[6tisch] Question about AEAD nonce uniqueness
Mohit Sethi <mohit.m.sethi@ericsson.com> Mon, 10 April 2017 11:51 UTC
Return-Path: <mohit.m.sethi@ericsson.com>
X-Original-To: 6tisch@ietfa.amsl.com
Delivered-To: 6tisch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 97A14129497; Mon, 10 Apr 2017 04:51:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.22
X-Spam-Level:
X-Spam-Status: No, score=-4.22 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ApScIIDLYzfA; Mon, 10 Apr 2017 04:51:30 -0700 (PDT)
Received: from sesbmg23.ericsson.net (sesbmg23.ericsson.net [193.180.251.37]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4F2691294A3; Mon, 10 Apr 2017 04:51:24 -0700 (PDT)
X-AuditID: c1b4fb25-84bff70000006af2-82-58eb71b9f7c2
Received: from ESESSHC023.ericsson.se (Unknown_Domain [153.88.183.87]) by (Symantec Mail Security) with SMTP id 6C.80.27378.9B17BE85; Mon, 10 Apr 2017 13:51:22 +0200 (CEST)
Received: from nomadiclab.fi.eu.ericsson.se (153.88.183.153) by smtp.internal.ericsson.com (153.88.183.89) with Microsoft SMTP Server id 14.3.339.0; Mon, 10 Apr 2017 13:51:21 +0200
Received: from nomadiclab.fi.eu.ericsson.se (localhost [127.0.0.1]) by nomadiclab.fi.eu.ericsson.se (Postfix) with ESMTP id E637D4EB0B; Mon, 10 Apr 2017 14:53:52 +0300 (EEST)
Received: from [127.0.0.1] (localhost [127.0.0.1]) by nomadiclab.fi.eu.ericsson.se (Postfix) with ESMTP id 8606D4E94F; Mon, 10 Apr 2017 14:53:52 +0300 (EEST)
To: Core <core@ietf.org>, 6tisch@ietf.org
From: Mohit Sethi <mohit.m.sethi@ericsson.com>
Message-ID: <c31694fe-43db-875d-496a-a9ab3fd3c40f@ericsson.com>
Date: Mon, 10 Apr 2017 14:51:20 +0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="------------491536ABE7E172A49B56C33C"
X-Virus-Scanned: ClamAV using ClamSMTP
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFjrJLMWRmVeSWpSXmKPExsUyM2J7uO6uwtcRBifuqFssu9vHbLHv7Xpm ByaPJUt+MgUwRnHZpKTmZJalFunbJXBlLGpdzFIwXaziTeda9gbGPYJdjBwcEgImEvv3h3Ux cnEICaxnlFiy9DYjhLODUeLiqVPMEM4mRomD57+xQjgLGSXefVjG1sXIySEioC1xb+ZJRhCb TUBPovPccWYQW1hAV2LL3152EJtXwF7ix75/TCA2i4CqxOpNW8HiogIREg87d0HVCEqcnPmE BcRmFgiTWLPmP9gcCQE1iavnNoHZQgLqEls7DjBOYOSfhaRlFpIWCNtCYub884wQtrbEsoWv oeIaEq1z5rJD2PISzVtnMy9gZFvFKFqcWpyUm25krJdalJlcXJyfp5eXWrKJERjAB7f8Vt3B ePmN4yFGAQ5GJR7eB+teRQixJpYVV+YeYpTgYFYS4e1aARTiTUmsrEotyo8vKs1JLT7EKM3B oiTO67jvQoSQQHpiSWp2ampBahFMlomDU6qBMZvzpkqZhsQBppKPEawLD+y+YsDllqzd8GXv rklzzD4EJ30uXtTCUfo5/XR6714W5mPrNwSdfZ3XFs985NhmPqle3sOBLUtnTEpkadZLqjZe /sTJ7q75lFP6x5M3cj86xLCuZYvqru7mqS/nzy+Nb9MSmxT5KP6Vi7MFp29F4L8mtyIGr0fP lFiKMxINtZiLihMBbkJd91wCAAA=
Archived-At: <https://mailarchive.ietf.org/arch/msg/6tisch/0IB4Whx-DaeQ5Iyny7S_CKPXSPo>
Subject: [6tisch] Question about AEAD nonce uniqueness
X-BeenThere: 6tisch@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Discuss link layer model for Deterministic IPv6 over the TSCH mode of IEEE 802.15.4e, and impacts on RPL and 6LoWPAN such as resource allocation" <6tisch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/6tisch>, <mailto:6tisch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/6tisch/>
List-Post: <mailto:6tisch@ietf.org>
List-Help: <mailto:6tisch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/6tisch>, <mailto:6tisch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Apr 2017 11:51:31 -0000
Hi OSCoAP authors
I was trying to read the OSCoAP and 6tisch minimal security drafts. I
have a question about the AEAD nonce uniqueness. RFC 5116 says that:
When there are multiple devices performing encryption using a single
key, those devices must coordinate to ensure that the nonces are
unique. A simple way to do this is to use a nonce format that
contains a field that is distinct for each one of the devices
So my obvious question is how is the AEAD nonce uniqueness ensured. The
PSK is known to at least two parties (more in case of some uses such as
multicast OSCoAP
https://tools.ietf.org/html/draft-tiloca-core-multicast-oscoap-01)??
The draft currently says that AEAD Nonce uniqueness is ensured with
sequence numbers and sender context which is essentially the sender ID.
But how do you ensure that the two parties have different sender ID.
Especially since sender ID is not fixed length. I guess there will be
other problems in case of sender ID collisions?
--Mohit
- [6tisch] Question about AEAD nonce uniqueness Mohit Sethi
- Re: [6tisch] [core] Question about AEAD nonce uni… Christian Amsüss
- Re: [6tisch] [core] Question about AEAD nonce uni… Jim Schaad
- Re: [6tisch] [core] Question about AEAD nonce uni… Göran Selander
- Re: [6tisch] [core] Question about AEAD nonce uni… Göran Selander
- Re: [6tisch] [core] Question about AEAD nonce uni… Jim Schaad
- Re: [6tisch] [core] Question about AEAD nonce uni… Mohit Sethi