CoAP/DTLS and X.509?

[nilstk]

Hi there,

https://datatracker.ietf.org/doc/html/rfc7252#section-9.1.3.3

with regard to the above RFC, I was wondering if there are plans to support X.509 in the near future? Is there any draft code available maybe?

[barbibulle]

Hi.
We don't have short term plans for supporting X.509 with DTLS. The two main reasons are that: 1/ the typical use of the framework between a phone and an IoT device involves both sides using IP addresses rather than DNS-resolvable names, and that it isn't common to use X.509 certificates for IP addresses, 2/ X.509 chains and DTLS are not necessarily easy to support, because of the size of the cert chain, combined with small datagram sizes; the cert chain has to be split in multiple messages, which I'm not sure if mbedtls supports yet (it didn't when we first looked at it). But if you have experience with mbedtls and are willing to look at how this could be supported, we'd be happy to help you investigate that.