Re: [Ace] EDHOC support

Göran Selander <goran.selander@ericsson.com> Thu, 08 November 2018 07:12 UTC

Return-Path: <goran.selander@ericsson.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3E175130DC2 for <ace@ietfa.amsl.com>; Wed, 7 Nov 2018 23:12:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.791
X-Spam-Level:
X-Spam-Status: No, score=-3.791 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.47, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FROM_EXCESS_BASE64=0.979, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com header.b=I9HVA7lR; dkim=pass (1024-bit key) header.d=ericsson.com header.b=b7vXr6Ak
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JEw8O4EpApEA for <ace@ietfa.amsl.com>; Wed, 7 Nov 2018 23:12:23 -0800 (PST)
Received: from sesbmg23.ericsson.net (sesbmg23.ericsson.net [193.180.251.37]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5F5551294D7 for <ace@ietf.org>; Wed, 7 Nov 2018 23:12:22 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; d=ericsson.com; s=mailgw201801; c=relaxed/simple; q=dns/txt; i=@ericsson.com; t=1541661140; x=1544253140; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=YdLfthq3BvKKN4ny/x64rB/WQ7u70ctVEZNt1btMONM=; b=I9HVA7lRFTobpV+6M6J/TuKlBAqYKXYNaWYfJ4Rvflx4reZeqqpNmqP6YrKXStrw Oz9MjolVD3vic2dHHrMtjLsjs0g5H1htffVe0nJ1OeEYhwvhJM8V5uouXlLxaNVP 4XIFBdi9Jq9ekmlmC/3RhByvXHxqo2+Zo/PTKj+rqs4=;
X-AuditID: c1b4fb25-5e9ff7000000191f-68-5be3e1d4ef69
Received: from ESESBMB501.ericsson.se (Unknown_Domain [153.88.183.114]) by sesbmg23.ericsson.net (Symantec Mail Security) with SMTP id 98.DE.06431.4D1E3EB5; Thu, 8 Nov 2018 08:12:20 +0100 (CET)
Received: from ESESBMR502.ericsson.se (153.88.183.134) by ESESBMB501.ericsson.se (153.88.183.114) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3; Thu, 8 Nov 2018 08:12:20 +0100
Received: from ESESSMB503.ericsson.se (153.88.183.164) by ESESBMR502.ericsson.se (153.88.183.134) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3; Thu, 8 Nov 2018 08:12:18 +0100
Received: from EUR04-VI1-obe.outbound.protection.outlook.com (153.88.183.157) by ESESSMB503.ericsson.se (153.88.183.164) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3 via Frontend Transport; Thu, 8 Nov 2018 08:12:19 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=YdLfthq3BvKKN4ny/x64rB/WQ7u70ctVEZNt1btMONM=; b=b7vXr6Ak7sV7W+bgM6DDC6Q+/wek8rTeMB5GfLOqSPrnt1khPIYBglEpyCxiBqBjaxJNk3Qrt9qA96IuWHhcnc5ahboKbedvGw5WqXWvmXAgsDbkvvM6xbxJ3YgYtRrjhQnrUzP3hbQibJ+AA4hBKtAI0cidCPedKqeH4+NotPg=
Received: from VI1PR07MB4832.eurprd07.prod.outlook.com (20.178.8.146) by VI1PR07MB5293.eurprd07.prod.outlook.com (20.178.10.219) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1294.27; Thu, 8 Nov 2018 07:12:18 +0000
Received: from VI1PR07MB4832.eurprd07.prod.outlook.com ([fe80::65ef:8cb3:711d:3580]) by VI1PR07MB4832.eurprd07.prod.outlook.com ([fe80::65ef:8cb3:711d:3580%3]) with mapi id 15.20.1294.021; Thu, 8 Nov 2018 07:12:18 +0000
From: =?utf-8?B?R8O2cmFuIFNlbGFuZGVy?= <goran.selander@ericsson.com>
To: "Damm, Benjamin" <Benjamin.Damm@itron.com>, "ace@ietf.org" <ace@ietf.org>
Thread-Topic: [Ace] EDHOC support
Thread-Index: AQHUdzJiKZEErdfwxEiAGIMFpGKEOg==
Date: Thu, 8 Nov 2018 07:12:17 +0000
Message-ID: <6EC9A0C8-5891-4F12-813C-5824537EC5CC@ericsson.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.12.0.181014
authentication-results: spf=none (sender IP is ) smtp.mailfrom=goran.selander@ericsson.com;
x-originating-ip: [31.133.147.186]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; VI1PR07MB5293; 6:n2mgO2ZOGmWV64ssJzc7CJMBBHQvl7hxVXnLi73v4PBAPY8pl0c0vs0b8W675iyp201NXR6o0V/2zlwpedD3qmMhSmFzGbb2ukYRaSvLtGt/hkR20FtogJ7fp+j6RRAm+fKU/x2/+cIKDb8UX0poCu/L+H7J033ygRdhR5tvRR6ec8F3cy7ysi7N/9OlFrVnYOJqh1NyPANVsnRyBjJbYWmz28Ru0pw/2fQDNRwE9Y4SZ2ImtWWpY8UwpZoRWbMyuxkV4dHYNBdazXVWsALz+4Y3rTFqQKV1+X1mJjHVjFJtHlxojLcaXld/sssHm7AiA/k6GXJvfaTDNTGfdkQGh2L8A49LiHVmtuzQvF4Pa9pq5Tvzb5ppPYbSZ9rGM+6zGBmLtZQ0WC2x4yHQ8FwrdivDO4C3JUeh1jz1EMf64lhC17KTNZUkC09d18Bj2VMEo4vC/+Pe9VrYFaf4JowigQ==; 5:+kXaNxEc2CfmFAxVYarCP5CN3XikX0BlGLWqkOe8fa98nRGRXvqi9RquR8nxRBvssTuiIbZT6pzA5Dzwuq7qpQxK2I+kq/iDibE8f6YVDCMYQrq9ZlsonHRasW5TZzGpJpGnO+jN1S4nTb87w9h1GS/itfWOsQ1vuDg6EpOSAIA=; 7:85T7FogTnj7pgTCOGo+dypLj8voIjeIsOjnqOcg8nOQV5/RFK9kfdwLXUXh8AKZcqazGaEr5au+uxRJ/xFM09WGY7uslvgiD9hSMZiqKUAcMiK99+/OFEq4iRw47p/xacYf+tbq9Sc5tWfQotzzO5Q==
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: 2c36c261-c9e3-4b11-58ab-08d6454984b8
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600074)(711020)(2017052603328)(7153060)(7193020); SRVR:VI1PR07MB5293;
x-ms-traffictypediagnostic: VI1PR07MB5293:
x-microsoft-antispam-prvs: <VI1PR07MB5293702C2D4AD43C1E147E87F4C50@VI1PR07MB5293.eurprd07.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(192374486261705);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(3231382)(944501410)(4982022)(52105095)(3002001)(10201501046)(93006095)(93001095)(148016)(149066)(150057)(6041310)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123558120)(20161123562045)(20161123564045)(20161123560045)(201708071742011)(7699051)(76991095); SRVR:VI1PR07MB5293; BCL:0; PCL:0; RULEID:; SRVR:VI1PR07MB5293;
x-forefront-prvs: 0850800A29
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(39860400002)(136003)(396003)(376002)(346002)(366004)(199004)(189003)(6512007)(82746002)(6506007)(66066001)(33656002)(6306002)(102836004)(26005)(229853002)(6486002)(2906002)(6116002)(2501003)(7736002)(68736007)(5660300001)(3846002)(2900100001)(305945005)(106356001)(66574009)(99286004)(25786009)(71200400001)(105586002)(8936002)(83716004)(8676002)(81156014)(966005)(6436002)(81166006)(2616005)(476003)(71190400001)(14454004)(97736004)(478600001)(486006)(14444005)(256004)(36756003)(6246003)(85202003)(58126008)(110136005)(53936002)(86362001)(85182001)(186003)(316002); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR07MB5293; H:VI1PR07MB4832.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: QbG9saAe1AdaxF2dpGS4jg8j6hVTZrB00aTNJL1KZ8dZ/di/HPuyKtnIZd2CgwVKWgxJjIinJOIRh1m/RBYixsVZVteIcTMdW1TMiWN/bGzVA6fNi7P4E175WqQpbCm0CqTGNGrraHrZcODXqejuCB/YrHEGYPfj/AXSSgXYsW9ruK4RDN7T8Y6DmRFYzUlB/4aYUeNr+m/Dr0FVnUJMIKLJ+AcjbxWwcpwUWovUSPHlL0VCOlUzpuItT249+FSCqybMqvqgxuEBHcC2vbj1Nol7KiJQftgcbKm2+TzJ1y3ra+A32rNf3VWcyIq5Jwq/OoN6Hc9kHKin39Hq5DjoIIBFqtvoalYUhljNUHYtPJQ=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-ID: <06C346CD4AC6C440937E3C2456B4EB87@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 2c36c261-c9e3-4b11-58ab-08d6454984b8
X-MS-Exchange-CrossTenant-originalarrivaltime: 08 Nov 2018 07:12:17.9495 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR07MB5293
X-OriginatorOrg: ericsson.com
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprIKsWRmVeSWpSXmKPExsUyM2J7ke6Vh4+jDb62q1l8/9bDbDG7bQ6b A5PHkiU/mTzm/D7LGsAUxWWTkpqTWZZapG+XwJXx83pNwSfJipvfTjA3MM6R7GLk5JAQMJGY 9fspSxcjF4eQwBFGiZYra5khnK+MEm+3r2KCcy4+PwOVWcwkcftkP1iGRWACs8SUD7egyiYy SSw9dgiq7CGjxOyuyUwga9gEXCQeNDwCsjk4RAR8JfoPKoGEhQUUJJo2z2ADsUUEFCWeXb/M BGHrSdz/+xnMZhFQkXi76DkjiM0rYC+xaP0XFhCbUUBM4vupNWA1zALiEreezGeC+EhAYsme 88wQtqjEy8f/WEFsUQF9iQWnpzND9MZJNK1rYIOoUZJYf+8tK4QtK3FpfjcjyP0SAtfYJN6t 7YVK6Ep8mDoVaqivRMfXrWwQRccZJXZ+2McM8piEgJbEt5lJEDXZEvdOLWaHsK0lXp7bDTVH TmJV70MWiN4LzBLzt/czTWA0nIXkiVlAo5gFNCXW79KHCHtILFv1gQXCVpSY0v2QfRY4LAQl Ts58wrKAkXUVo2hxanFSbrqRsV5qUWZycXF+nl5easkmRmBCObjlt+oOxstvHA8xCnAwKvHw Zt98HC3EmlhWXJl7iFGCg1lJhPf0XaAQb0piZVVqUX58UWlOavEhRmkOFiVx3ofmm6OEBNIT S1KzU1MLUotgskwcnFINjAk/Q55ohbZz7vqzR6ffap95xbF1B5kl/kX/qrfwlnq1buMRBXHh s2vvTFBZn95WJ62zpeto1qd/M++r6b9/uow17cB8qWjzGnNG9pkXrjP8eBm2Ke7ttaZtc6/W HPULZLp+kCVysd+v3uS7IZ+4whyT+NK6rl38vpV1ylLLe99Wuaa3JW9lMVNiKc5INNRiLipO BADxIj+VJAMAAA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/T2hQDbDIf1xF5s0D9CFjNoWXHsk>
Subject: Re: [Ace] EDHOC support
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Nov 2018 07:12:25 -0000

Hello Ben,

Thanks for comments!

On 2018-11-08, 05:56, "Ace on behalf of Damm, Benjamin" <ace-bounces@ietf.org on behalf of Benjamin.Damm@itron.com> wrote:

    Hello ace,
    
    We've done an internal review of EDHOC and support its movement towards
    RFC.  A few questions:
    
    * It isn't clear (to us) how EDHOC's message 2 achieves proof of
      possession prior to use. NIST SP-800-56A seems fairly clear that proof
      of possession is required before confirmation of a derived key, but
      message 2 seems to force U to derive and use a key before PoP can be
      done.  A pointer to why this is considered safe would be appreciated.
    	
I'm not sure I understand the concern. Having received message 2, the U can verify the signature by V (over e.g. the ephemeral key of U) and thus prove that the communicating party possesses the private key. Is it the derivation of the encryption key needed to decrypt the signature that is your concern? Note that this is by construction of the Sigma-I protocol, see page 19 of
http://webee.technion.ac.il/~hugo/sigma-pdf.pdf

    * The requirement to support curve x25519 is an odd one for us because
      our device fleet is using P-256. This is not a request to require
      P-256, but rather, that a required curve is not needed. Instead of a
      MUST I'd like to see this be a SHOULD.

By some Best Common Practice (RFC7696 I think) we have to specify at least one algorithm that a mandatory to implement. Curve25519 is superior terms of security and performance so that seemed a natural choice  since we have to pick one curve. If others have the same problem we could of course have a discussion around this.

    
    * Given the spectre of PQC we think providing for some flexibility in
      algorithms a must. We use P-256 today but might use P-384 or other
      higher-order curves tomorrow. Transition periods mandate algorithm
      flexibility.


We definitely want to keep the algorithm negotiation in the protocol. The change which is proposed is to move from negotiating individual protocols to negotiate cipher suites, which reduces overhead further, and makes the protocol even simpler. 
    
    We're looking forward to applying EDHOC/OSCORE to secure end-to-end CoAP
    application traffic that is transiting multiple proxies.

Thanks for your support!

Göran