From d3c492ec102a490b61d8191627ee5d5dd4c31591 Mon Sep 17 00:00:00 2001 From: Thomas Fossati Date: Mon, 7 Oct 2024 16:23:52 +0200 Subject: [PATCH] increase precision wrt "updates" --- draft-ietf-uta-tls13-iot-profile.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/draft-ietf-uta-tls13-iot-profile.md b/draft-ietf-uta-tls13-iot-profile.md index 4ee6ae7..7fdc84f 100644 --- a/draft-ietf-uta-tls13-iot-profile.md +++ b/draft-ietf-uta-tls13-iot-profile.md @@ -117,7 +117,7 @@ certificate profile. In the rapidly evolving Internet of Things (IoT) ecosystem, securing device-to-device communication is a critical requirement. The Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS) protocols have been foundational for ensuring encryption, integrity, and authenticity in network communications. However, the inherent constraints of IoT devices, such as limited processing capacity, memory, and energy, render conventional, off-the-shelf TLS/DTLS implementations suboptimal for many IoT use cases. This document, TLS/DTLS 1.3 Profiles for the Internet of Things (IoT), addresses these limitations by specifying profiles of TLS 1.3 and DTLS 1.3, optimized for the operational constraints of resource-constrained IoT systems. -These profiles aim to balance strong security with the hardware and software limitations of IoT devices. TLS/DTLS 1.3 introduces numerous enhancements over previous versions, including reduced handshake overhead, more efficient encryption schemes, and mechanisms to thwart replay and downgrade attacks. However, the default configurations may still present excessive computational and memory demands for constrained devices with limited CPU, RAM, and power resources. The document mitigates these challenges by defining lightweight protocol configurations while maintaining the essential security guarantees of TLS/DTLS. This specification extends the TLS/DTLS 1.2 profiles for IoT defined in {{!RFC7925}}. +These profiles aim to balance strong security with the hardware and software limitations of IoT devices. TLS/DTLS 1.3 introduces numerous enhancements over previous versions, including reduced handshake overhead, more efficient encryption schemes, and mechanisms to thwart replay and downgrade attacks. However, the default configurations may still present excessive computational and memory demands for constrained devices with limited CPU, RAM, and power resources. The document mitigates these challenges by defining lightweight protocol configurations while maintaining the essential security guarantees of TLS/DTLS. This specification also updates {{!RFC7925}} with regards to the X.509 certificate profile. Key adaptations in the IoT-specific profiles include streamlining the handshake protocol, minimizing cryptographic operation complexity, and reducing the reliance on resource-heavy certificate chains. For example, where mutual authentication is needed, the profiles advocate the use of pre-shared keys (PSKs) over a full public key infrastructure (PKI) to mitigate the overhead associated with certificate management. Moreover, the profiles address session resumption techniques and the handling of stateful versus stateless session management, which are pivotal for maintaining resource-efficient, persistent connections in IoT deployments.