Hello all: We submitted some time ago an I-D proposing the use of an active (D)TLS Record (e.g. running DTLS over CoAP or presenting a token with crypto material that is used to create the required keys for the DTLS record) to provide application level security for CoAP.
https://tools.ietf.org/html/draft-garcia-core-app-layer-sec-with-dtls-record-00 The idea is to use an active (D)TLS record to protect part of the CoAP message following the rules established for OSCOAP: - The content to protect of a CoAP message (code, version, options to protect and payload if any) is fed to the (D)TLS record. - The output is the CoAP content to protect with a (D)TLS record header prepended. - That would be set into the payload of a modified version of the original CoAP message (before it is protected) that only contains options that do not need to be protected. We think this could add to an interesting discussion to the subject of Security for CoAP at application layer. Comments are welcome, Best Regards. _______________________________________________ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace