Layered DTLS/TLS
draft-tschofenig-layered-tls-00
Document | Type |
Replaced Internet-Draft
(individual)
Expired & archived
|
|
---|---|---|---|
Authors | Hannes Tschofenig , Mark Baugher | ||
Last updated | 2017-10-30 | ||
Replaced by | draft-friel-tls-atls | ||
RFC stream | (None) | ||
Intended RFC status | (None) | ||
Formats | |||
Stream | Stream state | (No stream defined) | |
Consensus boilerplate | Unknown | ||
RFC Editor Note | (None) | ||
IESG | IESG state | Replaced by draft-friel-tls-atls | |
Telechat date | (None) | ||
Responsible AD | (None) | ||
Send notices to | (None) |
This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:
Abstract
TLS and increasingly also DTLS are frequently used to provide channel security for Internet of Things (IoT) communication. On the Web and smart phones, TLS is already the defacto approach for securing protocol interactions. While the end-to-end security offered by TLS, particularly TLS 1.3, is already too much for some, there are others who believe that TLS is insufficient. While the former group is working on ways to weaken TLS security, the latter group is interested in designing an application layer security solution. Whether application-layer security is used in addition to or as a substitute for transport-layer security is of secondary importance. However, the security needs for such an application layer solution are similar, if not identical, to those that drove the design of TLS. This is for an obvious reason: Security requirements are not tied to the name of a security protocol nor to the layer at which it is executed. One can make this observation also in other areas, such as with the increasing similarity of Internet Key Exchange (IKE) and the TLS handshake protocols. These discussions within the IETF inspired the document authors to explore whether TLS could actually be used also at the application layer and how complex it would be. We call this approach "Layered TLS" since TLS may, in some scenarios, be executed at two layers: above the transport layer in the traditional manner and also at the application layer.
Authors
Hannes Tschofenig
Mark Baugher
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)