Terminology:
Connection and Session are defined in TLS spec. (RFC5246 [1])
"connection
A connection is a transport (in the OSI layering model
definition)
that provides a suitable type of service. For TLS,
such
connections are peer-to-peer relationships. The
connections are
transient. Every connection is associated with one
session."
"session
A TLS session is an association between a client and a
server.
Sessions are created by the handshake protocol.
Sessions define a
set of cryptographic security parameters that can be
shared among
multiple connections. Sessions are used to avoid the
expensive
negotiation of new security parameters for each
connection."
Client behind NAT Firewall
A client behind NAT should use forceResumeSessionFor when it
supposes that IP/port changed.
E.g. In LWM2M a device behind a NAT should use queue mode, and
should use forceResumeSession each time it wakes up (update,
notify).
(Maybe we should add a method forceResumeSessionForAllConnection)
Renegociation vs. Resumption
I didn't found a lot of use cases for the Renegociation.
Even more, it seems there is some security issue with
Renegociation[2]. The simple advice to fix that is to disable
renegociation.
The TLS/DTLS Profiles for the Internet of Things say that
renegociation must be disabled.
So, I suppose this is reasonable to not support renegociation (at
least in a first time). As we don't really support this, we should
probably remove code about that in scandium.
[1]https://tools.ietf.org/html/rfc5246#appendix-B
[2]http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html
[3]https://tools.ietf.org/html/draft-ietf-dice-profile-17#section-17
Le 24/02/2016 11:46, Hudalla Kai
(INST/ESY1) a écrit :
Hi,
Simon and I have been discussing for some time now about when and how a client would want to reconnect to a server and how these use cases are to be implemented according to the DTLS spec.
I have created a Wiki page [1] identifying some relevant real world use cases we would like to cover with Scandium. I would now like to use this thread to discuss the use cases and then gradually add information to the Wiki page so that we get a consistent picture over time and do not lose information.
So if you have any opinion regarding this topic I would be glad if you joined this thread :-)
[1] https://github.com/eclipse/californium/wiki/DTLS-Connection-Renegotiation-vs.-Resumption
Regards,
Kai
_______________________________________________
cf-dev mailing list
cf-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/cf-dev
|