I am reading your TLS 3.1 Standard and the mailing list.
It looks great.
I am particularly interested in using the 0-RTT feature for IoT timestamped
data, which would seem immune from replay attacks
I have a couple of questions
1) The maximum ticket lifetime is set to 7 days. Is this based on hard
science or arbitrary?
If it is arbitrary then 8 days for weekly intervals or 32 for days for
monthly intervals would make better commercial sense
(allowing for variability in wake-up times for constrained
devices)
2) Have you considered using TLS for a generic network layer?
I am thinking along the lines of a protocol like geneve
(https://datatracker.ietf.org/doc/draft-ietf-nvo3-geneve/ )
Use cases would be
Insert TLS 1.3 between the physical layer and the MAC (data
link) layer
For WAN and WWAN devices
Insert TLS 1.3 between the MAC layer and IP layer or
IP/TLS/VXLAN/IP
Use any of your favourite virtualisation protocols here.
For securing virtual networks
Insert TLS 1.3 between IP layer and UDP/TCP layers
For securing legacy network applications (SIP, RTP and RTCP for example)
It looks, from my point of view, that a small addition could transform this
protocol from an application oriented
security mechanism, into a general internet workhorse. Providing a simpler
solution for both the IoT and Cloud
Other protocols call this
Protocol (IPv4)
Next Header (IPv6)
Ethertype (Ethernet)
And then you would also need to register this generic TLS 1.3 protocol with
Iana to register your own protocol Id
_______________________________________________
TLS mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/tls
