Hi list, a few days ago, I mailed that question to the dtls-iot list and got asked, to move it here.
I'm interested in some background/details about https://tools.ietf.org/html/rfc7925#section-16 mentions: "Client implementations SHOULD implement this extension even though the ciphersuites recommended by this profile are not vulnerable to this attack. For DH-based ciphersuites, the keying material is contributed by both parties and in case of the pre-shared secret key ciphersuite, both parties need to be in possession of the shared secret to ensure that the handshake completes successfully. It is, however, possible that some application-layer protocols will tunnel other authentication protocols on top of DTLS making this attack relevant again." Is there more information about that application-layer risk? Would RFC 7627 protect against that application-layer risk? (Let me precise that question from my initial e-mail in the dtls-iot list, using only the not affected cipher suites, would RFC 7627 add any protection against that application-layer risk?) I'm still wondering, if RFC 7627 comes with any benefit, if only ECDHE or PSK cipher suites are supported anyway (assuming strong enough secret keys or curves). best regards Achim _______________________________________________ Uta mailing list Uta@ietf.org https://www.ietf.org/mailman/listinfo/uta
