Hi David, I couldn't find any description of the threat model involved here, nor could I find any analysis of the security against that model. Without that, I can't really say whether this is right or not. For instance, there is specific mention of the certificate status request extension, but there is no mention of why.
Given the configuration that I might infer from the hmac draft, I'm a little surprised that this doesn't use PSK. I'm somewhat dismayed by the firm recommendation to use the HMAC mechanism, which doesn't seem particularly robust. Offhand, it seems like replays are possible if you allow the possibility of the node crashing and dumping state. The same applies during a rollover of the 32-bit counter. Of course, that might not be permitted by the threat model. On Thu, Nov 8, 2018 at 9:15 AM David Schinazi <dschinazi.i...@gmail.com> wrote: > > Hi everyone, > > Over in the Babel working group we have a draft about securing Babel with > DTLS: > https://tools.ietf.org/html/draft-ietf-babel-dtls-01 > > It's 5 pages long, could any TLS experts please give it a quick read and let > us know if we're using DTLS correctly? > > Also, should the document contain guidance such as which DTLS version to use? > > Thanks, > David > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls