 30, 2022 at 9:38 AM Robert Moskowitz > <rgm-sec@htt-consult.com> wrote: > > Great to know. thanks. My feable attempts to find this were > coming up empty. But now I should be able to put some things > together. > > I am assuming that the DTLS header is part of the AEAD > protection. Thus I can squeeze out the UDP CRC? > > > The DTLS header is included in the AD, yes. > > > I recall seeing length in the DTLS header, but I do not have it in > front of me. Also want to drop that from the UDP header... > > > DTLS 1.3 has a header mode in which it omits the length and just uses > the UDP length. That may be easier. My way of thinking is that the DTLS length is protected. So the SCHC rule has the source and dest UDP ports as static and derives the UDP length from the DTLS length. The CRC is just built as if the ICV is bad, the packet gets dropped there. So pick up 7 bytes. May or may not make a difference... Well actually the target size is 16 bytes, as this is what is spent in MAVlink for Seq#, CRC, and keyed MAC. You can't equal that with 8 bytes UDP, 12 bytes GCM-12, and whatever DTLS is. One thing we have discussed on the IPSECME list is inbound packet processing. With the IP protocol being ESP, how does the ESP layer 'know' that this is a diet-esp compressed header? Well the first byte would have to map to a SPI that is uniquely diet-esp and rule out looking at 4-byte full SPIs. This (inbound SPI selection) can be controlled by IKE. So a similar thing here. Assume that UDP is compressed to zero, so if the beginning of the DTLS header would look like a UDP source port, but map to the SCHC rule, then for this limited use case, it would not be necessary to have SCHC as an IP protocol and use 1 byte for over-the-wire SCHC rule. > > -Ekr > > > Anyway, this is good info. > > On 5/30/22 12:12, Eric Rescorla wrote: >> We spent a fair bit of time working to shrink the DTLS 1.3 record >> layer, so I'm not sure how much room there is for optimization. >> See: >> https://www.rfc-editor.org/rfc/rfc9147.html#name-the-dtls-record-layer >> >> Specifically, the longest header (w/o CID) is 5 octets and the >> shortest is 2 octets. The sequence number is used for the IV, so >> there's no extra there. >> >> -Ekr >> >> On Mon, May 30, 2022 at 6:28 AM Robert Moskowitz >> <rgm-sec@htt-consult.com> wrote: >> >> Greetings Hannes, >> >> This is for the record layer. And I really don't know how >> much would be gained. >> >> But as I would see it, this use of SCHC would be for >> UDP/DTLS/cipher. Since it is starting with UDP, SCHC would >> have to be an IP Protocol (not currently defined as such). >> So you loose 1 byte for the SCHC rule, against the 8 probably >> saved in compressing UDP to 0 bytes. Then there is the >> cipher. Try AES-GCM-12; what is currently used for the IV? >> Can something like rfc8750 be added to use the seq # in the >> DTLS header and gain maybe 16 bytes? I really don't know the >> DTLS header at all. I have tried to find some decent layout >> as I am use to for ESP in 4303 (Fig 1) for side-by-side >> comparison. >> >> But if it means being able to fit over some UHF carrier for >> unmanned aircraft (UA) Network Remote ID (Net-RID) and >> Command and Control (C2)? Worth the effort. >> >> So this is not something I could do myself, but something >> that I see using and thus pitching in on doing it. >> >> On 5/30/22 05:33, Hannes Tschofenig wrote: >>> >>> Bob, is this about compressing the DTLS record layer or the >>> DTLS handshake protocol? >>> >>> For the former, I wonder how much is there actually to >>> compress (when using DTLS 1.3)? >>> >>> *From:* TLS <tls-bounces@ietf.org> >>> <mailto:tls-bounces@ietf.org> *On Behalf Of * Eric Rescorla >>> *Sent:* Friday, May 27, 2022 5:30 PM >>> *To:* Robert Moskowitz <rgm-sec@htt-consult.com> >>> <mailto:rgm-sec@htt-consult.com> >>> *Cc:* <tls@ietf.org> <mailto:tls@ietf.org> <tls@ietf.org> >>> <mailto:tls@ietf.org> >>> *Subject:* Re: [TLS] SCHC for DTLS >>> >>> On Fri, May 27, 2022 at 6:27 AM Robert Moskowitz >>> <rgm-sec@htt-consult.com> wrote: >>> >>> Is there any activity to define SCHC rules for DTLS? >>> >>> Not to my knowledge. >>> >>> -Ekr >>> >>> >>> I want this for Unmanned Aircraft (UA) Network Remote ID >>> (Net-RID) >>> communications from the UA to the Net-RID Service >>> Provider (SP). >>> >>> See >>> >>> https://datatracker.ietf.org/doc/draft-moskowitz-drip-secure-nrid-c2/ >>> >>> I am compressing ESP traffic using rfc 8750 and: >>> >>> https://datatracker.ietf.org/doc/draft-mglt-ipsecme-diet-esp/ >>> >>> SCHC is negotiated in IKE (and will be in HIP) and SA >>> tables allow the >>> ESP receiver to recognize a SCHC compressed ESP Header >>> and act properly. >>> >>> It is not so simple with DTLS. First UDP is below DTLS, >>> so how do you >>> compress it? The way I see it, SCHC would need to be >>> assigned an IP >>> Protocol type so that the transport processing can start >>> right up with >>> the SCHC rule for UDP and then on to DTLS and then the >>> cipher. >>> >>> Or at least how I see the challenge. >>> >>> So I am looking for any extant work on SCHC for DTLS >>> and/or interest in >>> this activity. >>> >>> The CoAP SCHC work, rfc 8824, dodge DTLS compression. >>> Or that is how I >>> read it. >>> >>> Thanks >>> >>> Bob >>> >>> _______________________________________________ >>> TLS mailing list >>> TLS@ietf.org >>> https://www.ietf.org/mailman/listinfo/tls >>> >>> IMPORTANT NOTICE: The contents of this email and any >>> attachments are confidential and may also be privileged. If >>> you are not the intended recipient, please notify the sender >>> immediately and do not disclose the contents to any other >>> person, use it for any purpose, or store or copy the >>> information in any medium. Thank you. >> >
- [TLS] SCHC for DTLS Robert Moskowitz
- Re: [TLS] SCHC for DTLS Eric Rescorla
- Re: [TLS] SCHC for DTLS Hannes Tschofenig
- Re: [TLS] SCHC for DTLS Robert Moskowitz
- Re: [TLS] SCHC for DTLS Eric Rescorla
- Re: [TLS] SCHC for DTLS Robert Moskowitz
- Re: [TLS] SCHC for DTLS Eric Rescorla
- Re: [TLS] SCHC for DTLS Robert Moskowitz