(D)TLS 1.3 with LWM2M v1.0 or v1.1 ?

[sbernard31]

Hi,

In LWM2M v1.0 or v1.1 there are no mention about DTLS 1.3. Since LWM2M v1.2, the specification says :

This version of the specification MAY optionally use TLS 1.3 [RFC 8446] and/or DTLS 1.3 [DTLS-1.3]. (http://www.openmobilealliance.org/release/LightweightM2M/V1_2-20201110-A/HTML-Version/OMA-TS-LightweightM2M_Transport-V1_2-20201110-A.html#5-2-1-0-521-TLSDTLS-Overview)

I'm asking myself if :

• Is it technically possible to use (D)TLS 1.3 with LWM2M v1.0 or v1.1 ?
• Is there any contraindication about doing it ?
• Is there any recommendation from the OMA about that ?

Thx :pray:

[hannestschofenig]

It is possible to use DTLS 1.3 with LwM2M v1.0 or v1.1. In fact, it is possible to dynamically negotiate the use of DTLS 1.3 or 1.2 since this is a feature supported in DTLS.

The LwM2M v1.0 or v1.1 specifications do, however, miss any guidance on the use of it (algorithms, extensions, references).

TLS 1.3 works only with CoAP over TCP (quite naturally) and this transport was only added with v1.1. Hence, this is not an option for v1.0. Using TLS 1.3 with LwM2M v1.1 is, however, an option.

We have not written a recommendation in OMA on the use of TLS 1.3 but it sounds like a good idea given that using newer security protocols offers certain advantages.

[sbernard31]

Thx for the prompt answer answer. :pray:

(Should we close this issue or we get it open waiting we add a link to the OMA recommendation ?)