[Ace] EST over CoAP: Randomness
Hannes Tschofenig <Hannes.Tschofenig@arm.com> Thu, 09 May 2019 14:42 UTC
Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 13B3A120122 for <ace@ietfa.amsl.com>; Thu, 9 May 2019 07:42:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Vu69p7kdICyg for <ace@ietfa.amsl.com>; Thu, 9 May 2019 07:42:38 -0700 (PDT)
Received: from EUR03-AM5-obe.outbound.protection.outlook.com (mail-eopbgr30054.outbound.protection.outlook.com [40.107.3.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D198E1202BA for <ace@ietf.org>; Thu, 9 May 2019 07:42:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=mhtJWcl5C24Zo7Jeg6oQwK5L/pvkE6h5DhSKatTH3sw=; b=I9sQ/veha/+WYvIclFw6H9d9q2pvwg/q9nRSWUejY/8JSKXqploeHa5lpYxQ2miox+2P0vH6CqhDugiG4lPLtQWbQMSYN+vjz5lNwJLSUmStm6PlSy8Cab39nolobt88wDgiiZ/Vo3kcjbaIF0i6L/W7P3fLEORxVE6+Yny1g7s=
Received: from DBBPR08MB4539.eurprd08.prod.outlook.com (20.179.44.144) by DBBPR08MB4807.eurprd08.prod.outlook.com (20.179.46.16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1878.21; Thu, 9 May 2019 14:42:35 +0000
Received: from DBBPR08MB4539.eurprd08.prod.outlook.com ([fe80::3803:e042:abea:cd93]) by DBBPR08MB4539.eurprd08.prod.outlook.com ([fe80::3803:e042:abea:cd93%5]) with mapi id 15.20.1856.012; Thu, 9 May 2019 14:42:35 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: "ace@ietf.org" <ace@ietf.org>
Thread-Topic: EST over CoAP: Randomness
Thread-Index: AdUGcOnxX76zbRm2S2qe/nEWIh3V6A==
Date: Thu, 09 May 2019 14:42:35 +0000
Message-ID: <DBBPR08MB45393CDF71E7DB02F6C6938CFA330@DBBPR08MB4539.eurprd08.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com;
x-originating-ip: [80.92.123.90]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 7d18b723-242e-4a14-1a2c-08d6d48c935c
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600141)(711020)(4605104)(4618075)(2017052603328)(7193020); SRVR:DBBPR08MB4807;
x-ms-traffictypediagnostic: DBBPR08MB4807:
x-microsoft-antispam-prvs: <DBBPR08MB48076FB41B87BC819F23B188FA330@DBBPR08MB4807.eurprd08.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-forefront-prvs: 003245E729
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(136003)(346002)(39860400002)(366004)(396003)(376002)(189003)(199004)(53754006)(40434004)(186003)(71190400001)(476003)(71200400001)(4743002)(5640700003)(9686003)(6916009)(8936002)(55016002)(8676002)(486006)(316002)(68736007)(66066001)(6506007)(1730700003)(26005)(81166006)(81156014)(102836004)(25786009)(7696005)(66446008)(72206003)(52536014)(478600001)(64756008)(66556008)(2906002)(66946007)(66476007)(5660300002)(76116006)(73956011)(33656002)(7736002)(53936002)(305945005)(14454004)(3846002)(6116002)(86362001)(74316002)(99286004)(2501003)(256004)(5024004)(14444005)(2351001)(6436002); DIR:OUT; SFP:1101; SCL:1; SRVR:DBBPR08MB4807; H:DBBPR08MB4539.eurprd08.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: fD80YrCLcKRRu2fLTvp7DkjjhO4kAFjpJopbpQ0JeQZZtw1uZwLbfH1cvt08IKfJhujFE10QmeGNxr81BILQ2YSYq0R1BiOF35ebe6uxWqUjAhhKQQqXRQ8CVM8XKsnDegJQmxAkRcE+Pka8U8Zu01flL3jZ9pDvrgDqOlgBzot4gUHyHcHybpa/zSVGFH7wEgZR5ZjGd+Ox54Wtcy/1g0f1opAYfM3N4wevrAeb8twYQ4Vknce+PIibWS82MIOXp0YwQmt/yP18fypcPJOB0XkZ1+QukT9G77LAAe8oGLp9C6X2D38RR+4CXYV8vwIBGVr3r+dmSE8ElmSuE1lkOXicdD6T1kdhFkiuABNvBw0Xp5fgIW6qUJd72uKCc2rMY4YSi4tUCAiJfgmPaYeCkPsaZPYAq2d1b/JmUb+yfHM=
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 7d18b723-242e-4a14-1a2c-08d6d48c935c
X-MS-Exchange-CrossTenant-originalarrivaltime: 09 May 2019 14:42:35.1059 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DBBPR08MB4807
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/Yyh0BJnQgOOcbyWE-LQCMo5AFRM>
Subject: [Ace] EST over CoAP: Randomness
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 May 2019 14:42:43 -0000
Hi all, I am still a bit unhappy about this paragraph: " Constrained devices sometimes do not have the necessary hardware to generate statistically random numbers for private keys and DTLS ephemeral keys. Past experience has also shown that low-resource endpoints sometimes generate numbers which could allow someone to decrypt the communication or guess the private key and impersonate as the device [PsQs] [RSAorig]. Additionally, random number key generation is costly, thus energy draining. " If you get hardware that does not have a hardware-based RNG then you are in trouble. The main security protocols we look into do not work without a source of randomness. Hence, getting the certificate & private key from the server will not get you too far. I believe we should encourage developers to pick the correct hardware for the task rather than making them believe we have come up with solutions that allow them to get away without a hardware-based RNG. I also do not believe the statement that random number key generation is costly. Can you give me some number? The references to [PsQs] [RSAorig] are IMHO also not appropriate because they are conveying a different message (at least that's my understanding from reading them). The message is that you have to be careful with designing and using a random number generator on embedded systems because the sources of entropy may just not be there (like keyboards, harddisk drive, processing scheduling, etc.). Ciao Hannes IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
- [Ace] EST over CoAP: Randomness Hannes Tschofenig
- Re: [Ace] EST over CoAP: Randomness Eliot Lear
- Re: [Ace] EST over CoAP: Randomness Panos Kampanakis (pkampana)
- Re: [Ace] EST over CoAP: Randomness Hannes Tschofenig
- Re: [Ace] EST over CoAP: Randomness Panos Kampanakis (pkampana)
- Re: [Ace] EST over CoAP: Randomness Esko Dijk
- Re: [Ace] EST over CoAP: Randomness Hannes Tschofenig
- Re: [Ace] EST over CoAP: Randomness Hannes Tschofenig
- Re: [Ace] EST over CoAP: Randomness Esko Dijk
- Re: [Ace] EST over CoAP: Randomness Hannes Tschofenig
- Re: [Ace] EST over CoAP: Randomness Paul Duffy
- Re: [Ace] EST over CoAP: Randomness Hannes Tschofenig
- Re: [Ace] EST over CoAP: Randomness Michael Richardson
- Re: [Ace] [EXTERNAL] Re: EST over CoAP: Randomness Damm, Benjamin
- Re: [Ace] EST over CoAP: Randomness Paul Duffy
- Re: [Ace] [EXTERNAL] Re: EST over CoAP: Randomness Panos Kampanakis (pkampana)
- Re: [Ace] EST over CoAP: Randomness Panos Kampanakis (pkampana)
- Re: [Ace] EST over CoAP: Randomness Michael StJohns
- Re: [Ace] EST over CoAP: Randomness Hannes Tschofenig