Unilaterally authenticated DTLS

[mladedav]

Hello,

I was wondering if aiocoap client with tinydtls (or another dtls module) can be used so that only server is authenticated and clients have anonymous access. I tried following the docs but I have found only an example with mutual authentication with pre-shared key.

Is it possible to use aiocoap to connect via DTLS without having a key/certificate?

For the record I have checked the RFC and it seems that this scenario isn't mentioned there either so maybe it's not something that should be possible, but I don't see why that would be so.

[chrysn]

The tinyDTLS library used in aiocoap only supports PSK, which can only do mutual authentication.

Ways to fix this are to add RPK or certificate support to tinyDTLS (including the dtlssocket library through which aiocoap uses tinyDTLS) or to add support for another DTLS library (but currently none check all the boxes; if you have a concrete suggestion please add it to #230 which also lists why some of the existing ones don't really qualify).

While it's certainly possible to use different DTLS libraries for different scenarios (aiocoap's transports make that comparatively painless), that'd require someone to step up adding them. I'm primarily having DTLS here to support Tradfri for occasional comparisons to EDHOC/OSCORE, so myself I'd only add another DTLS library if it can replace tinyDTLS.