Skip to main content

DTLS In Constrained Environments

Document Charter DTLS In Constrained Environments WG (dice)
Title DTLS In Constrained Environments
Last updated 2015-10-14
State Approved
WG State Concluded
IESG Responsible AD Stephen Farrell
Charter edit AD Stephen Farrell
Send notices to (None)

The Constrained Application Protocol (CoAP) can be used to manipulate resources
on a device in constrained environments secured by Datagram Transport Layer
Security (DTLS, RFC 6347).  The DTLS In Constrained Environments (DICE) working
group focuses on supporting the use of DTLS Transport-Layer Security in these
environments.  Constrained environments looked at in DICE include contrained
devices (e.g.  memory, algorithm choices) and constrained networks (e.g. PDU
sizes, packet loss).

The first task of the working group is to define a DTLS profile that is
suitable for Internet of Things applications and is reasonably implementable on
many constrained devices.

The second task of the working group is to define how DTLS record layer can be
used to transmit multicast messages securely.  Security for these multicast
messages is needed in many Internet of Things environments, as some messages
are commonly multicast among a set of receivers. Session keys are needed in
order to use the DTLS record layer in this way. Changes to the DTLS handshake
to support this may be needed in future but are not part of the initial charter
for DICE wg.

The third task of the working group is to investigate practical issues around
the DTLS handshake in constrained environments. Many current systems end up
fragmenting messages, and the re-transmission and re-ordering of handshake
messages results in significant complexity and reliability problems. Additional
reliability mechanisms for transporting DTLS handshake messages are required as
they will ensure that handling of re-ordered messages needs to be done only
once in a single place in the stack. The DICE working group may also look at
alternative TLS transports in cooperation with the TLS WG.

The DTLS state machine should not be modified and key management (including for
multicast security) and multi-cast session setup are out the scope for the
initial work.

The DICE working group will work closely with the TLS, CoRE and LWIG working