DICE Working Group K. Hartke Internet-Draft Nokia Intended status: Informational November 04, 2013 Expires: May 08, 2014 A DTLS Profile for the Internet of Things draft-hartke-dice-profile-00 Abstract This document defines a DTLS profile that is suitable for Internet of Things applications and is reasonably implementable on many constrained devices. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on May 08, 2014. Copyright Notice Copyright (c) 2013 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Hartke Expires May 08, 2014 [Page 1] Internet-Draft A DTLS Profile for the Internet of Things November 2013 Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Profile . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 2.1. Applicability . . . . . . . . . . . . . . . . . . . . . . 2 2.2. Cipher Suites . . . . . . . . . . . . . . . . . . . . . . 2 2.3. Extensions . . . . . . . . . . . . . . . . . . . . . . . 3 2.4. Other . . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. Implementation Considerations . . . . . . . . . . . . . . . . 4 4. Privacy Considerations . . . . . . . . . . . . . . . . . . . 4 5. Security Considerations . . . . . . . . . . . . . . . . . . . 4 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 4 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 4 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 4 8.1. Normative References . . . . . . . . . . . . . . . . . . 4 8.2. Informative References . . . . . . . . . . . . . . . . . 5 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 6 1. Introduction This document defines a DTLS 1.2 [RFC6347] profile that is suitable for Internet of Things applications and is reasonably implementable on many constrained devices. ... 2. Profile 2.1. Applicability o Communication Model o Threat Model o Security Requirements o Classes of Devices o Trust Model o ... 2.2. Cipher Suites o Specific Cipher Suite(s) -vs- Cryptographic Agility o Server Authentication -vs- Mutual Authentication Hartke Expires May 08, 2014 [Page 2] Internet-Draft A DTLS Profile for the Internet of Things November 2013 o X.509 Certificates -vs- Raw Public Keys -vs- Pre-Shared Keys o Perfect Forward Secrecy o ... 2.3. Extensions o Signature Algorithms [RFC5246] o Server Name Indication [RFC6066] o Maximum Fragment Length [RFC6066] o Certificate Status Request [RFC6066] o Truncated HMAC [RFC6066] o Supported Elliptic Curves [RFC4492] o Supported Point Formats [RFC4492] o Application Layer Protocol [I-D.ietf-tls-applayerprotoneg] o Cached Info [I-D.ietf-tls-cached-info] o Session Resumption without Server-Side State [RFC5077] o Snap Start [I-D.agl-tls-snapstart] o Renegotiation Indication [RFC5746] o Heartbeat [RFC6520] o ... 2.4. Other o Compression o Renegotiation -vs- Reconnection o Session Resumption o Replay Protection o Timer Values Hartke Expires May 08, 2014 [Page 3] Internet-Draft A DTLS Profile for the Internet of Things November 2013 o Certificate Revocation o Encrypt-then-MAC [I-D.gutmann-tls-encrypt-then-mac] o Hash Algorithm o ... 3. Implementation Considerations o Version Negotiation [I-D.pettersen-tls-version-rollback-removal] [I-D.bmoeller-tls-downgrade-scsv] o Upgrade from Server-Authenticated to Mutually-Authenticated o Side Channels o ... 4. Privacy Considerations o ... 5. Security Considerations o ... 6. IANA Considerations o ... 7. Acknowledgements Thanks to Hannes Tschofenig, Sye Loong Keoh, and Rene Hummen for helpful comments and discussions that have shaped the document. 8. References 8.1. Normative References [I-D.ietf-tls-applayerprotoneg] Friedl, S., Popov, A., Langley, A., and S. Emile, "Transport Layer Security (TLS) Application Layer Protocol Negotiation Extension", draft-ietf-tls-applayerprotoneg-03 (work in progress), October 2013. [I-D.ietf-tls-cached-info] Hartke Expires May 08, 2014 [Page 4] Internet-Draft A DTLS Profile for the Internet of Things November 2013 Santesson, S. and H. Tschofenig, "Transport Layer Security (TLS) Cached Information Extension", draft-ietf-tls- cached-info-15 (work in progress), October 2013. [RFC4492] Blake-Wilson, S., Bolyard, N., Gupta, V., Hawk, C., and B. Moeller, "Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS)", RFC 4492, May 2006. [RFC5077] Salowey, J., Zhou, H., Eronen, P., and H. Tschofenig, "Transport Layer Security (TLS) Session Resumption without Server-Side State", RFC 5077, January 2008. [RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security (TLS) Protocol Version 1.2", RFC 5246, August 2008. [RFC5746] Rescorla, E., Ray, M., Dispensa, S., and N. Oskov, "Transport Layer Security (TLS) Renegotiation Indication Extension", RFC 5746, February 2010. [RFC6066] Eastlake, D., "Transport Layer Security (TLS) Extensions: Extension Definitions", RFC 6066, January 2011. [RFC6347] Rescorla, E. and N. Modadugu, "Datagram Transport Layer Security Version 1.2", RFC 6347, January 2012. [RFC6520] Seggelmann, R., Tuexen, M., and M. Williams, "Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS) Heartbeat Extension", RFC 6520, February 2012. 8.2. Informative References [I-D.agl-tls-snapstart] Langley, A., "Transport Layer Security (TLS) Snap Start", draft-agl-tls-snapstart-00 (work in progress), June 2010. [I-D.bmoeller-tls-downgrade-scsv] Moeller, B., "TLS Signaling Cipher Suite Value (SCSV) for Preventing Protocol Downgrade Attacks", draft-bmoeller- tls-downgrade-scsv-00 (work in progress), September 2013. [I-D.greevenbosch-tls-ocsp-lite] Greevenbosch, B., "OCSP-lite - Revocation of raw public keys", draft-greevenbosch-tls-ocsp-lite-01 (work in progress), June 2013. [I-D.gutmann-tls-encrypt-then-mac] Hartke Expires May 08, 2014 [Page 5] Internet-Draft A DTLS Profile for the Internet of Things November 2013 Gutmann, P., "Encrypt-then-MAC for TLS and DTLS", draft- gutmann-tls-encrypt-then-mac-04 (work in progress), October 2013. [I-D.hummen-dtls-extended-session-resumption] Hummen, R., Gilger, J., and H. Shafagh, "Extended DTLS Session Resumption for Constrained Network Environments", draft-hummen-dtls-extended-session-resumption-01 (work in progress), October 2013. [I-D.ietf-lwig-tls-minimal] Kumar, S., Keoh, S., and H. Tschofenig, "A Hitchhiker's Guide to the (Datagram) Transport Layer Security Protocol for Smart Objects and Constrained Node Networks", draft- ietf-lwig-tls-minimal-00 (work in progress), September 2013. [I-D.pettersen-tls-version-rollback-removal] Pettersen, Y., "Managing and removing automatic version rollback in TLS Clients", draft-pettersen-tls-version- rollback-removal-02 (work in progress), August 2013. Author's Address Klaus Hartke Nokia Hermiankatu 12 D Tampere FI-33720 Finland Email: klaus.hartke@nokia.com Hartke Expires May 08, 2014 [Page 6]