Re: [6tisch-security] slides you presented
Göran Selander <goran.selander@ericsson.com> Fri, 24 February 2017 14:31 UTC
Return-Path: <goran.selander@ericsson.com>
X-Original-To: 6tisch-security@ietfa.amsl.com
Delivered-To: 6tisch-security@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 135D2129D9E for <6tisch-security@ietfa.amsl.com>; Fri, 24 Feb 2017 06:31:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.721
X-Spam-Level:
X-Spam-Status: No, score=-3.721 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RCVD_IN_SORBS_SPAM=0.5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lJaRSHi0MVYB for <6tisch-security@ietfa.amsl.com>; Fri, 24 Feb 2017 06:31:30 -0800 (PST)
Received: from sesbmg22.ericsson.net (sesbmg22.ericsson.net [193.180.251.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3AE871296B0 for <6tisch-security@ietf.org>; Fri, 24 Feb 2017 06:31:30 -0800 (PST)
X-AuditID: c1b4fb30-2868b98000002c77-fd-58b043c072e2
Received: from ESESSHC013.ericsson.se (Unknown_Domain [153.88.183.57]) by (Symantec Mail Security) with SMTP id FA.3D.11383.0C340B85; Fri, 24 Feb 2017 15:31:28 +0100 (CET)
Received: from ESESSMB303.ericsson.se ([169.254.3.200]) by ESESSHC013.ericsson.se ([153.88.183.57]) with mapi id 14.03.0319.002; Fri, 24 Feb 2017 15:31:26 +0100
From: Göran Selander <goran.selander@ericsson.com>
To: Michael Richardson <mcr@sandelman.ca>, "6tisch-security@ietf.org" <6tisch-security@ietf.org>
Thread-Topic: [6tisch-security] slides you presented
Thread-Index: AQHSjNhj/O61zu/6fEqs5XyYLuNd26F2NsWAgAHjUYCAACGUAA==
Date: Fri, 24 Feb 2017 14:31:26 +0000
Message-ID: <D4D5FCA4.76D63%goran.selander@ericsson.com>
References: <D4D2C251.76751%goran.selander@ericsson.com> <f6dbdaf79dc7f3dd5a27eb5d07c39ba1@xs4all.nl> <3614.1487943075@obiwan.sandelman.ca>
In-Reply-To: <3614.1487943075@obiwan.sandelman.ca>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.7.1.161129
x-originating-ip: [153.88.183.16]
Content-Type: text/plain; charset="utf-8"
Content-ID: <A9D45672F23C454FB41A39D4C05D2716@ericsson.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrBIsWRmVeSWpSXmKPExsUyM2K7pe4B5w0RBn+2aFo0r1zEbvFo/yo2 i3kNl5kcmD2WLPnJ5NEyZw+zx4mG7ewBzFFcNimpOZllqUX6dglcGWf3zGUqmCBb8e+lUQPj BpkuRk4OCQETiV09J1i7GLk4hATWMUqce3OQHcJZwijxt3EdC0gVm4CLxIOGR0wgtohAksTy BdPAbGYBW4kdX7awg9jCAsYS134vAprEAVRjIvH2pQ5EuZPEpx8zwMpZBFQlZrZNYAWxeQUs JP73boFa3M8o8XDdfrBdnAJGEtcv3mAEsRkFxCS+n1oDtUtc4taT+UwQVwtILNlznhnCFpV4 +fgf2FBRAT2J5c/XQMUVJXaebWcGuYdZQFNi/S59iDHWEm0XDrNB2IoSU7ofskPcIyhxcuYT lgmM4rOQbJuF0D0LSfcsJN2zkHQvYGRdxShanFqclJtuZKSXWpSZXFycn6eXl1qyiREYfwe3 /DbYwfjyueMhRgEORiUe3g8/1kUIsSaWFVfmHmKU4GBWEuE9b78hQog3JbGyKrUoP76oNCe1 +BCjNAeLkjiv2cr74UIC6YklqdmpqQWpRTBZJg5OqQbGoO9CU7xmfv2rdD3wvbeGqOvCqX41 dwWiVjhkWz5t23B8i2Ob3KqsWauaMh5aKvD79Jjs+8vCc8VgU+U3i8M9aV9WZZWV3HjVXlMs LDLxUXx/3O7b9q+3v7Eq8d0mkaAxhSHZ43m9nkBBYt7vifftNx0tT7wiE1jgebxZqPS3FbeI t65XpJUSS3FGoqEWc1FxIgDaTXzXuwIAAA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/6tisch-security/pWvpzvO9QEYzq1iA0KN3T-rfDcQ>
Cc: "consultancy@vanderstok.org" <consultancy@vanderstok.org>
Subject: Re: [6tisch-security] slides you presented
X-BeenThere: 6tisch-security@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Extended Design Team for 6TiSCH security architecture <6tisch-security.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/6tisch-security>, <mailto:6tisch-security-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/6tisch-security/>
List-Post: <mailto:6tisch-security@ietf.org>
List-Help: <mailto:6tisch-security-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/6tisch-security>, <mailto:6tisch-security-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Feb 2017 14:31:32 -0000
Hi Michael, On 2017-02-24 14:31, "Michael Richardson" <mcr@sandelman.ca> wrote: > >peter van der Stok <stokcons@xs4all.nl> wrote: > > Let me ask very high-level questions about the presented slides. Is > > the diffie-hellman part a replay of the EDHOC draft? or an optimized > > extension, or completely new? Is the SK part an OSCOAP scenario? > >It's EDHOC. This is all OSCOAP. > > > Will the use of CoMI be described in the minimal security draft? > >Ugh. There seems to be much resistance to doing that. >I am preparing text to say two things, and I need help with the second >part. > >Part 1) saying that rekey is out of scope. > >Part 2) explaining how to use the exchange to key additional OSCOAP > channels. > >Originally, I was going to point to rfc5295, until I realized that HKDF >was >embedded in things already, no point in going further. > >Goran, is there some way to specify that one runs section 6 (Derive >Traffic >Secret) with different inputs to get additional traffic secrets for >additional applications? Yes, this is straightforward in the latest version on the Github: https://ericssonresearch.github.io/EDHOC/ Section 3.2 describes the key derivation and allows the definition of an application specific label (byte string) which is used to derive an application specific key from the key established through the run of EDHOC. How this is used to derive the OSCOAP master secret/salt you find in appendix B.2. > >Could COSE_KDF_Context include one final, optional element, which might be >called "subapplication_name"? I'm not sure if that belongs after >SuppPubInfo, or within it. I guess the label above would be sufficient, right? > >We *could* just continue to use the traffic secret derived for >6tisch-minimal, but that seems too intricately linked from a specification >point of view. Different applications should use different keys, so you should define different labels and then be able to derive the keys as indicated above. > (I notice that OSCOAP totally supports using the same keys >with a CoAP client/server role reversal) Yes, but there are different keys in different directions. So one node will use the same key for sending, independently of it is client and sending a request or server sending a response (different IVs are used each time), and, analogously, one key for receiving. Hope that helps. Göran > >-- >] Never tell me the odds! | ipv6 mesh >networks [ >] Michael Richardson, Sandelman Software Works | network >architect [ >] mcr@sandelman.ca http://www.sandelman.ca/ | ruby on rails > [ >
- Re: [6tisch-security] slides you presented Göran Selander
- Re: [6tisch-security] slides you presented Michael Richardson
- Re: [6tisch-security] slides you presented Göran Selander
- Re: [6tisch-security] slides you presented peter van der Stok
- Re: [6tisch-security] slides you presented Göran Selander
- Re: [6tisch-security] slides you presented Michael Richardson
- Re: [6tisch-security] slides you presented Göran Selander
- Re: [6tisch-security] slides you presented Michael Richardson
- Re: [6tisch-security] slides you presented Göran Selander
- Re: [6tisch-security] slides you presented Michael Richardson