Someone had pointed it out on the mic in ACE @ IETF99, I think. Redefining well established protocol functionality like (D)TLS' to secure communications of other unencrypted application protocols comes with the risks of lack of vetting and scrutiny, test of time and mistakes though.
I am not against this work, but I have seen many new secure protection channel establishment protocols and I am not sure there are no issues which we don't see now that will manifest themselves later. -----Original Message----- From: Ace [mailto:[email protected]] On Behalf Of Michael Richardson Sent: Tuesday, November 21, 2017 1:48 PM To: [email protected] Cc: Derek Atkins <[email protected]> Subject: Re: [Ace] Application Layer TLS Derek Atkins <[email protected]> wrote: >> based on the recent email discussion about the DTLS proxy I thought it might >> be useful that there was some thinking about how to run TLS/DTLS at the >> application layer. > I don't understand this statement. The whole point of TLS/DTLS is that > it runs at the Application Layer (as opposed to at the network layer, DTLS has to provide many of the services of the Transport and Network layer (various amounts of reliability, fragmentation/segmentation) and there is overhead in that. When running over things like CoAP, which *ALSO* provides those services, and in a more constrained network happy way, DTLS is way less appealing. > Perhaps we need a better naming scheme here. In my opinion, the ISO layer naming system has always been better as documentation, rather than architecture :-) -- Michael Richardson <[email protected]>, Sandelman Software Works -= IPv6 IoT consulting =- _______________________________________________ Ace mailing list [email protected] https://www.ietf.org/mailman/listinfo/ace
