LWM2M Security: SNI with PSK - what does this mean?

[ghost]

See

• Document: OMA-TS-LightweightM2M_Core-V1_1_1-20190617
• Section: E 1.-2 (Table)

The Specification describes the SNI resource 14 as follows:

"This resource holds the value of the Server Name Indication (SNI) value to be used during the TLS handshake. When this resource is present then the LwM2M Server URI acts as the address of the service while the SNI value is used for matching a presented certificate, or PSK identity."

We certainly understand what SNI resource means for the use with certificates (Security Modes 1,2 and 4): Here the SNI sent by the device allows the LWM2M server to present a matching certificate.

I can only guess what the mention of the PSK identity should mean here: Does the spec want to say that the LWM2M server should look up a matching certificate by the PSK identity internally??

If so, this doesn't actually make sense because the ciphersuites mandated for PSK (see OMA-TS-LightweightM2M_Transport-V1_1-20180710-A.pdf, Section 5.2.8.1) are TLS_PSK_WITH_AES_128_CCM_8 and TLS_PSK_WITH_AES_128_CBC_SHA256. Both of these ciphersuites only use symmetric cryptography and do not use certificates at all, which is one of the key motivations behind DTLS-PSK...

Can you elaborate here?

This emerged out of a discussion with @jakubsobolewskisag and @sbernard31 on the implementation of SNI support in eclipse-leshan/leshan#1447

[hannestschofenig]

In a scenario where there are multiple virtual server running on the IP address there is the question about how the authentication is "routed" to the right place. The PSK identity may contain this information, if you format it similar to an email address, but if you don't then you will run into a problem. There the SNI could help.

[mkgillmore]

Group agrees that this issue is resolved and can be closed 10/31/2023