Re: [Uta] TLS Implementation Status for IoT
Achim Kraus <achimkraus@gmx.net> Mon, 21 September 2020 18:41 UTC
Return-Path: <achimkraus@gmx.net>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8B1693A0BBE for <uta@ietfa.amsl.com>; Mon, 21 Sep 2020 11:41:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, NICE_REPLY_A=-0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=gmx.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fBhgemGrR8-g for <uta@ietfa.amsl.com>; Mon, 21 Sep 2020 11:41:06 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.17.21]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5FEBF3A0BB6 for <uta@ietf.org>; Mon, 21 Sep 2020 11:41:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net; s=badeba3b8450; t=1600713662; bh=GqO7Y/AhulVpzWtQh2C/EUIfna/d1mugv+e47JFiA4Q=; h=X-UI-Sender-Class:Subject:To:References:From:Date:In-Reply-To; b=iXxgN4WoLnp9vqSDy5CCr3oXiGRGO/CUqAzsUjtJ2Y/oqQQ25HT2A+fEW+5aOGuFk mpyDdDB9MZWKlLdSb5kplgCduDna/hc/r12wpq0GgdaMpHuRVK47VpC4V9E4PHi1Sl Rmd1vMwzzkevao3hPQj6sxXb7UdBqgx0u6g593bg=
X-UI-Sender-Class: 01bb95c1-4bf8-414a-932a-4f6e2808ef9c
Received: from [192.168.178.45] ([178.2.233.174]) by mail.gmx.com (mrgmx104 [212.227.17.168]) with ESMTPSA (Nemesis) id 1MD9XF-1kBs1X0sPx-0097VU for <uta@ietf.org>; Mon, 21 Sep 2020 20:41:02 +0200
To: uta@ietf.org
References: <AM0PR08MB371616E1C2BD0F92DFCD9AD5FA3A0@AM0PR08MB3716.eurprd08.prod.outlook.com>
From: Achim Kraus <achimkraus@gmx.net>
Message-ID: <7bbc3c40-50eb-f092-eeed-9be9725863de@gmx.net>
Date: Mon, 21 Sep 2020 20:40:59 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0
MIME-Version: 1.0
In-Reply-To: <AM0PR08MB371616E1C2BD0F92DFCD9AD5FA3A0@AM0PR08MB3716.eurprd08.prod.outlook.com>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: quoted-printable
X-Provags-ID: V03:K1:crEM99BJXuZRJ3m6HBQJLsa5wjDgmP/HNWFuWv6dpo5uBqt7/hT vfbVqOYwOIBTnzDeomK3pEyss1vSd6EUqjRaCJ6AWExWMCfiqw9sGO8nzHbkHfjxKwVipBH uQxSGm3LZeT5nfbT+twbU6y81cMf4/Bk4GmLzAKDhEBpwhlb8XFaFrJ+zLulT9cIvGKDQ5Z 5AWG0eqhIjzv/wmj6OQhw==
X-UI-Out-Filterresults: notjunk:1;V03:K0:IlUZADrW1FM=:izDZFNu2f3D4f/R78SW89V 2/9m+6ArVOGtiNYT1u7nEefTk1+0/6cxfh2aaieeVpqcMitYWBcQQWW0+n8s8p5j4j7enYImi TP+HGlGaOLve5CJkmWVZErLBH3OuYZ4h2h2mCwUtBWG4G0Okc1ka52WYpRYBsKavwzhTBgK8/ XZcn5uXTRJcOoB4BnlBObuiI8tnMhZfv7sQtr5a9BFiCle5Y7hUiO8IhxkE8SKNOHlCTeW5QH e0Ydd9gaB9WWxHlq95KuhFduZ2rMWewVOIAZJWFiBDos9HIRDQuSvbAIDtQLyf9IYzYu/ZqI3 bGtaMybvjmHsWkNarp0puNoIN+2EE0HmYva53KAJreRzn3KzeOFhE9D0NObh+jnGZgd3/YxMN EDe7tyYVqr4Wdv97Sa49GbSKq2+9kJNhGPPP/mC1PjrwOVGrc4SbxveSWLqtIWlXSgi4GeqUI DSGJD+FXOXKXZpwR0qQhlQIHx/tjiUDah1W/LcDqfALkSquPE69qHdMV5Vq+0mxlAubLORzZG cHAQuZw2db/oBgit6uX2xhcxNM9mVEjm27w0yCUqTJE7VBpiwa59p+XArcFKiFD12C7GZ60q+ MViGHBaF/Qp93VZgfB4B5bTWg+lYXkkF1DPRSht57fVYi76hiwyh6SDY1b3jRoGfg/TKM1KC0 CWUdEmO1phsmDXkdQIHszdmfLtbMqtl8mvohSoPYRDCNQbfIBIoM2fKUM1Ay5GRd/lRIuzC0Q l3fBK8Rq+jsqc7p9Iq9cg8RKt2GSV2Q0XYhaCwKcThHccMprhxscBGTNjpldZGhu5OJvrxgO0 AuflRDY03itfCFV4MgK334CaIjH35XbxG1FvshDw0hVz0WRlM8o5urikn+q2GqTgGXy8L7pTI CnfhLB+GTOe4RSTddFe5sAyBI5HnQXWys9UiOGouyoPpMyzQghd8OruCoEQiXpgn2Q+Zff50j ljX4lBfWS/pGq1oOr0ANelm1qYAjmwsqiS3vthA9fs+Ghba49VCsgFMj9S3CWBVn2Jecu6AJx Zaq5MxHb41FCRNx3L1lxyxPncTRvuIaQQobvPFmgrUfcaJxZlxfjWbLg2DEyGp4WeNpfkRoHl bvdeCLBGb9poiKuUFCK0UOx4b/YpJGbOj99L++7mm4wXpfGG52V/HT6fUifrOiRdVFj+rY4i+ ixAqu9pQYfNAl7VnqVWjQIC2BaqjLWgDXvfboYJgN2lRKvjauIWclg2d3hoRgo7yQsYhkq/Sx M/gxkopDjlNBOLqXl9qUhlRKJVh05W2VOh/sBBA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/uta/0LniAstLEjPCD_b_VjXsEdGGiAo>
Subject: Re: [Uta] TLS Implementation Status for IoT
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Sep 2020 18:41:10 -0000
Great overview! > What is a bit disappointing is that many extensions targeting IoT optimizations are not implemented. It is hard to say why. Maybe companies don't feel a need to use these optimizations, maybe the optimizations aren't good enough, or companies are unaware of these RFCs. Sometimes that depends on the fact, that both sides must implement it. For many deployments, highly optimized TLS technique build the (cloud) endpoint (hw-tls-load-balancers) and these endpoints seems not to change too fast. A other reason from my view for that delay in adoption may also be the commercial view. IoT seems to be behind the timelines and so the invest in that is also postponed. best regards Achim Am 21.09.20 um 11:20 schrieb Hannes Tschofenig: > Hi all, > > working on draft-ietf-uta-tls13-iot-profile, Thomas and I have been looking at the implementation status of TLS/DTLS extensions on embedded devices. Here is what we found out looking at various popular stacks. There are lots of features in prototype status and we have not taken those into account. > > "red" means not implemented, "green" refers to an implemented feature, and "white" is an indication that we didn't have a chance to figure out whether the feature is supported or not because it was not described in the documentation. > > In a nutshell, it is fair to say that certificate and PSKs are well supported. Raw public key support is also available with a number of implementations. > What is a bit disappointing is that many extensions targeting IoT optimizations are not implemented. It is hard to say why. Maybe companies don't feel a need to use these optimizations, maybe the optimizations aren't good enough, or companies are unaware of these RFCs. > > Please let us know if we got something wrong or if we forgot your implementation. > > Ciao > Hannes > IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. > > > _______________________________________________ > Uta mailing list > Uta@ietf.org > https://www.ietf.org/mailman/listinfo/uta >
- [Uta] TLS Implementation Status for IoT Hannes Tschofenig
- Re: [Uta] TLS Implementation Status for IoT Eliot Lear
- Re: [Uta] TLS Implementation Status for IoT Achim Kraus
- Re: [Uta] TLS Implementation Status for IoT Hubert Kario