Kurt, It could also use DTLS instead of TLS, which does work over UDP. > > (D)TLS can already store the session on the client side, and > give that to the server on "resumption". But maybe that would > require too many packets? > > You make a really good point here. I would like to understand better why DTLS does not work here.
Even if NTS does not run over DTLS, it would be helpful to go over the DTLS RFCs anyway, since several issues that affect DTLS might also affect NTS. For example: 1) Have we confirmed the NTS's KE messages can fit in a single IP packet? If not, and since this is all sent over UDP, there is no guarantee that the packets arrive in order. DTLS explicitly addresses this issue, see Section 4.2.3 of the [1] the DTLS RFC. How will NTS deal with this? 2) Similarly, the KE for NTS will need reliable delivery: if one of the KE messages fails to arrive, the KE won't complete. But again, this is sent over UDP. See Section 4.2.4 of the DTLS RFC [1] for more on this. How will NTS deal with this issue? Thanks, Sharon [1] https://tools.ietf.org/html/rfc4347 -- Sharon Goldberg Computer Science, Boston University http://www.cs.bu.edu/~goldbe
_______________________________________________ TICTOC mailing list [email protected] https://www.ietf.org/mailman/listinfo/tictoc
