> Muhammad Usama Sardar <[email protected]> hat am 29.04.2026 > 10:09 CEST geschrieben: > > Also, I believe [non-hybrid ML-DSA] may be perfectly fine for constrained IoT > use cases
Actually, I would make the opposite case. We have done measurements with Nordic devices for battery-constrained cellular IoT connecting via DTLS. These devices stay installed in place often upwards of 10 years. Both ECDHE and ECDSA authentication had a negligible impact on energy drain (in comparison to PSK-only). It turns out, both the power used for computation and sending the additional data for the ECC are tiny in comparison to the energy spent *listening* on replies from the cellular network. (If you can, optimize your send/receive patterns to match the heuristics of the network provider and modem. This is far more worthwhile than removing ECC from the handshake.) Additionally, because updates are hard to deploy (see my previous mail [1]), IoT (and OT) has much less agility regarding authentication methods than the typical web examples (auto updated browsers and servers using ACME). In my opinion, IoT is therefore a prime use case for hybrid signatures. > (and in such cases a good designer should actually use EDHOC rather than > TLS) This is getting off-topic for this list, but I don't get why people like OSCORE. Mixing authenticated and unauthenticated data on the application layer is a giant footgun for the average software development team. What kind of infrastructure do people build that CoAP proxies are unavoidable? Isn't DTLS with SNI enough? Best regards, Tim Beckmann [1] https://mailarchive.ietf.org/arch/msg/tls/pxcmlnlKe8u8sMrVk3pLErSlIBU/ _______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
