A DTLS Profile for the Internet of Things
draft-hartke-dice-profile-00
The information below is for an old version of the document.
| Document | Type |
This is an older version of an Internet-Draft whose latest revision state is "Replaced".
|
|
|---|---|---|---|
| Author | Klaus Hartke | ||
| Last updated | 2013-11-04 | ||
| Replaced by | draft-ietf-dice-profile, draft-ietf-dice-profile, draft-ietf-dice-profile, draft-ietf-dice-profile, RFC 7925 | ||
| RFC stream | (None) | ||
| Formats | |||
| Additional resources | |||
| Stream | Stream state | (No stream defined) | |
| Consensus boilerplate | Unknown | ||
| RFC Editor Note | (None) | ||
| IESG | IESG state | I-D Exists | |
| Telechat date | (None) | ||
| Responsible AD | (None) | ||
| Send notices to | (None) |
draft-hartke-dice-profile-00
DICE Working Group K. Hartke
Internet-Draft Nokia
Intended status: Informational November 04, 2013
Expires: May 08, 2014
A DTLS Profile for the Internet of Things
draft-hartke-dice-profile-00
Abstract
This document defines a DTLS profile that is suitable for Internet of
Things applications and is reasonably implementable on many
constrained devices.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on May 08, 2014.
Copyright Notice
Copyright (c) 2013 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Hartke Expires May 08, 2014 [Page 1]
Internet-Draft A DTLS Profile for the Internet of Things November 2013
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Profile . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
2.1. Applicability . . . . . . . . . . . . . . . . . . . . . . 2
2.2. Cipher Suites . . . . . . . . . . . . . . . . . . . . . . 2
2.3. Extensions . . . . . . . . . . . . . . . . . . . . . . . 3
2.4. Other . . . . . . . . . . . . . . . . . . . . . . . . . . 3
3. Implementation Considerations . . . . . . . . . . . . . . . . 4
4. Privacy Considerations . . . . . . . . . . . . . . . . . . . 4
5. Security Considerations . . . . . . . . . . . . . . . . . . . 4
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 4
7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 4
8. References . . . . . . . . . . . . . . . . . . . . . . . . . 4
8.1. Normative References . . . . . . . . . . . . . . . . . . 4
8.2. Informative References . . . . . . . . . . . . . . . . . 5
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 6
1. Introduction
This document defines a DTLS 1.2 [RFC6347] profile that is suitable
for Internet of Things applications and is reasonably implementable
on many constrained devices.
...
2. Profile
2.1. Applicability
o Communication Model
o Threat Model
o Security Requirements
o Classes of Devices
o Trust Model
o ...
2.2. Cipher Suites
o Specific Cipher Suite(s) -vs- Cryptographic Agility
o Server Authentication -vs- Mutual Authentication
Hartke Expires May 08, 2014 [Page 2]
Internet-Draft A DTLS Profile for the Internet of Things November 2013
o X.509 Certificates -vs- Raw Public Keys -vs- Pre-Shared Keys
o Perfect Forward Secrecy
o ...
2.3. Extensions
o Signature Algorithms [RFC5246]
o Server Name Indication [RFC6066]
o Maximum Fragment Length [RFC6066]
o Certificate Status Request [RFC6066]
o Truncated HMAC [RFC6066]
o Supported Elliptic Curves [RFC4492]
o Supported Point Formats [RFC4492]
o Application Layer Protocol [I-D.ietf-tls-applayerprotoneg]
o Cached Info [I-D.ietf-tls-cached-info]
o Session Resumption without Server-Side State [RFC5077]
o Snap Start [I-D.agl-tls-snapstart]
o Renegotiation Indication [RFC5746]
o Heartbeat [RFC6520]
o ...
2.4. Other
o Compression
o Renegotiation -vs- Reconnection
o Session Resumption
o Replay Protection
o Timer Values
Hartke Expires May 08, 2014 [Page 3]
Internet-Draft A DTLS Profile for the Internet of Things November 2013
o Certificate Revocation
o Encrypt-then-MAC [I-D.gutmann-tls-encrypt-then-mac]
o Hash Algorithm
o ...
3. Implementation Considerations
o Version Negotiation [I-D.pettersen-tls-version-rollback-removal]
[I-D.bmoeller-tls-downgrade-scsv]
o Upgrade from Server-Authenticated to Mutually-Authenticated
o Side Channels
o ...
4. Privacy Considerations
o ...
5. Security Considerations
o ...
6. IANA Considerations
o ...
7. Acknowledgements
Thanks to Hannes Tschofenig, Sye Loong Keoh, and Rene Hummen for
helpful comments and discussions that have shaped the document.
8. References
8.1. Normative References
[I-D.ietf-tls-applayerprotoneg]
Friedl, S., Popov, A., Langley, A., and S. Emile,
"Transport Layer Security (TLS) Application Layer Protocol
Negotiation Extension", draft-ietf-tls-applayerprotoneg-03
(work in progress), October 2013.
[I-D.ietf-tls-cached-info]
Hartke Expires May 08, 2014 [Page 4]
Internet-Draft A DTLS Profile for the Internet of Things November 2013
Santesson, S. and H. Tschofenig, "Transport Layer Security
(TLS) Cached Information Extension", draft-ietf-tls-
cached-info-15 (work in progress), October 2013.
[RFC4492] Blake-Wilson, S., Bolyard, N., Gupta, V., Hawk, C., and B.
Moeller, "Elliptic Curve Cryptography (ECC) Cipher Suites
for Transport Layer Security (TLS)", RFC 4492, May 2006.
[RFC5077] Salowey, J., Zhou, H., Eronen, P., and H. Tschofenig,
"Transport Layer Security (TLS) Session Resumption without
Server-Side State", RFC 5077, January 2008.
[RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security
(TLS) Protocol Version 1.2", RFC 5246, August 2008.
[RFC5746] Rescorla, E., Ray, M., Dispensa, S., and N. Oskov,
"Transport Layer Security (TLS) Renegotiation Indication
Extension", RFC 5746, February 2010.
[RFC6066] Eastlake, D., "Transport Layer Security (TLS) Extensions:
Extension Definitions", RFC 6066, January 2011.
[RFC6347] Rescorla, E. and N. Modadugu, "Datagram Transport Layer
Security Version 1.2", RFC 6347, January 2012.
[RFC6520] Seggelmann, R., Tuexen, M., and M. Williams, "Transport
Layer Security (TLS) and Datagram Transport Layer Security
(DTLS) Heartbeat Extension", RFC 6520, February 2012.
8.2. Informative References
[I-D.agl-tls-snapstart]
Langley, A., "Transport Layer Security (TLS) Snap Start",
draft-agl-tls-snapstart-00 (work in progress), June 2010.
[I-D.bmoeller-tls-downgrade-scsv]
Moeller, B., "TLS Signaling Cipher Suite Value (SCSV) for
Preventing Protocol Downgrade Attacks", draft-bmoeller-
tls-downgrade-scsv-00 (work in progress), September 2013.
[I-D.greevenbosch-tls-ocsp-lite]
Greevenbosch, B., "OCSP-lite - Revocation of raw public
keys", draft-greevenbosch-tls-ocsp-lite-01 (work in
progress), June 2013.
[I-D.gutmann-tls-encrypt-then-mac]
Hartke Expires May 08, 2014 [Page 5]
Internet-Draft A DTLS Profile for the Internet of Things November 2013
Gutmann, P., "Encrypt-then-MAC for TLS and DTLS", draft-
gutmann-tls-encrypt-then-mac-04 (work in progress),
October 2013.
[I-D.hummen-dtls-extended-session-resumption]
Hummen, R., Gilger, J., and H. Shafagh, "Extended DTLS
Session Resumption for Constrained Network Environments",
draft-hummen-dtls-extended-session-resumption-01 (work in
progress), October 2013.
[I-D.ietf-lwig-tls-minimal]
Kumar, S., Keoh, S., and H. Tschofenig, "A Hitchhiker's
Guide to the (Datagram) Transport Layer Security Protocol
for Smart Objects and Constrained Node Networks", draft-
ietf-lwig-tls-minimal-00 (work in progress), September
2013.
[I-D.pettersen-tls-version-rollback-removal]
Pettersen, Y., "Managing and removing automatic version
rollback in TLS Clients", draft-pettersen-tls-version-
rollback-removal-02 (work in progress), August 2013.
Author's Address
Klaus Hartke
Nokia
Hermiankatu 12 D
Tampere FI-33720
Finland
Email: klaus.hartke@nokia.com
Hartke Expires May 08, 2014 [Page 6]