Hi Dan, So if I understand this correctly, the intention of this draft is to describe how COAP header fields, options and data can be protected with DTLS (hence DTLS record) regardless of the key exchange mechanism. Is it intended as an alternative to OSCOAP/EDHOC? Thanks, Panos
-----Original Message----- From: Ace [mailto:[email protected]] On Behalf Of Dan García Carrillo Sent: Monday, January 16, 2017 6:00 PM To: [email protected]; [email protected] Cc: Dan García Carrillo <[email protected]> Subject: [Ace] App-layer security for CoAP using (D)TLS record layer Hello all: We submitted some time ago an I-D proposing the use of an active (D)TLS Record (e.g. running DTLS over CoAP or presenting a token with crypto material that is used to create the required keys for the DTLS record) to provide application level security for CoAP. https://tools.ietf.org/html/draft-garcia-core-app-layer-sec-with-dtls-record-00 The idea is to use an active (D)TLS record to protect part of the CoAP message following the rules established for OSCOAP: - The content to protect of a CoAP message (code, version, options to protect and payload if any) is fed to the (D)TLS record. - The output is the CoAP content to protect with a (D)TLS record header prepended. - That would be set into the payload of a modified version of the original CoAP message (before it is protected) that only contains options that do not need to be protected. We think this could add to an interesting discussion to the subject of Security for CoAP at application layer. Comments are welcome, Best Regards. _______________________________________________ Ace mailing list [email protected] https://www.ietf.org/mailman/listinfo/ace _______________________________________________ Ace mailing list [email protected] https://www.ietf.org/mailman/listinfo/ace
