Hi all, I have submitted a draft about minimal TLS in the spirit of the work that Tero was doing. Working on the document, which you can find at http://tools.ietf.org/html/draft-tschofenig-lwig-tls-minimal-00.html, I noticed the following issues:
Just providing a writeup that illustrates how to implement a shared secret based ciphersuite is not sufficient. The reason is that in certain cases shared secret based variants do not meet the security requirements. Hence, when we look at more than just a single ciphersuite then the question arises where to stop looking at the various extensions. This is a scoping question. I don't think it makes sense to replicate the text from the original specification. The document cannot violate the original specification itself. It can only provide design tradeoffs. Ideally, to give engineers more guidance one would have to provide some code size indications. Of course specific numbers only serve as an indication/hint since the code size depends on the specific platform and the degree of optimization applied to the code. Finally, there is the question whether codesize is the only aspect to look at. What about memory requirements, bandwidth consumption, etc.? In a nutshell, to offer valuable guidance this could be a longer exercise. (I would like to work with a few others on this topic. Does not sound fun to do this alone. Maybe there even a chance to produce a lightweight TLS reference implementation or so.) I wonder what others think. Ciao Hannes _______________________________________________ Lwip mailing list [email protected] https://www.ietf.org/mailman/listinfo/lwip
