Re: [Ace] EDHOC standardization

Benjamin Kaduk <kaduk@mit.edu> Sat, 03 November 2018 15:16 UTC

Return-Path: <kaduk@mit.edu>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DBD1C1288BD for <ace@ietfa.amsl.com>; Sat, 3 Nov 2018 08:16:32 -0700 (PDT)
X-Quarantine-ID: <RJYkA0OgK_sf>
X-Virus-Scanned: amavisd-new at amsl.com
X-Amavis-Alert: BAD HEADER SECTION, Non-encoded 8-bit data (char 9C hex): Received: ...s kaduk@ATHENA.MIT.EDU)\n\t\234by outgoing.mit[...]
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RJYkA0OgK_sf for <ace@ietfa.amsl.com>; Sat, 3 Nov 2018 08:16:31 -0700 (PDT)
Received: from dmz-mailsec-scanner-1.mit.edu (dmz-mailsec-scanner-1.mit.edu [18.9.25.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 76B571277D2 for <ace@ietf.org>; Sat, 3 Nov 2018 08:16:31 -0700 (PDT)
X-AuditID: 1209190c-17dff70000002f63-a0-5bddbbccf2e1
Received: from mailhub-auth-3.mit.edu ( [18.9.21.43]) (using TLS with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-1.mit.edu (Symantec Messaging Gateway) with SMTP id AF.20.12131.DCBBDDB5; Sat, 3 Nov 2018 11:16:29 -0400 (EDT)
Received: from outgoing.mit.edu (OUTGOING-AUTH-1.MIT.EDU [18.9.28.11]) by mailhub-auth-3.mit.edu (8.14.7/8.9.2) with ESMTP id wA3FGRPQ026772; Sat, 3 Nov 2018 11:16:27 -0400
Received: from kduck.kaduk.org (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) �by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id wA3FGLgT017462 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sat, 3 Nov 2018 11:16:25 -0400
Date: Sat, 03 Nov 2018 10:16:21 -0500
From: Benjamin Kaduk <kaduk@mit.edu>
To: Michael Richardson <mcr+ietf@sandelman.ca>
Cc: John Mattsson <john.mattsson@ericsson.com>, "alvador.p.f@um.es" <alvador.p.f@um.es>, "ace@ietf.org" <ace@ietf.org>
Message-ID: <20181103151621.GH54966@kduck.kaduk.org>
References: <379B1A31-1F7E-43A6-A518-4398570CBBC7@ericsson.com> <16572.1541199115@dooku.sandelman.ca>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <16572.1541199115@dooku.sandelman.ca>
User-Agent: Mutt/1.9.1 (2017-09-22)
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrLIsWRmVeSWpSXmKPExsUixCmqrXt2991ogys7BCy+f+thtljXfYXV 4tTM3UwWPYf62R1YPH59vcrmsWTJTyaPljl7mD3OvWxjCWCJ4rJJSc3JLEst0rdL4MpoW/mE teAvZ8X83R9YGhhfs3cxcnJICJhIrF3xgqmLkYtDSGANk8SxJ5NYIJwNjBK75reygVQJCdxh kli5Pq+LkYODRUBFYu0sa5AwG5DZ0H2ZGcQWEdCTWH7kGSOIzSxQL7Fp5wewuLCAhsTGrq1g y3iBljW+aWKBGJku8e5vEyNEXFDi5MwnLBC9WhI3/r1kAlnFLCAtsfwfB0iYU8BI4sSVi2Dl ogLKEnv7DrFPYBSYhaR7FpLuWQjdCxiZVzHKpuRW6eYmZuYUpybrFicn5uWlFuka6uVmluil ppRuYgSHsiTPDsYzb7wOMQpwMCrx8BpU3okWYk0sK67MPcQoycGkJMrrzAsU4kvKT6nMSCzO iC8qzUktPsQowcGsJML7pRUox5uSWFmVWpQPk5LmYFES553Qsjga6N/EktTs1NSC1CKYrAwH h5IEr8muu9FCgkWp6akVaZk5JQhpJg5OkOE8QMOn7ASq4S0uSMwtzkyHyJ9iVJQS560GSQiA JDJK8+B6QalGInt/zStGcaBXhHnng6zgAaYpuO5XQIOZgAZH/7kNMrgkESEl1cConvJbgyNb WTFuckGn09Ptkqe8Oh/NUF3Zu/501RvRK+9zq3pKp3scLm1d9O6wgnXbTV3v8J6bX+o7bEN+ nL3217YgaWXl8aOmqxbG3TWqCvfZsfrfSnfhE6YLfM+LZfJl/pmm1B7+VFf76KbWhd2uky80 L259mjlbLlU2oDP8SpPJVNmTfL5KLMUZiYZazEXFiQABE0diEAMAAA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/92o2RnU95aalyuSsmr1tLHJFSt8>
Subject: Re: [Ace] EDHOC standardization
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 03 Nov 2018 15:16:33 -0000

On Sat, Nov 03, 2018 at 05:51:55AM +0700, Michael Richardson wrote:
> 
> John Mattsson <john.mattsson@ericsson.com> wrote:
>     > of negotiation is still needed. The current plan for the next version
>     > is to introduce cipher suites and to let the cipher suite with value 0
>     > indicate that algorithms have been negotiated out-of-band.
> 
> I agree with the idea that some common default should be very easy to
> refer to, but I don't like the idea that the gateway has to remember what
> the out-of-band "default" is on a per-device basis.  I would say that we need
> at least 0/1, so that we can say that it's the current vs the "new" default.
> 
> If you consider the case where the sensor is on very low bandwidth
> connection (I would say LoRaWAN, but I am not well qualified in that space).
> The sensor gets visited every two or three years by a technician (if only to
> make sure that the sensor is still where it is supposed to be).  While there
> new firmware updates are applied, and as a result the algorithm defaults are
> updated.  During the cycle, some devices are updated and some are still old.

Are you proposing that the management of the 0/1-to-algorithm mapping be
managed on a per-deployment basis or by the IETF?

-Ben