Hello all:
We submitted some time ago an I-D proposing the use of an active (D)TLS Record
(e.g. running DTLS over CoAP or presenting a token with crypto material that is
used to create the required keys for the DTLS record) to provide application
level security for CoAP.
https://tools.ietf.org/html/draft-garcia-core-app-layer-sec-with-dtls-record-00
The idea is to use an active (D)TLS record to protect part of the CoAP message
following the rules established for OSCOAP:
- The content to protect of a CoAP message (code, version, options to protect
and payload if any) is fed to the (D)TLS record.
- The output is the CoAP content to protect with a (D)TLS record header
prepended.
- That would be set into the payload of a modified version of the original
CoAP message (before it is protected) that only contains options that do not
need to be protected.
We think this could add to an interesting discussion to the subject of Security
for CoAP at application layer.
Comments are welcome,
Best Regards.
_______________________________________________
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace
