Hi Achim, Thanks. Good suggestions.
Last time I looked at the process behind the suggested CCM8 deprecation it seemed like nonsense (using a single-key limits to suggest rekeying which did not improve security). I have not been following this topic during my parental leave. I think I need to have a look at draft-irtf-cfrg-aead-limits again. Right now, CCM with 8-byte tags seems to completely dominate IoT in general. draft-ietf-uta-tls13-iot-profile<https://datatracker.ietf.org/doc/draft-ietf-uta-tls13-iot-profile/> seems to still have it as the MUST implement cipher suite for (D)TLS 1.3 but it probably makes sense to add numbers for 16-bit tags as well. draft-ietf-uta-tls13-iot-profile<https://datatracker.ietf.org/doc/draft-ietf-uta-tls13-iot-profile/> seems to suggest TLS_CHACHA20_POLY1305_SHA256 as a potential future cipher suite but for this document only the tag length matters. >I would appreciate, if the comparison DTLS vs. TLS mentions also the >difference of UDP vs. TCP (8 vs. 24 bytes). And just a short sentence >about some more bytes for additional messages used in TCP internally? That’s a very good suggestion that it definitely missing from the document. We will add that to the next version. Cheers, John From: Achim Kraus <[email protected]> Date: Friday, 30 December 2022 at 17:34 To: John Mattsson <[email protected]> Cc: [email protected] <[email protected]> Subject: Re: [TLS] FW: New Version Notification for draft-ietf-lwig-security-protocol-comparison-06.txt Hi John, just to mention, the CCM8 is also considered to be not recommended in the future (see https://mailarchive.ietf.org/arch/msg/core/WnRInwF-j0uZmLggFh37ySljnwE/). Wouldn't it make more sense to use then CCM instead (16 bytes tag length)? I would appreciate, if the comparison DTLS vs. TLS mentions also the difference of UDP vs. TCP (8 vs. 24 bytes). And just a short sentence about some more bytes for additional messages used in TCP internally? best regards Achim Am 30.12.22 um 10:58 schrieb John Mattsson: > Hi, > > We feel that draft-ietf-lwig-security-protocol-comparisonis getting > quite ready now that the included protocols are published or at least > stable. > > We would love to have more examples of cTLS. Are there any more examples > available? We currently included the example in the draft. > > Review by people in the TLS WG would be great as the draft covers TLS > 1.2, DTLS 1.2, TLS 1.3, DTLS 1.3, and cTLS. > > Cheers, > > John > > *From: *John Mattsson <[email protected]> > *Date: *Sunday, 25 December 2022 at 20:19 > *To: *[email protected] <[email protected]> > *Subject: *Re: New Version Notification for > draft-ietf-lwig-security-protocol-comparison-06.txt > > Hi, > > We submitted a new version of > draft-ietf-lwig-security-protocol-comparison. This document has been > dormant for a while as several of the referenced protocols were not > stable, which lead to a lot of work in earlier versions. All of the > protocols now seem to be stable and publishedor close to being > published. This version fixes all the comments we have received. We > think it is close to being ready for WGLC. > > This is obviously needed information for a lot of people. The draft > already has 17 citations. > > https://protect2.fireeye.com/v1/url?k=31323334-501d5122-313273af-454445555731-180c89c9eb242a8e&q=1&e=8969b10d-8a34-412a-a74e-44a29964cef8&u=https%3A%2F%2Fscholar.google.com%2Fscholar%3Fhl%3Den%26as_sdt%3D0%2C5%26cluster%3D11841781769013384442 > > <https://protect2.fireeye.com/v1/url?k=31323334-501d5122-313273af-454445555731-180c89c9eb242a8e&q=1&e=8969b10d-8a34-412a-a74e-44a29964cef8&u=https%3A%2F%2Fscholar.google.com%2Fscholar%3Fhl%3Den%26as_sdt%3D0%2C5%26cluster%3D11841781769013384442> > > The need for compact formats and protocols has also gained attention > outside of IoT. In the IAB workshop on Environmental Impact of Internet > Applications and Systems, compact formats and protocols were discussed > as a way to reduce the energy consumption of the Internet as a whole. > > https://protect2.fireeye.com/v1/url?k=31323334-501d5122-313273af-454445555731-028386883e0a910d&q=1&e=8969b10d-8a34-412a-a74e-44a29964cef8&u=https%3A%2F%2Fwww.iab.org%2Factivities%2Fworkshops%2Fe-impact%2F > <https://protect2.fireeye.com/v1/url?k=31323334-501d5122-313273af-454445555731-028386883e0a910d&q=1&e=8969b10d-8a34-412a-a74e-44a29964cef8&u=https%3A%2F%2Fwww.iab.org%2Factivities%2Fworkshops%2Fe-impact%2F> > > Changes in -06: > > - Added more context to abstract and introduction > > - Added high level comparison of the number of bytes in TLS 1.2 and TLS > 1.3 handshakes > > - Added Compact TLS 1.3 (cTLS) > > - Added some more clarification on (D)TLS choices > > - Added text that CoAP needs to be added to the EDHOC figures to be > directly comparable to DTLS. > > - Added more DTLS and EDHOC alternatives to the summary table. > > - Added ECDSA keys without point compression as that does not seem to be > supported. > > - Corrected DTLS calculation where 10 was used instead of 12 (thanks to > Stephan Koch for reporting this) > > - Updated DTLS 1.3 records to align with the RFC. > > - Updated EDHOC numbers to align with latest drafts. > > - Added numbers for Group OSCORE pairwise mode. > > - Added that DTLS and OSCORE numbers might not be directly comparable as > requirements on CoAP Token reuse are different. > > - Changed names to Unicode > > - Added SVG figures and tables with the help of aasvg > > Cheers, > > John Preuß Mattsson > > *From: *[email protected] <[email protected]> > *Date: *Sunday, 25 December 2022 at 19:52 > *To: *Mališa Vučinić <[email protected]>, John Mattsson > <[email protected]>, Francesca Palombini > <[email protected]>, John Mattsson > <[email protected]>, Malisa Vucinic <[email protected]> > *Subject: *New Version Notification for > draft-ietf-lwig-security-protocol-comparison-06.txt > > > A new version of I-D, draft-ietf-lwig-security-protocol-comparison-06.txt > has been successfully submitted by John Preuß Mattsson and posted to the > IETF repository. > > Name: draft-ietf-lwig-security-protocol-comparison > Revision: 06 > Title: Comparison of CoAP Security Protocols > Document date: 2022-12-25 > Group: lwig > Pages: 45 > URL: > https://www.ietf.org/archive/id/draft-ietf-lwig-security-protocol-comparison-06.txt > > <https://www.ietf.org/archive/id/draft-ietf-lwig-security-protocol-comparison-06.txt> > Status: > https://datatracker.ietf.org/doc/draft-ietf-lwig-security-protocol-comparison/ > > <https://datatracker.ietf.org/doc/draft-ietf-lwig-security-protocol-comparison/> > Html: > https://www.ietf.org/archive/id/draft-ietf-lwig-security-protocol-comparison-06.html > > <https://www.ietf.org/archive/id/draft-ietf-lwig-security-protocol-comparison-06.html> > Htmlized: > https://datatracker.ietf.org/doc/html/draft-ietf-lwig-security-protocol-comparison > > <https://datatracker.ietf.org/doc/html/draft-ietf-lwig-security-protocol-comparison> > Diff: > https://author-tools.ietf.org/iddiff?url2=draft-ietf-lwig-security-protocol-comparison-06 > > <https://author-tools.ietf.org/iddiff?url2=draft-ietf-lwig-security-protocol-comparison-06> > > Abstract: > This document analyzes and compares the sizes of key exchange flights > and the per-packet message size overheads when using different > security protocols to secure CoAP. Small message sizes are very > important for reducing energy consumption, latency, and time to > completion in constrained radio network such as Low-Power Wide Area > Networks (LPWANs). The analyzed security protocols are DTLS 1.2, > DTLS 1.3, TLS 1.2, TLS 1.3, cTLS, EDHOC, OSCORE, and Group OSCORE. > The DTLS and TLS record layers are analyzed with and without 6LoWPAN- > GHC compression. DTLS is analyzed with and without Connection ID. > > > > > The IETF Secretariat > > > _______________________________________________ > TLS mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/tls
_______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
