Re: [Ace] [Secdispatch] EDHOC

Göran Selander <goran.selander@ericsson.com> Fri, 04 January 2019 06:17 UTC

Return-Path: <goran.selander@ericsson.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E0494130F6D for <ace@ietfa.amsl.com>; Thu, 3 Jan 2019 22:17:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.387
X-Spam-Level:
X-Spam-Status: No, score=-3.387 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.065, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FROM_EXCESS_BASE64=0.979, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com header.b=DyMmi90k; dkim=pass (1024-bit key) header.d=ericsson.com header.b=cBwF1TjZ
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id J4VBcDLnreul for <ace@ietfa.amsl.com>; Thu, 3 Jan 2019 22:17:34 -0800 (PST)
Received: from sesbmg23.ericsson.net (sesbmg23.ericsson.net [193.180.251.37]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E32C5124D68 for <ace@ietf.org>; Thu, 3 Jan 2019 22:17:33 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; d=ericsson.com; s=mailgw201801; c=relaxed/relaxed; q=dns/txt; i=@ericsson.com; t=1546582651; x=1549174651; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:CC:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=HA7UZ3cULaJsG1TlCkQhsa7vFCJIk35+Vz5B7OgK+00=; b=DyMmi90k2A2054TFmzE8kDPZqaX0Kia04v+HjFK008YY7oLSDz5PA89ubJNbQ8Mq m3+eSv28ncgRFMnB339qdi3galvysh9Xw5gi6kYrpPaGxrtTmX3Ag5+nyi5Jpl+r ewoF7T8F9fD1sobfMTrgIJIgok/MDIUvSUCWGhdfJZA=;
X-AuditID: c1b4fb25-d89ff70000005ff7-4e-5c2efa7bb588
Received: from ESESSMB505.ericsson.se (Unknown_Domain [153.88.183.123]) by sesbmg23.ericsson.net (Symantec Mail Security) with SMTP id E3.62.24567.B7AFE2C5; Fri, 4 Jan 2019 07:17:31 +0100 (CET)
Received: from ESESSMR505.ericsson.se (153.88.183.127) by ESESSMB505.ericsson.se (153.88.183.166) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3; Fri, 4 Jan 2019 07:17:31 +0100
Received: from ESESSMB502.ericsson.se (153.88.183.163) by ESESSMR505.ericsson.se (153.88.183.127) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3; Fri, 4 Jan 2019 07:17:31 +0100
Received: from EUR02-AM5-obe.outbound.protection.outlook.com (153.88.183.157) by ESESSMB502.ericsson.se (153.88.183.163) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3 via Frontend Transport; Fri, 4 Jan 2019 07:17:30 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=HA7UZ3cULaJsG1TlCkQhsa7vFCJIk35+Vz5B7OgK+00=; b=cBwF1TjZQAZ6PIHZJYwbVC9/xs/fdmTUpCgtGiJh/CY0doK6EUDcxqUDQD5yaznP2TG9a4Ea2RQasDcGVxbjxOfV/mgUMz5tNJ/UdEUy5zXxdGE1DULhgF3TpthG3PF1IYE6DsL80mGozsDZDDpOpwMbDqUY7tOs3Wl+lQnamvI=
Received: from HE1PR07MB4172.eurprd07.prod.outlook.com (20.176.166.25) by HE1PR07MB3242.eurprd07.prod.outlook.com (10.170.246.21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1495.5; Fri, 4 Jan 2019 06:17:30 +0000
Received: from HE1PR07MB4172.eurprd07.prod.outlook.com ([fe80::a006:7ef8:2fd:30a]) by HE1PR07MB4172.eurprd07.prod.outlook.com ([fe80::a006:7ef8:2fd:30a%4]) with mapi id 15.20.1495.005; Fri, 4 Jan 2019 06:17:28 +0000
From: =?utf-8?B?R8O2cmFuIFNlbGFuZGVy?= <goran.selander@ericsson.com>
To: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>, "ace@ietf.org" <ace@ietf.org>
CC: Francesca Palombini <francesca.palombini@ericsson.com>, John Mattsson <john.mattsson@ericsson.com>, "secdispatch@ietf.org" <secdispatch@ietf.org>
Thread-Topic: [Secdispatch] EDHOC
Thread-Index: AQHUou5Zx1xiDx+jgESY4I5hUyszWqWcqBGAgAINKAA=
Date: Fri, 4 Jan 2019 06:17:27 +0000
Message-ID: <F72354EF-2FB7-41C0-BCA1-6D4511A410B2@ericsson.com>
References: <D629D980-C059-474F-B259-2700F2EEAE41@ericsson.com> <79FD6563-8ADA-4D73-B8D5-C3D70604CD76@gmail.com>
In-Reply-To: <79FD6563-8ADA-4D73-B8D5-C3D70604CD76@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.14.0.181208
x-originating-ip: [79.102.183.102]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; HE1PR07MB3242; 6:VHZv340PCjT5wOCNoed3szI9KPVAiOl+sDXRRi9O23qVzlaqAT6mWzJpnGXJ+50DJQVo9k2wo5ZQp/YT+Ex8QVL5THItWyXLmcpQvbPD3UOSmo2XO8y9qUojIn6pNXeZSaOSfkYcvVrlvrfIOZF+jhHgtEstRg4S5zu73UcvzqIvL05je7+w2t8tDcIA+hsNlst45PSih+CK8rmHxgosKgD3ot1U7u9kfYyC0jOWgE2A9XZkk/8KqOwG2J6rNIv/ByxlO+zH+PImR9dIAP0YTHmqMSrppHTnWEQYE+lo4XUwipyPxHoWWlU3Ncwxb1//P/URxsEnaOxCRAjf/OQ2eeANDOIbYovyRYp8TnEEs6wJj4lGwIfWP9gguP27iD3obiH6xzT5w4Rk3+320Qazz0Jb9v5+wYN8hs9Q4l8XcsMB/7EmbJRnbEFEPzvZtEj+/w/hmYPtgkA50Zl6kGnbZQ==; 5:VfElAYD3hCsYh8WQqUVcK4Htj1St5BVZ7xp0JcyJjMO20+VIS0LL0bdAwPzzox2dDOdjrYIPxODOT+lKhj2R19izoBR9H3gnmZRDEDwTsc3UwbyIVxh4QYY30ehydHUgJ7qUt8ssWDvXqJX86mVQhtITwOnarhch/v731ueg1S33DJluhwefyYA3jFMZJlPDnwifQiPLyo1Cq0N2yPp2gw==; 7:/A6gyTJtWCbmvb+gjyDTSiQRjSMiskQEVNM6CSfxLJWh5lEZYvcHSsKU/qv1EBCDECkI3f6P2Ktl9N2qvkVashXASAG1EWdXVIDWinxU4ygXys6x8iw/3q3fnH5ouWWhQt4EW9ZmLGoU4NlTSKJ9Bw==
x-ms-exchange-antispam-srfa-diagnostics: SOS;SOR;
x-forefront-antispam-report: SFV:SKI; SCL:-1; SFV:NSPM; SFS:(10009020)(396003)(376002)(136003)(39860400002)(366004)(346002)(199004)(189003)(53546011)(102836004)(14454004)(476003)(6506007)(36756003)(486006)(7736002)(76176011)(8936002)(6246003)(66066001)(305945005)(81156014)(8676002)(81166006)(53936002)(446003)(25786009)(66574012)(4326008)(6512007)(6306002)(11346002)(2616005)(966005)(86362001)(186003)(2906002)(68736007)(478600001)(26005)(6346003)(39060400002)(97736004)(110136005)(256004)(14444005)(58126008)(54906003)(316002)(2501003)(85182001)(105586002)(85202003)(106356001)(6486002)(6436002)(6116002)(3846002)(5660300001)(229853002)(82746002)(71200400001)(83716004)(33656002)(71190400001)(99286004); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR07MB3242; H:HE1PR07MB4172.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
x-ms-office365-filtering-correlation-id: a34f4698-7806-4014-d550-08d6720c4d6f
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(5600109)(711020)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7153060)(7193020); SRVR:HE1PR07MB3242;
x-ms-traffictypediagnostic: HE1PR07MB3242:
x-microsoft-antispam-prvs: <HE1PR07MB3242CA705FBEA3A79BA68FA8F48E0@HE1PR07MB3242.eurprd07.prod.outlook.com>
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(3230021)(908002)(999002)(5005026)(6040522)(8220060)(2401047)(8121501046)(10201501046)(3002001)(3231475)(944501520)(52105112)(93006095)(93001095)(6041310)(20161123560045)(20161123562045)(20161123564045)(20161123558120)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(201708071742011)(7699051)(76991095); SRVR:HE1PR07MB3242; BCL:0; PCL:0; RULEID:; SRVR:HE1PR07MB3242;
x-forefront-prvs: 0907F58A24
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=goran.selander@ericsson.com;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: FcU/jdBfMF6fHEOZS5/SkBY0xnvQ9sQ2NlRqusrfu+p466mSLu6kONFkS6pn+G5frjirsDDXBXcUwW9bDnysEj/xxZuqEbxnQo/+O/5Qvvm6Wua2zwJD5H3MmiFgZH/eeTwCv0RZ6i4PjVMR5Q9dpnPkn2dJhY2ruSiLYo7/1Vk+Qbp3t5yKxZM6UmIDJ2SzgAvD5sZItGOI736vY5PvtgOMaYV4S3FsOaUevF4sC4VwTN1mLu9gO0Ko4SbwsAmMf5OHcSOWTUh1JEEEarUWY0BKy4Wtc3ruVUA7pNcTuGupy781URsozcOFqhyikd63
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-ID: <3ABDC45E3FF0054E9290EA55608C66C9@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: a34f4698-7806-4014-d550-08d6720c4d6f
X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Jan 2019 06:17:28.2841 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR07MB3242
X-OriginatorOrg: ericsson.com
X-Brightmail-Tracker: H4sIAAAAAAAAA03SbUhTURgHcM7u3e51uDpbvjyogU4NVJyaRiaZGQV+SCiEKBFq5UVF3fTe JS6/rEbFXKQTcymmZX7JJGsJ8y2smZoaWaa9oaY2SckvJrY0sXZ3Lfr2+z/PA885h0MTiipx AJ2n0TGsRl2glEjJ2pP2suiydVVWbPVoVKLrxzUi0dCpTWx99158kEjrrJui0pqb10THRJnS /dlMQV4Jw8YcOCPNHWswUkUfwkur7CkGNBlWjmgacALUXg/iqcDPEZi3lyOpm6sIBpr6yX+h rbuCEMJdEVQuP/AEElcSsHqxRyJ0LCLoXh3eClMIZk0v3WNetAQfhhnDnIi3Dz4FtpoKxA8R 2IpgbKED8Y0dOBhuGOco/iQ+OASm72OBSXBrRsNPkDgM3tjrKd4ynAJ9X00kbwVmock67bEX ToZXjWsS3gj7gWu41bOWwP7wydnoMWAMzT2jhGBfWPyyKebti2Ng5vtTSqgrYbDXJhG8E8Ya zUjwJQpaJrIEx8HgvV7PSwDuk8DAk/GtBekwbq+SCI3XCDr7Jre2RcIjp4sUnA+b3Q5UieLr /jtgnfvOBI6Atq4YoZwGpu4FSnAIVJtnPZZhOQzVOsnbSNyCfDmGO1uYsztexbB55zhOq1Fp GJ0NuX/Ks/Zf4R3o7VKqA2EaKb1lsYuqLIVYXcLpCx0IaELpI8NL7pIsW62/wLDa0+z5AoZz oECaVPrLNhTyLAXOUeuYfIYpYti/XRHtFWBAmoCVO66yhMx2fXGybZ4NJWa9JkbqyYKI0t/x c0fZXYH7oipccoXxm8b14krDZ7s1fePxiDy1eE9IxmDr6Daqf0FrRsHWNuNQuO7qcVOHb6g3 kzGeFDjentxlq4kOswTpY1e6/NDNvZaH5GW83P7xpz7uSKjl0Py6gnSeWFWSXK46LpJgOfUf k9ANmiUDAAA=
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/aP_7u0BXdFYlbmzJ29tHru99CTo>
Subject: Re: [Ace] [Secdispatch] EDHOC
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Jan 2019 06:17:37 -0000

Hi Kathleen,

Good question. Thanks for bringing continuity to this almost 2 years long offline discussion. Indeed, lack of comparison with other protocols and formal verification were at the time the arguments for not following up the in-room consensus with an email confirmation. And, as you noted, that is not the case anymore.

Meanwhile the ACE chairs and AD have changed. My understanding is that the argument now is about attracting more people with a certain security competence for which perhaps another WG could potentially be better, hence the request to Secdispatch. But I'll pass the question on and include the ACE WG for transparency.

From the authors' humble point of view we believe that the main missing thing that would enable the required further discussion is that the IETF endorses this work, no matter how, so that people dare invest more time in implementation and analysis. 

Best regards,
Göran


On 2019-01-03, 00:58, "Kathleen Moriarty" <kathleen.moriarty.ietf@gmail.com> wrote:

    Hi,
    
    I’ve read earlier versions of this draft and appreciate all the work you have done with the security proof and comparing to existing standardized protocols.  If ACE is interested, why is this going to SECDispatch? It might help to understand that better.  Is it that a recharter would be needed?
    
    Thank you & happy new year!
    Kathleen 
    
    Sent from my mobile device
    
    > On Jan 2, 2019, at 5:56 PM, Göran Selander <goran.selander@ericsson.com> wrote:
    > 
    > Dear Secdispatch,
    > 
    > We have been advised to ask secdispatch to consider EDHOC: https://tools.ietf.org/html/draft-selander-ace-cose-ecdhe
    > 
    > Those that follow the ACE WG should be familiar with this draft. The problem statement and motivation for EDHOC is described in section 1. In brief, the target is a lightweight key exchange protocol suitable for IoT applications, which:
    > a) has small message size and reuses existing IoT primitives to enable low overhead and small code footprint; 
    > b) is not bound to a particular transport, to enable end-to-end security in IoT deployments with varying underlying layers; and
    > c) can be used to key OSCORE (draft-ietf-core-object-security) that is lacking a harmonizing key exchange protocol.
    > 
    > These requirements are motivated by constrained IoT device deployments, but the protocol is applicable to other end-to-end security settings where the overhead due to security needs to be low. EDHOC addresses these requirements and builds on the SIGMA construction for Diffie-Hellman key exchanges. EDHOC, like OSCORE, is built on CBOR (RFC 7049) and COSE (RFC 8152) and the protocol messages may be transported with CoAP (RFC 7252).  
    > 
    > There has been a number of reviews of different versions of the draft; both by people who want to deploy it and by people analysing the security. A formal verification was presented at SSR 2018. There are a few implementations of different versions of the draft. The ACE WG has expressed interest in this work in several f2f meetings.
    > 
    > Please let us know if some information is missing for secdispatch to consider this draft, or how we can help out in the process.
    > 
    > Best regards
    > Göran, John, Francesca
    > 
    > 
    > _______________________________________________
    > Secdispatch mailing list
    > Secdispatch@ietf.org
    > https://www.ietf.org/mailman/listinfo/secdispatch