diff --git a/hannestschofenig-patch-6/draft-ietf-uta-tls13-iot-profile.html b/hannestschofenig-patch-6/draft-ietf-uta-tls13-iot-profile.html index 103e18a..5c58ba4 100644 --- a/hannestschofenig-patch-6/draft-ietf-uta-tls13-iot-profile.html +++ b/hannestschofenig-patch-6/draft-ietf-uta-tls13-iot-profile.html @@ -1288,33 +1288,36 @@

Section 4.6.2 of [TLS13] only offers client-to-server authentication. The "Exported Authenticator" specification, see [RFC9261], recently added support for mutual, post-handshake authentication but -requires payloads to be exchanged by the application layer protocol.

+requires the Certificate, CertificateVerify and the Finished messages to be exchanged by the application layer protocol, as it is exercised for HTTP/2 and HTTP/3 in [I-D.ietf-httpbis-secondary-server-certs].

  • Rekeying of the application traffic secret does not lead to an update of the @@ -2218,39 +2221,48 @@

    [I-D.irtf-cfrg-det-sigs-with-noise].

    -
    +
    +

    +20. Post-Quantum Cryptography (PQC) Considerations +

    +

    As detailed in [I-D.ietf-pquip-pqc-engineers], the IETF is actively working to address the challenges of adopting PQC in various protocols, including TLS. The document highlights key aspects engineers must consider, such as algorithm selection, performance impacts, and deployment strategies. It emphasizes the importance of gradual integration of PQC to ensure secure communication while accounting for the increased computational, memory, and bandwidth requirements of PQC algorithms. These challenges are especially relevant in the context of IoT, where device constraints limit the adoption of larger key sizes and more complex cryptographic operations.

    +

    Incorporating PQC into TLS is still ongoing, with key exchange message sizes increasing due to larger public keys. These larger keys demand more flash storage and higher RAM usage, presenting significant obstacles for resource-constrained IoT devices. The transition from classical cryptographic algorithms to PQC will be a significant challenge for constrained IoT devices, requiring careful planning to select hardware suitable for the task considering the lifetime of an IoT product.

    +
    +
    +
    +

    -20. Open Issues +21. Open Issues

    -

    A list of open issues can be found at https://github.com/thomas-fossati/draft-tls13-iot/issues

    +

    A list of open issues can be found at https://github.com/thomas-fossati/draft-tls13-iot/issues

    -
    +

    -21. Security Considerations +22. Security Considerations

    -

    This entire document is about security.

    +

    This entire document is about security.

    -
    +

    -22. IANA Considerations +23. IANA Considerations

    -

    This document makes no requests to IANA.

    +

    This document makes no requests to IANA.

    -
    +

    -23. References +24. References

    -
    +

    -23.1. Normative References +24.1. Normative References

    [DTLS13]
    @@ -2317,9 +2329,9 @@

    -
    +

    -23.2. Informative References +24.2. Informative References

    [ADD]
    @@ -2346,6 +2358,14 @@

    Huque, S. and V. Dukhovni, "TLS Extension for DANE Client Identity", Work in Progress, Internet-Draft, draft-ietf-dance-tls-clientid-03, , <https://datatracker.ietf.org/doc/html/draft-ietf-dance-tls-clientid-03>.
    +
    [I-D.ietf-httpbis-secondary-server-certs]
    +
    +Gorbaty, E. and M. Bishop, "Secondary Certificate Authentication of HTTP Servers", Work in Progress, Internet-Draft, draft-ietf-httpbis-secondary-server-certs-00, , <https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-secondary-server-certs-00>.
    +
    +
    [I-D.ietf-pquip-pqc-engineers]
    +
    +Banerjee, A., Reddy.K, T., Schoinianakis, D., Hollebeek, T., and M. Ounsworth, "Post-Quantum Cryptography for Engineers", Work in Progress, Internet-Draft, draft-ietf-pquip-pqc-engineers-05, , <https://datatracker.ietf.org/doc/html/draft-ietf-pquip-pqc-engineers-05>.
    +
    [I-D.ietf-tls-ctls]
    Rescorla, E., Barnes, R., Tschofenig, H., and B. M. Schwartz, "Compact TLS 1.3", Work in Progress, Internet-Draft, draft-ietf-tls-ctls-10, , <https://datatracker.ietf.org/doc/html/draft-ietf-tls-ctls-10>.
    diff --git a/hannestschofenig-patch-6/draft-ietf-uta-tls13-iot-profile.txt b/hannestschofenig-patch-6/draft-ietf-uta-tls13-iot-profile.txt index 193db75..9cdbb80 100644 --- a/hannestschofenig-patch-6/draft-ietf-uta-tls13-iot-profile.txt +++ b/hannestschofenig-patch-6/draft-ietf-uta-tls13-iot-profile.txt @@ -108,12 +108,13 @@ Table of Contents 17. Certificate Overhead 18. Ciphersuites 19. Fault Attacks on Deterministic Signature Schemes - 20. Open Issues - 21. Security Considerations - 22. IANA Considerations - 23. References - 23.1. Normative References - 23.2. Informative References + 20. Post-Quantum Cryptography (PQC) Considerations + 21. Open Issues + 22. Security Considerations + 23. IANA Considerations + 24. References + 24.1. Normative References + 24.2. Informative References Acknowledgments Contributors Authors' Addresses @@ -170,8 +171,10 @@ Table of Contents Section 4.6.2 of [TLS13] only offers client-to-server authentication. The "Exported Authenticator" specification, see [RFC9261], recently added support for mutual, post-handshake - authentication but requires payloads to be exchanged by the - application layer protocol. + authentication but requires the Certificate, CertificateVerify and + the Finished messages to be exchanged by the application layer + protocol, as it is exercised for HTTP/2 and HTTP/3 in + [I-D.ietf-httpbis-secondary-server-certs]. * Rekeying of the application traffic secret does not lead to an update of the exporter secret (see Section 7.5 of [TLS13]) since the derived export secret is based on the exporter_master_secret @@ -943,22 +946,45 @@ Table of Contents and determinism, for example, as described in [I-D.irtf-cfrg-det-sigs-with-noise]. -20. Open Issues +20. Post-Quantum Cryptography (PQC) Considerations + + As detailed in [I-D.ietf-pquip-pqc-engineers], the IETF is actively + working to address the challenges of adopting PQC in various + protocols, including TLS. The document highlights key aspects + engineers must consider, such as algorithm selection, performance + impacts, and deployment strategies. It emphasizes the importance of + gradual integration of PQC to ensure secure communication while + accounting for the increased computational, memory, and bandwidth + requirements of PQC algorithms. These challenges are especially + relevant in the context of IoT, where device constraints limit the + adoption of larger key sizes and more complex cryptographic + operations. + + Incorporating PQC into TLS is still ongoing, with key exchange + message sizes increasing due to larger public keys. These larger + keys demand more flash storage and higher RAM usage, presenting + significant obstacles for resource-constrained IoT devices. The + transition from classical cryptographic algorithms to PQC will be a + significant challenge for constrained IoT devices, requiring careful + planning to select hardware suitable for the task considering the + lifetime of an IoT product. + +21. Open Issues A list of open issues can be found at https://github.com/thomas- fossati/draft-tls13-iot/issues -21. Security Considerations +22. Security Considerations This entire document is about security. -22. IANA Considerations +23. IANA Considerations This document makes no requests to IANA. -23. References +24. References -23.1. Normative References +24.1. Normative References [DTLS13] Rescorla, E., Tschofenig, H., and N. Modadugu, "The Datagram Transport Layer Security (DTLS) Protocol Version @@ -1038,7 +1064,7 @@ Table of Contents Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018, . -23.2. Informative References +24.2. Informative References [ADD] IETF, "Adaptive DNS Discovery (add) Working Group", September 2023, @@ -1073,6 +1099,21 @@ Table of Contents . + [I-D.ietf-httpbis-secondary-server-certs] + Gorbaty, E. and M. Bishop, "Secondary Certificate + Authentication of HTTP Servers", Work in Progress, + Internet-Draft, draft-ietf-httpbis-secondary-server-certs- + 00, 11 April 2024, . + + [I-D.ietf-pquip-pqc-engineers] + Banerjee, A., Reddy.K, T., Schoinianakis, D., Hollebeek, + T., and M. Ounsworth, "Post-Quantum Cryptography for + Engineers", Work in Progress, Internet-Draft, draft-ietf- + pquip-pqc-engineers-05, 12 September 2024, + . + [I-D.ietf-tls-ctls] Rescorla, E., Barnes, R., Tschofenig, H., and B. M. Schwartz, "Compact TLS 1.3", Work in Progress, Internet-