DTLS support

[rgillan]

Hi,
I know this has been requested in 2013 and closed off without implementation, and there has been a dev approach back in 0.11. DTLS is mandatory for any application using CoAP, which pretty much covers the entire IoT space, oneM2M, lightweightM2M. There is CoAP protocol support (via node-coap) but no way to secure the traffic. OpenSSL has support for DTLS so the underlying infrastructure is there.

Node.js is a great platform, although after many years of use and experience we're having to look at (ugh) Java and other alternatives for our ongoing work.

If there's any way this could get onto the roadmap with some clarity it would help many of us making similar decisions on platform selection for IoT core functionality.

Thanks
Rob

[jasnell]

Would definitely love to get something going on this but unless an updated implementation is contributed, it's not likely we'll be able get to it soon, at least not in this stream. This may be something best targeted at the converged repo (http://github.com/nodejs/node).

[kilianc]

+1 on this, a lot of people started to use UDP to build faster distributed tools and lighter communication layers for hardware where the server-less or better connection-less nature of UDP comes in handy. Also browser are starting to expose those API, I am sure DTLS will empower a lot of great use cases out there.

[jeduan]

👍

[mcollina]

👍 I can partecipate in a development effort to build this feature, if we want to form some kind of team (or working group) behind it (and udp too).

BTW, I am the maintainer of node-coap, and this is a highly requested feature: coapjs/node-coap#11

Should we open another issue in the iojs repo? which issue tracker will be 'the one' after the merge?

[mcollina]

Side note, this is also required for WebRTC.

[rgillan]

Matteo et al,
Happy to help out where we can. It's a serious roadblock for us at the moment as everything in the IoT/M2M space using CoAP is not deployable without encryption.

[natbro]

would anybody be willing to give an overview of the state of DTLS or pointer to where the best convo is happening so I can figure out where to better contribute?

• i know about and have used @migounette's 0.11-based work in the past and the API design seems right

• i know about but haven't used @Rantanen's DTLS package, roughly the same API afaict

• i'm seeing references here & elsewhere (like @brycekahle's thread, crypto: API changes needed for AES Counter with CBC-MAC (CCM) support node#2383) about folks wanting to form or already working on full DTLS support, but not seeing much yet.

  if bringing the native native-OpenSSL-lib-based @migounette approach forward in the merge or soon thereafter makes sense, i would love to know how to help make this happen, as i use UDP for multiplayer gaming and chat, really would like to help get it properly secured with some upcoming node backends on the newest engine.

[migounette]

@misterdjules @indutny Okay it's time to restart the operation :)
I can propose a DTLS native and also the DTLS Extension for SRTP keying which can be used for SIP operations. API needs to be reviewed.

Just let me know, I have a two weeks (will less work :)) - Question nodejs or io.js branch ? or both !

@natbro @rgillan @kilianc can you help for the testing part ? based on a specific branch and try to develop simple samples ?

[natbro]

delighted to help!
re: io vs node - my preference is just the merge/io.js; to not bother with backward, but i think folks in the thick of it may have more insight -- i'll help out either path.

[jasnell]

At this point, because active development is migrating to nodejs/node, the best bet is to move the conversation on this over to http://github.com/nodejs/node.

[natbro]

if somebody with appropriate perms for the original issue and the destination repo could move the issue using https://github-issue-mover.appspot.com/ (@jasnell ?) that would be great. otherwise i can just restart it there.