draft-ietf-lwig-security-protocol-comparison-00.txt   draft-ietf-lwig-security-protocol-comparison-01.txt 
Network Working Group J. Mattsson Network Working Group J. Mattsson
Internet-Draft F. Palombini Internet-Draft F. Palombini
Intended status: Informational Ericsson AB Intended status: Informational Ericsson AB
Expires: November 28, 2018 May 27, 2018 Expires: January 3, 2019 July 2, 2018
Comparison of CoAP Security Protocols Comparison of CoAP Security Protocols
draft-ietf-lwig-security-protocol-comparison-00 draft-ietf-lwig-security-protocol-comparison-01
Abstract Abstract
This document analyzes and compares per-packet message size overheads This document analyzes and compares per-packet message size overheads
when using different security protocols to secure CoAP. The analyzed when using different security protocols to secure CoAP. The analyzed
security protocols are DTLS 1.2, DTLS 1.3, TLS 1.2, TLS 1.3, and security protocols are DTLS 1.2, DTLS 1.3, TLS 1.2, TLS 1.3, and
OSCORE. DTLS and TLS are analyzed with and without 6LoWPAN-GHC OSCORE. DTLS and TLS are analyzed with and without 6LoWPAN-GHC
compression. DTLS is analyzed with and without Connection ID. compression. DTLS is analyzed with and without Connection ID.
Status of This Memo Status of This Memo
skipping to change at page 1, line 34 skipping to change at page 1, line 34
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on November 28, 2018. This Internet-Draft will expire on January 3, 2019.
Copyright Notice Copyright Notice
Copyright (c) 2018 IETF Trust and the persons identified as the Copyright (c) 2018 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 19 skipping to change at page 2, line 19
2.1. DTLS 1.2 . . . . . . . . . . . . . . . . . . . . . . . . 3 2.1. DTLS 1.2 . . . . . . . . . . . . . . . . . . . . . . . . 3
2.1.1. DTLS 1.2 . . . . . . . . . . . . . . . . . . . . . . 3 2.1.1. DTLS 1.2 . . . . . . . . . . . . . . . . . . . . . . 3
2.1.2. DTLS 1.2 with 6LoWPAN-GHC . . . . . . . . . . . . . . 4 2.1.2. DTLS 1.2 with 6LoWPAN-GHC . . . . . . . . . . . . . . 4
2.1.3. DTLS 1.2 with Connection ID . . . . . . . . . . . . . 4 2.1.3. DTLS 1.2 with Connection ID . . . . . . . . . . . . . 4
2.1.4. DTLS 1.2 with Connection ID and 6LoWPAN-GHC . . . . . 5 2.1.4. DTLS 1.2 with Connection ID and 6LoWPAN-GHC . . . . . 5
2.2. DTLS 1.3 . . . . . . . . . . . . . . . . . . . . . . . . 6 2.2. DTLS 1.3 . . . . . . . . . . . . . . . . . . . . . . . . 6
2.2.1. DTLS 1.3 . . . . . . . . . . . . . . . . . . . . . . 6 2.2.1. DTLS 1.3 . . . . . . . . . . . . . . . . . . . . . . 6
2.2.2. DTLS 1.3 with 6LoWPAN-GHC . . . . . . . . . . . . . . 6 2.2.2. DTLS 1.3 with 6LoWPAN-GHC . . . . . . . . . . . . . . 6
2.2.3. DTLS 1.3 with Connection ID . . . . . . . . . . . . . 7 2.2.3. DTLS 1.3 with Connection ID . . . . . . . . . . . . . 7
2.2.4. DTLS 1.3 with Connection ID and 6LoWPAN-GHC . . . . . 7 2.2.4. DTLS 1.3 with Connection ID and 6LoWPAN-GHC . . . . . 7
2.2.5. DTLS 1.3 with short header . . . . . . . . . . . . . 8 2.2.5. DTLS 1.3 with Short Header . . . . . . . . . . . . . 8
2.2.6. DTLS 1.3 with short header and 6LoWPAN-GHC . . . . . 8 2.2.6. DTLS 1.3 with Short Header and 6LoWPAN-GHC . . . . . 8
2.3. TLS 1.2 . . . . . . . . . . . . . . . . . . . . . . . . . 9 2.3. TLS 1.2 . . . . . . . . . . . . . . . . . . . . . . . . . 9
2.3.1. TLS 1.2 . . . . . . . . . . . . . . . . . . . . . . . 9 2.3.1. TLS 1.2 . . . . . . . . . . . . . . . . . . . . . . . 9
2.3.2. TLS 1.2 with 6LoWPAN-GHC . . . . . . . . . . . . . . 9 2.3.2. TLS 1.2 with 6LoWPAN-GHC . . . . . . . . . . . . . . 9
2.4. TLS 1.3 . . . . . . . . . . . . . . . . . . . . . . . . . 10 2.4. TLS 1.3 . . . . . . . . . . . . . . . . . . . . . . . . . 10
2.4.1. TLS 1.3 . . . . . . . . . . . . . . . . . . . . . . . 10 2.4.1. TLS 1.3 . . . . . . . . . . . . . . . . . . . . . . . 10
2.4.2. TLS 1.3 with 6LoWPAN-GHC . . . . . . . . . . . . . . 10 2.4.2. TLS 1.3 with 6LoWPAN-GHC . . . . . . . . . . . . . . 10
2.5. OSCORE . . . . . . . . . . . . . . . . . . . . . . . . . 11 2.5. OSCORE . . . . . . . . . . . . . . . . . . . . . . . . . 11
3. Overhead with Different Parameters . . . . . . . . . . . . . 12 3. Overhead with Different Parameters . . . . . . . . . . . . . 12
4. Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 4. Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
5. Security Considerations . . . . . . . . . . . . . . . . . . . 15 5. Security Considerations . . . . . . . . . . . . . . . . . . . 15
skipping to change at page 3, line 8 skipping to change at page 3, line 8
[I-D.ietf-core-object-security]. The DTLS and TLS record layers are [I-D.ietf-core-object-security]. The DTLS and TLS record layers are
analyzed with and without compression. DTLS is anlyzed with and analyzed with and without compression. DTLS is anlyzed with and
without Connection ID [I-D.ietf-tls-dtls-connection-id] and DTLS 1.3 without Connection ID [I-D.ietf-tls-dtls-connection-id] and DTLS 1.3
is analyzed with and without the use of the short header. Readers is analyzed with and without the use of the short header. Readers
are expected to be familiar with some of the terms described in RFC are expected to be familiar with some of the terms described in RFC
7925 [RFC7925], such as ICV. 7925 [RFC7925], such as ICV.
2. Overhead of Security Protocols 2. Overhead of Security Protocols
To enable comparison, all the overhead calculations in this section To enable comparison, all the overhead calculations in this section
use AES-CCM with a tag length of 8 bytes (i.e. AES_128_CCM_8, AES- use AES-CCM with a tag length of 8 bytes (e.g. AES_128_CCM_8 or AES-
CCM-16-64, or AES-CCM-64-64), a plaintext of 6 bytes, and the CCM-16-64), a plaintext of 6 bytes, and the sequence number '05'.
sequence number '05'. This follows the example in [RFC7400], This follows the example in [RFC7400], Figure 16.
Figure 16.
Note that the compressed overhead calculations for DLTS 1.2, DTLS Note that the compressed overhead calculations for DLTS 1.2, DTLS
1.3, TLS 1.2 and TLS 1.3 are dependent on the parameters epoch, 1.3, TLS 1.2 and TLS 1.3 are dependent on the parameters epoch,
sequence number, and length, and all the overhead calculations are sequence number, and length, and all the overhead calculations are
dependent on the parameter Connection ID when used. Note that the dependent on the parameter Connection ID when used. Note that the
OSCORE overhead calculations are dependent on the CoAP option OSCORE overhead calculations are dependent on the CoAP option
numbers, as well as the length of the OSCORE parameters Sender ID and numbers, as well as the length of the OSCORE parameters Sender ID and
Sequence Number. The following are only examples. Sequence Number. The following are only examples.
2.1. DTLS 1.2 2.1. DTLS 1.2
2.1.1. DTLS 1.2 2.1.1. DTLS 1.2
This section analyzes the overhead of DTLS 1.2 [RFC6347]. The nonce This section analyzes the overhead of DTLS 1.2 [RFC6347]. The nonce
follow the strict profiling given in [RFC7925]. This example is follow the strict profiling given in [RFC7925]. This example is
taken directly from [RFC7400], Figure 16. taken directly from [RFC7400], Figure 16.
DTLS 1.2 Record Layer (35 bytes, 29 bytes overhead): DTLS 1.2 record layer (35 bytes, 29 bytes overhead):
17 fe fd 00 01 00 00 00 00 00 05 00 16 00 01 00 17 fe fd 00 01 00 00 00 00 00 05 00 16 00 01 00
00 00 00 00 05 ae a0 15 56 67 92 4d ff 8a 24 e4 00 00 00 00 05 ae a0 15 56 67 92 4d ff 8a 24 e4
cb 35 b9 cb 35 b9
Content type: Content type:
17 17
Version: Version:
fe fd fe fd
Epoch: Epoch:
00 01 00 01
skipping to change at page 4, line 8 skipping to change at page 4, line 8
Ciphertext: Ciphertext:
ae a0 15 56 67 92 ae a0 15 56 67 92
ICV: ICV:
4d ff 8a 24 e4 cb 35 b9 4d ff 8a 24 e4 cb 35 b9
DTLS 1.2 gives 29 bytes overhead. DTLS 1.2 gives 29 bytes overhead.
2.1.2. DTLS 1.2 with 6LoWPAN-GHC 2.1.2. DTLS 1.2 with 6LoWPAN-GHC
This section analyzes the overhead of DTLS 1.2 [RFC6347] when This section analyzes the overhead of DTLS 1.2 [RFC6347] when
compressed with [RFC7400]. The compression was done with compressed with 6LoWPAN-GHC [RFC7400]. The compression was done with
[OlegHahm-ghc]. [OlegHahm-ghc].
Note that the sequence number '01' used in [RFC7400], Figure 15 gives Note that the sequence number '01' used in [RFC7400], Figure 15 gives
an exceptionally small overhead that is not representative. an exceptionally small overhead that is not representative.
Note that this header compression is not available when DTLS is Note that this header compression is not available when DTLS is used
exchanged over transports that do not use 6LoWPAN together with over transports that do not use 6LoWPAN together with 6LoWPAN-GHC.
6LoWPAN-GHC.
Compressed DTLS 1.2 Record Layer (22 bytes, 16 bytes overhead): Compressed DTLS 1.2 record layer (22 bytes, 16 bytes overhead):
b0 c3 03 05 00 16 f2 0e ae a0 15 56 67 92 4d ff b0 c3 03 05 00 16 f2 0e ae a0 15 56 67 92 4d ff
8a 24 e4 cb 35 b9 8a 24 e4 cb 35 b9
Compressed DTLS 1.2 Record Layer Header and Nonce: Compressed DTLS 1.2 record layer header and nonce:
b0 c3 03 05 00 16 f2 0e b0 c3 03 05 00 16 f2 0e
Ciphertext: Ciphertext:
ae a0 15 56 67 92 ae a0 15 56 67 92
ICV: ICV:
4d ff 8a 24 e4 cb 35 b9 4d ff 8a 24 e4 cb 35 b9
When compressed with 6LoWPAN-GHC, DTLS 1.2 with the above parameters When compressed with 6LoWPAN-GHC, DTLS 1.2 with the above parameters
(epoch, sequence number, length) gives 16 bytes overhead. (epoch, sequence number, length) gives 16 bytes overhead.
2.1.3. DTLS 1.2 with Connection ID 2.1.3. DTLS 1.2 with Connection ID
This section analyzes the overhead of DTLS 1.2 [RFC6347] with This section analyzes the overhead of DTLS 1.2 [RFC6347] with
Connection ID [I-D.ietf-tls-dtls-connection-id]. The overhead Connection ID [I-D.ietf-tls-dtls-connection-id]. The overhead
calculations in this section uses Connection ID = '42'. DTLS with a calculations in this section uses Connection ID = '42'. DTLS recored
Connection ID = '' (the empty string) is equal to DTLS without layer with a Connection ID = '' (the empty string) is equal to DTLS
Connection ID. without Connection ID.
DTLS 1.2 Record Layer (36 bytes, 30 bytes overhead): DTLS 1.2 record layer (36 bytes, 30 bytes overhead):
17 fe fd 00 01 00 00 00 00 00 05 42 00 16 00 01 17 fe fd 00 01 00 00 00 00 00 05 42 00 16 00 01
00 00 00 00 00 05 ae a0 15 56 67 92 4d ff 8a 24 00 00 00 00 00 05 ae a0 15 56 67 92 4d ff 8a 24
e4 cb 35 b9 e4 cb 35 b9
Content type: Content type:
17 17
Version: Version:
fe fd fe fd
Epoch: Epoch:
00 01 00 01
skipping to change at page 5, line 35 skipping to change at page 5, line 35
ae a0 15 56 67 92 ae a0 15 56 67 92
ICV: ICV:
4d ff 8a 24 e4 cb 35 b9 4d ff 8a 24 e4 cb 35 b9
DTLS 1.2 with Connection ID gives 30 bytes overhead. DTLS 1.2 with Connection ID gives 30 bytes overhead.
2.1.4. DTLS 1.2 with Connection ID and 6LoWPAN-GHC 2.1.4. DTLS 1.2 with Connection ID and 6LoWPAN-GHC
This section analyzes the overhead of DTLS 1.2 [RFC6347] with This section analyzes the overhead of DTLS 1.2 [RFC6347] with
Connection ID [I-D.ietf-tls-dtls-connection-id] when compressed with Connection ID [I-D.ietf-tls-dtls-connection-id] when compressed with
[RFC7400] [OlegHahm-ghc]. 6LoWPAN-GHC [RFC7400] [OlegHahm-ghc].
Note that the sequence number '01' used in [RFC7400], Figure 15 gives Note that the sequence number '01' used in [RFC7400], Figure 15 gives
an exceptionally small overhead that is not representative. an exceptionally small overhead that is not representative.
Note that this header compression is not available when DTLS is Note that this header compression is not available when DTLS is used
exchanged over transports that do not use 6LoWPAN together with over transports that do not use 6LoWPAN together with 6LoWPAN-GHC.
6LoWPAN-GHC.
Compressed DTLS 1.2 Record Layer (23 bytes, 17 bytes overhead): Compressed DTLS 1.2 record layer (23 bytes, 17 bytes overhead):
b0 c3 04 05 42 00 16 f2 0e ae a0 15 56 67 92 4d b0 c3 04 05 42 00 16 f2 0e ae a0 15 56 67 92 4d
ff 8a 24 e4 cb 35 b9 ff 8a 24 e4 cb 35 b9
Compressed DTLS 1.2 Record Layer Header and Nonce: Compressed DTLS 1.2 record layer header and nonce:
b0 c3 04 05 42 00 16 f2 0e b0 c3 04 05 42 00 16 f2 0e
Ciphertext: Ciphertext:
ae a0 15 56 67 92 ae a0 15 56 67 92
ICV: ICV:
4d ff 8a 24 e4 cb 35 b9 4d ff 8a 24 e4 cb 35 b9
When compressed with 6LoWPAN-GHC, DTLS 1.2 with the above parameters When compressed with 6LoWPAN-GHC, DTLS 1.2 with the above parameters
(epoch, sequence number, Connection ID, length) gives 17 bytes (epoch, sequence number, Connection ID, length) gives 17 bytes
overhead. overhead.
2.2. DTLS 1.3 2.2. DTLS 1.3
2.2.1. DTLS 1.3 2.2.1. DTLS 1.3
This section analyzes the overhead of DTLS 1.3 [I-D.ietf-tls-dtls13]. This section analyzes the overhead of DTLS 1.3 [I-D.ietf-tls-dtls13].
The changes compared to DTLS 1.2 are: omission of version number, The changes compared to DTLS 1.2 are: omission of version number,
skipping to change at page 6, line 29 skipping to change at page 6, line 17
2.2. DTLS 1.3 2.2. DTLS 1.3
2.2.1. DTLS 1.3 2.2.1. DTLS 1.3
This section analyzes the overhead of DTLS 1.3 [I-D.ietf-tls-dtls13]. This section analyzes the overhead of DTLS 1.3 [I-D.ietf-tls-dtls13].
The changes compared to DTLS 1.2 are: omission of version number, The changes compared to DTLS 1.2 are: omission of version number,
merging of epoch and sequence number fields (of total 8 bytes) into merging of epoch and sequence number fields (of total 8 bytes) into
one 4-bytes-field. one 4-bytes-field.
DTLS 1.3 Record Layer (22 bytes, 16 bytes overhead): DTLS 1.3 record layer (22 bytes, 16 bytes overhead):
17 40 00 00 05 00 0f ae a0 15 56 67 92 ec 4d ff 17 40 00 00 05 00 0f ae a0 15 56 67 92 ec 4d ff
8a 24 e4 cb 35 b9 8a 24 e4 cb 35 b9
Content type: Content type:
17 17
Epoch and Sequence: Epoch and sequence:
40 00 00 05 40 00 00 05
Length: Length:
00 0f 00 0f
Ciphertext (including encrypted ContentType): Ciphertext (including encrypted content type):
ae a0 15 56 67 92 ec ae a0 15 56 67 92 ec
ICV: ICV:
4d ff 8a 24 e4 cb 35 b9 4d ff 8a 24 e4 cb 35 b9
DTLS 1.3 gives 16 bytes overhead. DTLS 1.3 gives 16 bytes overhead.
2.2.2. DTLS 1.3 with 6LoWPAN-GHC 2.2.2. DTLS 1.3 with 6LoWPAN-GHC
This section analyzes the overhead of DTLS 1.3 [I-D.ietf-tls-dtls13] This section analyzes the overhead of DTLS 1.3 [I-D.ietf-tls-dtls13]
when compressed with [RFC7400] [OlegHahm-ghc]. when compressed with 6LoWPAN-GHC [RFC7400] [OlegHahm-ghc].
Note that this header compression is not available when DTLS is Note that this header compression is not available when DTLS is used
exchanged over transports that do not use 6LoWPAN together with over transports that do not use 6LoWPAN together with 6LoWPAN-GHC.
6LoWPAN-GHC.
Compressed DTLS 1.3 Record Layer (23 bytes, 17 bytes overhead): Compressed DTLS 1.3 record layer (23 bytes, 17 bytes overhead):
02 17 40 80 12 05 00 0f ae a0 15 56 67 92 ec 4d 02 17 40 80 12 05 00 0f ae a0 15 56 67 92 ec 4d
ff 8a 24 e4 cb 35 b9 ff 8a 24 e4 cb 35 b9
Compressed DTLS 1.3 Record Layer Header and Nonce: Compressed DTLS 1.3 record layer header and nonce:
02 17 40 80 12 05 00 0f 02 17 40 80 12 05 00 0f
Ciphertext (including encrypted ContentType): Ciphertext (including encrypted content type):
ae a0 15 56 67 92 ec ae a0 15 56 67 92 ec
ICV: ICV:
4d ff 8a 24 e4 cb 35 b9 4d ff 8a 24 e4 cb 35 b9
When compressed with 6LoWPAN-GHC, DTLS 1.3 with the above parameters When compressed with 6LoWPAN-GHC, DTLS 1.3 with the above parameters
(epoch, sequence number, length) gives 17 bytes overhead. (epoch, sequence number, length) gives 17 bytes overhead.
2.2.3. DTLS 1.3 with Connection ID 2.2.3. DTLS 1.3 with Connection ID
This section analyzes the overhead of DTLS 1.3 [I-D.ietf-tls-dtls13] This section analyzes the overhead of DTLS 1.3 [I-D.ietf-tls-dtls13]
with Connection ID [I-D.ietf-tls-dtls-connection-id]. with Connection ID [I-D.ietf-tls-dtls-connection-id].
DTLS 1.3 Record Layer (23 bytes, 17 bytes overhead): DTLS 1.3 record layer (23 bytes, 17 bytes overhead):
17 40 00 00 05 42 00 0f ae a0 15 56 67 92 ec 4d 17 40 00 00 05 42 00 0f ae a0 15 56 67 92 ec 4d
ff 8a 24 e4 cb 35 b9 ff 8a 24 e4 cb 35 b9
Content type: Content type:
17 17
Epoch and Sequence: Epoch and sequence:
40 00 00 05 40 00 00 05
Connection ID: Connection ID:
42 42
Length: Length:
00 0f 00 0f
Ciphertext (including encrypted ContentType): Ciphertext (including encrypted content type):
ae a0 15 56 67 92 ec ae a0 15 56 67 92 ec
ICV: ICV:
4d ff 8a 24 e4 cb 35 b9 4d ff 8a 24 e4 cb 35 b9
DTLS 1.3 gives 17 bytes overhead. DTLS 1.3 gives 17 bytes overhead.
2.2.4. DTLS 1.3 with Connection ID and 6LoWPAN-GHC 2.2.4. DTLS 1.3 with Connection ID and 6LoWPAN-GHC
This section analyzes the overhead of DTLS 1.3 [I-D.ietf-tls-dtls13] This section analyzes the overhead of DTLS 1.3 [I-D.ietf-tls-dtls13]
with Connection ID [I-D.ietf-tls-dtls-connection-id] when compressed with Connection ID [I-D.ietf-tls-dtls-connection-id] when compressed
with [RFC7400] [OlegHahm-ghc]. with 6LoWPAN-GHC [RFC7400] [OlegHahm-ghc].
Note that this header compression is not available when DTLS is Note that this header compression is not available when DTLS is used
exchanged over transports that do not use 6LoWPAN together with over transports that do not use 6LoWPAN together with 6LoWPAN-GHC.
6LoWPAN-GHC.
Compressed DTLS 1.3 Record Layer (24 bytes, 18 bytes overhead): Compressed DTLS 1.3 record layer (24 bytes, 18 bytes overhead):
02 17 40 80 13 05 42 00 0f ae a0 15 56 67 92 ec 02 17 40 80 13 05 42 00 0f ae a0 15 56 67 92 ec
4d ff 8a 24 e4 cb 35 b9 4d ff 8a 24 e4 cb 35 b9
Compressed DTLS 1.3 Record Layer Header and Nonce: Compressed DTLS 1.3 record layer header and nonce:
02 17 40 80 13 05 42 00 0f 02 17 40 80 13 05 42 00 0f
Ciphertext (including encrypted ContentType): Ciphertext (including encrypted content type):
ae a0 15 56 67 92 ec ae a0 15 56 67 92 ec
ICV: ICV:
4d ff 8a 24 e4 cb 35 b9 4d ff 8a 24 e4 cb 35 b9
When compressed with 6LoWPAN-GHC, DTLS 1.3 with the above parameters When compressed with 6LoWPAN-GHC, DTLS 1.3 with the above parameters
(epoch, sequence number, Connection ID, length) gives 18 bytes (epoch, sequence number, Connection ID, length) gives 18 bytes
overhead. overhead.
2.2.5. DTLS 1.3 with short header 2.2.5. DTLS 1.3 with Short Header
This section analyzes the overhead of DTLS 1.3 with short header This section analyzes the overhead of DTLS 1.3 with short header
format [I-D.ietf-tls-dtls13]. The short header format for DTLS 1.3 format [I-D.ietf-tls-dtls13]. The short header format for DTLS 1.3
reduces the header of 5 bytes, by omitting the length value and reduces the header of 5 bytes, by omitting the length value and
sending 1 lower bit of epoch value instead of 2, and 12 lower bits of sending 1 lower bit of epoch value instead of 2, and 12 lower bits of
sequence number instead of 30. sequence number instead of 30.
DTLS 1.3 Record Layer (17 bytes, 11 bytes overhead): DTLS 1.3 record layer (17 bytes, 11 bytes overhead):
30 05 ae a0 15 56 67 92 ec 4d ff 8a 24 e4 cb 35 30 05 ae a0 15 56 67 92 ec 4d ff 8a 24 e4 cb 35
b9 b9
DTLS 1.3 short header: Short epoch and sequence:
30 05 30 05
Ciphertext (including encrypted ContentType): Ciphertext (including encrypted content type):
ae a0 15 56 67 92 ec ae a0 15 56 67 92 ec
ICV: ICV:
4d ff 8a 24 e4 cb 35 b9 4d ff 8a 24 e4 cb 35 b9
DTLS 1.3 with short header gives 11 bytes overhead. DTLS 1.3 with short header gives 11 bytes overhead.
2.2.6. DTLS 1.3 with short header and 6LoWPAN-GHC 2.2.6. DTLS 1.3 with Short Header and 6LoWPAN-GHC
This section analyzes the overhead of DTLS 1.3 with short header This section analyzes the overhead of DTLS 1.3 with short header
[I-D.ietf-tls-dtls13] when compressed with [RFC7400] [OlegHahm-ghc]. [I-D.ietf-tls-dtls13] when compressed with 6LoWPAN-GHC [RFC7400]
[OlegHahm-ghc].
Compressed DTLS 1.3 Record Layer (18 bytes, 12 bytes overhead) Compressed DTLS 1.3 record layer (18 bytes, 12 bytes overhead):
11 30 05 ae a0 15 56 67 92 ec 4d ff 8a 24 e4 cb 11 30 05 ae a0 15 56 67 92 ec 4d ff 8a 24 e4 cb
35 b9 35 b9
Compressed DTLS 1.3 short header (including sequence number) Compressed DTLS 1.3 short header (including sequence number):
11 30 05 11 30 05
Ciphertext (including encrypted ContentType): Ciphertext (including encrypted content type):
ae a0 15 56 67 92 ec ae a0 15 56 67 92 ec
ICV: ICV:
4d ff 8a 24 e4 cb 35 b9 4d ff 8a 24 e4 cb 35 b9
Compressed DTLS 1.3 with short header gives 12 bytes overhead. Compressed DTLS 1.3 with short header gives 12 bytes overhead.
2.3. TLS 1.2 2.3. TLS 1.2
2.3.1. TLS 1.2 2.3.1. TLS 1.2
skipping to change at page 9, line 48 skipping to change at page 9, line 35
Ciphertext: Ciphertext:
ae a0 15 56 67 92 ae a0 15 56 67 92
ICV: ICV:
4d ff 8a 24 e4 cb 35 b9 4d ff 8a 24 e4 cb 35 b9
TLS 1.2 gives 21 bytes overhead. TLS 1.2 gives 21 bytes overhead.
2.3.2. TLS 1.2 with 6LoWPAN-GHC 2.3.2. TLS 1.2 with 6LoWPAN-GHC
This section analyzes the overhead of TLS 1.2 [RFC5246] when This section analyzes the overhead of TLS 1.2 [RFC5246] when
compressed with [RFC7400] [OlegHahm-ghc]. compressed with 6LoWPAN-GHC [RFC7400] [OlegHahm-ghc].
Note that this header compression is not available when TLS is Note that this header compression is not available when TLS is used
exchanged over transports that do not use 6LoWPAN together with over transports that do not use 6LoWPAN together with 6LoWPAN-GHC.
6LoWPAN-GHC.
Compressed TLS 1.2 Record Layer (23 bytes, 17 bytes overhead): Compressed TLS 1.2 record layer (23 bytes, 17 bytes overhead):
05 17 03 03 00 16 85 0f 05 ae a0 15 56 67 92 4d 05 17 03 03 00 16 85 0f 05 ae a0 15 56 67 92 4d
ff 8a 24 e4 cb 35 b9 ff 8a 24 e4 cb 35 b9
Compressed TLS 1.2 Record Layer Header and Nonce: Compressed TLS 1.2 record layer header and nonce:
05 17 03 03 00 16 85 0f 05 05 17 03 03 00 16 85 0f 05
Ciphertext: Ciphertext:
ae a0 15 56 67 92 ae a0 15 56 67 92
ICV: ICV:
4d ff 8a 24 e4 cb 35 b9 4d ff 8a 24 e4 cb 35 b9
When compressed with 6LoWPAN-GHC, TLS 1.2 with the above parameters When compressed with 6LoWPAN-GHC, TLS 1.2 with the above parameters
(epoch, sequence number, length) gives 17 bytes overhead. (epoch, sequence number, length) gives 17 bytes overhead.
2.4. TLS 1.3 2.4. TLS 1.3
skipping to change at page 10, line 33 skipping to change at page 10, line 19
This section analyzes the overhead of TLS 1.3 [I-D.ietf-tls-tls13]. This section analyzes the overhead of TLS 1.3 [I-D.ietf-tls-tls13].
The change compared to TLS 1.2 is that the TLS 1.3 record layer uses The change compared to TLS 1.2 is that the TLS 1.3 record layer uses
a different version. a different version.
TLS 1.3 Record Layer (20 bytes, 14 bytes overhead): TLS 1.3 Record Layer (20 bytes, 14 bytes overhead):
17 03 03 00 16 ae a0 15 56 67 92 ec 4d ff 8a 24 17 03 03 00 16 ae a0 15 56 67 92 ec 4d ff 8a 24
e4 cb 35 b9 e4 cb 35 b9
Content type: Content type:
17 17
Legacy Version: Legacy version:
03 03 03 03
Length: Length:
00 0f 00 0f
Ciphertext (including encrypted ContentType): Ciphertext (including encrypted content type):
ae a0 15 56 67 92 ec ae a0 15 56 67 92 ec
ICV: ICV:
4d ff 8a 24 e4 cb 35 b9 4d ff 8a 24 e4 cb 35 b9
TLS 1.3 gives 14 bytes overhead. TLS 1.3 gives 14 bytes overhead.
2.4.2. TLS 1.3 with 6LoWPAN-GHC 2.4.2. TLS 1.3 with 6LoWPAN-GHC
This section analyzes the overhead of TLS 1.3 [I-D.ietf-tls-tls13] This section analyzes the overhead of TLS 1.3 [I-D.ietf-tls-tls13]
when compressed with [RFC7400] [OlegHahm-ghc]. when compressed with 6LoWPAN-GHC [RFC7400] [OlegHahm-ghc].
Note that this header compression is not available when TLS is Note that this header compression is not available when TLS is used
exchanged over transports that do not use 6LoWPAN together with over transports that do not use 6LoWPAN together with 6LoWPAN-GHC.
6LoWPAN-GHC.
Compressed TLS 1.3 Record Layer (21 bytes, 15 bytes overhead) Compressed TLS 1.3 record layer (21 bytes, 15 bytes overhead):
14 17 03 03 00 0f ae a0 15 56 67 92 ec 4d ff 8a 14 17 03 03 00 0f ae a0 15 56 67 92 ec 4d ff 8a
24 e4 cb 35 b9 24 e4 cb 35 b9
Compressed TLS 1.3 Record Layer Header and Nonce: Compressed TLS 1.3 record layer header and nonce:
14 17 03 03 00 0f 14 17 03 03 00 0f
Ciphertext (including encrypted ContentType): Ciphertext (including encrypted content type):
ae a0 15 56 67 92 ec ae a0 15 56 67 92 ec
ICV: ICV:
4d ff 8a 24 e4 cb 35 b9 4d ff 8a 24 e4 cb 35 b9
When compressed with 6LoWPAN-GHC, TLS 1.3 with the above parameters When compressed with 6LoWPAN-GHC, TLS 1.3 with the above parameters
(epoch, sequence number, length) gives 15 bytes overhead. (epoch, sequence number, length) gives 15 bytes overhead.
2.5. OSCORE 2.5. OSCORE
This section analyzes the overhead of OSCORE This section analyzes the overhead of OSCORE
[I-D.ietf-core-object-security]. [I-D.ietf-core-object-security].
Note that Sender ID = '' (empty string) can only be used by one
client per server.
The examples below assume that the original messages does not have
payload (note that this does not affect the overhead).
The below calculation Option Delta = '9', Sender ID = '' (empty The below calculation Option Delta = '9', Sender ID = '' (empty
string), and Sequence Number = '05', and is only an example. string), and Sequence Number = '05', and is only an example. Note
that Sender ID = '' (empty string) can only be used by one client per
server.
OSCORE Request (19 bytes, 13 bytes overhead): OSCORE request (19 bytes, 13 bytes overhead):
92 09 05 92 09 05
ff ec ae a0 15 56 67 92 4d ff 8a 24 e4 cb 35 b9 ff ec ae a0 15 56 67 92 4d ff 8a 24 e4 cb 35 b9
CoAP Option Delta and Length CoAP option delta and length:
92 92
Option Value (flag byte and sequence number): Option value (flag byte and sequence number):
09 05 09 05
Payload Marker Payload marker:
ff ff
Ciphertext (including encrypted code): Ciphertext (including encrypted code):
ec ae a0 15 56 67 92 ec ae a0 15 56 67 92
ICV: ICV:
4d ff 8a 24 e4 cb 35 b9 4d ff 8a 24 e4 cb 35 b9
The below calculation Option Delta = '9', Sender ID = '42', and The below calculation Option Delta = '9', Sender ID = '42', and
Sequence Number = '05', and is only an example. Sequence Number = '05', and is only an example.
OSCORE Request (20 bytes, 14 bytes overhead): OSCORE request (20 bytes, 14 bytes overhead):
93 09 05 42 93 09 05 42
ff ec ae a0 15 56 67 92 4d ff 8a 24 e4 cb 35 b9 ff ec ae a0 15 56 67 92 4d ff 8a 24 e4 cb 35 b9
CoAP Option Delta and Length CoAP option delta and length:
93 93
Option Value (flag byte, sequence number, and Sender ID): Option Value (flag byte, sequence number, and Sender ID):
09 05 42 09 05 42
Payload Marker Payload marker:
ff ff
Ciphertext (including encrypted code): Ciphertext (including encrypted code):
ec ae a0 15 56 67 92 ec ae a0 15 56 67 92
ICV: ICV:
4d ff 8a 24 e4 cb 35 b9 4d ff 8a 24 e4 cb 35 b9
The below calculation uses Option Delta = '9'. The below calculation uses Option Delta = '9'.
OSCORE Response (17 bytes, 11 bytes overhead): OSCORE response (17 bytes, 11 bytes overhead):
90 90
ff ec ae a0 15 56 67 92 4d ff 8a 24 e4 cb 35 b9 ff ec ae a0 15 56 67 92 4d ff 8a 24 e4 cb 35 b9
CoAP Delta and Option Length: CoAP delta and option length:
90 90
Option Value Option value:
- -
Payload Marker Payload marker:
ff ff
Ciphertext (including encrypted code): Ciphertext (including encrypted code):
ec ae a0 15 56 67 92 ec ae a0 15 56 67 92
ICV: ICV:
4d ff 8a 24 e4 cb 35 b9 4d ff 8a 24 e4 cb 35 b9
OSCORE with the above parameters gives 13-14 bytes overhead for OSCORE with the above parameters gives 13-14 bytes overhead for
requests and 11 bytes overhead for responses. requests and 11 bytes overhead for responses.
Unlike DTLS and TLS, OSCORE has much smaller overhead for responses Unlike DTLS and TLS, OSCORE has much smaller overhead for responses
skipping to change at page 13, line 26 skipping to change at page 13, line 21
DTLS 1.2 (GHC) 16 16 16 DTLS 1.2 (GHC) 16 16 16
DTLS 1.3 (GHC) 17 17 17 DTLS 1.3 (GHC) 17 17 17
DTLS 1.3 (short header) (GCH) 12 12 12 DTLS 1.3 (short header) (GCH) 12 12 12
------------------------------------------------------------- -------------------------------------------------------------
TLS 1.2 21 21 21 TLS 1.2 21 21 21
TLS 1.3 14 14 14 TLS 1.3 14 14 14
------------------------------------------------------------- -------------------------------------------------------------
TLS 1.2 (GHC) 17 18 19 TLS 1.2 (GHC) 17 18 19
TLS 1.3 (GHC) 15 16 17 TLS 1.3 (GHC) 15 16 17
------------------------------------------------------------- -------------------------------------------------------------
OSCORE Request 13 14 15 OSCORE request 13 14 15
OSCORE Response 11 11 11 OSCORE response 11 11 11
Figure 1: Overhead in bytes as a function of sequence number Figure 1: Overhead in bytes as a function of sequence number
(Connection/Sender ID = '') (Connection/Sender ID = '')
Connection/Sender ID '' '42' '4002' Connection/Sender ID '' '42' '4002'
------------------------------------------------------------- -------------------------------------------------------------
DTLS 1.2 29 30 31 DTLS 1.2 29 30 31
DTLS 1.3 16 17 18 DTLS 1.3 16 17 18
DTLS 1.3 (short header) 11 12 13 DTLS 1.3 (short header) 11 12 13
------------------------------------------------------------- -------------------------------------------------------------
DTLS 1.2 (GHC) 16 17 18 DTLS 1.2 (GHC) 16 17 18
DTLS 1.3 (GHC) 17 18 19 DTLS 1.3 (GHC) 17 18 19
DTLS 1.3 (short header) (GCH) 12 13 14 DTLS 1.3 (short header) (GCH) 12 13 14
------------------------------------------------------------- -------------------------------------------------------------
OSCORE Request 13 14 15 OSCORE request 13 14 15
OSCORE Response 11 11 11 OSCORE response 11 11 11
Figure 2: Overhead in bytes as a function of Connection/Sender ID Figure 2: Overhead in bytes as a function of Connection/Sender ID
(Sequence Number = '05') (Sequence Number = '05')
Protocol Overhead Overhead (GHC) Protocol Overhead Overhead (GHC)
------------------------------------------------------------- -------------------------------------------------------------
DTLS 1.2 21 8 DTLS 1.2 21 8
DTLS 1.3 8 9 DTLS 1.3 8 9
DTLS 1.3 (short header) 3 4 DTLS 1.3 (short header) 3 4
------------------------------------------------------------- -------------------------------------------------------------
TLS 1.2 13 9 TLS 1.2 13 9
TLS 1.3 6 7 TLS 1.3 6 7
------------------------------------------------------------- -------------------------------------------------------------
OSCORE Request 5 OSCORE request 5
OSCORE Response 3 OSCORE response 3
Figure 3: Overhead (excluding ICV) in bytes (Connection/Sender Figure 3: Overhead (excluding ICV) in bytes
ID = '', Sequence Number = '05') (Connection/Sender ID = '', Sequence Number = '05')
4. Summary 4. Summary
DTLS 1.2 has quite a large overhead as it uses an explicit sequence DTLS 1.2 has quite a large overhead as it uses an explicit sequence
number and an explicit nonce. TLS 1.2 has significantly less (but number and an explicit nonce. TLS 1.2 has significantly less (but
not small) overhead. TLS 1.3 and DTLS 1.3 have quite small overhead. not small) overhead. TLS 1.3 and DTLS 1.3 have quite small overhead.
OSCORE and DTLS 1.3 with short header format has very small overhead. OSCORE and DTLS 1.3 with short header format has very small overhead.
The Generic Header Compression (6LoWPAN-GHC) can in addition to DTLS The Generic Header Compression (6LoWPAN-GHC) can in addition to DTLS
1.2 handle TLS 1.2, and DTLS 1.2 with Connection ID. The Generic 1.2 handle TLS 1.2, and DTLS 1.2 with Connection ID. The Generic
Header Compression (6LoWPAN-GHC) works very well for Connection ID Header Compression (6LoWPAN-GHC) works very well for Connection ID
and the overhead seems to increase exactly with the length of the and the overhead seems to increase exactly with the length of the
Connection ID (which is optimal). The compression of TLS 1.2 is not Connection ID (which is optimal). The compression of TLS 1.2 is not
as good as the compression of DTLS 1.2 (as the static dictionary only as good as the compression of DTLS 1.2 (as the static dictionary only
contains the DTLS 1.2 version number). Similar compression levels as contains the DTLS 1.2 version number). Similar compression levels as
for DTLS could be achieved also for TLS 1.2, but this would require for DTLS could be achieved also for TLS 1.2, but this would require
different static dictionaries. For TLS 1.3 and DTLS 1.3, GHC different static dictionaries. For TLS 1.3 and DTLS 1.3, GHC
increases the overhead. The 6LoWPAN-GHC header compression is not increases the overhead. The 6LoWPAN-GHC header compression is not
available when (D)TLS is exchanged over transports that do not use available when (D)TLS is used over transports that do not use 6LoWPAN
6LoWPAN together with 6LoWPAN-GHC. together with 6LoWPAN-GHC.
The short header format for DTLS 1.3 reduces the header of 5 bytes, The short header format for DTLS 1.3 reduces the header of 5 bytes,
by omitting the length value and sending 1 lower bit of epoch value by omitting the length value and sending 1 lower bit of epoch value
instead of 2, and 12 lower bits of sequence number instead of 30. instead of 2, and 12 lower bits of sequence number instead of 30.
This may create problems reconstructing the full sequence number, if This may create problems reconstructing the full sequence number, if
~2000 datagrams in sequence are lost. ~2000 datagrams in sequence are lost.
OSCORE has much lower overhead than DTLS 1.2 and TLS 1.2. The OSCORE has much lower overhead than DTLS 1.2 and TLS 1.2. The
overhead of OSCORE is smaller than DTLS 1.2 and TLS 1.2 over 6LoWPAN overhead of OSCORE is smaller than DTLS 1.2 and TLS 1.2 over 6LoWPAN
with compression, and this small overhead is achieved even on with compression, and this small overhead is achieved even on
skipping to change at page 15, line 18 skipping to change at page 15, line 18
6. IANA Considerations 6. IANA Considerations
This document has no actions for IANA. This document has no actions for IANA.
7. Informative References 7. Informative References
[I-D.ietf-core-object-security] [I-D.ietf-core-object-security]
Selander, G., Mattsson, J., Palombini, F., and L. Seitz, Selander, G., Mattsson, J., Palombini, F., and L. Seitz,
"Object Security for Constrained RESTful Environments "Object Security for Constrained RESTful Environments
(OSCORE)", draft-ietf-core-object-security-12 (work in (OSCORE)", draft-ietf-core-object-security-13 (work in
progress), March 2018. progress), June 2018.
[I-D.ietf-tls-dtls-connection-id] [I-D.ietf-tls-dtls-connection-id]
Rescorla, E., Tschofenig, H., Fossati, T., and T. Gondrom, Rescorla, E., Tschofenig, H., Fossati, T., and T. Gondrom,
"The Datagram Transport Layer Security (DTLS) Connection "The Datagram Transport Layer Security (DTLS) Connection
Identifier", draft-ietf-tls-dtls-connection-id-00 (work in Identifier", draft-ietf-tls-dtls-connection-id-00 (work in
progress), December 2017. progress), December 2017.
[I-D.ietf-tls-dtls13] [I-D.ietf-tls-dtls13]
Rescorla, E., Tschofenig, H., and N. Modadugu, "The Rescorla, E., Tschofenig, H., and N. Modadugu, "The
Datagram Transport Layer Security (DTLS) Protocol Version Datagram Transport Layer Security (DTLS) Protocol Version
 End of changes. 74 change blocks. 
103 lines changed or deleted 90 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/