Hi Panos, Thank you for your question.
Yes, it can be considered as an alternative. The starting point of our work was to leverage the existing source code for DTLS in the nodes. Thus, we would save additional resources (e.g. code wise) since we would re-use a DTLS implementation to achieve (object) security at CoAP level (application layer) Best Regards, Dan. > El 18 ene 2017, a las 22:04, Panos Kampanakis (pkampana) <[email protected]> > escribió: > > Hi Dan, > So if I understand this correctly, the intention of this draft is to describe > how COAP header fields, options and data can be protected with DTLS (hence > DTLS record) regardless of the key exchange mechanism. Is it intended as an > alternative to OSCOAP/EDHOC? > Thanks, > Panos > > > -----Original Message----- > From: Ace [mailto:[email protected]] On Behalf Of Dan García Carrillo > Sent: Monday, January 16, 2017 6:00 PM > To: [email protected]; [email protected] > Cc: Dan García Carrillo <[email protected]> > Subject: [Ace] App-layer security for CoAP using (D)TLS record layer > > Hello all: > > We submitted some time ago an I-D proposing the use of an active (D)TLS > Record (e.g. running DTLS over CoAP or presenting a token with crypto > material that is used to create the required keys for the DTLS record) to > provide application level security for CoAP. > > > https://tools.ietf.org/html/draft-garcia-core-app-layer-sec-with-dtls-record-00 > > > The idea is to use an active (D)TLS record to protect part of the CoAP > message following the rules established for OSCOAP: > - The content to protect of a CoAP message (code, version, options to protect > and payload if any) is fed to the (D)TLS record. > - The output is the CoAP content to protect with a (D)TLS record header > prepended. > - That would be set into the payload of a modified version of the original > CoAP message (before it is protected) that only contains options that do not > need to be protected. > > We think this could add to an interesting discussion to the subject of > Security for CoAP at application layer. > > Comments are welcome, > Best Regards. > _______________________________________________ > Ace mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/ace _______________________________________________ Ace mailing list [email protected] https://www.ietf.org/mailman/listinfo/ace
