draft-ietf-lwig-security-protocol-comparison-01.txt | draft-ietf-lwig-security-protocol-comparison-02.txt | |||
---|---|---|---|---|
Network Working Group J. Mattsson | Network Working Group J. Mattsson | |||
Internet-Draft F. Palombini | Internet-Draft F. Palombini | |||
Intended status: Informational Ericsson AB | Intended status: Informational Ericsson AB | |||
Expires: January 3, 2019 July 2, 2018 | Expires: July 6, 2019 January 2, 2019 | |||
Comparison of CoAP Security Protocols | Comparison of CoAP Security Protocols | |||
draft-ietf-lwig-security-protocol-comparison-01 | draft-ietf-lwig-security-protocol-comparison-02 | |||
Abstract | Abstract | |||
This document analyzes and compares per-packet message size overheads | This document analyzes and compares per-packet message size overheads | |||
when using different security protocols to secure CoAP. The analyzed | when using different security protocols to secure CoAP. The analyzed | |||
security protocols are DTLS 1.2, DTLS 1.3, TLS 1.2, TLS 1.3, and | security protocols are DTLS 1.2, DTLS 1.3, TLS 1.2, TLS 1.3, and | |||
OSCORE. DTLS and TLS are analyzed with and without 6LoWPAN-GHC | OSCORE. DTLS and TLS are analyzed with and without 6LoWPAN-GHC | |||
compression. DTLS is analyzed with and without Connection ID. | compression. DTLS is analyzed with and without Connection ID. | |||
Status of This Memo | Status of This Memo | |||
skipping to change at page 1, line 34 ¶ | skipping to change at page 1, line 34 ¶ | |||
Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
Drafts is at https://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
This Internet-Draft will expire on January 3, 2019. | This Internet-Draft will expire on July 6, 2019. | |||
Copyright Notice | Copyright Notice | |||
Copyright (c) 2018 IETF Trust and the persons identified as the | Copyright (c) 2019 IETF Trust and the persons identified as the | |||
document authors. All rights reserved. | document authors. All rights reserved. | |||
This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
(https://trustee.ietf.org/license-info) in effect on the date of | (https://trustee.ietf.org/license-info) in effect on the date of | |||
publication of this document. Please review these documents | publication of this document. Please review these documents | |||
carefully, as they describe your rights and restrictions with respect | carefully, as they describe your rights and restrictions with respect | |||
to this document. Code Components extracted from this document must | to this document. Code Components extracted from this document must | |||
include Simplified BSD License text as described in Section 4.e of | include Simplified BSD License text as described in Section 4.e of | |||
the Trust Legal Provisions and are provided without warranty as | the Trust Legal Provisions and are provided without warranty as | |||
described in the Simplified BSD License. | described in the Simplified BSD License. | |||
Table of Contents | Table of Contents | |||
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | |||
2. Overhead of Security Protocols . . . . . . . . . . . . . . . 3 | 2. Overhead of Security Protocols . . . . . . . . . . . . . . . 2 | |||
2.1. DTLS 1.2 . . . . . . . . . . . . . . . . . . . . . . . . 3 | 2.1. DTLS 1.2 . . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
2.1.1. DTLS 1.2 . . . . . . . . . . . . . . . . . . . . . . 3 | 2.1.1. DTLS 1.2 . . . . . . . . . . . . . . . . . . . . . . 3 | |||
2.1.2. DTLS 1.2 with 6LoWPAN-GHC . . . . . . . . . . . . . . 4 | 2.1.2. DTLS 1.2 with 6LoWPAN-GHC . . . . . . . . . . . . . . 3 | |||
2.1.3. DTLS 1.2 with Connection ID . . . . . . . . . . . . . 4 | 2.1.3. DTLS 1.2 with Connection ID . . . . . . . . . . . . . 4 | |||
2.1.4. DTLS 1.2 with Connection ID and 6LoWPAN-GHC . . . . . 5 | 2.1.4. DTLS 1.2 with Connection ID and 6LoWPAN-GHC . . . . . 5 | |||
2.2. DTLS 1.3 . . . . . . . . . . . . . . . . . . . . . . . . 6 | 2.2. DTLS 1.3 . . . . . . . . . . . . . . . . . . . . . . . . 5 | |||
2.2.1. DTLS 1.3 . . . . . . . . . . . . . . . . . . . . . . 6 | 2.2.1. DTLS 1.3 . . . . . . . . . . . . . . . . . . . . . . 5 | |||
2.2.2. DTLS 1.3 with 6LoWPAN-GHC . . . . . . . . . . . . . . 6 | 2.2.2. DTLS 1.3 with 6LoWPAN-GHC . . . . . . . . . . . . . . 6 | |||
2.2.3. DTLS 1.3 with Connection ID . . . . . . . . . . . . . 7 | 2.2.3. DTLS 1.3 with Connection ID . . . . . . . . . . . . . 6 | |||
2.2.4. DTLS 1.3 with Connection ID and 6LoWPAN-GHC . . . . . 7 | 2.2.4. DTLS 1.3 with Connection ID and 6LoWPAN-GHC . . . . . 7 | |||
2.2.5. DTLS 1.3 with Short Header . . . . . . . . . . . . . 8 | 2.3. TLS 1.2 . . . . . . . . . . . . . . . . . . . . . . . . . 7 | |||
2.2.6. DTLS 1.3 with Short Header and 6LoWPAN-GHC . . . . . 8 | 2.3.1. TLS 1.2 . . . . . . . . . . . . . . . . . . . . . . . 7 | |||
2.3. TLS 1.2 . . . . . . . . . . . . . . . . . . . . . . . . . 9 | 2.3.2. TLS 1.2 with 6LoWPAN-GHC . . . . . . . . . . . . . . 8 | |||
2.3.1. TLS 1.2 . . . . . . . . . . . . . . . . . . . . . . . 9 | 2.4. TLS 1.3 . . . . . . . . . . . . . . . . . . . . . . . . . 8 | |||
2.3.2. TLS 1.2 with 6LoWPAN-GHC . . . . . . . . . . . . . . 9 | 2.4.1. TLS 1.3 . . . . . . . . . . . . . . . . . . . . . . . 8 | |||
2.4. TLS 1.3 . . . . . . . . . . . . . . . . . . . . . . . . . 10 | 2.4.2. TLS 1.3 with 6LoWPAN-GHC . . . . . . . . . . . . . . 9 | |||
2.4.1. TLS 1.3 . . . . . . . . . . . . . . . . . . . . . . . 10 | 2.5. OSCORE . . . . . . . . . . . . . . . . . . . . . . . . . 9 | |||
2.4.2. TLS 1.3 with 6LoWPAN-GHC . . . . . . . . . . . . . . 10 | 3. Overhead with Different Parameters . . . . . . . . . . . . . 11 | |||
2.5. OSCORE . . . . . . . . . . . . . . . . . . . . . . . . . 11 | 4. Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 | |||
3. Overhead with Different Parameters . . . . . . . . . . . . . 12 | 5. Security Considerations . . . . . . . . . . . . . . . . . . . 13 | |||
4. Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 | 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 13 | |||
5. Security Considerations . . . . . . . . . . . . . . . . . . . 15 | 7. Informative References . . . . . . . . . . . . . . . . . . . 13 | |||
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 15 | Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 15 | |||
7. Informative References . . . . . . . . . . . . . . . . . . . 15 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 15 | |||
Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 16 | ||||
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 16 | ||||
1. Introduction | 1. Introduction | |||
This document analyzes and compares per-packet message size overheads | This document analyzes and compares per-packet message size overheads | |||
when using different security protocols to secure CoAP over UPD | when using different security protocols to secure CoAP over UPD | |||
[RFC7252] and TCP [RFC8323]. The analyzed security protocols are | [RFC7252] and TCP [RFC8323]. The analyzed security protocols are | |||
DTLS 1.2 [RFC6347], DTLS 1.3 [I-D.ietf-tls-dtls13], TLS 1.2 | DTLS 1.2 [RFC6347], DTLS 1.3 [I-D.ietf-tls-dtls13], TLS 1.2 | |||
[RFC5246], TLS 1.3 [I-D.ietf-tls-tls13], and OSCORE | [RFC5246], TLS 1.3 [I-D.ietf-tls-tls13], and OSCORE | |||
[I-D.ietf-core-object-security]. The DTLS and TLS record layers are | [I-D.ietf-core-object-security]. The DTLS and TLS record layers are | |||
analyzed with and without compression. DTLS is anlyzed with and | analyzed with and without compression. DTLS is anlyzed with and | |||
without Connection ID [I-D.ietf-tls-dtls-connection-id] and DTLS 1.3 | without Connection ID [I-D.ietf-tls-dtls-connection-id]. Readers are | |||
is analyzed with and without the use of the short header. Readers | expected to be familiar with some of the terms described in RFC 7925 | |||
are expected to be familiar with some of the terms described in RFC | [RFC7925], such as ICV. | |||
7925 [RFC7925], such as ICV. | ||||
2. Overhead of Security Protocols | 2. Overhead of Security Protocols | |||
To enable comparison, all the overhead calculations in this section | To enable comparison, all the overhead calculations in this section | |||
use AES-CCM with a tag length of 8 bytes (e.g. AES_128_CCM_8 or AES- | use AES-CCM with a tag length of 8 bytes (e.g. AES_128_CCM_8 or AES- | |||
CCM-16-64), a plaintext of 6 bytes, and the sequence number '05'. | CCM-16-64), a plaintext of 6 bytes, and the sequence number '05'. | |||
This follows the example in [RFC7400], Figure 16. | This follows the example in [RFC7400], Figure 16. | |||
Note that the compressed overhead calculations for DLTS 1.2, DTLS | Note that the compressed overhead calculations for DLTS 1.2, DTLS | |||
1.3, TLS 1.2 and TLS 1.3 are dependent on the parameters epoch, | 1.3, TLS 1.2 and TLS 1.3 are dependent on the parameters epoch, | |||
skipping to change at page 6, line 14 ¶ | skipping to change at page 5, line 39 ¶ | |||
When compressed with 6LoWPAN-GHC, DTLS 1.2 with the above parameters | When compressed with 6LoWPAN-GHC, DTLS 1.2 with the above parameters | |||
(epoch, sequence number, Connection ID, length) gives 17 bytes | (epoch, sequence number, Connection ID, length) gives 17 bytes | |||
overhead. | overhead. | |||
2.2. DTLS 1.3 | 2.2. DTLS 1.3 | |||
2.2.1. DTLS 1.3 | 2.2.1. DTLS 1.3 | |||
This section analyzes the overhead of DTLS 1.3 [I-D.ietf-tls-dtls13]. | This section analyzes the overhead of DTLS 1.3 [I-D.ietf-tls-dtls13]. | |||
The changes compared to DTLS 1.2 are: omission of version number, | The changes compared to DTLS 1.2 are: omission of version number, | |||
merging of epoch and sequence number fields (of total 8 bytes) into | merging of epoch into the first byte containing signalling bits, | |||
one 4-bytes-field. | optional omission of length, reduction of sequence number into a 1 or | |||
2-bytes field. | ||||
DTLS 1.3 record layer (22 bytes, 16 bytes overhead): | In this example, the length field is omitted, and the 1-byte field is | |||
17 40 00 00 05 00 0f ae a0 15 56 67 92 ec 4d ff | used for the sequence number. The minimal DTLSCiphertext structure | |||
8a 24 e4 cb 35 b9 | is used (see Figure 4 of [I-D.ietf-tls-dtls13]). | |||
Content type: | DTLS 1.3 record layer (17 bytes, 11 bytes overhead): | |||
17 | 21 05 ae a0 15 56 67 92 ec 4d ff 8a 24 e4 cb 35 b9 | |||
Epoch and sequence: | ||||
40 00 00 05 | First byte (including epoch): | |||
Length: | 21 | |||
00 0f | Sequence number: | |||
05 | ||||
Ciphertext (including encrypted content type): | Ciphertext (including encrypted content type): | |||
ae a0 15 56 67 92 ec | ae a0 15 56 67 92 ec | |||
ICV: | ICV: | |||
4d ff 8a 24 e4 cb 35 b9 | 4d ff 8a 24 e4 cb 35 b9 | |||
DTLS 1.3 gives 16 bytes overhead. | DTLS 1.3 gives 11 bytes overhead. | |||
2.2.2. DTLS 1.3 with 6LoWPAN-GHC | 2.2.2. DTLS 1.3 with 6LoWPAN-GHC | |||
This section analyzes the overhead of DTLS 1.3 [I-D.ietf-tls-dtls13] | This section analyzes the overhead of DTLS 1.3 [I-D.ietf-tls-dtls13] | |||
when compressed with 6LoWPAN-GHC [RFC7400] [OlegHahm-ghc]. | when compressed with 6LoWPAN-GHC [RFC7400] [OlegHahm-ghc]. | |||
Note that this header compression is not available when DTLS is used | Note that this header compression is not available when DTLS is used | |||
over transports that do not use 6LoWPAN together with 6LoWPAN-GHC. | over transports that do not use 6LoWPAN together with 6LoWPAN-GHC. | |||
Compressed DTLS 1.3 record layer (23 bytes, 17 bytes overhead): | Compressed DTLS 1.3 record layer (18 bytes, 12 bytes overhead): | |||
02 17 40 80 12 05 00 0f ae a0 15 56 67 92 ec 4d | 11 21 05 ae a0 15 56 67 92 ec 4d ff 8a 24 e4 cb | |||
ff 8a 24 e4 cb 35 b9 | 35 b9 | |||
Compressed DTLS 1.3 record layer header and nonce: | Compressed DTLS 1.3 record layer header and nonce: | |||
02 17 40 80 12 05 00 0f | 11 21 05 | |||
Ciphertext (including encrypted content type): | Ciphertext (including encrypted content type): | |||
ae a0 15 56 67 92 ec | ae a0 15 56 67 92 ec | |||
ICV: | ICV: | |||
4d ff 8a 24 e4 cb 35 b9 | 4d ff 8a 24 e4 cb 35 b9 | |||
When compressed with 6LoWPAN-GHC, DTLS 1.3 with the above parameters | When compressed with 6LoWPAN-GHC, DTLS 1.3 with the above parameters | |||
(epoch, sequence number, length) gives 17 bytes overhead. | (epoch, sequence number, no length) gives 12 bytes overhead. | |||
2.2.3. DTLS 1.3 with Connection ID | 2.2.3. DTLS 1.3 with Connection ID | |||
This section analyzes the overhead of DTLS 1.3 [I-D.ietf-tls-dtls13] | This section analyzes the overhead of DTLS 1.3 [I-D.ietf-tls-dtls13] | |||
with Connection ID [I-D.ietf-tls-dtls-connection-id]. | with Connection ID [I-D.ietf-tls-dtls-connection-id]. | |||
DTLS 1.3 record layer (23 bytes, 17 bytes overhead): | In this example, the length field is omitted, and the 1-byte field is | |||
17 40 00 00 05 42 00 0f ae a0 15 56 67 92 ec 4d | used for the sequence number. The minimal DTLSCiphertext structure | |||
ff 8a 24 e4 cb 35 b9 | is used (see Figure 4 of [I-D.ietf-tls-dtls13]), with the addition of | |||
the Connection ID field. | ||||
Content type: | DTLS 1.3 record layer (18 bytes, 12 bytes overhead): | |||
17 | 31 42 05 ae a0 15 56 67 92 ec 4d ff 8a 24 e4 cb 35 b9 | |||
Epoch and sequence: | ||||
40 00 00 05 | First byte (including epoch): | |||
31 | ||||
Connection ID: | Connection ID: | |||
42 | 42 | |||
Length: | Sequence number: | |||
00 0f | 05 | |||
Ciphertext (including encrypted content type): | Ciphertext (including encrypted content type): | |||
ae a0 15 56 67 92 ec | ae a0 15 56 67 92 ec | |||
ICV: | ICV: | |||
4d ff 8a 24 e4 cb 35 b9 | 4d ff 8a 24 e4 cb 35 b9 | |||
DTLS 1.3 gives 17 bytes overhead. | DTLS 1.3 with Connection ID gives 12 bytes overhead. | |||
2.2.4. DTLS 1.3 with Connection ID and 6LoWPAN-GHC | 2.2.4. DTLS 1.3 with Connection ID and 6LoWPAN-GHC | |||
This section analyzes the overhead of DTLS 1.3 [I-D.ietf-tls-dtls13] | This section analyzes the overhead of DTLS 1.3 [I-D.ietf-tls-dtls13] | |||
with Connection ID [I-D.ietf-tls-dtls-connection-id] when compressed | with Connection ID [I-D.ietf-tls-dtls-connection-id] when compressed | |||
with 6LoWPAN-GHC [RFC7400] [OlegHahm-ghc]. | with 6LoWPAN-GHC [RFC7400] [OlegHahm-ghc]. | |||
Note that this header compression is not available when DTLS is used | Note that this header compression is not available when DTLS is used | |||
over transports that do not use 6LoWPAN together with 6LoWPAN-GHC. | over transports that do not use 6LoWPAN together with 6LoWPAN-GHC. | |||
Compressed DTLS 1.3 record layer (24 bytes, 18 bytes overhead): | Compressed DTLS 1.3 record layer (19 bytes, 13 bytes overhead): | |||
02 17 40 80 13 05 42 00 0f ae a0 15 56 67 92 ec | 12 31 05 42 ae a0 15 56 67 92 ec 4d ff 8a 24 e4 | |||
4d ff 8a 24 e4 cb 35 b9 | cb 35 b9 | |||
Compressed DTLS 1.3 record layer header and nonce: | Compressed DTLS 1.3 record layer header and nonce: | |||
02 17 40 80 13 05 42 00 0f | 12 31 05 42 | |||
Ciphertext (including encrypted content type): | Ciphertext (including encrypted content type): | |||
ae a0 15 56 67 92 ec | ae a0 15 56 67 92 ec | |||
ICV: | ICV: | |||
4d ff 8a 24 e4 cb 35 b9 | 4d ff 8a 24 e4 cb 35 b9 | |||
When compressed with 6LoWPAN-GHC, DTLS 1.3 with the above parameters | When compressed with 6LoWPAN-GHC, DTLS 1.3 with the above parameters | |||
(epoch, sequence number, Connection ID, length) gives 18 bytes | (epoch, sequence number, Connection ID, no length) gives 13 bytes | |||
overhead. | overhead. | |||
2.2.5. DTLS 1.3 with Short Header | ||||
This section analyzes the overhead of DTLS 1.3 with short header | ||||
format [I-D.ietf-tls-dtls13]. The short header format for DTLS 1.3 | ||||
reduces the header of 5 bytes, by omitting the length value and | ||||
sending 1 lower bit of epoch value instead of 2, and 12 lower bits of | ||||
sequence number instead of 30. | ||||
DTLS 1.3 record layer (17 bytes, 11 bytes overhead): | ||||
30 05 ae a0 15 56 67 92 ec 4d ff 8a 24 e4 cb 35 | ||||
b9 | ||||
Short epoch and sequence: | ||||
30 05 | ||||
Ciphertext (including encrypted content type): | ||||
ae a0 15 56 67 92 ec | ||||
ICV: | ||||
4d ff 8a 24 e4 cb 35 b9 | ||||
DTLS 1.3 with short header gives 11 bytes overhead. | ||||
2.2.6. DTLS 1.3 with Short Header and 6LoWPAN-GHC | ||||
This section analyzes the overhead of DTLS 1.3 with short header | ||||
[I-D.ietf-tls-dtls13] when compressed with 6LoWPAN-GHC [RFC7400] | ||||
[OlegHahm-ghc]. | ||||
Compressed DTLS 1.3 record layer (18 bytes, 12 bytes overhead): | ||||
11 30 05 ae a0 15 56 67 92 ec 4d ff 8a 24 e4 cb | ||||
35 b9 | ||||
Compressed DTLS 1.3 short header (including sequence number): | ||||
11 30 05 | ||||
Ciphertext (including encrypted content type): | ||||
ae a0 15 56 67 92 ec | ||||
ICV: | ||||
4d ff 8a 24 e4 cb 35 b9 | ||||
Compressed DTLS 1.3 with short header gives 12 bytes overhead. | ||||
2.3. TLS 1.2 | 2.3. TLS 1.2 | |||
2.3.1. TLS 1.2 | 2.3.1. TLS 1.2 | |||
This section analyzes the overhead of TLS 1.2 [RFC5246]. The changes | This section analyzes the overhead of TLS 1.2 [RFC5246]. The changes | |||
compared to DTLS 1.2 is that the TLS 1.2 record layer does not have | compared to DTLS 1.2 is that the TLS 1.2 record layer does not have | |||
epoch and sequence number, and that the version is different. | epoch and sequence number, and that the version is different. | |||
TLS 1.2 Record Layer (27 bytes, 21 bytes overhead): | TLS 1.2 Record Layer (27 bytes, 21 bytes overhead): | |||
17 03 03 00 16 00 00 00 00 00 00 00 05 ae a0 15 | 17 03 03 00 16 00 00 00 00 00 00 00 05 ae a0 15 | |||
skipping to change at page 13, line 8 ¶ | skipping to change at page 12, line 8 ¶ | |||
Connection IDs with the same length. | Connection IDs with the same length. | |||
The OSCORE overhead is dependent on the included CoAP Option numbers | The OSCORE overhead is dependent on the included CoAP Option numbers | |||
as well as the length of the OSCORE parameters Sender ID and sequence | as well as the length of the OSCORE parameters Sender ID and sequence | |||
number. The following overheads apply for all sequence numbers and | number. The following overheads apply for all sequence numbers and | |||
Sender IDs with the same length. | Sender IDs with the same length. | |||
Sequence Number '05' '1005' '100005' | Sequence Number '05' '1005' '100005' | |||
------------------------------------------------------------- | ------------------------------------------------------------- | |||
DTLS 1.2 29 29 29 | DTLS 1.2 29 29 29 | |||
DTLS 1.3 16 16 16 | DTLS 1.3 11 12 12 | |||
DTLS 1.3 (short header) 11 11 11 | ||||
------------------------------------------------------------- | ------------------------------------------------------------- | |||
DTLS 1.2 (GHC) 16 16 16 | DTLS 1.2 (GHC) 16 16 16 | |||
DTLS 1.3 (GHC) 17 17 17 | DTLS 1.3 (GHC) 12 13 13 | |||
DTLS 1.3 (short header) (GCH) 12 12 12 | ||||
------------------------------------------------------------- | ------------------------------------------------------------- | |||
TLS 1.2 21 21 21 | TLS 1.2 21 21 21 | |||
TLS 1.3 14 14 14 | TLS 1.3 14 14 14 | |||
------------------------------------------------------------- | ------------------------------------------------------------- | |||
TLS 1.2 (GHC) 17 18 19 | TLS 1.2 (GHC) 17 18 19 | |||
TLS 1.3 (GHC) 15 16 17 | TLS 1.3 (GHC) 15 16 17 | |||
------------------------------------------------------------- | ------------------------------------------------------------- | |||
OSCORE request 13 14 15 | OSCORE request 13 14 15 | |||
OSCORE response 11 11 11 | OSCORE response 11 11 11 | |||
Figure 1: Overhead in bytes as a function of sequence number | Figure 1: Overhead in bytes as a function of sequence number | |||
(Connection/Sender ID = '') | (Connection/Sender ID = '') | |||
Connection/Sender ID '' '42' '4002' | Connection/Sender ID '' '42' '4002' | |||
------------------------------------------------------------- | ------------------------------------------------------------- | |||
DTLS 1.2 29 30 31 | DTLS 1.2 29 30 31 | |||
DTLS 1.3 16 17 18 | DTLS 1.3 11 12 13 | |||
DTLS 1.3 (short header) 11 12 13 | ||||
------------------------------------------------------------- | ------------------------------------------------------------- | |||
DTLS 1.2 (GHC) 16 17 18 | DTLS 1.2 (GHC) 16 17 18 | |||
DTLS 1.3 (GHC) 17 18 19 | DTLS 1.3 (GHC) 12 13 14 | |||
DTLS 1.3 (short header) (GCH) 12 13 14 | ||||
------------------------------------------------------------- | ------------------------------------------------------------- | |||
OSCORE request 13 14 15 | OSCORE request 13 14 15 | |||
OSCORE response 11 11 11 | OSCORE response 11 11 11 | |||
Figure 2: Overhead in bytes as a function of Connection/Sender ID | Figure 2: Overhead in bytes as a function of Connection/Sender ID | |||
(Sequence Number = '05') | (Sequence Number = '05') | |||
Protocol Overhead Overhead (GHC) | Protocol Overhead Overhead (GHC) | |||
------------------------------------------------------------- | ------------------------------------------------------------- | |||
DTLS 1.2 21 8 | DTLS 1.2 21 8 | |||
DTLS 1.3 8 9 | DTLS 1.3 3 4 | |||
DTLS 1.3 (short header) 3 4 | ||||
------------------------------------------------------------- | ------------------------------------------------------------- | |||
TLS 1.2 13 9 | TLS 1.2 13 9 | |||
TLS 1.3 6 7 | TLS 1.3 6 7 | |||
------------------------------------------------------------- | ------------------------------------------------------------- | |||
OSCORE request 5 | OSCORE request 5 | |||
OSCORE response 3 | OSCORE response 3 | |||
Figure 3: Overhead (excluding ICV) in bytes | Figure 3: Overhead (excluding ICV) in bytes | |||
(Connection/Sender ID = '', Sequence Number = '05') | (Connection/Sender ID = '', Sequence Number = '05') | |||
4. Summary | 4. Summary | |||
DTLS 1.2 has quite a large overhead as it uses an explicit sequence | DTLS 1.2 has quite a large overhead as it uses an explicit sequence | |||
number and an explicit nonce. TLS 1.2 has significantly less (but | number and an explicit nonce. TLS 1.2 has significantly less (but | |||
not small) overhead. TLS 1.3 and DTLS 1.3 have quite small overhead. | not small) overhead. TLS 1.3 has quite a small overhead. OSCORE and | |||
OSCORE and DTLS 1.3 with short header format has very small overhead. | DTLS 1.3 (using the minimal structure) format have very small | |||
overhead. | ||||
The Generic Header Compression (6LoWPAN-GHC) can in addition to DTLS | The Generic Header Compression (6LoWPAN-GHC) can in addition to DTLS | |||
1.2 handle TLS 1.2, and DTLS 1.2 with Connection ID. The Generic | 1.2 handle TLS 1.2, and DTLS 1.2 with Connection ID. The Generic | |||
Header Compression (6LoWPAN-GHC) works very well for Connection ID | Header Compression (6LoWPAN-GHC) works very well for Connection ID | |||
and the overhead seems to increase exactly with the length of the | and the overhead seems to increase exactly with the length of the | |||
Connection ID (which is optimal). The compression of TLS 1.2 is not | Connection ID (which is optimal). The compression of TLS 1.2 is not | |||
as good as the compression of DTLS 1.2 (as the static dictionary only | as good as the compression of DTLS 1.2 (as the static dictionary only | |||
contains the DTLS 1.2 version number). Similar compression levels as | contains the DTLS 1.2 version number). Similar compression levels as | |||
for DTLS could be achieved also for TLS 1.2, but this would require | for DTLS could be achieved also for TLS 1.2, but this would require | |||
different static dictionaries. For TLS 1.3 and DTLS 1.3, GHC | different static dictionaries. For TLS 1.3 and DTLS 1.3, GHC | |||
increases the overhead. The 6LoWPAN-GHC header compression is not | increases the overhead. The 6LoWPAN-GHC header compression is not | |||
available when (D)TLS is used over transports that do not use 6LoWPAN | available when (D)TLS is used over transports that do not use 6LoWPAN | |||
together with 6LoWPAN-GHC. | together with 6LoWPAN-GHC. | |||
The short header format for DTLS 1.3 reduces the header of 5 bytes, | Only the minimal header format for DTLS 1.3 was considered, which | |||
by omitting the length value and sending 1 lower bit of epoch value | reduces the header of 3 bytes compared to the full header, by | |||
instead of 2, and 12 lower bits of sequence number instead of 30. | omitting the 2-byte-long length value and sending 1 byte of sequence | |||
This may create problems reconstructing the full sequence number, if | number instead of 2. This may create problems reconstructing the | |||
~2000 datagrams in sequence are lost. | full sequence number, if ~2000 datagrams in sequence are lost. | |||
OSCORE has much lower overhead than DTLS 1.2 and TLS 1.2. The | OSCORE has much lower overhead than DTLS 1.2 and TLS 1.2. The | |||
overhead of OSCORE is smaller than DTLS 1.2 and TLS 1.2 over 6LoWPAN | overhead of OSCORE is smaller than DTLS 1.2 and TLS 1.2 over 6LoWPAN | |||
with compression, and this small overhead is achieved even on | with compression, and this small overhead is achieved even on | |||
deployments without 6LoWPAN or 6LoWPAN without DTLS compression. | deployments without 6LoWPAN or 6LoWPAN without DTLS compression. | |||
OSCORE is lightweight because it makes use of some excellent features | OSCORE is lightweight because it makes use of CoAP, CBOR, and COSE, | |||
in CoAP, CBOR, and COSE. | which were designed to have as low overhead as possible. | |||
5. Security Considerations | 5. Security Considerations | |||
This document is purely informational. | This document is purely informational. | |||
6. IANA Considerations | 6. IANA Considerations | |||
This document has no actions for IANA. | This document has no actions for IANA. | |||
7. Informative References | 7. Informative References | |||
[I-D.ietf-core-object-security] | [I-D.ietf-core-object-security] | |||
Selander, G., Mattsson, J., Palombini, F., and L. Seitz, | Selander, G., Mattsson, J., Palombini, F., and L. Seitz, | |||
"Object Security for Constrained RESTful Environments | "Object Security for Constrained RESTful Environments | |||
(OSCORE)", draft-ietf-core-object-security-13 (work in | (OSCORE)", draft-ietf-core-object-security-15 (work in | |||
progress), June 2018. | progress), August 2018. | |||
[I-D.ietf-tls-dtls-connection-id] | [I-D.ietf-tls-dtls-connection-id] | |||
Rescorla, E., Tschofenig, H., Fossati, T., and T. Gondrom, | Rescorla, E., Tschofenig, H., Fossati, T., and T. Gondrom, | |||
"The Datagram Transport Layer Security (DTLS) Connection | "Connection Identifiers for DTLS 1.2", draft-ietf-tls- | |||
Identifier", draft-ietf-tls-dtls-connection-id-00 (work in | dtls-connection-id-02 (work in progress), October 2018. | |||
progress), December 2017. | ||||
[I-D.ietf-tls-dtls13] | [I-D.ietf-tls-dtls13] | |||
Rescorla, E., Tschofenig, H., and N. Modadugu, "The | Rescorla, E., Tschofenig, H., and N. Modadugu, "The | |||
Datagram Transport Layer Security (DTLS) Protocol Version | Datagram Transport Layer Security (DTLS) Protocol Version | |||
1.3", draft-ietf-tls-dtls13-26 (work in progress), March | 1.3", draft-ietf-tls-dtls13-30 (work in progress), | |||
2018. | November 2018. | |||
[I-D.ietf-tls-tls13] | [I-D.ietf-tls-tls13] | |||
Rescorla, E., "The Transport Layer Security (TLS) Protocol | Rescorla, E., "The Transport Layer Security (TLS) Protocol | |||
Version 1.3", draft-ietf-tls-tls13-28 (work in progress), | Version 1.3", draft-ietf-tls-tls13-28 (work in progress), | |||
March 2018. | March 2018. | |||
[OlegHahm-ghc] | [OlegHahm-ghc] | |||
Hahm, O., "Generic Header Compression", July 2016, | Hahm, O., "Generic Header Compression", July 2016, | |||
<https://github.com/OlegHahm/ghc>. | <https://github.com/OlegHahm/ghc>. | |||
End of changes. 38 change blocks. | ||||
127 lines changed or deleted | 85 lines changed or added | |||
This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ |