On Fri, Nov 02, 2018 at 02:55:54PM +0000, John Mattsson wrote: > Hi Benjamin, Salvador > > While DTLS 1.3 have done a very good job of lowering the overhead of the > record layer when application data is sent (see e.g. > https://tools.ietf.org/html/draft-ietf-lwig-security-protocol-comparison-01 > for a comparison between different protocols), I do not think the handshake > protocol is much leaner (is it leaner at all?).
(There are some handshake messages that are removed entirely.) > We tried to make an fair comparison between EDHOC and TLS 1.3 in the > presentation at IETF 101 (see > https://datatracker.ietf.org/meeting/101/materials/slides-101-ace-key-exchange-w-oscore-00). > Since then, we have significantly optimized the encoding in EDHOC and the > upcoming version (-11) is expected to have the following message sizes. > > Auth. PSK RPK x5t x5chain > -------------------------------------------------------------------- > EDHOC message_1 43 38 38 38 > EDHOC message_2 47 121 127 117 + Certificate chain > EDHOC message_3 12 86 92 82 + Certificate chain > -------------------------------------------------------------------- > Total 102 245 257 237 + Certificate chains > > As Salvador writes, the handshakes in TLS 1.3 and DTLS 1.3 are basically the > same, so the numbers presented at IETF 101 should be a good estimate also for > DTLS 1.3. > > Auth. PSK RPK > -------------------------------------------------------------------- > (D)TLS message_1 142 107 > (D)TLS message_2 135 264 > (D)TLS message_3 51 167 > -------------------------------------------------------------------- > Total 328 538 Thanks for the numbers! > The numbers above include ECDHE. For handshake messages, my understanding is > that the DTLS 1.3 and TLS 1.3 record layer have exactly the same size. The DTLS 1.3 ones will be worse, due to the epoch and sequence number fields. -Ben _______________________________________________ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace
