add support for DTLS about go-coap HOT 8 CLOSED

Looking forward for the implementation of this feature. Any news on the progress/plans for this?

from go-coap.

For now it is not planned because I use TCP/TLS. If there will be lot's of thumbs up or someone who wants to contribute then please create pull request. I will merge it.

from go-coap.

We're about to land PSK support in pion/dtls#76, starting with TLS_PSK_AES_128_CCM8 b/c a lot of IoT things use that. We're hoping to see the PR reviewed and merged this week.

from go-coap.

Hi. I integrated pion/dtls to go-coap in branch https://github.com/go-ocf/go-coap/tree/dtls. And it will be merge in the near future, but fill free to test it. You can find example: https://github.com/go-ocf/go-coap/tree/dtls/examples/dtls

from go-coap.

That's awesome, thanks for taking the time to do this! I've just pushed the v1.4.0 tag to pion/dtls so you don't have to depend on master/SHA anymore.

from go-coap.

I took at look at this whilst experimenting with go-coap for matrix.org; I concluded that https://github.com/pions/dtls's lack of PSK support was not ideal for typical low-bandwidth CoAP scenarios. Are you planning to add PSK to it?

I wondered whether https://github.com/bocajim/dtls might be a better bet (on the assumption that it might get upgraded from DTLS/1.0 to DTLS/1.2 in future)?

In the end, for the Matrix experiment I ended up using a Noise Pipe (via https://github.com/flynn/noise) for transport layer crypto, which ends up minimising bandwidth as well as supporting 0RTT handshakes. However, it's completely custom and presumably not useful for your OCF requirements; just mentioning it for the sake of interest and in case the way we added the crypto layer is useful. The experiment is still WIP currently but can link to it once it works fully.

The experiment of go-coap + noise exists over at master...matrix-org:matthew/noise2. It has some pretty major limitations...

• it only works for unicast UDP (and breaks multicast)
• it doesn't handle packet loss and at the crypto layer (either for transport or handshake packets)

...but might still be interesting for reference purposes to see how we layered in crypto. (Warning: this was my first Go code)

For the record, we're also going to look at layering CoAP over QUIC (and nQUIC) in future, as an alternate way of handling the retries/transport-reliability problem at low bandwidth.

from go-coap.

Are you planning to add PSK to it?
No. For now I just add mention one implementation.

I wondered whether https://github.com/bocajim/dtls might be a better bet (on the assumption that it might get upgraded from DTLS/1.0 to DTLS/1.2 in future)?
I add https://github.com/bocajim/dtls to issue for evaluation.

Thx for information.

from go-coap.

Thx for tag. Branch dtls was merged to the master.

from go-coap.