Re: Key Missing Feature for IoT

2024-04-09 Thread Sean Mullan
On 4/9/24 9:24 AM, Simon Bernard wrote: Thx for detail answers. Yes. I don't want you to spend months on a contribution only to have us decide it is not something we want to include in the JDK. I really appreciate that. Yes, but PSK introduces security issues that need to be considered. We

Re: Key Missing Feature for IoT

2024-04-09 Thread Simon Bernard
Thx for detail answers. Yes. I don't want you to spend months on a contribution only to have us decide it is not something we want to include in the JDK. I really appreciate that. Yes, but PSK introduces security issues that need to be considered. We would have to be very careful about how we

Re: Key Missing Feature for IoT

2024-04-09 Thread Sean Mullan
Hi Simon, On 4/8/24 10:12 AM, Simon Bernard wrote: Hi Sean,  Thx for warning me about that.  I understand that maybe this is too soon for contributing code ? and also that finally this not so sure that you want to integrate (D)TLS feature that I mentioned previously as Key IoT features.

Re: Key Missing Feature for IoT

2024-04-08 Thread Simon Bernard
Hi Sean,  Thx for warning me about that.  I understand that maybe this is too soon for contributing code ? and also that finally this not so sure that you want to integrate (D)TLS feature that I mentioned previously as Key IoT features.  So not sure what should I do now. In my first message,

Re: Key Missing Feature for IoT

2024-04-02 Thread Sean Mullan
Resending; fixed some of the link numbers. Hi, Sorry for the delay in replying as I have been busy with other issues. Thank you for your interest in Java Security. Thank you Daniel for also helping out with answering some of the questions. As Daniel pointed out, there are currently Enhancement

Re: Key Missing Feature for IoT

2024-04-02 Thread Sean Mullan
Hi, Sorry for the delay in replying as I have been busy with other issues. Thank you for your interest in Java Security. Thank you Daniel for also helping out with answering some of the questions. As Daniel pointed out, there are currently Enhancements open for adding CCM and PSK support to

Re: Key Missing Feature for IoT

2024-03-20 Thread Daniel Jeliński
> any recommendation or example of this kind of work? Check out these JEPs, the description section: https://openjdk.org/jeps/329 https://openjdk.org/jeps/8245551 https://openjdk.org/jeps/8281710 In the PSK case the main question is, how is the user going to configure the keys? Cheers, Daniel wt

Re: Key Missing Feature for IoT

2024-03-19 Thread Simon Bernard
Well I think AES-CCM is a decent candidate to start. OK, I will probably take time to see if this is something within my reach. (I have limited time by week to give on that and not an expert on this topic, so this will be mid/long term task) Regarding PSK API, if you could put together a more

Re: Key Missing Feature for IoT

2024-03-18 Thread Daniel Jeliński
Well I think AES-CCM is a decent candidate to start. If you choose to work on this, you'll need to add support for AES/CCM to the JCE first. Most of the code is already there: AES is implemented, CTR and CBC are implemented, AEAD mode is implemented, so it's probably just a matter of wiring these t

Re: Key Missing Feature for IoT

2024-03-15 Thread Simon Bernard
Thx for all this clarification. For example, how will the user configure the list of available PSKs? Regarding PSK API from other libraries : *AdvancedPskStore* from Scandium 3.x which is not so straight forward to use mainly because it supports async request : https://github.com/eclipse-c

Re: Key Missing Feature for IoT

2024-03-15 Thread Simon Bernard
Hi Daniel, Thx for quick answer. For PSK and AES, if this is added then this will be also for TLS ? (not only DTLS  right ?) and for version 1.2 and 1.3 ? and also when this feature will be added, would they be available on next JDK version OR also old version ? (e.g. I know some recent secur

Re: Key Missing Feature for IoT

2024-03-15 Thread Daniel Jeliński
Hi Simon, Yes, the cipher suites in CipherSuite class are available in both TLS and DTLS by default. TLS 1.3 uses different cipher suites from TLS 1.2, so both protocols need to be updated. Regarding backporting to other versions of Java, backports are reviewed on a case-by-case basis. TLS changes

Re: Key Missing Feature for IoT

2024-03-15 Thread Daniel Jeliński
Hi Simon, welcome to security-dev! You got the situation of DTLS right: - PSK cipher suites were first requested in JDK-6476446, then in JDK-8049402. - connection identifier is not implemented, and not on the to-do list yet; - AES-CCM was requested in JDK-8008342, then in JDK-8176395. If I underst

Key Missing Feature for IoT

2024-03-14 Thread Simon Bernard
Hi all, I'm the main Maintainer of *Leshan* . An open Source Java Implementation of *LWM2M * protocol. *LWM2M* is mainly based on *coap* and *coap+tcp* protocol. Security i