IETF Logo Mail Archive

Re: [Ace] How to specify DTLS MTI in COAP-EST

Eric Rescorla <ekr@rtfm.com> Thu, 07 June 2018 20:21 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 040B1130934 for <ace@ietfa.amsl.com>; Thu, 7 Jun 2018 13:21:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.908
X-Spam-Level:
X-Spam-Status: No, score=-1.908 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, T_DKIMWL_WL_MED=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2Cv8HZVUTiHg for <ace@ietfa.amsl.com>; Thu, 7 Jun 2018 13:21:17 -0700 (PDT)
Received: from mail-ot0-x233.google.com (mail-ot0-x233.google.com [IPv6:2607:f8b0:4003:c0f::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 11EE4127332 for <ace@ietf.org>; Thu, 7 Jun 2018 13:21:17 -0700 (PDT)
Received: by mail-ot0-x233.google.com with SMTP id n3-v6so13070906ota.5 for <ace@ietf.org>; Thu, 07 Jun 2018 13:21:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=yhrrDMgbgm1mFd94f42UOlD4rkpKXSaz9d/VSG7nQ/s=; b=R6SUlsQ4STaWOjHV+xEf29tzBMJaY6CQaQH2jJmxpGhhcsxuNS3Ffl+eCRRJehfAXH vRttPyYIVzD3V9r0mHB3AoIEhtn2M+H5TcJtdIQOgSYugLzgaUATAU4IuW+yx4mN9RBN LwijumkDnAnTmxA19OzqNNYy34Y+S+wxWWbdqPFeMxIoqDfU1jMYV4ZY3DUl4DkbxTeQ iP+pA4CgqjEO3a3H13ruZkhg9Z+F8NXSRwUytNbbzbWPb8ikjxEPNGFxIhcpSd457D7+ lPX1+BghOUGZp41iltnQdqw9jkqtGNgPZWMKYk4xKeY3Lqw+4sDAS3oxtTf0bhvHlO3m V6uQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=yhrrDMgbgm1mFd94f42UOlD4rkpKXSaz9d/VSG7nQ/s=; b=rPym6RDCV3kdjwb0JewJYy3RUeB5C3CLC3bQnvzoJlxge1JUKo6FWGX9vMkUsDGKTU /zcZATYhfoK/uSplgFxcHD+C0OyQrksrHVAyOEefgMgdIgfVcPZb39eIk5xg7lrfiglU w65syb7V4s4p95YKnWqjWunq1wU451JV+sYDke/CW6+cbnCjZffJ+QKpXJbasiCuu4KV owyEw0VkSpTjJlUoWyjOFLrQbP0kFdLvR7m+ewKP6mBjTPvuul64FOL9E4lqE/bIrmgL JT+cybiQplGUTY26H0byeIRoApDYvhh2nTTXtw0hY7ASScQHJc5hDWgd5ENWdn+4fdGN wYaA==
X-Gm-Message-State: APt69E1CRuAjzTvU01AipURhcGXbsNZUH+i4D5fOTg4cNhjESkzS2IXJ aZYwQatxSO7io3gj+onDdA5dJjLO8VLe3pAXgxIt3x+9
X-Google-Smtp-Source: ADUXVKINzHHYYEN4TVRsokdm2Dd2Vq2Qdpkx2QicxTNl1vH1DYbY3Lzl3J/F9dcnBvE6ZQvQdGJTMnLM8hbsSYZSsuA=
X-Received: by 2002:a9d:55d0:: with SMTP id z16-v6mr2097501oti.176.1528402876404; Thu, 07 Jun 2018 13:21:16 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:ac9:3a8a:0:0:0:0:0 with HTTP; Thu, 7 Jun 2018 13:20:35 -0700 (PDT)
In-Reply-To: <12464.1528393277@localhost>
References: <13635.1528327933@localhost> <CE664422-ED4B-43FE-A531-4EAA090CA036@vigilsec.com> <VI1PR0801MB2112950E1677D701165C74E2FA640@VI1PR0801MB2112.eurprd08.prod.outlook.com> <12464.1528393277@localhost>
From: Eric Rescorla <ekr@rtfm.com>
Date: Thu, 07 Jun 2018 13:20:35 -0700
Message-ID: <CABcZeBPoVaKhyMEtvbF=PtKE1brb0jvEYHvZV23N40XEV=Tnzg@mail.gmail.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>
Cc: Hannes Tschofenig <Hannes.Tschofenig@arm.com>, "ace@ietf.org" <ace@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000859eba056e1306ea"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/bK6_WfWiyB4EOfNMpwQXdQbjm5U>
Subject: Re: [Ace] How to specify DTLS MTI in COAP-EST
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Jun 2018 20:21:21 -0000

TBH, I'm not a fan of SHOULD+, etc., and they're pretty alien to TLS, so
you should just use words if you want to convey these points.

With that said, I don't really understand the objective here: we're
generally moving towards the CFRG curves, so what's the reasoning for the
P256 MUST and why do you think that will change.

-Ekr



On Thu, Jun 7, 2018 at 10:41 AM, Michael Richardson <mcr+ietf@sandelman.ca>
wrote:

>
> Hannes Tschofenig <Hannes.Tschofenig@arm.com> wrote:
>     > why don't you just reference https://tools.ietf.org/html/rfc7925?
>
> Ignorance :-)
> Thank you, I think that we will reference it then;
>
> Section 4.4 includes:
>
>         At the time of writing, the
>         recommended curve is secp256r1, and the use of uncompressed points
>         follows the recommendation in CoAP.  Note that standardization for
>         Curve25519 (for ECDHE) is ongoing (see [RFC7748]), and support for
>         this curve will likely be required in the future.
>
> which is what we want to say anyway.
>
>     > I am not a big fan of making all sorts of different crypto
>     > recommendations in our specs that differ slightly.
>
> --
> ]               Never tell me the odds!                 | ipv6 mesh
> networks [
> ]   Michael Richardson, Sandelman Software Works        | network
> architect  [
> ]     mcr@sandelman.ca  http://www.sandelman.ca/        |   ruby on
> rails    [
>
>
> _______________________________________________
> Ace mailing list
> Ace@ietf.org
> https://www.ietf.org/mailman/listinfo/ace
>
>

v2.23.0 | Report a Bug | By Email