-
Notifications
You must be signed in to change notification settings - Fork 160
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Plans for DTLS 1.3 #188
Comments
This is really exciting! Some random thoughts I had. We should join the IETF list and see if we can help.Would be so exciting if Pion DTLS could make prototyping/building DTLS implementations faster. Put flights in separate packages@at-wat split out all the code for flights into their own things. We can take advantage of this and have separate flights for 1.2 and 1.3 in their own packages. A lot of stuff like the sequence numbers will be a pain to manage, but we will figure it out :) |
DTLS 1.3 is finally in RFC state... |
I would love to see some updates on this. |
I would love to help with this!
I am just hesitant to put work into this if no one ends up using it. |
We are working a lot with narrowband IP links at work (with tens or hundreds of kilobits/s channel capacity), so the more compact headers of DTLS1.3 and its zero-RTT reconnection would be a great way to secure UDP based communication (e.g. COAP). Looking at OpenSSL ( openssl/openssl#13900 (comment) ) it mentions the WolfSSL implementation for interop testing DTLS 1.3 |
We're working on similar narrowband cellular problems like @HRogge (we should talk!) and have been tracking DTLS 1.3. That said, there's one feature, Connection ID, that was "backported" to 1.2 that provides significant power improvements that our customers and partners are asking for. @miguel91it has been evaluating what it would take to add it. Of course it's a separate issue from DTLS 1.3, but it's smaller and the thing we currently care most about, so I thought it would be worth sharing 🙂 |
Just forgot to add that go-coap refers to pion-dtls for TLS support... so everyone who wants to use "secure go-coap" will most likely also end using this project. |
No, that's incorrect. They support TLS Corrected wolfSSL link: |
@eabase Indeed the README is outdated. I've reported that to the team. Thanks for noticing that. Confirming wolfSSL support both TLS 1.3 (since 2017) and DTLS1.3 (since July 2022). |
When we will DTLS1.3 be supported? |
This is an open source project, and nobody is being paid to work on it. It may get supported if and when folks with the necessary knowledge and time are able to work on it. Please refrain from pinging for status on this issue. It won't make things go any faster, nor will it result in us being able to make you a promise or give you a release timeline. |
Another issue here is that security specific library code is a bit more difficult to write than normal code... its easy to get wrong in subtile ways for people without experience. Still, DTLS 1.3 is quite important for the future... maybe there is a way to get a funding pool for getting this job done? |
I am happy to take it on! I think we could make this happen by Jan 1st. I need to release Pion WebRTC v4 first. After that I would say DTLS 1.3 is the most important thing. If anyone has any advice/input/wants to get involved I would love to take the journey with a friend! |
I stumbled across https://datatracker.ietf.org/doc/draft-ietf-tls-dtls13/ today. Looks like it's on its way now.
I took a stroll through the spec, and https://tools.ietf.org/html/draft-ietf-tls-dtls13-34#section-12 has the changed compared to DTLS v1.2. I'm copying it here for good meassure:
been simplified.
construct
Seems there's quite a bit of change. It might prove a fairly decent headache to support that.
The text was updated successfully, but these errors were encountered: