< draft-urien-uta-tls-dtls-security-module-07.txt   draft-urien-uta-tls-dtls-security-module-08.txt >
UTA Working Group P. Urien UTA Working Group P. Urien
Internet Draft Telecom ParisTech Internet Draft Telecom ParisTech
Intended status: Experimental Intended status: Experimental
December 2018 June 2019
Expires: June 2019 Expires: December 2019
TLS and DTLS Security Modules TLS and DTLS Security Modules
draft-urien-uta-tls-dtls-security-module-07.txt draft-urien-uta-tls-dtls-security-module-08.txt
Abstract Abstract
Security and trust are very critical topics in the context of the Security and trust are very critical topics in the context of the
anywhere, anytime, anything internet connectivity. TLS and DTLS are anywhere, anytime, anything internet connectivity. TLS and DTLS are
two major IETF protocols widely used to secure IP exchanges. two major IETF protocols widely used to secure IP exchanges.
According to CoAP, DTLS is the protocol used by constraint nodes in According to CoAP, DTLS is the protocol used by constraint nodes in
the Internet of Things (IoT) context. the Internet of Things (IoT) context.
In this draft we specify an ISO7816 interface for TLS and DTLS In this draft we specify an ISO7816 interface for TLS and DTLS
skipping to change at page 2, line 5 skipping to change at page 2, line 5
for secure elements. First implementation demonstrates that such low for secure elements. First implementation demonstrates that such low
cost security modules are realistic, with a setup time for handshake cost security modules are realistic, with a setup time for handshake
completion under the second. completion under the second.
Requirements Language Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119. document are to be interpreted as described in RFC 2119.
TLS and DTLS Security Modules December 2018
Status of this Memo Status of this Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six Internet-Drafts are draft documents valid for a maximum of six
months and may be updated, replaced, or obsoleted by other documents months and may be updated, replaced, or obsoleted by other documents
at any time. It is inappropriate to use Internet-Drafts as reference at any time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on June 2019. This Internet-Draft will expire on December 2019.
Copyright Notice Copyright Notice
Copyright (c) 2018 IETF Trust and the persons identified as the Copyright (c) 2019 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with carefully, as they describe your rights and restrictions with
respect to this document. Code Components extracted from this respect to this document. Code Components extracted from this
document must include Simplified BSD License text as described in document must include Simplified BSD License text as described in
Section 4.e of the Trust Legal Provisions and are provided without Section 4.e of the Trust Legal Provisions and are provided without
warranty as described in the Simplified BSD License. warranty as described in the Simplified BSD License.
TLS and DTLS Security Modules December 2018
Table of Contents Table of Contents
Abstract........................................................... 1 Abstract........................................................... 1
Requirements Language.............................................. 1 Requirements Language.............................................. 1
Status of this Memo................................................ 2 Status of this Memo................................................ 2
Copyright Notice................................................... 2 Copyright Notice................................................... 2
1 Overview......................................................... 4 1 Overview......................................................... 4
2 The EAP-TLS Smartcard............................................ 4 2 The EAP-TLS Smartcard............................................ 4
2.1 The EAP-TLS protocol........................................ 4 2.1 The EAP-TLS protocol........................................ 4
2.2 The EAP-TLS Smartcard....................................... 6 2.2 The EAP-TLS Smartcard....................................... 6
skipping to change at page 4, line 4 skipping to change at page 4, line 4
5.3 The DTLS Security Module Encryption and Decryption procedures 5.3 The DTLS Security Module Encryption and Decryption procedures
............................................................... 12 ............................................................... 12
6 Example of TLS processing by the TLS security module............ 14 6 Example of TLS processing by the TLS security module............ 14
7 Example of DTLS processing by the DTLS security module.......... 16 7 Example of DTLS processing by the DTLS security module.......... 16
8 Security Considerations......................................... 22 8 Security Considerations......................................... 22
9 IANA Considerations............................................. 22 9 IANA Considerations............................................. 22
10 References..................................................... 22 10 References..................................................... 22
10.1 Normative References...................................... 22 10.1 Normative References...................................... 22
10.2 Informative References.................................... 23 10.2 Informative References.................................... 23
11 Authors' Addresses............................................. 23 11 Authors' Addresses............................................. 23
TLS and DTLS Security Modules December 2018
1 Overview 1 Overview
Security and trust are very critical topics in the context of the Security and trust are very critical topics in the context of the
anywhere, anytime, anything internet connectivity. TLS [TLS 1.0] anywhere, anytime, anything internet connectivity. TLS [TLS 1.0]
[TLS 1.1], [TLS 1.2] and DTLS [DTLS 1.0] [DTLS 1.2] are two major [TLS 1.1], [TLS 1.2] and DTLS [DTLS 1.0] [DTLS 1.2] are two major
IETF protocols widely used to secure IP exchanges. According to IETF protocols widely used to secure IP exchanges. According to
[COAP], DTLS is the protocol used by constraint nodes in the [COAP], DTLS is the protocol used by constraint nodes in the
Internet of Things (IoT) context. In this draft we specify an Internet of Things (IoT) context. In this draft we specify an
interface for TLS and DTLS secure modules based on [ISO7816] secure interface for TLS and DTLS secure modules based on [ISO7816] secure
chips, which are today manufactured per billions every year. Secure chips, which are today manufactured per billions every year. Secure
skipping to change at page 5, line 5 skipping to change at page 5, line 5
M = More fragments M = More fragments
S = Start bit S = Start bit
R = Reserved R = Reserved
- The L bit (length included) is set to indicate the presence of the - The L bit (length included) is set to indicate the presence of the
four-octet TLS Message Length field, and MUST be set for the first four-octet TLS Message Length field, and MUST be set for the first
fragment of a fragmented TLS message or set of messages. fragment of a fragmented TLS message or set of messages.
- The M bit (more fragments) is set on all but the last fragment. - The M bit (more fragments) is set on all but the last fragment.
- The S bit (EAP-TLS start) is set in an EAP-TLS Start message. - The S bit (EAP-TLS start) is set in an EAP-TLS Start message.
TLS and DTLS Security Modules December 2018
When an EAP-TLS peer receives an EAP-Request packet with the M bit When an EAP-TLS peer receives an EAP-Request packet with the M bit
set, it MUST respond with an EAP-Response with EAP-Type=EAP-TLS and set, it MUST respond with an EAP-Response with EAP-Type=EAP-TLS and
no data. This serves as a fragment ACK. no data. This serves as a fragment ACK.
Authenticating Peer Authenticator Authenticating Peer Authenticator
EAP-TLS Smartcard (SC) SC User EAP-TLS Smartcard (SC) SC User
------------------- ------------- ------------------- -------------
<- EAP-Request/ <- EAP-Request/
Identity Identity
EAP-Response/ EAP-Response/
skipping to change at page 6, line 4 skipping to change at page 6, line 4
Flags Flags
(TLS change-cipher-spec, Flight 4 (TLS change-cipher-spec, Flight 4
TLS finished) TLS finished)
EAP-Response/ EAP-Response/
EAP-Type=EAP-TLS EAP-Type=EAP-TLS
Flags -> Flags ->
<- EAP-Success <- EAP-Success
Figure 1. The EAP-TLS protocol Figure 1. The EAP-TLS protocol
TLS and DTLS Security Modules December 2018
2.2 The EAP-TLS Smartcard 2.2 The EAP-TLS Smartcard
The "EAP Support in Smartcard" draft [EAP SC] specifies an ISO7816 The "EAP Support in Smartcard" draft [EAP SC] specifies an ISO7816
interface for a secure element (named EAP-TLS smartcard, in figure interface for a secure element (named EAP-TLS smartcard, in figure
1) that fully processes the EAP-TLS protocol until the reception of 1) that fully processes the EAP-TLS protocol until the reception of
the EAP-Success message. the EAP-Success message.
The two main commands are detailed in figure 2: The two main commands are detailed in figure 2:
- Reset-State, which resets the EAP-TLS state machine , - Reset-State, which resets the EAP-TLS state machine ,
- Process-EAP that transports TLS flights encapsulated in EAP-TLS - Process-EAP that transports TLS flights encapsulated in EAP-TLS
skipping to change at page 7, line 5 skipping to change at page 7, line 5
4 The TLS Security Module 4 The TLS Security Module
4.1 EAP-TLS for the TLS Security Module 4.1 EAP-TLS for the TLS Security Module
TLS security modules are based on EAP-TLS devices, performing, as TLS security modules are based on EAP-TLS devices, performing, as
illustrated by figure 3, a transparent encapsulation of TLS packets. illustrated by figure 3, a transparent encapsulation of TLS packets.
The EAP-Request-Identity message and EAP-Success message are not The EAP-Request-Identity message and EAP-Success message are not
used by the TLS secure modules. used by the TLS secure modules.
TLS and DTLS Security Modules December 2018
Security Module (SM) SM User Security Module (SM) SM User
------------------- ------------- ------------------- -------------
<- EAP-Request/ <- EAP-Request/
EAP-Type=EAP-TLS EAP-Type=EAP-TLS
Flags Flags
(TLS Start) (TLS Start)
EAP-Response/ EAP-Response/
EAP-Type=EAP-TLS EAP-Type=EAP-TLS
Flags Flags
skipping to change at page 8, line 4 skipping to change at page 8, line 4
TLS finished) TLS finished)
EAP-Response/ EAP-Response/
EAP-Type=EAP-TLS EAP-Type=EAP-TLS
Flags -> Flags ->
======================================================= =======================================================
Four ways TLS Handshake Completion Four ways TLS Handshake Completion
======================================================= =======================================================
Figure 2. The TLS Handshake Completion with the Security Module Figure 2. The TLS Handshake Completion with the Security Module
TLS and DTLS Security Modules December 2018
4.2 The TLS / EAP-TLS Software Bridge 4.2 The TLS / EAP-TLS Software Bridge
A software bridge, illustrated by figure 3 extracts TLS flights from A software bridge, illustrated by figure 3 extracts TLS flights from
TLS packets, and manages EAP-TLS messages exchanged with the TLS packets, and manages EAP-TLS messages exchanged with the
Security Module. Security Module.
+----------+ +-----------+ +----------+ +-----------+
TLS | TLS | EAP-TLS | TLS | TLS | TLS | EAP-TLS | TLS |
packet | EAP-TLS | Packet | Security | packet | EAP-TLS | Packet | Security |
<=======> | Bridge | <========> | Module | <=======> | Bridge | <========> | Module |
skipping to change at page 9, line 4 skipping to change at page 9, line 4
Flags Flags
(Payload= TLS Encrypted (Payload= TLS Encrypted
Record Layer Message)-> Record Layer Message)->
EAP-Response/ EAP-Response/
EAP-Type=EAP-TLS EAP-Type=EAP-TLS
Flags Flags
(Payload= TLS Clear (Payload= TLS Clear
Record Layer payload)-> Record Layer payload)->
Figure 5. Generation of TLS decrypted packets Figure 5. Generation of TLS decrypted packets
TLS and DTLS Security Modules December 2018
In the case of the Process-EAP-Encrypt(Type) procedure the payload In the case of the Process-EAP-Encrypt(Type) procedure the payload
of the EAP-TLS packet (see figure 4) is the clear text to be of the EAP-TLS packet (see figure 4) is the clear text to be
encrypted in the TLS Record Layer packet. The SM adds the Type field encrypted in the TLS Record Layer packet. The SM adds the Type field
indicated in the Process-EAP-Encrypt command, and performs all indicated in the Process-EAP-Encrypt command, and performs all
needed operations in order to compute the TLS encrypted packet needed operations in order to compute the TLS encrypted packet
(including HMAC and optional padding bytes see figure 6), (including HMAC and optional padding bytes see figure 6),
encapsulated in the EAP-Response message (depicted in figure 4). encapsulated in the EAP-Response message (depicted in figure 4).
In the case of the Process-EAP-Decrypt() procedure, the payload of In the case of the Process-EAP-Decrypt() procedure, the payload of
the EAP-TLS packet (see figure 5) is the received TLS Record Layer the EAP-TLS packet (see figure 5) is the received TLS Record Layer
skipping to change at page 10, line 4 skipping to change at page 10, line 4
| Command |Class| INS | P1 | P2 | Lc | Le | SW | | Command |Class| INS | P1 | P2 | Lc | Le | SW |
+-------------+-----+-----+----+------------+----+----+---------+ +-------------+-----+-----+----+------------+----+----+---------+
| Process-EAP | A0 |80-88| 00 | 80 || Type | xx | yy | 9000 OK | | Process-EAP | A0 |80-88| 00 | 80 || Type | xx | yy | 9000 OK |
| Encrypt | | | | | | | 6985 ERR| | Encrypt | | | | | | | 6985 ERR|
+-------------+-----+-----+----+------------+----+----+---------+ +-------------+-----+-----+----+------------+----+----+---------+
| Process-EAP | A0 |80-88| 00 | 00 | xx | yy | 9000 OK | | Process-EAP | A0 |80-88| 00 | 00 | xx | yy | 9000 OK |
| Decrypt | | | | | | | 6985 ERR| | Decrypt | | | | | | | 6985 ERR|
+-------------+-----+-----+----+------------+----+----+---------+ +-------------+-----+-----+----+------------+----+----+---------+
Figure 7. The Security Module ISO7816 commands Figure 7. The Security Module ISO7816 commands
TLS and DTLS Security Modules December 2018
5 The DTLS Security Module 5 The DTLS Security Module
5.1 EAP-TLS for the DTLS Security Module 5.1 EAP-TLS for the DTLS Security Module
Security Module (SM) SM User Security Module (SM) SM User
------------------- ------------- ------------------- -------------
<- EAP-Request/ <- EAP-Request/
EAP-Type=EAP-TLS EAP-Type=EAP-TLS
Flags Flags
(TLS Start) (TLS Start)
skipping to change at page 11, line 4 skipping to change at page 11, line 4
(DTLS change-cipher-spec, Flight 6 (DTLS change-cipher-spec, Flight 6
DTLS finished) DTLS finished)
EAP-Response/ EAP-Response/
EAP-Type=EAP-TLS EAP-Type=EAP-TLS
Flags -> Flags ->
======================================================= =======================================================
Four ways DTLS Handshake Completion Four ways DTLS Handshake Completion
======================================================= =======================================================
Figure 8. The DTLS handshake completion with the Security Module Figure 8. The DTLS handshake completion with the Security Module
TLS and DTLS Security Modules December 2018
In a way similar to TLS (see figure 8), DTLS messages are In a way similar to TLS (see figure 8), DTLS messages are
encapsulated in EAP-TLS messages. encapsulated in EAP-TLS messages.
5.2 The DTLS / EAP-TLS Software Bridge 5.2 The DTLS / EAP-TLS Software Bridge
A software bridge, illustrated by figure 9 extracts DTLS flights A software bridge, illustrated by figure 9 extracts DTLS flights
from DTLS packets, and manages EAP-TLS exchanges with the Security from DTLS packets, and manages EAP-TLS exchanges with the Security
Module. Module.
+----------+ +-----------+ +----------+ +-----------+
skipping to change at page 12, line 4 skipping to change at page 12, line 4
Figure 10. Structure of the DTLS Handshake message. Figure 10. Structure of the DTLS Handshake message.
It also should be noted that according to the DTLS protocol [DTLS It also should be noted that according to the DTLS protocol [DTLS
1.0] in cases where the cookie exchange is used, the initial 1.0] in cases where the cookie exchange is used, the initial
ClientHello and HelloVerifyRequest are NOT included in the Finished ClientHello and HelloVerifyRequest are NOT included in the Finished
MAC. MAC.
When the Security Module builds the client finished message it sets When the Security Module builds the client finished message it sets
the EPOCH field to one and resets the sequence number used by the the EPOCH field to one and resets the sequence number used by the
TLS and DTLS Security Modules December 2018
record layer. The record layer packet structure is detailed by record layer. The record layer packet structure is detailed by
figure 11. figure 11.
struct { struct {
ContentType type; ContentType type;
ProtocolVersion version; ProtocolVersion version;
uint16 epoch; uint16 epoch;
uint48 sequence-number; uint48 sequence-number;
uint16 length; uint16 length;
opaque fragment[DTLSPlaintext.length]; opaque fragment[DTLSPlaintext.length];
skipping to change at page 13, line 4 skipping to change at page 13, line 4
Flags Flags
(Payload= Clear Text) (Payload= Clear Text)
EAP-Response/ EAP-Response/
EAP-Type=EAP-TLS EAP-Type=EAP-TLS
Flags Flags
(Payload= DTLS Encrypted (Payload= DTLS Encrypted
Record Layer Message)-> Record Layer Message)->
Figure 12. Generation of DTLS encrypted packet by the DTLS Security Figure 12. Generation of DTLS encrypted packet by the DTLS Security
module module
TLS and DTLS Security Modules December 2018
Process-EAP-Decrypt Process-EAP-Decrypt
<- EAP-Request/ <- EAP-Request/
EAP-Type=EAP-TLS EAP-Type=EAP-TLS
Flags Flags
(Payload= DTLS Encrypted (Payload= DTLS Encrypted
Record Layer Message)-> Record Layer Message)->
EAP-Response/ EAP-Response/
EAP-Type=EAP-TLS EAP-Type=EAP-TLS
Flags Flags
(Payload= DTLS Clear (Payload= DTLS Clear
Record Layer payload)-> Record Layer payload)->
Figure 13. Generation of TLS decrypted packets Figure 13. Generation of TLS decrypted packets
TLS and DTLS Security Modules December 2018
6 Example of TLS processing by the TLS security module 6 Example of TLS processing by the TLS security module
The following choreography illustrates the processing of a TLS (1.0) The following choreography illustrates the processing of a TLS (1.0)
resume session by the TLS security module. The CipherSuite is AES- resume session by the TLS security module. The CipherSuite is AES-
SHA1. SHA1.
// RESET the Security Module // RESET the Security Module
>> A0 19 10 00 00 >> A0 19 10 00 00
<< 90 00 << 90 00
skipping to change at page 15, line 4 skipping to change at page 15, line 4
>> A0 80 00 00 10 01 0E 00 10 0D 00 26 92 99 2A 9E 7F FF 2E >> A0 80 00 00 10 01 0E 00 10 0D 00 26 92 99 2A 9E 7F FF 2E
BC CB BC CB
// Flight 3 // Flight 3
// Client CCS + Finished in EAP-Response // Client CCS + Finished in EAP-Response
<< 02 0E 00 45 0D 80 00 00 00 3B 14 03 01 00 01 01 16 03 01 00 << 02 0E 00 45 0D 80 00 00 00 3B 14 03 01 00 01 01 16 03 01 00
30 86 8A 10 A2 85 5F DA D8 52 16 D6 57 12 75 A6 57 A2 20 1B 30 86 8A 10 A2 85 5F DA D8 52 16 D6 57 12 75 A6 57 A2 20 1B
A5 5B F0 0A E5 34 62 FF 92 28 BC DD 72 5E D7 6E C0 D4 A5 52 A5 5B F0 0A E5 34 62 FF 92 28 BC DD 72 5E D7 6E C0 D4 A5 52
1F AA F5 6D 7C 8A 37 02 54 1F AA F5 6D 7C 8A 37 02 54
90 00 90 00
TLS and DTLS Security Modules December 2018
// TLS handshake completion // TLS handshake completion
// Process-EAP-Decrypt // Process-EAP-Decrypt
>> A0 80 00 00 2B 01 0F 00 2B 0D 00 17 03 01 00 20 75 1A 28 2D >> A0 80 00 00 2B 01 0F 00 2B 0D 00 17 03 01 00 20 75 1A 28 2D
F3 E1 12 D5 19 7C 3E 38 CB 49 D6 43 CF B0 F3 E5 A3 1A BF A1 F3 E1 12 D5 19 7C 3E 38 CB 49 D6 43 CF B0 F3 E5 A3 1A BF A1
E0 75 AE A8 07 89 B0 45 E0 75 AE A8 07 89 B0 45
// Empty Record Layer Payload // Empty Record Layer Payload
<< 02 0F 00 0A 0D 80 00 00 00 00 << 02 0F 00 0A 0D 80 00 00 00 00
90 00 90 00
skipping to change at page 16, line 4 skipping to change at page 16, line 4
90 00 90 00
// Process-EAP-Encrypt type=17h, payload = 31 32 33 34 0D 0A // Process-EAP-Encrypt type=17h, payload = 31 32 33 34 0D 0A
>> A0 80 00 97 0C 01 11 00 0C 0D 00 31 32 33 34 0D 0A >> A0 80 00 97 0C 01 11 00 0C 0D 00 31 32 33 34 0D 0A
// Encrypted TLS Record Layer packet in EAP-Response // Encrypted TLS Record Layer packet in EAP-Response
<< 02 11 00 2F 0D 80 00 00 00 25 17 03 01 00 20 15 06 B7 7D 1F << 02 11 00 2F 0D 80 00 00 00 25 17 03 01 00 20 15 06 B7 7D 1F
1E F3 51 4A 8E 70 3C AE B2 EF EF D0 45 A7 1E 3F 68 92 AF 0C 1E F3 51 4A 8E 70 3C AE B2 EF EF D0 45 A7 1E 3F 68 92 AF 0C
09 C7 91 97 F7 C2 E6 09 C7 91 97 F7 C2 E6
90 00 90 00
TLS and DTLS Security Modules December 2018
7 Example of DTLS processing by the DTLS security module 7 Example of DTLS processing by the DTLS security module
The following choreography illustrates the processing of a DTLS full The following choreography illustrates the processing of a DTLS full
session the DTLS security module. The CipherSuite is AES-SHA1. session the DTLS security module. The CipherSuite is AES-SHA1.
// RESET the Security Module // RESET the Security Module
>> A0 19 10 00 00 >> A0 19 10 00 00
<< 90 00 << 90 00
// Send EAP-TLS-Start in EAP-Request // Send EAP-TLS-Start in EAP-Request
skipping to change at page 17, line 4 skipping to change at page 17, line 4
CA DD 4C 24 32 85 D1 A5 21 EB EE F3 33 50 88 17 6B 48 6A CB CA DD 4C 24 32 85 D1 A5 21 EB EE F3 33 50 88 17 6B 48 6A CB
24 E6 28 8B FE 3C 85 F3 F1 00 14 C2 38 AC 8C F8 F5 CE CA 9B 24 E6 28 8B FE 3C 85 F3 F1 00 14 C2 38 AC 8C F8 F5 CE CA 9B
9E F1 2F 8A D1 9E 2F 84 27 F2 FF 00 02 00 2F 01 00 9E F1 2F 8A D1 9E 2F 84 27 F2 FF 00 02 00 2F 01 00
90 00 90 00
DTLS Bridges sends 87 bytes DTLS Bridges sends 87 bytes
DTLS Bridges receives DTLS Bridges receives
RL-seq=1 RL-epoch=0 Handshake-seq=1 RL-seq=1 RL-epoch=0 Handshake-seq=1
RL-seq=2 RL-epoch=0 Handshake-seq=2 RL-seq=2 RL-epoch=0 Handshake-seq=2
RL-seq=3 RL-epoch=0 Handshake-seq=3 RL-seq=3 RL-epoch=0 Handshake-seq=3
TLS and DTLS Security Modules December 2018
RL-seq=4 RL-epoch=0 Handshake-seq=4 RL-seq=4 RL-epoch=0 Handshake-seq=4
// Flight 4 // Flight 4
// DTLS ServerHello, Certificate, CertificateRequest // DTLS ServerHello, Certificate, CertificateRequest
// ServerHelloDone in EAP-Request // ServerHelloDone in EAP-Request
// 4 record layer messages // 4 record layer messages
// EAP-TLS message 1st fragment // EAP-TLS message 1st fragment
>> A0 80 00 00 8A 01 02 00 8A 0D C0 00 00 02 D2 16 FE FF 00 00 >> A0 80 00 00 8A 01 02 00 8A 0D C0 00 00 02 D2 16 FE FF 00 00
00 00 00 00 00 01 00 32 02 00 00 26 00 01 00 00 00 00 00 26 00 00 00 00 00 01 00 32 02 00 00 26 00 01 00 00 00 00 00 26
skipping to change at page 18, line 4 skipping to change at page 18, line 4
2A 86 48 86 F7 0D 01 01 01 05 00 03 81 8D 00 30 81 89 02 81 2A 86 48 86 F7 0D 01 01 01 05 00 03 81 8D 00 30 81 89 02 81
81 00 E3 83 38 A1 60 FE 8B 24 6F 39 E6 A8 A9 81 8F BE 9C E2 81 00 E3 83 38 A1 60 FE 8B 24 6F 39 E6 A8 A9 81 8F BE 9C E2
E3 7F 45 E3 7F 45
// EAP-TLS ack // EAP-TLS ack
<< 02 04 00 06 0D 00 << 02 04 00 06 0D 00
90 00 90 00
// 4th fragment // 4th fragment
>> A0 80 00 00 8A 01 05 00 8A 0D 40 2F 9B C7 41 09 B2 10 52 38 >> A0 80 00 00 8A 01 05 00 8A 0D 40 2F 9B C7 41 09 B2 10 52 38
TLS and DTLS Security Modules December 2018
3F 74 46 89 C4 A1 4E 28 9D F7 22 8B AF 90 D1 3C 3C 03 4A 2F 3F 74 46 89 C4 A1 4E 28 9D F7 22 8B AF 90 D1 3C 3C 03 4A 2F
FC AA 03 26 3E 21 6C 19 DB 87 D7 F6 19 D6 F4 57 A4 BA 08 14 FC AA 03 26 3E 21 6C 19 DB 87 D7 F6 19 D6 F4 57 A4 BA 08 14
CB B3 1C 1F 01 76 6B 08 5A 4B 40 09 8B AB C8 6E 31 25 17 78 CB B3 1C 1F 01 76 6B 08 5A 4B 40 09 8B AB C8 6E 31 25 17 78
04 78 84 0F CB 0E B1 B9 D0 27 73 30 0D AE C1 7D BB 8E 1B 65 04 78 84 0F CB 0E B1 B9 D0 27 73 30 0D AE C1 7D BB 8E 1B 65
0A 17 51 23 9F C9 89 62 44 38 5C E6 63 A0 72 E2 99 67 02 03 0A 17 51 23 9F C9 89 62 44 38 5C E6 63 A0 72 E2 99 67 02 03
01 00 01 A3 0D 30 0B 30 09 06 03 55 1D 13 04 02 30 00 30 0D 01 00 01 A3 0D 30 0B 30 09 06 03 55 1D 13 04 02 30 00 30 0D
06 09 2A 06 09 2A
// EAP-TLS Ack // EAP-TLS Ack
<< 02 05 00 06 0D 00 << 02 05 00 06 0D 00
skipping to change at page 19, line 4 skipping to change at page 19, line 4
// RL-seq=0, RL-epoch=0, Handshake-seq=0 // RL-seq=0, RL-epoch=0, Handshake-seq=0
// EAP-TLS message, 1st EAP fragment // EAP-TLS message, 1st EAP fragment
<< 02 07 00 8A 0D C0 00 00 04 0F 16 FE FF 00 00 00 00 00 00 00 << 02 07 00 8A 0D C0 00 00 04 0F 16 FE FF 00 00 00 00 00 00 00
02 03 A7 0B 00 02 7F 00 02 00 00 00 00 02 7F 00 02 7C 00 02 02 03 A7 0B 00 02 7F 00 02 00 00 00 00 02 7F 00 02 7C 00 02
79 30 82 02 75 30 82 01 DE A0 03 02 01 02 02 01 0C 30 0D 06 79 30 82 02 75 30 82 01 DE A0 03 02 01 02 02 01 0C 30 0D 06
09 2A 86 48 86 F7 0D 01 01 05 05 00 30 81 94 31 0B 30 09 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 30 81 94 31 0B 30 09 06
03 55 04 06 13 02 46 52 31 0F 30 0D 06 03 55 04 08 13 06 46 03 55 04 06 13 02 46 52 31 0F 30 0D 06 03 55 04 08 13 06 46
72 61 6E 63 65 31 0E 30 0C 06 03 55 04 07 13 05 50 61 72 69 72 61 6E 63 65 31 0E 30 0C 06 03 55 04 07 13 05 50 61 72 69
73 31 13 30 11 06 03 55 04 0A 13 0A 45 74 68 65 72 54 90 00 73 31 13 30 11 06 03 55 04 0A 13 0A 45 74 68 65 72 54 90 00
TLS and DTLS Security Modules December 2018
// EAP-TLS ack // EAP-TLS ack
>> A0 80 00 00 06 01 08 00 06 0D 00 >> A0 80 00 00 06 01 08 00 06 0D 00
// 2nd EAP fragment // 2nd EAP fragment
<< 02 08 00 86 0D 40 72 75 73 74 31 0D 30 0B 06 03 55 04 0B 13 << 02 08 00 86 0D 40 72 75 73 74 31 0D 30 0B 06 03 55 04 0B 13
04 54 65 73 74 31 14 30 12 06 03 55 04 03 13 0B 50 61 73 63 04 54 65 73 74 31 14 30 12 06 03 55 04 03 13 0B 50 61 73 63
61 6C 55 72 69 65 6E 31 2A 30 28 06 09 2A 86 48 86 F7 0D 01 61 6C 55 72 69 65 6E 31 2A 30 28 06 09 2A 86 48 86 F7 0D 01
09 01 16 1B 70 61 73 63 61 6C 2E 75 72 69 65 6E 40 65 74 68 09 01 16 1B 70 61 73 63 61 6C 2E 75 72 69 65 6E 40 65 74 68
65 72 74 72 75 73 74 2E 63 6F 6D 30 1E 17 0D 31 34 30 37 31 65 72 74 72 75 73 74 2E 63 6F 6D 30 1E 17 0D 31 34 30 37 31
34 30 38 30 33 31 37 5A 17 0D 32 32 30 39 33 30 30 38 30 33 34 30 38 30 33 31 37 5A 17 0D 32 32 30 39 33 30 30 38 30 33
skipping to change at page 20, line 4 skipping to change at page 20, line 4
// 5th EAP fragment // 5th EAP fragment
<< 02 0B 00 86 0D 40 13 04 02 30 00 30 0D 06 09 2A 86 48 86 F7 << 02 0B 00 86 0D 40 13 04 02 30 00 30 0D 06 09 2A 86 48 86 F7
0D 01 01 05 05 00 03 81 81 00 05 C2 17 66 F6 50 B5 BC EB 77 0D 01 01 05 05 00 03 81 81 00 05 C2 17 66 F6 50 B5 BC EB 77
CB 57 20 5A 46 9A FB FE 0B 53 1B E7 39 9F B4 8D FE A5 B8 5A CB 57 20 5A 46 9A FB FE 0B 53 1B E7 39 9F B4 8D FE A5 B8 5A
5A 70 18 32 9C EE 0F 67 E8 F3 A2 61 94 5D A7 ED 89 F0 42 A3 5A 70 18 32 9C EE 0F 67 E8 F3 A2 61 94 5D A7 ED 89 F0 42 A3
8C 85 CA 42 A9 94 49 C3 52 2C EF 9A 2E 64 DA BA B5 AE E9 29 8C 85 CA 42 A9 94 49 C3 52 2C EF 9A 2E 64 DA BA B5 AE E9 29
C4 F6 5D 7F E9 4D BF CF 7A D9 6D DE 22 3F E2 57 DF 50 B0 E3 C4 F6 5D 7F E9 4D BF CF 7A D9 6D DE 22 3F E2 57 DF 50 B0 E3
6E AD 69 4E 05 C8 B5 F7 DC FC 26 0D F8 B7 6E AD 69 4E 05 C8 B5 F7 DC FC 26 0D F8 B7
90 00 90 00
TLS and DTLS Security Modules December 2018
// EAP-TLS Ack // EAP-TLS Ack
>> A0 80 00 00 06 01 0C 00 06 0D 00 >> A0 80 00 00 06 01 0C 00 06 0D 00
// 6th EAP fragment // 6th EAP fragment
<< 02 0C 00 86 0D 40 9A 9E B1 C3 9D 4C 4A C7 17 AB 72 18 80 84 << 02 0C 00 86 0D 40 9A 9E B1 C3 9D 4C 4A C7 17 AB 72 18 80 84
3F 71 4F CA 14 29 78 40 37 FF 10 00 00 82 00 03 00 00 00 00 3F 71 4F CA 14 29 78 40 37 FF 10 00 00 82 00 03 00 00 00 00
00 82 00 80 75 0B 3B E0 EC 77 E9 5E A0 4B A9 EE AE 1A B2 50 00 82 00 80 75 0B 3B E0 EC 77 E9 5E A0 4B A9 EE AE 1A B2 50
37 13 3C 5A 93 8B A9 DD C1 9D 0F 50 21 9E 12 34 60 AA 74 BC 37 13 3C 5A 93 8B A9 DD C1 9D 0F 50 21 9E 12 34 60 AA 74 BC
AA 36 C7 41 D9 EA DE 25 6C A5 C7 43 F6 87 7A 4D 31 A0 50 D6 AA 36 C7 41 D9 EA DE 25 6C A5 C7 43 F6 87 7A 4D 31 A0 50 D6
B4 B9 F9 4E 6A FF D1 25 9A 62 18 43 54 3F 00 B6 31 21 C1 09 B4 B9 F9 4E 6A FF D1 25 9A 62 18 43 54 3F 00 B6 31 21 C1 09
skipping to change at page 21, line 4 skipping to change at page 21, line 4
<< 02 0F 00 61 0D 00 14 FE FF 00 00 00 00 00 00 00 03 00 01 01 << 02 0F 00 61 0D 00 14 FE FF 00 00 00 00 00 00 00 03 00 01 01
16 FE FF 00 01 00 00 00 00 00 00 00 40 75 D7 8B EB FD 23 6F 16 FE FF 00 01 00 00 00 00 00 00 00 40 75 D7 8B EB FD 23 6F
F7 63 65 D0 4C 40 1E F2 D5 9F 4D F0 D2 EA DF 6E F0 A8 89 7D F7 63 65 D0 4C 40 1E F2 D5 9F 4D F0 D2 EA DF 6E F0 A8 89 7D
15 86 B4 96 AB 93 61 9B 17 8D 01 50 64 C6 7C 76 BA 90 F7 22 15 86 B4 96 AB 93 61 9B 17 8D 01 50 64 C6 7C 76 BA 90 F7 22
B3 D9 1A E3 B3 DA F4 43 1E 2C 3D 8B 49 02 D7 F6 6F B3 D9 1A E3 B3 DA F4 43 1E 2C 3D 8B 49 02 D7 F6 6F
90 00 90 00
DTLS Bridge sends 664 bytes DTLS Bridge sends 664 bytes
DTLS Bridge sends 155 bytes DTLS Bridge sends 155 bytes
DTLS Bridge sends 155 bytes DTLS Bridge sends 155 bytes
TLS and DTLS Security Modules December 2018
DTLS Bridge sends 14 bytes DTLS Bridge sends 14 bytes
DTLS Bridge sends 77 bytes DTLS Bridge sends 77 bytes
DTLS Bridge receives DTLS Bridge receives
RL-Seq=9, RL-epoch=0 RL-Seq=9, RL-epoch=0
RL-Seq=0, RL-epoch=1 RL-Seq=0, RL-epoch=1
// Flight 6 // Flight 6
// ChangeCipherSpec, Finished, in EAP-TLS Request // ChangeCipherSpec, Finished, in EAP-TLS Request
>> A0 80 00 00 61 01 10 00 61 0D 00 14 FE FF 00 00 00 00 00 00 >> A0 80 00 00 61 01 10 00 61 0D 00 14 FE FF 00 00 00 00 00 00
skipping to change at page 22, line 4 skipping to change at page 22, line 4
>> A0 80 00 00 53 01 12 00 53 0D 00 17 FE FF 00 01 00 00 00 00 >> A0 80 00 00 53 01 12 00 53 0D 00 17 FE FF 00 01 00 00 00 00
00 01 00 40 0F 0E EE 3C F7 F4 FF 87 03 22 53 93 53 0D 83 E8 00 01 00 40 0F 0E EE 3C F7 F4 FF 87 03 22 53 93 53 0D 83 E8
86 A5 F4 36 FB 94 B3 58 B3 A8 86 1A 29 B5 A8 BB 6A EA 8B ED 86 A5 F4 36 FB 94 B3 58 B3 A8 86 1A 29 B5 A8 BB 6A EA 8B ED
B9 81 62 A4 96 57 7B 39 8E 55 E5 D1 0E DC 74 49 42 16 27 60 B9 81 62 A4 96 57 7B 39 8E 55 E5 D1 0E DC 74 49 42 16 27 60
C3 32 ED DA CC D3 42 4A C3 32 ED DA CC D3 42 4A
// DTLS Record Layer Clear Payload = 16x AA // DTLS Record Layer Clear Payload = 16x AA
<< 02 12 00 1A 0D 80 00 00 00 10 AA AA AA AA AA AA AA AA AA AA << 02 12 00 1A 0D 80 00 00 00 10 AA AA AA AA AA AA AA AA AA AA
AA AA AA AA AA AA AA AA AA AA AA AA
90 00 90 00
TLS and DTLS Security Modules December 2018
// Process-EAP-Encrypt type=15h (Alert), payload = 0100 // Process-EAP-Encrypt type=15h (Alert), payload = 0100
>> A0 80 00 95 08 01 13 00 08 0D 00 01 00 >> A0 80 00 95 08 01 13 00 08 0D 00 01 00
// Encrypted DTLS Record Layer packet in EAP-Response // Encrypted DTLS Record Layer packet in EAP-Response
<< 02 13 00 47 0D 80 00 00 00 3D 15 FE FF 00 01 00 00 00 00 00 << 02 13 00 47 0D 80 00 00 00 3D 15 FE FF 00 01 00 00 00 00 00
02 00 30 76 A5 73 71 9A 69 A3 8F DE 2F 0D 3D 15 49 D5 C1 01 02 00 30 76 A5 73 71 9A 69 A3 8F DE 2F 0D 3D 15 49 D5 C1 01
23 AE 0A 0B BB 14 F4 EC 8E 2E 84 A0 76 20 BF 3B 56 E7 C2 B9 23 AE 0A 0B BB 14 F4 EC 8E 2E 84 A0 76 20 BF 3B 56 E7 C2 B9
A4 0B 13 C2 71 BD AE C4 7F 95 32 A4 0B 13 C2 71 BD AE C4 7F 95 32
90 00 90 00
skipping to change at page 23, line 4 skipping to change at page 23, line 4
(TLS) Protocol Version 1.1", RFC 4346, April 2006 (TLS) Protocol Version 1.1", RFC 4346, April 2006
[DTLS 1.0] E. Rescorla, N. Modadugu, " Datagram Transport Layer [DTLS 1.0] E. Rescorla, N. Modadugu, " Datagram Transport Layer
Security", RFC 4347, April 2006 Security", RFC 4347, April 2006
[EAP-TLS] D. Simon, B. Aboba, R. Hurst, "The EAP-TLS Authentication [EAP-TLS] D. Simon, B. Aboba, R. Hurst, "The EAP-TLS Authentication
Protocol", RFC 5216, March 2008 Protocol", RFC 5216, March 2008
[TLS 1.2] Dierks, T., Rescorla, E., "The Transport Layer Security [TLS 1.2] Dierks, T., Rescorla, E., "The Transport Layer Security
(TLS) Protocol Version 1.1", RFC 5746, August 2008 (TLS) Protocol Version 1.1", RFC 5746, August 2008
TLS and DTLS Security Modules December 2018
[DTLS 1.2] E. Rescorla, N. Modadugu "Datagram Transport Layer [DTLS 1.2] E. Rescorla, N. Modadugu "Datagram Transport Layer
Security Version 1.2", RFC 6347, January 2012 Security Version 1.2", RFC 6347, January 2012
[COAP] Z. Shelby, K. Hartke, C. Bormann, "The Constrained [COAP] Z. Shelby, K. Hartke, C. Bormann, "The Constrained
Application Protocol (CoAP)", RFC 7252, June 2014 Application Protocol (CoAP)", RFC 7252, June 2014
[ISO7816] ISO 7816, "Cards Identification - Integrated Circuit Cards [ISO7816] ISO 7816, "Cards Identification - Integrated Circuit Cards
with Contacts", The International Organization for Standardization with Contacts", The International Organization for Standardization
(ISO) (ISO)
 End of changes. 26 change blocks. 
48 lines changed or deleted 5 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/