| draft-ietf-lwig-security-protocol-comparison-01.txt | draft-ietf-lwig-security-protocol-comparison-02.txt | |||
|---|---|---|---|---|
| Network Working Group J. Mattsson | Network Working Group J. Mattsson | |||
| Internet-Draft F. Palombini | Internet-Draft F. Palombini | |||
| Intended status: Informational Ericsson AB | Intended status: Informational Ericsson AB | |||
| Expires: January 3, 2019 July 2, 2018 | Expires: July 6, 2019 January 2, 2019 | |||
| Comparison of CoAP Security Protocols | Comparison of CoAP Security Protocols | |||
| draft-ietf-lwig-security-protocol-comparison-01 | draft-ietf-lwig-security-protocol-comparison-02 | |||
| Abstract | Abstract | |||
| This document analyzes and compares per-packet message size overheads | This document analyzes and compares per-packet message size overheads | |||
| when using different security protocols to secure CoAP. The analyzed | when using different security protocols to secure CoAP. The analyzed | |||
| security protocols are DTLS 1.2, DTLS 1.3, TLS 1.2, TLS 1.3, and | security protocols are DTLS 1.2, DTLS 1.3, TLS 1.2, TLS 1.3, and | |||
| OSCORE. DTLS and TLS are analyzed with and without 6LoWPAN-GHC | OSCORE. DTLS and TLS are analyzed with and without 6LoWPAN-GHC | |||
| compression. DTLS is analyzed with and without Connection ID. | compression. DTLS is analyzed with and without Connection ID. | |||
| Status of This Memo | Status of This Memo | |||
| skipping to change at page 1, line 34 ¶ | skipping to change at page 1, line 34 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at https://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on January 3, 2019. | This Internet-Draft will expire on July 6, 2019. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2018 IETF Trust and the persons identified as the | Copyright (c) 2019 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (https://trustee.ietf.org/license-info) in effect on the date of | (https://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| carefully, as they describe your rights and restrictions with respect | carefully, as they describe your rights and restrictions with respect | |||
| to this document. Code Components extracted from this document must | to this document. Code Components extracted from this document must | |||
| include Simplified BSD License text as described in Section 4.e of | include Simplified BSD License text as described in Section 4.e of | |||
| the Trust Legal Provisions and are provided without warranty as | the Trust Legal Provisions and are provided without warranty as | |||
| described in the Simplified BSD License. | described in the Simplified BSD License. | |||
| Table of Contents | Table of Contents | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | |||
| 2. Overhead of Security Protocols . . . . . . . . . . . . . . . 3 | 2. Overhead of Security Protocols . . . . . . . . . . . . . . . 2 | |||
| 2.1. DTLS 1.2 . . . . . . . . . . . . . . . . . . . . . . . . 3 | 2.1. DTLS 1.2 . . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 2.1.1. DTLS 1.2 . . . . . . . . . . . . . . . . . . . . . . 3 | 2.1.1. DTLS 1.2 . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 2.1.2. DTLS 1.2 with 6LoWPAN-GHC . . . . . . . . . . . . . . 4 | 2.1.2. DTLS 1.2 with 6LoWPAN-GHC . . . . . . . . . . . . . . 3 | |||
| 2.1.3. DTLS 1.2 with Connection ID . . . . . . . . . . . . . 4 | 2.1.3. DTLS 1.2 with Connection ID . . . . . . . . . . . . . 4 | |||
| 2.1.4. DTLS 1.2 with Connection ID and 6LoWPAN-GHC . . . . . 5 | 2.1.4. DTLS 1.2 with Connection ID and 6LoWPAN-GHC . . . . . 5 | |||
| 2.2. DTLS 1.3 . . . . . . . . . . . . . . . . . . . . . . . . 6 | 2.2. DTLS 1.3 . . . . . . . . . . . . . . . . . . . . . . . . 5 | |||
| 2.2.1. DTLS 1.3 . . . . . . . . . . . . . . . . . . . . . . 6 | 2.2.1. DTLS 1.3 . . . . . . . . . . . . . . . . . . . . . . 5 | |||
| 2.2.2. DTLS 1.3 with 6LoWPAN-GHC . . . . . . . . . . . . . . 6 | 2.2.2. DTLS 1.3 with 6LoWPAN-GHC . . . . . . . . . . . . . . 6 | |||
| 2.2.3. DTLS 1.3 with Connection ID . . . . . . . . . . . . . 7 | 2.2.3. DTLS 1.3 with Connection ID . . . . . . . . . . . . . 6 | |||
| 2.2.4. DTLS 1.3 with Connection ID and 6LoWPAN-GHC . . . . . 7 | 2.2.4. DTLS 1.3 with Connection ID and 6LoWPAN-GHC . . . . . 7 | |||
| 2.2.5. DTLS 1.3 with Short Header . . . . . . . . . . . . . 8 | 2.3. TLS 1.2 . . . . . . . . . . . . . . . . . . . . . . . . . 7 | |||
| 2.2.6. DTLS 1.3 with Short Header and 6LoWPAN-GHC . . . . . 8 | 2.3.1. TLS 1.2 . . . . . . . . . . . . . . . . . . . . . . . 7 | |||
| 2.3. TLS 1.2 . . . . . . . . . . . . . . . . . . . . . . . . . 9 | 2.3.2. TLS 1.2 with 6LoWPAN-GHC . . . . . . . . . . . . . . 8 | |||
| 2.3.1. TLS 1.2 . . . . . . . . . . . . . . . . . . . . . . . 9 | 2.4. TLS 1.3 . . . . . . . . . . . . . . . . . . . . . . . . . 8 | |||
| 2.3.2. TLS 1.2 with 6LoWPAN-GHC . . . . . . . . . . . . . . 9 | 2.4.1. TLS 1.3 . . . . . . . . . . . . . . . . . . . . . . . 8 | |||
| 2.4. TLS 1.3 . . . . . . . . . . . . . . . . . . . . . . . . . 10 | 2.4.2. TLS 1.3 with 6LoWPAN-GHC . . . . . . . . . . . . . . 9 | |||
| 2.4.1. TLS 1.3 . . . . . . . . . . . . . . . . . . . . . . . 10 | 2.5. OSCORE . . . . . . . . . . . . . . . . . . . . . . . . . 9 | |||
| 2.4.2. TLS 1.3 with 6LoWPAN-GHC . . . . . . . . . . . . . . 10 | 3. Overhead with Different Parameters . . . . . . . . . . . . . 11 | |||
| 2.5. OSCORE . . . . . . . . . . . . . . . . . . . . . . . . . 11 | 4. Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 | |||
| 3. Overhead with Different Parameters . . . . . . . . . . . . . 12 | 5. Security Considerations . . . . . . . . . . . . . . . . . . . 13 | |||
| 4. Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 | 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 13 | |||
| 5. Security Considerations . . . . . . . . . . . . . . . . . . . 15 | 7. Informative References . . . . . . . . . . . . . . . . . . . 13 | |||
| 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 15 | Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 15 | |||
| 7. Informative References . . . . . . . . . . . . . . . . . . . 15 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 15 | |||
| Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 16 | ||||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 16 | ||||
| 1. Introduction | 1. Introduction | |||
| This document analyzes and compares per-packet message size overheads | This document analyzes and compares per-packet message size overheads | |||
| when using different security protocols to secure CoAP over UPD | when using different security protocols to secure CoAP over UPD | |||
| [RFC7252] and TCP [RFC8323]. The analyzed security protocols are | [RFC7252] and TCP [RFC8323]. The analyzed security protocols are | |||
| DTLS 1.2 [RFC6347], DTLS 1.3 [I-D.ietf-tls-dtls13], TLS 1.2 | DTLS 1.2 [RFC6347], DTLS 1.3 [I-D.ietf-tls-dtls13], TLS 1.2 | |||
| [RFC5246], TLS 1.3 [I-D.ietf-tls-tls13], and OSCORE | [RFC5246], TLS 1.3 [I-D.ietf-tls-tls13], and OSCORE | |||
| [I-D.ietf-core-object-security]. The DTLS and TLS record layers are | [I-D.ietf-core-object-security]. The DTLS and TLS record layers are | |||
| analyzed with and without compression. DTLS is anlyzed with and | analyzed with and without compression. DTLS is anlyzed with and | |||
| without Connection ID [I-D.ietf-tls-dtls-connection-id] and DTLS 1.3 | without Connection ID [I-D.ietf-tls-dtls-connection-id]. Readers are | |||
| is analyzed with and without the use of the short header. Readers | expected to be familiar with some of the terms described in RFC 7925 | |||
| are expected to be familiar with some of the terms described in RFC | [RFC7925], such as ICV. | |||
| 7925 [RFC7925], such as ICV. | ||||
| 2. Overhead of Security Protocols | 2. Overhead of Security Protocols | |||
| To enable comparison, all the overhead calculations in this section | To enable comparison, all the overhead calculations in this section | |||
| use AES-CCM with a tag length of 8 bytes (e.g. AES_128_CCM_8 or AES- | use AES-CCM with a tag length of 8 bytes (e.g. AES_128_CCM_8 or AES- | |||
| CCM-16-64), a plaintext of 6 bytes, and the sequence number '05'. | CCM-16-64), a plaintext of 6 bytes, and the sequence number '05'. | |||
| This follows the example in [RFC7400], Figure 16. | This follows the example in [RFC7400], Figure 16. | |||
| Note that the compressed overhead calculations for DLTS 1.2, DTLS | Note that the compressed overhead calculations for DLTS 1.2, DTLS | |||
| 1.3, TLS 1.2 and TLS 1.3 are dependent on the parameters epoch, | 1.3, TLS 1.2 and TLS 1.3 are dependent on the parameters epoch, | |||
| skipping to change at page 6, line 14 ¶ | skipping to change at page 5, line 39 ¶ | |||
| When compressed with 6LoWPAN-GHC, DTLS 1.2 with the above parameters | When compressed with 6LoWPAN-GHC, DTLS 1.2 with the above parameters | |||
| (epoch, sequence number, Connection ID, length) gives 17 bytes | (epoch, sequence number, Connection ID, length) gives 17 bytes | |||
| overhead. | overhead. | |||
| 2.2. DTLS 1.3 | 2.2. DTLS 1.3 | |||
| 2.2.1. DTLS 1.3 | 2.2.1. DTLS 1.3 | |||
| This section analyzes the overhead of DTLS 1.3 [I-D.ietf-tls-dtls13]. | This section analyzes the overhead of DTLS 1.3 [I-D.ietf-tls-dtls13]. | |||
| The changes compared to DTLS 1.2 are: omission of version number, | The changes compared to DTLS 1.2 are: omission of version number, | |||
| merging of epoch and sequence number fields (of total 8 bytes) into | merging of epoch into the first byte containing signalling bits, | |||
| one 4-bytes-field. | optional omission of length, reduction of sequence number into a 1 or | |||
| 2-bytes field. | ||||
| DTLS 1.3 record layer (22 bytes, 16 bytes overhead): | In this example, the length field is omitted, and the 1-byte field is | |||
| 17 40 00 00 05 00 0f ae a0 15 56 67 92 ec 4d ff | used for the sequence number. The minimal DTLSCiphertext structure | |||
| 8a 24 e4 cb 35 b9 | is used (see Figure 4 of [I-D.ietf-tls-dtls13]). | |||
| Content type: | DTLS 1.3 record layer (17 bytes, 11 bytes overhead): | |||
| 17 | 21 05 ae a0 15 56 67 92 ec 4d ff 8a 24 e4 cb 35 b9 | |||
| Epoch and sequence: | ||||
| 40 00 00 05 | First byte (including epoch): | |||
| Length: | 21 | |||
| 00 0f | Sequence number: | |||
| 05 | ||||
| Ciphertext (including encrypted content type): | Ciphertext (including encrypted content type): | |||
| ae a0 15 56 67 92 ec | ae a0 15 56 67 92 ec | |||
| ICV: | ICV: | |||
| 4d ff 8a 24 e4 cb 35 b9 | 4d ff 8a 24 e4 cb 35 b9 | |||
| DTLS 1.3 gives 16 bytes overhead. | DTLS 1.3 gives 11 bytes overhead. | |||
| 2.2.2. DTLS 1.3 with 6LoWPAN-GHC | 2.2.2. DTLS 1.3 with 6LoWPAN-GHC | |||
| This section analyzes the overhead of DTLS 1.3 [I-D.ietf-tls-dtls13] | This section analyzes the overhead of DTLS 1.3 [I-D.ietf-tls-dtls13] | |||
| when compressed with 6LoWPAN-GHC [RFC7400] [OlegHahm-ghc]. | when compressed with 6LoWPAN-GHC [RFC7400] [OlegHahm-ghc]. | |||
| Note that this header compression is not available when DTLS is used | Note that this header compression is not available when DTLS is used | |||
| over transports that do not use 6LoWPAN together with 6LoWPAN-GHC. | over transports that do not use 6LoWPAN together with 6LoWPAN-GHC. | |||
| Compressed DTLS 1.3 record layer (23 bytes, 17 bytes overhead): | Compressed DTLS 1.3 record layer (18 bytes, 12 bytes overhead): | |||
| 02 17 40 80 12 05 00 0f ae a0 15 56 67 92 ec 4d | 11 21 05 ae a0 15 56 67 92 ec 4d ff 8a 24 e4 cb | |||
| ff 8a 24 e4 cb 35 b9 | 35 b9 | |||
| Compressed DTLS 1.3 record layer header and nonce: | Compressed DTLS 1.3 record layer header and nonce: | |||
| 02 17 40 80 12 05 00 0f | 11 21 05 | |||
| Ciphertext (including encrypted content type): | Ciphertext (including encrypted content type): | |||
| ae a0 15 56 67 92 ec | ae a0 15 56 67 92 ec | |||
| ICV: | ICV: | |||
| 4d ff 8a 24 e4 cb 35 b9 | 4d ff 8a 24 e4 cb 35 b9 | |||
| When compressed with 6LoWPAN-GHC, DTLS 1.3 with the above parameters | When compressed with 6LoWPAN-GHC, DTLS 1.3 with the above parameters | |||
| (epoch, sequence number, length) gives 17 bytes overhead. | (epoch, sequence number, no length) gives 12 bytes overhead. | |||
| 2.2.3. DTLS 1.3 with Connection ID | 2.2.3. DTLS 1.3 with Connection ID | |||
| This section analyzes the overhead of DTLS 1.3 [I-D.ietf-tls-dtls13] | This section analyzes the overhead of DTLS 1.3 [I-D.ietf-tls-dtls13] | |||
| with Connection ID [I-D.ietf-tls-dtls-connection-id]. | with Connection ID [I-D.ietf-tls-dtls-connection-id]. | |||
| DTLS 1.3 record layer (23 bytes, 17 bytes overhead): | In this example, the length field is omitted, and the 1-byte field is | |||
| 17 40 00 00 05 42 00 0f ae a0 15 56 67 92 ec 4d | used for the sequence number. The minimal DTLSCiphertext structure | |||
| ff 8a 24 e4 cb 35 b9 | is used (see Figure 4 of [I-D.ietf-tls-dtls13]), with the addition of | |||
| the Connection ID field. | ||||
| Content type: | DTLS 1.3 record layer (18 bytes, 12 bytes overhead): | |||
| 17 | 31 42 05 ae a0 15 56 67 92 ec 4d ff 8a 24 e4 cb 35 b9 | |||
| Epoch and sequence: | ||||
| 40 00 00 05 | First byte (including epoch): | |||
| 31 | ||||
| Connection ID: | Connection ID: | |||
| 42 | 42 | |||
| Length: | Sequence number: | |||
| 00 0f | 05 | |||
| Ciphertext (including encrypted content type): | Ciphertext (including encrypted content type): | |||
| ae a0 15 56 67 92 ec | ae a0 15 56 67 92 ec | |||
| ICV: | ICV: | |||
| 4d ff 8a 24 e4 cb 35 b9 | 4d ff 8a 24 e4 cb 35 b9 | |||
| DTLS 1.3 gives 17 bytes overhead. | DTLS 1.3 with Connection ID gives 12 bytes overhead. | |||
| 2.2.4. DTLS 1.3 with Connection ID and 6LoWPAN-GHC | 2.2.4. DTLS 1.3 with Connection ID and 6LoWPAN-GHC | |||
| This section analyzes the overhead of DTLS 1.3 [I-D.ietf-tls-dtls13] | This section analyzes the overhead of DTLS 1.3 [I-D.ietf-tls-dtls13] | |||
| with Connection ID [I-D.ietf-tls-dtls-connection-id] when compressed | with Connection ID [I-D.ietf-tls-dtls-connection-id] when compressed | |||
| with 6LoWPAN-GHC [RFC7400] [OlegHahm-ghc]. | with 6LoWPAN-GHC [RFC7400] [OlegHahm-ghc]. | |||
| Note that this header compression is not available when DTLS is used | Note that this header compression is not available when DTLS is used | |||
| over transports that do not use 6LoWPAN together with 6LoWPAN-GHC. | over transports that do not use 6LoWPAN together with 6LoWPAN-GHC. | |||
| Compressed DTLS 1.3 record layer (24 bytes, 18 bytes overhead): | Compressed DTLS 1.3 record layer (19 bytes, 13 bytes overhead): | |||
| 02 17 40 80 13 05 42 00 0f ae a0 15 56 67 92 ec | 12 31 05 42 ae a0 15 56 67 92 ec 4d ff 8a 24 e4 | |||
| 4d ff 8a 24 e4 cb 35 b9 | cb 35 b9 | |||
| Compressed DTLS 1.3 record layer header and nonce: | Compressed DTLS 1.3 record layer header and nonce: | |||
| 02 17 40 80 13 05 42 00 0f | 12 31 05 42 | |||
| Ciphertext (including encrypted content type): | Ciphertext (including encrypted content type): | |||
| ae a0 15 56 67 92 ec | ae a0 15 56 67 92 ec | |||
| ICV: | ICV: | |||
| 4d ff 8a 24 e4 cb 35 b9 | 4d ff 8a 24 e4 cb 35 b9 | |||
| When compressed with 6LoWPAN-GHC, DTLS 1.3 with the above parameters | When compressed with 6LoWPAN-GHC, DTLS 1.3 with the above parameters | |||
| (epoch, sequence number, Connection ID, length) gives 18 bytes | (epoch, sequence number, Connection ID, no length) gives 13 bytes | |||
| overhead. | overhead. | |||
| 2.2.5. DTLS 1.3 with Short Header | ||||
| This section analyzes the overhead of DTLS 1.3 with short header | ||||
| format [I-D.ietf-tls-dtls13]. The short header format for DTLS 1.3 | ||||
| reduces the header of 5 bytes, by omitting the length value and | ||||
| sending 1 lower bit of epoch value instead of 2, and 12 lower bits of | ||||
| sequence number instead of 30. | ||||
| DTLS 1.3 record layer (17 bytes, 11 bytes overhead): | ||||
| 30 05 ae a0 15 56 67 92 ec 4d ff 8a 24 e4 cb 35 | ||||
| b9 | ||||
| Short epoch and sequence: | ||||
| 30 05 | ||||
| Ciphertext (including encrypted content type): | ||||
| ae a0 15 56 67 92 ec | ||||
| ICV: | ||||
| 4d ff 8a 24 e4 cb 35 b9 | ||||
| DTLS 1.3 with short header gives 11 bytes overhead. | ||||
| 2.2.6. DTLS 1.3 with Short Header and 6LoWPAN-GHC | ||||
| This section analyzes the overhead of DTLS 1.3 with short header | ||||
| [I-D.ietf-tls-dtls13] when compressed with 6LoWPAN-GHC [RFC7400] | ||||
| [OlegHahm-ghc]. | ||||
| Compressed DTLS 1.3 record layer (18 bytes, 12 bytes overhead): | ||||
| 11 30 05 ae a0 15 56 67 92 ec 4d ff 8a 24 e4 cb | ||||
| 35 b9 | ||||
| Compressed DTLS 1.3 short header (including sequence number): | ||||
| 11 30 05 | ||||
| Ciphertext (including encrypted content type): | ||||
| ae a0 15 56 67 92 ec | ||||
| ICV: | ||||
| 4d ff 8a 24 e4 cb 35 b9 | ||||
| Compressed DTLS 1.3 with short header gives 12 bytes overhead. | ||||
| 2.3. TLS 1.2 | 2.3. TLS 1.2 | |||
| 2.3.1. TLS 1.2 | 2.3.1. TLS 1.2 | |||
| This section analyzes the overhead of TLS 1.2 [RFC5246]. The changes | This section analyzes the overhead of TLS 1.2 [RFC5246]. The changes | |||
| compared to DTLS 1.2 is that the TLS 1.2 record layer does not have | compared to DTLS 1.2 is that the TLS 1.2 record layer does not have | |||
| epoch and sequence number, and that the version is different. | epoch and sequence number, and that the version is different. | |||
| TLS 1.2 Record Layer (27 bytes, 21 bytes overhead): | TLS 1.2 Record Layer (27 bytes, 21 bytes overhead): | |||
| 17 03 03 00 16 00 00 00 00 00 00 00 05 ae a0 15 | 17 03 03 00 16 00 00 00 00 00 00 00 05 ae a0 15 | |||
| skipping to change at page 13, line 8 ¶ | skipping to change at page 12, line 8 ¶ | |||
| Connection IDs with the same length. | Connection IDs with the same length. | |||
| The OSCORE overhead is dependent on the included CoAP Option numbers | The OSCORE overhead is dependent on the included CoAP Option numbers | |||
| as well as the length of the OSCORE parameters Sender ID and sequence | as well as the length of the OSCORE parameters Sender ID and sequence | |||
| number. The following overheads apply for all sequence numbers and | number. The following overheads apply for all sequence numbers and | |||
| Sender IDs with the same length. | Sender IDs with the same length. | |||
| Sequence Number '05' '1005' '100005' | Sequence Number '05' '1005' '100005' | |||
| ------------------------------------------------------------- | ------------------------------------------------------------- | |||
| DTLS 1.2 29 29 29 | DTLS 1.2 29 29 29 | |||
| DTLS 1.3 16 16 16 | DTLS 1.3 11 12 12 | |||
| DTLS 1.3 (short header) 11 11 11 | ||||
| ------------------------------------------------------------- | ------------------------------------------------------------- | |||
| DTLS 1.2 (GHC) 16 16 16 | DTLS 1.2 (GHC) 16 16 16 | |||
| DTLS 1.3 (GHC) 17 17 17 | DTLS 1.3 (GHC) 12 13 13 | |||
| DTLS 1.3 (short header) (GCH) 12 12 12 | ||||
| ------------------------------------------------------------- | ------------------------------------------------------------- | |||
| TLS 1.2 21 21 21 | TLS 1.2 21 21 21 | |||
| TLS 1.3 14 14 14 | TLS 1.3 14 14 14 | |||
| ------------------------------------------------------------- | ------------------------------------------------------------- | |||
| TLS 1.2 (GHC) 17 18 19 | TLS 1.2 (GHC) 17 18 19 | |||
| TLS 1.3 (GHC) 15 16 17 | TLS 1.3 (GHC) 15 16 17 | |||
| ------------------------------------------------------------- | ------------------------------------------------------------- | |||
| OSCORE request 13 14 15 | OSCORE request 13 14 15 | |||
| OSCORE response 11 11 11 | OSCORE response 11 11 11 | |||
| Figure 1: Overhead in bytes as a function of sequence number | Figure 1: Overhead in bytes as a function of sequence number | |||
| (Connection/Sender ID = '') | (Connection/Sender ID = '') | |||
| Connection/Sender ID '' '42' '4002' | Connection/Sender ID '' '42' '4002' | |||
| ------------------------------------------------------------- | ------------------------------------------------------------- | |||
| DTLS 1.2 29 30 31 | DTLS 1.2 29 30 31 | |||
| DTLS 1.3 16 17 18 | DTLS 1.3 11 12 13 | |||
| DTLS 1.3 (short header) 11 12 13 | ||||
| ------------------------------------------------------------- | ------------------------------------------------------------- | |||
| DTLS 1.2 (GHC) 16 17 18 | DTLS 1.2 (GHC) 16 17 18 | |||
| DTLS 1.3 (GHC) 17 18 19 | DTLS 1.3 (GHC) 12 13 14 | |||
| DTLS 1.3 (short header) (GCH) 12 13 14 | ||||
| ------------------------------------------------------------- | ------------------------------------------------------------- | |||
| OSCORE request 13 14 15 | OSCORE request 13 14 15 | |||
| OSCORE response 11 11 11 | OSCORE response 11 11 11 | |||
| Figure 2: Overhead in bytes as a function of Connection/Sender ID | Figure 2: Overhead in bytes as a function of Connection/Sender ID | |||
| (Sequence Number = '05') | (Sequence Number = '05') | |||
| Protocol Overhead Overhead (GHC) | Protocol Overhead Overhead (GHC) | |||
| ------------------------------------------------------------- | ------------------------------------------------------------- | |||
| DTLS 1.2 21 8 | DTLS 1.2 21 8 | |||
| DTLS 1.3 8 9 | DTLS 1.3 3 4 | |||
| DTLS 1.3 (short header) 3 4 | ||||
| ------------------------------------------------------------- | ------------------------------------------------------------- | |||
| TLS 1.2 13 9 | TLS 1.2 13 9 | |||
| TLS 1.3 6 7 | TLS 1.3 6 7 | |||
| ------------------------------------------------------------- | ------------------------------------------------------------- | |||
| OSCORE request 5 | OSCORE request 5 | |||
| OSCORE response 3 | OSCORE response 3 | |||
| Figure 3: Overhead (excluding ICV) in bytes | Figure 3: Overhead (excluding ICV) in bytes | |||
| (Connection/Sender ID = '', Sequence Number = '05') | (Connection/Sender ID = '', Sequence Number = '05') | |||
| 4. Summary | 4. Summary | |||
| DTLS 1.2 has quite a large overhead as it uses an explicit sequence | DTLS 1.2 has quite a large overhead as it uses an explicit sequence | |||
| number and an explicit nonce. TLS 1.2 has significantly less (but | number and an explicit nonce. TLS 1.2 has significantly less (but | |||
| not small) overhead. TLS 1.3 and DTLS 1.3 have quite small overhead. | not small) overhead. TLS 1.3 has quite a small overhead. OSCORE and | |||
| OSCORE and DTLS 1.3 with short header format has very small overhead. | DTLS 1.3 (using the minimal structure) format have very small | |||
| overhead. | ||||
| The Generic Header Compression (6LoWPAN-GHC) can in addition to DTLS | The Generic Header Compression (6LoWPAN-GHC) can in addition to DTLS | |||
| 1.2 handle TLS 1.2, and DTLS 1.2 with Connection ID. The Generic | 1.2 handle TLS 1.2, and DTLS 1.2 with Connection ID. The Generic | |||
| Header Compression (6LoWPAN-GHC) works very well for Connection ID | Header Compression (6LoWPAN-GHC) works very well for Connection ID | |||
| and the overhead seems to increase exactly with the length of the | and the overhead seems to increase exactly with the length of the | |||
| Connection ID (which is optimal). The compression of TLS 1.2 is not | Connection ID (which is optimal). The compression of TLS 1.2 is not | |||
| as good as the compression of DTLS 1.2 (as the static dictionary only | as good as the compression of DTLS 1.2 (as the static dictionary only | |||
| contains the DTLS 1.2 version number). Similar compression levels as | contains the DTLS 1.2 version number). Similar compression levels as | |||
| for DTLS could be achieved also for TLS 1.2, but this would require | for DTLS could be achieved also for TLS 1.2, but this would require | |||
| different static dictionaries. For TLS 1.3 and DTLS 1.3, GHC | different static dictionaries. For TLS 1.3 and DTLS 1.3, GHC | |||
| increases the overhead. The 6LoWPAN-GHC header compression is not | increases the overhead. The 6LoWPAN-GHC header compression is not | |||
| available when (D)TLS is used over transports that do not use 6LoWPAN | available when (D)TLS is used over transports that do not use 6LoWPAN | |||
| together with 6LoWPAN-GHC. | together with 6LoWPAN-GHC. | |||
| The short header format for DTLS 1.3 reduces the header of 5 bytes, | Only the minimal header format for DTLS 1.3 was considered, which | |||
| by omitting the length value and sending 1 lower bit of epoch value | reduces the header of 3 bytes compared to the full header, by | |||
| instead of 2, and 12 lower bits of sequence number instead of 30. | omitting the 2-byte-long length value and sending 1 byte of sequence | |||
| This may create problems reconstructing the full sequence number, if | number instead of 2. This may create problems reconstructing the | |||
| ~2000 datagrams in sequence are lost. | full sequence number, if ~2000 datagrams in sequence are lost. | |||
| OSCORE has much lower overhead than DTLS 1.2 and TLS 1.2. The | OSCORE has much lower overhead than DTLS 1.2 and TLS 1.2. The | |||
| overhead of OSCORE is smaller than DTLS 1.2 and TLS 1.2 over 6LoWPAN | overhead of OSCORE is smaller than DTLS 1.2 and TLS 1.2 over 6LoWPAN | |||
| with compression, and this small overhead is achieved even on | with compression, and this small overhead is achieved even on | |||
| deployments without 6LoWPAN or 6LoWPAN without DTLS compression. | deployments without 6LoWPAN or 6LoWPAN without DTLS compression. | |||
| OSCORE is lightweight because it makes use of some excellent features | OSCORE is lightweight because it makes use of CoAP, CBOR, and COSE, | |||
| in CoAP, CBOR, and COSE. | which were designed to have as low overhead as possible. | |||
| 5. Security Considerations | 5. Security Considerations | |||
| This document is purely informational. | This document is purely informational. | |||
| 6. IANA Considerations | 6. IANA Considerations | |||
| This document has no actions for IANA. | This document has no actions for IANA. | |||
| 7. Informative References | 7. Informative References | |||
| [I-D.ietf-core-object-security] | [I-D.ietf-core-object-security] | |||
| Selander, G., Mattsson, J., Palombini, F., and L. Seitz, | Selander, G., Mattsson, J., Palombini, F., and L. Seitz, | |||
| "Object Security for Constrained RESTful Environments | "Object Security for Constrained RESTful Environments | |||
| (OSCORE)", draft-ietf-core-object-security-13 (work in | (OSCORE)", draft-ietf-core-object-security-15 (work in | |||
| progress), June 2018. | progress), August 2018. | |||
| [I-D.ietf-tls-dtls-connection-id] | [I-D.ietf-tls-dtls-connection-id] | |||
| Rescorla, E., Tschofenig, H., Fossati, T., and T. Gondrom, | Rescorla, E., Tschofenig, H., Fossati, T., and T. Gondrom, | |||
| "The Datagram Transport Layer Security (DTLS) Connection | "Connection Identifiers for DTLS 1.2", draft-ietf-tls- | |||
| Identifier", draft-ietf-tls-dtls-connection-id-00 (work in | dtls-connection-id-02 (work in progress), October 2018. | |||
| progress), December 2017. | ||||
| [I-D.ietf-tls-dtls13] | [I-D.ietf-tls-dtls13] | |||
| Rescorla, E., Tschofenig, H., and N. Modadugu, "The | Rescorla, E., Tschofenig, H., and N. Modadugu, "The | |||
| Datagram Transport Layer Security (DTLS) Protocol Version | Datagram Transport Layer Security (DTLS) Protocol Version | |||
| 1.3", draft-ietf-tls-dtls13-26 (work in progress), March | 1.3", draft-ietf-tls-dtls13-30 (work in progress), | |||
| 2018. | November 2018. | |||
| [I-D.ietf-tls-tls13] | [I-D.ietf-tls-tls13] | |||
| Rescorla, E., "The Transport Layer Security (TLS) Protocol | Rescorla, E., "The Transport Layer Security (TLS) Protocol | |||
| Version 1.3", draft-ietf-tls-tls13-28 (work in progress), | Version 1.3", draft-ietf-tls-tls13-28 (work in progress), | |||
| March 2018. | March 2018. | |||
| [OlegHahm-ghc] | [OlegHahm-ghc] | |||
| Hahm, O., "Generic Header Compression", July 2016, | Hahm, O., "Generic Header Compression", July 2016, | |||
| <https://github.com/OlegHahm/ghc>. | <https://github.com/OlegHahm/ghc>. | |||
| End of changes. 38 change blocks. | ||||
| 127 lines changed or deleted | 85 lines changed or added | |||
This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||