idnits 2.17.1 draft-mattsson-core-security-overhead-02.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (November 11, 2017) is 2351 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- == Outdated reference: A later version (-11) exists of draft-ietf-core-coap-tcp-tls-10 == Outdated reference: A later version (-16) exists of draft-ietf-core-object-security-06 == Outdated reference: A later version (-28) exists of draft-ietf-tls-tls13-21 == Outdated reference: A later version (-02) exists of draft-rescorla-tls-dtls-connection-id-01 -- Obsolete informational reference (is this intentional?): RFC 5246 (Obsoleted by RFC 8446) -- Obsolete informational reference (is this intentional?): RFC 6347 (Obsoleted by RFC 9147) Summary: 1 error (**), 0 flaws (~~), 5 warnings (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group J. Mattsson 3 Internet-Draft Ericsson AB 4 Intended status: Informational November 11, 2017 5 Expires: May 15, 2018 7 Message Size Overhead of CoAP Security Protocols 8 draft-mattsson-core-security-overhead-02 10 Abstract 12 This document analyzes and compares per-packet message size overheads 13 when using different security protocols to secure CoAP. The analyzed 14 security protocols are DTLS 1.2, DTLS 1.3, TLS 1.2, TLS 1.3, and 15 OSCORE. DTLS and TLS are analyzed with and without compression. 16 DTLS are analyzed with two different alternatives for header 17 compression as well as with and without Connection ID. 19 Status of This Memo 21 This Internet-Draft is submitted in full conformance with the 22 provisions of BCP 78 and BCP 79. 24 Internet-Drafts are working documents of the Internet Engineering 25 Task Force (IETF). Note that other groups may also distribute 26 working documents as Internet-Drafts. The list of current Internet- 27 Drafts is at https://datatracker.ietf.org/drafts/current/. 29 Internet-Drafts are draft documents valid for a maximum of six months 30 and may be updated, replaced, or obsoleted by other documents at any 31 time. It is inappropriate to use Internet-Drafts as reference 32 material or to cite them other than as "work in progress." 34 This Internet-Draft will expire on May 15, 2018. 36 Copyright Notice 38 Copyright (c) 2017 IETF Trust and the persons identified as the 39 document authors. All rights reserved. 41 This document is subject to BCP 78 and the IETF Trust's Legal 42 Provisions Relating to IETF Documents 43 (https://trustee.ietf.org/license-info) in effect on the date of 44 publication of this document. Please review these documents 45 carefully, as they describe your rights and restrictions with respect 46 to this document. Code Components extracted from this document must 47 include Simplified BSD License text as described in Section 4.e of 48 the Trust Legal Provisions and are provided without warranty as 49 described in the Simplified BSD License. 51 Table of Contents 53 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 54 2. Overhead of Security Protocols . . . . . . . . . . . . . . . 3 55 2.1. DTLS . . . . . . . . . . . . . . . . . . . . . . . . . . 3 56 2.1.1. DTLS 1.2 . . . . . . . . . . . . . . . . . . . . . . 3 57 2.1.2. DTLS 1.2 with 6LoWPAN-GHC . . . . . . . . . . . . . . 3 58 2.1.3. DTLS 1.2 with raza-6lo-compressed-dtls . . . . . . . 4 59 2.1.4. DTLS 1.3 . . . . . . . . . . . . . . . . . . . . . . 5 60 2.1.5. DTLS 1.3 with 6LoWPAN-GHC . . . . . . . . . . . . . . 5 61 2.1.6. DTLS 1.3 with raza-6lo-compressed-dtls . . . . . . . 6 62 2.2. DTLS with Connection ID . . . . . . . . . . . . . . . . . 7 63 2.2.1. DTLS 1.2 with Connection ID . . . . . . . . . . . . . 7 64 2.2.2. DTLS 1.2 with Connection ID and 6LoWPAN-GHC . . . . . 7 65 2.2.3. DTLS 1.3 with Connection ID . . . . . . . . . . . . . 8 66 2.2.4. DTLS 1.3 with Connection ID and 6LoWPAN-GHC . . . . . 9 67 2.3. TLS . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 68 2.3.1. TLS 1.2 . . . . . . . . . . . . . . . . . . . . . . . 10 69 2.3.2. TLS 1.2 with 6LoWPAN-GHC . . . . . . . . . . . . . . 10 70 2.3.3. TLS 1.3 . . . . . . . . . . . . . . . . . . . . . . . 11 71 2.3.4. TLS 1.3 with 6LoWPAN-GHC . . . . . . . . . . . . . . 11 72 2.4. OSCORE . . . . . . . . . . . . . . . . . . . . . . . . . 12 73 3. Overhead with Different Parameters . . . . . . . . . . . . . 14 74 4. Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 75 5. Security Considerations . . . . . . . . . . . . . . . . . . . 16 76 6. Informative References . . . . . . . . . . . . . . . . . . . 16 77 Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 18 78 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 18 80 1. Introduction 82 This document analyzes and compares per-packet message size overheads 83 when using different security protocols to secure CoAP over UPD 84 [RFC7252] and TCP [I-D.ietf-core-coap-tcp-tls]. The analyzed 85 security protocols are DTLS 1.2 [RFC6347], DTLS 1.3 86 [I-D.rescorla-tls-dtls13], TLS 1.2 [RFC5246], TLS 1.3 87 [I-D.ietf-tls-tls13], and OSCORE [I-D.ietf-core-object-security]. 88 The DTLS and TLS record layers are analyzed with and without 89 compression. DTLS are analyzed with two different alternatives 90 ([RFC7400] and [raza-6lo-compressed-dtls]) for header compression as 91 well as with and without Connection ID 92 [I-D.rescorla-tls-dtls-connection-id]. 94 2. Overhead of Security Protocols 96 To enable comparison, all the overhead calculations in this section 97 use AES-CCM with a tag length of 8 bytes, a plaintext of 6 bytes, and 98 the sequence number '05'. This follows the example in [RFC7400], 99 Figure 16. 101 2.1. DTLS 103 2.1.1. DTLS 1.2 105 This section analyzes the overhead of DTLS 1.2 [RFC6347]. The nonce 106 follow the strict profiling given in [RFC7925]. This example is 107 taken directly from [RFC7400], Figure 16. . 109 DTLS 1.2 Record Layer (35 bytes, 29 bytes overhead): 110 17 fe fd 00 01 00 00 00 00 00 05 00 16 00 01 00 111 00 00 00 00 05 ae a0 15 56 67 92 4d ff 8a 24 e4 112 cb 35 b9 114 Content type: 115 17 116 Version: 117 fe fd 118 Epoch: 119 00 01 120 Sequence number: 121 00 00 00 00 00 05 122 Length: 123 00 16 124 Nonce: 125 00 01 00 00 00 00 00 05 126 Ciphertext: 127 ae a0 15 56 67 92 128 ICV: 129 4d ff 8a 24 e4 cb 35 b9 131 DTLS 1.2 gives 29 bytes overhead. 133 2.1.2. DTLS 1.2 with 6LoWPAN-GHC 135 This section analyzes the overhead of DTLS 1.2 [RFC6347] when 136 compressed with [RFC7400]. The compression was done with 137 [OlegHahm-ghc]. 139 Note that the compressed overhead is dependent on the parameters 140 epoch, sequence number, and length. The following is only an 141 example. 143 Note that the sequence number '01' used in [RFC7400], Figure 15 gives 144 an exceptionally small overhead that is not representative. 146 Note that this header compression is not available when DTLS is 147 exchanged over transports that do not use 6LoWPAN together with 148 6LoWPAN-GHC. 150 Compressed DTLS 1.2 Record Layer (22 bytes, 16 bytes overhead): 151 b0 c3 03 05 00 16 f2 0e ae a0 15 56 67 92 4d ff 152 8a 24 e4 cb 35 b9 154 Compressed DTLS 1.2 Record Layer Header and Nonce: 155 b0 c3 03 05 00 16 f2 0e 156 Ciphertext: 157 ae a0 15 56 67 92 158 ICV: 159 4d ff 8a 24 e4 cb 35 b9 161 When compressed with 6LoWPAN-GHC, DTLS 1.2 with the above parameters 162 (epoch, sequence number, length) gives 16 bytes overhead. 164 2.1.3. DTLS 1.2 with raza-6lo-compressed-dtls 166 This section analyzes the overhead of DTLS 1.2 [RFC6347] when 167 compressed with [raza-6lo-compressed-dtls]. 169 Note that the compressed overhead is dependent on the parameters 170 epoch and sequence number. The following is only an example. 172 Note that this header compression is not available when DTLS is 173 exchanged over transports that do not use 6LoWPAN together with raza- 174 6lo-compressed-dtls. 176 Compressed DTLS 1.2 Record Layer (19 bytes, 13 bytes overhead): 177 90 17 01 00 05 ae a0 15 56 67 92 4d ff 8a 24 e4 178 cb 35 b9 180 NHC 181 90 182 Compressed DTLS 1.2 Record Layer Header and Nonce: 183 17 01 00 05 184 Ciphertext: 185 ae a0 15 56 67 92 186 ICV: 187 4d ff 8a 24 e4 cb 35 b9 189 When compressed with raza-6lo-compressed-dtls, DTLS 1.2 with the 190 above parameters (epoch, sequence number) gives 13 bytes overhead. 192 2.1.4. DTLS 1.3 194 This section analyzes the overhead of DTLS 1.3 195 [I-D.rescorla-tls-dtls13]. The only change compared to DTLS 1.2 is 196 that the DTLS 1.3 record layer does not have an explicit nonce. 198 DTLS 1.3 Record Layer (27 bytes, 21 bytes overhead): 199 17 fe fd 00 01 00 00 00 00 00 05 00 0e ae a0 15 200 56 67 92 4d ff 8a 24 e4 cb 35 b9 202 Content type: 203 17 204 Version: 205 fe fd 206 Epoch: 207 00 01 208 Sequence number: 209 00 00 00 00 00 05 210 Length: 211 00 0e 212 Ciphertext: 213 ae a0 15 56 67 92 214 ICV: 215 4d ff 8a 24 e4 cb 35 b9 217 DTLS 1.3 gives 21 bytes overhead. 219 2.1.5. DTLS 1.3 with 6LoWPAN-GHC 221 This section analyzes the overhead of DTLS 1.3 222 [I-D.rescorla-tls-dtls13] when compressed with [RFC7400] 223 [OlegHahm-ghc]. 225 Note that the overhead is dependent on the parameters epoch, sequence 226 number, and length. The following is only an example. 228 Note that this header compression is not available when DTLS is 229 exchanged over transports that do not use 6LoWPAN together with 230 6LoWPAN-GHC. 232 Compressed DTLS 1.3 Record Layer (20 bytes, 14 bytes overhead): 233 b0 c3 11 05 00 0e ae a0 15 56 67 92 4d ff 8a 24 234 e4 cb 35 b9 236 Compressed DTLS 1.3 Record Layer Header and Nonce: 237 b0 c3 11 05 00 0e 238 Ciphertext: 239 ae a0 15 56 67 92 240 ICV: 241 4d ff 8a 24 e4 cb 35 b9 243 When compressed with 6LoWPAN-GHC, DTLS 1.3 with the above parameters 244 (epoch, sequence number, length) gives 14 bytes overhead. 246 2.1.6. DTLS 1.3 with raza-6lo-compressed-dtls 248 This section analyzes the overhead of DTLS 1.3 249 [I-D.rescorla-tls-dtls13] when compressed with 250 [raza-6lo-compressed-dtls]. 252 Note that the compressed overhead is dependent on the parameters 253 epoch and sequence number. The following is only an example. 255 Note that this header compression is not available when DTLS is 256 exchanged over transports that do not use 6LoWPAN together with raza- 257 6lo-compressed-dtls. 259 Compressed DTLS 1.3 Record Layer (19 bytes, 13 bytes overhead): 260 90 17 01 00 05 ae a0 15 56 67 92 4d ff 8a 24 e4 261 cb 35 b9 263 NHC 264 90 265 Compressed DTLS 1.3 Record Layer Header and Nonce: 266 17 01 00 05 267 c3 03 05 00 16 f2 0e 268 Ciphertext: 269 ae a0 15 56 67 92 270 ICV: 271 4d ff 8a 24 e4 cb 35 b9 273 When compressed with raza-6lo-compressed-dtls, DTLS 1.3 with the 274 above parameters (epoch, sequence number) gives 13 bytes overhead. 276 2.2. DTLS with Connection ID 278 This section analyzes the overhead of DTLS with Connection ID 279 [I-D.rescorla-tls-dtls-connection-id]. The overhead calculations in 280 this section uses Connection ID = '42'. DTLS with a Connection ID = 281 '' (the empty string) is equal to DTLS without Connection ID. 283 2.2.1. DTLS 1.2 with Connection ID 285 This section analyzes the overhead of DTLS 1.2 [RFC6347] with 286 Connection ID [I-D.rescorla-tls-dtls-connection-id]. 288 Note that the overhead is dependent on the parameter Connection ID. 289 The following is only an example. 291 DTLS 1.2 Record Layer (35 bytes, 29 bytes overhead): 292 17 fe fd 00 01 00 00 00 00 00 05 42 00 16 00 01 293 00 00 00 00 00 05 ae a0 15 56 67 92 4d ff 8a 24 294 e4 cb 35 b9 296 Content type: 297 17 298 Version: 299 fe fd 300 Epoch: 301 00 01 302 Sequence number: 303 00 00 00 00 00 05 304 Connection ID: 305 42 306 Length: 307 00 16 308 Nonce: 309 00 01 00 00 00 00 00 05 310 Ciphertext: 311 ae a0 15 56 67 92 312 ICV: 313 4d ff 8a 24 e4 cb 35 b9 315 DTLS 1.2 with Connection ID gives 30 bytes overhead. 317 2.2.2. DTLS 1.2 with Connection ID and 6LoWPAN-GHC 319 This section analyzes the overhead of DTLS 1.2 [RFC6347] with 320 Connection ID [I-D.rescorla-tls-dtls-connection-id] when compressed 321 with [RFC7400] [OlegHahm-ghc]. 323 Note that the compressed overhead is dependent on the parameters 324 epoch, sequence number, Connection ID, and length. The following is 325 only an example. 327 Note that the sequence number '01' used in [RFC7400], Figure 15 gives 328 an exceptionally small overhead that is not representative. 330 Note that this header compression is not available when DTLS is 331 exchanged over transports that do not use 6LoWPAN together with 332 6LoWPAN-GHC. 334 Compressed DTLS 1.2 Record Layer (23 bytes, 17 bytes overhead): 335 b0 c3 04 05 42 00 16 f2 0e ae a0 15 56 67 92 4d 336 ff 8a 24 e4 cb 35 b9 338 Compressed DTLS 1.2 Record Layer Header and Nonce: 339 b0 c3 04 05 42 00 16 f2 0e 340 Ciphertext: 341 ae a0 15 56 67 92 342 ICV: 343 4d ff 8a 24 e4 cb 35 b9 345 When compressed with 6LoWPAN-GHC, DTLS 1.2 with the above parameters 346 (epoch, sequence number, Connection ID, length) gives 17 bytes 347 overhead. 349 2.2.3. DTLS 1.3 with Connection ID 351 This section analyzes the overhead of DTLS 1.3 352 [I-D.rescorla-tls-dtls13] with Connection ID 353 [I-D.rescorla-tls-dtls-connection-id]. 355 Note that the overhead is dependent on the parameter Connection ID. 356 The following is only an example. 358 DTLS 1.3 Record Layer (28 bytes, 22 bytes overhead): 359 17 fe fd 00 01 00 00 00 00 00 05 42 00 0e ae a0 360 15 56 67 92 4d ff 8a 24 e4 cb 35 b9 362 Content type: 363 17 364 Version: 365 fe fd 366 Epoch: 367 00 01 368 Sequence number: 369 00 00 00 00 00 05 370 Connection ID: 371 42 372 Length: 373 00 0e 374 Ciphertext: 375 ae a0 15 56 67 92 376 ICV: 377 4d ff 8a 24 e4 cb 35 b9 379 DTLS 1.3 gives 22 bytes overhead. 381 2.2.4. DTLS 1.3 with Connection ID and 6LoWPAN-GHC 383 This section analyzes the overhead of DTLS 1.3 384 [I-D.rescorla-tls-dtls13] with Connection ID 385 [I-D.rescorla-tls-dtls-connection-id] when compressed with [RFC7400] 386 [OlegHahm-ghc]. 388 Note that the overhead is dependent on the parameters epoch, sequence 389 number, Connection ID, and length. The following is only an example. 391 Note that this header compression is not available when DTLS is 392 exchanged over transports that do not use 6LoWPAN together with 393 6LoWPAN-GHC. 395 Compressed DTLS 1.3 Record Layer (21 bytes, 15 bytes overhead): 396 b0 c3 12 05 42 00 0e ae a0 15 56 67 92 4d ff 8a 397 24 e4 cb 35 b9 399 Compressed DTLS 1.3 Record Layer Header and Nonce: 400 b0 c3 12 05 42 00 0e 401 Ciphertext: 402 ae a0 15 56 67 92 403 ICV: 404 4d ff 8a 24 e4 cb 35 b9 405 When compressed with 6LoWPAN-GHC, DTLS 1.3 with the above parameters 406 (epoch, sequence number, Connection ID, length) gives 15 bytes 407 overhead. 409 2.3. TLS 411 2.3.1. TLS 1.2 413 This section analyzes the overhead of TLS 1.2 [RFC5246]. The changes 414 compared to DTLS 1.2 is that the TLS 1.2 record layer does not have 415 epoch and sequence number, and that the version is different. 417 TLS 1.2 Record Layer (27 bytes, 21 bytes overhead): 418 17 03 03 00 16 00 00 00 00 00 00 00 05 ae a0 15 419 56 67 92 4d ff 8a 24 e4 cb 35 b9 421 Content type: 422 17 423 Version: 424 03 03 425 Length: 426 00 16 427 Nonce: 428 00 00 00 00 00 00 00 05 429 Ciphertext: 430 ae a0 15 56 67 92 431 ICV: 432 4d ff 8a 24 e4 cb 35 b9 434 TLS 1.2 gives 21 bytes overhead. 436 2.3.2. TLS 1.2 with 6LoWPAN-GHC 438 This section analyzes the overhead of TLS 1.2 [RFC5246] when 439 compressed with [RFC7400] [OlegHahm-ghc]. 441 Note that the overhead is dependent on the parameters epoch, sequence 442 number, and length. The following is only an example. 444 Note that this header compression is not available when TLS is 445 exchanged over transports that do not use 6LoWPAN together with 446 6LoWPAN-GHC. 448 Compressed TLS 1.2 Record Layer (23 bytes, 17 bytes overhead): 449 05 17 03 03 00 16 85 0f 05 ae a0 15 56 67 92 4d 450 ff 8a 24 e4 cb 35 b9 452 Compressed TLS 1.2 Record Layer Header and Nonce: 453 05 17 03 03 00 16 85 0f 05 454 Ciphertext: 455 ae a0 15 56 67 92 456 ICV: 457 4d ff 8a 24 e4 cb 35 b9 459 When compressed with 6LoWPAN-GHC, TLS 1.2 with the above parameters 460 (epoch, sequence number, length) gives 17 bytes overhead. 462 2.3.3. TLS 1.3 464 This section analyzes the overhead of TLS 1.3 [I-D.ietf-tls-tls13]. 465 The change compared to TLS 1.2 is that the TLS 1.3 record layer uses 466 a different version. 468 TLS 1.3 Record Layer (27 bytes, 21 bytes overhead): 469 17 03 01 00 16 00 00 00 00 00 00 00 05 ae a0 15 470 56 67 92 4d ff 8a 24 e4 cb 35 b9 472 Content type: 473 17 474 Version: 475 03 01 476 Length: 477 00 16 478 Nonce: 479 00 00 00 00 00 00 00 05 480 Ciphertext: 481 ae a0 15 56 67 92 482 ICV: 483 4d ff 8a 24 e4 cb 35 b9 485 TLS 1.3 gives 21 bytes overhead. 487 2.3.4. TLS 1.3 with 6LoWPAN-GHC 489 This section analyzes the overhead of TLS 1.3 [I-D.ietf-tls-tls13] 490 when compressed with [RFC7400] [OlegHahm-ghc]. 492 Note that the overhead is dependent on the parameters epoch, sequence 493 number, and length. The following is only an example. 495 Note that this header compression is not available when TLS is 496 exchanged over transports that do not use 6LoWPAN together with 497 6LoWPAN-GHC. 499 Compressed TLS 1.3 Record Layer (23 bytes, 17 bytes overhead): 500 02 17 03 c3 01 16 85 0f 05 ae a0 15 56 67 92 4d 501 ff 8a 24 e4 cb 35 b9 503 Compressed TLS 1.3 Record Layer Header and Nonce: 504 02 17 03 c3 01 16 85 0f 05 505 Ciphertext: 506 ae a0 15 56 67 92 507 ICV: 508 4d ff 8a 24 e4 cb 35 b9 510 When compressed with 6LoWPAN-GHC, TLS 1.3 with the above parameters 511 (epoch, sequence number, length) gives 17 bytes overhead. 513 2.4. OSCORE 515 This section analyzes the overhead of OSCORE 516 [I-D.ietf-core-object-security]. 518 Note that the overhead is dependent on the included CoAP Option 519 numbers as well as the length of the OSCORE parameters Sender ID and 520 sequence number. 522 Note that Sender ID = '' (empty string) can only be used by one 523 client per server. 525 The examples below assume that the original messages does not have 526 payload (note that this does not affect the overhead). 528 The below calculation Option Delta = '9', Sender ID = '' (empty 529 string), and Sequence Number = '05', and is only an example. 531 OSCORE Request (19 bytes, 13 bytes overhead): 532 92 09 05 533 ff ec ae a0 15 56 67 92 4d ff 8a 24 e4 cb 35 b9 535 CoAP Option Delta and Length 536 92 537 Option Value (flag byte and sequence number): 538 09 05 539 Payload Marker 540 ff 541 Ciphertext (including encrypted code): 542 ec ae a0 15 56 67 92 543 ICV: 544 4d ff 8a 24 e4 cb 35 b9 546 The below calculation Option Delta = '9', Sender ID = '42', and 547 Sequence Number = '05', and is only an example. 549 OSCORE Request (20 bytes, 14 bytes overhead): 550 93 09 05 42 551 ff ec ae a0 15 56 67 92 4d ff 8a 24 e4 cb 35 b9 553 CoAP Option Delta and Length 554 93 555 Option Value (flag byte, sequence number, and Sender ID): 556 09 05 42 557 Payload Marker 558 ff 559 Ciphertext (including encrypted code): 560 ec ae a0 15 56 67 92 561 ICV: 562 4d ff 8a 24 e4 cb 35 b9 564 The below calculation uses Option Delta = '9' and is only an example. 566 OSCORE Response (17 bytes, 11 bytes overhead): 567 90 568 ff ec ae a0 15 56 67 92 4d ff 8a 24 e4 cb 35 b9 570 CoAP Delta and Option Length: 571 90 572 Option Value 573 - 574 Payload Marker 575 ff 576 Ciphertext (including encrypted code): 577 ec ae a0 15 56 67 92 578 ICV: 579 4d ff 8a 24 e4 cb 35 b9 581 OSCORE with the above parameters gives 13-14 bytes overhead for 582 requests and 11 bytes overhead for responses. 584 Unlike DTLS and TLS, OSCORE has much smaller overhead for responses 585 than requests. 587 3. Overhead with Different Parameters 589 The DTLS overhead is dependent on the parameter Connection ID. The 590 following overheads apply for all Connection IDs with the same 591 length. 593 The compression overhead (GHC) is dependent on the parameters epoch, 594 sequence number, Connection ID, and length. The following overheads 595 should be representative for sequence numbers and Connection IDs with 596 the same length. 598 The compression overhead (raza-6lo-compressed-dtls) is dependent on 599 the length of the parameters epoch and sequence number. The 600 following overheads apply for all sequence numbers with the same 601 length. 603 The OSCORE overhead is dependent on the included CoAP Option numbers 604 as well as the length of the OSCORE parameters Sender ID and sequence 605 number. The following overheads apply for all sequence numbers and 606 Sender IDs with the same length. 608 Sequence Number '05' '1005' '100005' 609 ------------------------------------------------------------- 610 DTLS 1.2 29 29 29 611 DTLS 1.3 21 21 21 612 TLS 1.2 21 21 21 613 TLS 1.3 21 21 21 614 ------------------------------------------------------------- 615 DTLS 1.2 (Raza) 13 13 14 616 DTLS 1.3 (Raza) 13 13 14 617 ------------------------------------------------------------- 618 DTLS 1.2 (GHC) 16 16 17 619 DTLS 1.3 (GHC) 14 14 15 620 TLS 1.2 (GHC) 17 18 19 621 TLS 1.3 (GHC) 17 18 19 622 ------------------------------------------------------------- 623 OSCORE Request 13 14 15 624 OSCORE Response 11 11 11 626 Figure 1: Overhead as a function of sequence number 627 (Connection/Sender ID = '') 629 Connection/Sender ID '' '42' '4002' 630 ------------------------------------------------------------- 631 DTLS 1.2 29 30 31 632 DTLS 1.3 21 22 23 633 ------------------------------------------------------------- 634 DTLS 1.2 (GHC) 16 17 18 635 DTLS 1.3 (GHC) 14 15 16 636 ------------------------------------------------------------- 637 OSCORE Request 13 14 15 638 OSCORE Response 11 11 11 640 Figure 2: Overhead as a function of Connection/Sender ID 641 (Sequence Number = '05') 643 4. Summary 645 DTLS 1.2 has quite a large overhead as it uses an explicit sequence 646 number and an explicit nonce. DTLS 1.3, TLS 1.2, and TLS 1.3 have 647 significantly less (but not small) overhead. 649 Both DTLS compression methods provides very good compression. raza- 650 6lo-compressed-dtls achieves slightly better compression but requires 651 state. GHC is stateless but provides slightly worse compression. As 652 DTLS 1.3 uses the same version number as DTLS 1.2, both GHC and raza- 653 6lo-compressed-dtls works well also for DTLS 1.3. 655 The Generic Header Compression (6LoWPAN-GHC) can in addition to DTLS 656 1.2 handle DTLS 1.3, DTLS with Connection ID, TLS 1.2, and TLS 1.3. 657 The Generic Header Compression (6LoWPAN-GHC) works very well for 658 Connection ID and the overhead seems to increase exactly with the 659 length of the Connection ID (which is optimal). The compression of 660 TLS is not as good as the compression of DTLS (as the static 661 dictionary is more or less a DTLS record layer). Similar compression 662 levels as for DTLS could be achieved also for TLS, but this would 663 require different static dictionaries for each version of TLS (as TLS 664 1.2 and TLS 1.3 uses different version numbers). GHC works as good 665 for DTLS 1.3 as for DTLS 1.2 as the version number is the same. 667 raza-6lo-compressed-dtls is not able to handle DTLS with Connection 668 ID or TLS, all extensions requires an updated mechanism. 670 The header compression is not available when (D)TLS is exchanged over 671 transports that do not use 6LoWPAN together with 6LoWPAN-GHC or raza- 672 6lo-compressed-dtls. 674 OSCORE has much lower overhead than DTLS and TLS. The overhead of 675 OSCORE is smaller than DTLS over 6LoWPAN with compression, and this 676 small overhead is achieved even on deployments without 6LoWPAN or 677 6LoWPAN without DTLS compression. OSCORE is lightweight because it 678 makes use of some excellent features in CoAP, CBOR, and COSE. 680 5. Security Considerations 682 This document is purely informational. 684 6. Informative References 686 [I-D.ietf-core-coap-tcp-tls] 687 Bormann, C., Lemay, S., Tschofenig, H., Hartke, K., 688 Silverajan, B., and B. Raymor, "CoAP (Constrained 689 Application Protocol) over TCP, TLS, and WebSockets", 690 draft-ietf-core-coap-tcp-tls-10 (work in progress), 691 October 2017. 693 [I-D.ietf-core-object-security] 694 Selander, G., Mattsson, J., Palombini, F., and L. Seitz, 695 "Object Security for Constrained RESTful Environments 696 (OSCORE)", draft-ietf-core-object-security-06 (work in 697 progress), October 2017. 699 [I-D.ietf-tls-tls13] 700 Rescorla, E., "The Transport Layer Security (TLS) Protocol 701 Version 1.3", draft-ietf-tls-tls13-21 (work in progress), 702 July 2017. 704 [I-D.rescorla-tls-dtls-connection-id] 705 Rescorla, E. and H. Tschofenig, "The Datagram Transport 706 Layer Security (DTLS) Connection Identifier", draft- 707 rescorla-tls-dtls-connection-id-01 (work in progress), 708 October 2017. 710 [I-D.rescorla-tls-dtls13] 711 Rescorla, E., Tschofenig, H., and N. Modadugu, "The 712 Datagram Transport Layer Security (DTLS) Protocol Version 713 1.3", draft-rescorla-tls-dtls13-01 (work in progress), 714 March 2017. 716 [OlegHahm-ghc] 717 Hahm, O., "Generic Header Compression", July 2016, 718 . 720 [raza-6lo-compressed-dtls] 721 Raza, S., Shafagh, H., and O. Dupont, "Compression of 722 Record and Handshake Headers for Constrained 723 Environments", March 2017, 724 . 726 [RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security 727 (TLS) Protocol Version 1.2", RFC 5246, 728 DOI 10.17487/RFC5246, August 2008, 729 . 731 [RFC6347] Rescorla, E. and N. Modadugu, "Datagram Transport Layer 732 Security Version 1.2", RFC 6347, DOI 10.17487/RFC6347, 733 January 2012, . 735 [RFC7252] Shelby, Z., Hartke, K., and C. Bormann, "The Constrained 736 Application Protocol (CoAP)", RFC 7252, 737 DOI 10.17487/RFC7252, June 2014, 738 . 740 [RFC7400] Bormann, C., "6LoWPAN-GHC: Generic Header Compression for 741 IPv6 over Low-Power Wireless Personal Area Networks 742 (6LoWPANs)", RFC 7400, DOI 10.17487/RFC7400, November 743 2014, . 745 [RFC7925] Tschofenig, H., Ed. and T. Fossati, "Transport Layer 746 Security (TLS) / Datagram Transport Layer Security (DTLS) 747 Profiles for the Internet of Things", RFC 7925, 748 DOI 10.17487/RFC7925, July 2016, 749 . 751 Acknowledgments 753 The authors want to thank Ari Keraenen, Francesca Palombini, and 754 Goeran Selander for reviewing previous versions of the draft. 756 All 6LoWPAN-GHC compression was done with [OlegHahm-ghc]. 758 Author's Address 760 John Mattsson 761 Ericsson AB 762 Faeroegatan 6 763 Kista SE-164 80 Stockholm 764 Sweden 766 Email: john.mattsson@ericsson.com