Dear Authors, draft-fossati-tls-iot-optimizations-00 mentions in 4.2, page 5, a hash chain (Lampert, "Password Authentication with Insecure Communication").
Would it be possible, to get more details about that approach? In my opinion, DTLS needs a connection id, the record is usually secured by the MAC. So the hash chain providing a "password" seems for me to rely on a "identity", for which the "password" should be verified. But that identity is missing and the verification is done with the MAC. Use this in reverse, I could think of something as: connection hash := H ^ record.sequence_number (connection id) So with an incoming record {sequence_number, connection hash} you may look up, if "connection ids" hashed "sequence_number" times results in the provided "connection hash" and then you may verify, if one of the candidates will verify with the MAC. Even with defining a "sequence number window" to exclude "faraway" sessions, I'm not sure, how such an approach would scale for a large number of session. So could you please provide your ideas about that hash chain? Mit freundlichen Grüßen / Best regards Achim Kraus Bosch Software Innovations GmbH Communications (INST/ESY1) Stuttgarter Straße 130 71332 Waiblingen GERMANY www.bosch-si.de www.blog.bosch-si.com Tel. +49 711 811-58139 achim.kr...@bosch-si.com Registered office: Berlin, Register court: Amtsgericht Charlottenburg, HRB 148411 B Executives: Dr.-Ing. Rainer Kallenbach; Michael Hahn _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls