IETF Logo Mail Archive

[Ace] CFRG Crypto Review Panel reviews of draft-selander-ace-cose-ecdhe-12

John Mattsson <john.mattsson@ericsson.com> Sun, 03 March 2019 23:52 UTC

Return-Path: <john.mattsson@ericsson.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CE7331200B3 for <ace@ietfa.amsl.com>; Sun, 3 Mar 2019 15:52:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.302
X-Spam-Level:
X-Spam-Status: No, score=-4.302 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com header.b=Qe2CgpbC; dkim=pass (1024-bit key) header.d=ericsson.com header.b=bBiR9eRz
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WtRtRjXRCgTy for <ace@ietfa.amsl.com>; Sun, 3 Mar 2019 15:52:50 -0800 (PST)
Received: from sesbmg22.ericsson.net (sesbmg22.ericsson.net [193.180.251.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A0C2512426A for <ace@ietf.org>; Sun, 3 Mar 2019 15:52:49 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; d=ericsson.com; s=mailgw201801; c=relaxed/relaxed; q=dns/txt; i=@ericsson.com; t=1551657166; x=1554249166; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=M2C2CCT7PeVWb1BAr9ZG2d/nWcx4MIpdLOS9XnizFGk=; b=Qe2CgpbCFJgBnhp55ufLuv5vhqHyyAAxod+f5vfPFLpA/j5rAnsfpGpZ4z+IEBxy m/EIwi1WBPFTTCnXVjTaw8CUbYUES8gRreprXrO/xDrHjwujwnXbVWSP3/9KjJxo 0/qfiLkaaFH/K6I1Y2b2W9XcGseMCAm4nIFq03dHEEI=;
X-AuditID: c1b4fb30-fabff7000000355c-be-5c7c68cec44b
Received: from ESESBMB501.ericsson.se (Unknown_Domain [153.88.183.114]) by sesbmg22.ericsson.net (Symantec Mail Security) with SMTP id 73.62.13660.EC86C7C5; Mon, 4 Mar 2019 00:52:46 +0100 (CET)
Received: from ESESBMR503.ericsson.se (153.88.183.135) by ESESBMB501.ericsson.se (153.88.183.114) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3; Mon, 4 Mar 2019 00:52:46 +0100
Received: from ESESBMB501.ericsson.se (153.88.183.168) by ESESBMR503.ericsson.se (153.88.183.135) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3; Mon, 4 Mar 2019 00:52:46 +0100
Received: from EUR03-VE1-obe.outbound.protection.outlook.com (153.88.183.157) by ESESBMB501.ericsson.se (153.88.183.168) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3 via Frontend Transport; Mon, 4 Mar 2019 00:52:45 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=M2C2CCT7PeVWb1BAr9ZG2d/nWcx4MIpdLOS9XnizFGk=; b=bBiR9eRzB9qdr/BxiFIgyhU7ZOBdLJqKGx7WPWVSe5DrVxTyNjX3RbMXroyGNoFGMtGescMiJHqFP8kB2f0DR3YREqg185azxPswoph8B7FGcqn5OzqrQ3MwcZ+XOSU/HKlp70e3oMA9uaeVjPO06ouzoMWXQSk4592bLurjW0g=
Received: from VI1PR07MB4175.eurprd07.prod.outlook.com (20.176.6.24) by VI1PR07MB5568.eurprd07.prod.outlook.com (20.178.80.94) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1686.14; Sun, 3 Mar 2019 23:52:44 +0000
Received: from VI1PR07MB4175.eurprd07.prod.outlook.com ([fe80::5424:92d0:ef7:e047]) by VI1PR07MB4175.eurprd07.prod.outlook.com ([fe80::5424:92d0:ef7:e047%4]) with mapi id 15.20.1686.015; Sun, 3 Mar 2019 23:52:44 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: "secdispatch@ietf.org" <secdispatch@ietf.org>, "ace@ietf.org" <ace@ietf.org>
Thread-Topic: CFRG Crypto Review Panel reviews of draft-selander-ace-cose-ecdhe-12
Thread-Index: AQHU0hwykk3Zh7zRLkK9H6PcsJXUwQ==
Date: Sun, 03 Mar 2019 23:52:44 +0000
Message-ID: <D62E254C-BB58-40E9-A6AC-2BD7E5775EBA@ericsson.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.16.1.190220
authentication-results: spf=none (sender IP is ) smtp.mailfrom=john.mattsson@ericsson.com;
x-originating-ip: [82.214.46.143]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 6675b9c5-b063-4a24-a774-08d6a03354f6
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600127)(711020)(4605104)(2017052603328)(7153060)(7193020); SRVR:VI1PR07MB5568;
x-ms-traffictypediagnostic: VI1PR07MB5568:
x-ms-exchange-purlcount: 4
x-microsoft-exchange-diagnostics: 1;VI1PR07MB5568;23:O6KMBMp1QPdXEEIehEUqGfdWu1T0AcQsunonADKrd4VqFuLKyxxkNclPbRAWSKAMbYCI0hCLKHkAUo7KDnfm4wcE0hsiSoYLi3pnfTFsTcunYoEhIgqCIiIHqyUlcR0xlZjGe9ol96QGXu76TGB42tlF8F2YI0uUUo12Y4kqPVTxvYE6ziE+wwULsZEEBTefNH7aAK7U5hHGPHSHptbF7iOEjnoQk5x4w1MKVKDKmT7K+X7g/qlmWbThE1hd3wQ4Z5T62rwSxEo3MnvL1k7kbROdWPDEFZLpKh8crvayELCx6OwiCKfZFUBMKUQdGFS+sOH5Qt2I4Smm6oSpodI7s++8JyFNh/onawhXwMqR0hsAz2dNg+eBz8KcW7X1/NoAYNWoOQThldUG8ULnBRtDmiUtgCbpeqgYZV0VbSOrM5G8DpILFQfzGBqtO5JVrVg4bFQqkjF8AYIPbv4XcjHq4Suc5DFMvNw+VYl+9124dE+3+hdXtF67UCY6Xrt3IUOYQTm6/cCeIFddDQyHsOv7HG+IHiO3l9x0MKmKS6fqbaaz6bXfqKCZZ9VQr8QIzRPjKwE3bJmZ6Nn5Le2mGu3ZpJ1PJ+8inNHSA3I6TBIzjRXui0SEr29ktqK9s4xNcnQo2IV4tIwmxfV9SuFj10FHUSOj2GpTZViaGcR5eYiwuxH2p8CkNmBu5d6ox7wmHCFmBJmLf6hLu9gnkbaLmWta9xQShDq3JbyCu6IvsHb+zCU1mqLVaEPQf7U6UShJzIIaUasX+4aC6lsQKXrbtNy3QFf3QhgYfGeVW+sTr0UhC4K3/98vZBfTPqfgS2JHhqMhGCYhgr3AJ/MscdgmBTQ08g9EtF1z4iT+35YGcDZ3yHjPVsg2R8iBPryStqDivJ+U90mSV0WfkVyxZQQ5TOL8b6jXcbIiCLKAOuBlV6W5NT9SEc+ga9YOId/VGW8rIAklJdDSfHnVxbgy+ufJTeYUNitGYe/nvOLNXYs1WNZmE67079firsHQbe/CYaoEnr4n05VvZSY/zXi/eskQWo9V9kwoP4wANndunybmb+LOIln3yyPTJ9T6jF7XBy8c4TX/K3dmK0f99b6QketM2/a01A/kCwiAJOJBwvQwFa486y24t80mYqh0M3xE/yxpke2lbRajpipdppTEcog3+xC6hDryM2zJl1uJPfpKMJU10r/bWa1x900fiGXUbP/MyyqywPMF7sGX+6wUySY8sXzKHA==
x-microsoft-antispam-prvs: <VI1PR07MB5568FD52B48702370DD5118389700@VI1PR07MB5568.eurprd07.prod.outlook.com>
x-forefront-prvs: 096507C068
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(396003)(136003)(366004)(346002)(376002)(39860400002)(189003)(199004)(58126008)(6116002)(3846002)(110136005)(83716004)(71200400001)(71190400001)(8936002)(25786009)(81166006)(97736004)(66066001)(316002)(81156014)(2616005)(476003)(26005)(102836004)(186003)(86362001)(5660300002)(44832011)(99286004)(6506007)(486006)(6486002)(6436002)(53936002)(68736007)(14444005)(6306002)(450100002)(6512007)(256004)(82746002)(33656002)(8676002)(14454004)(478600001)(2501003)(966005)(106356001)(36756003)(105586002)(2906002)(7736002)(305945005); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR07MB5568; H:VI1PR07MB4175.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: TiLamqehy1vLoelMIvEvVhCYkQ/YxVraHobgqWb3tGKtwFYgGGtg9MCib8RbD9Sg5BuX6a0oQb1Wtfm0rUiZefpt/uCY3YDlpece70CxvBgyFOjj84SR9+lI7HceMAu4FCabrkfMYaVZ5W/FxlxPzuFtKq2bs5sCew7uK0DQhOIVv+N3Wv+HoJUeEhy5k9XNIyDUZBVTOWW8SxDKryqYcywgvcpRFyPxSI6ea4VQVAQJYsIZTEK56fBhID7/ps3MSuupJ2m7h0PMgJjPJ+SGfkxT7TMmf1VgPbJhnjRr7UOBhTJnbWR4qvn56b5A8SWIBvH/5ezxf9Xm2Ze4YBvVF5HfHCS1gXYfbaL/HRn35q6C6fpN3JoR7T/RRYgJlqwjDDCXHfRfVZ3MP7vcAB/qEG4xQ9LwaAXfUemZLljwc2o=
Content-Type: text/plain; charset="utf-8"
Content-ID: <DAB1CE4CA9538B40801FDBA1D477398C@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 6675b9c5-b063-4a24-a774-08d6a03354f6
X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Mar 2019 23:52:44.8060 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR07MB5568
X-OriginatorOrg: ericsson.com
X-Brightmail-Tracker: H4sIAAAAAAAAA02Se0iTYRTGe7/L9rkavM7bcWXlSEKheSFCo7QiUghBNLox0alfOrzyzSTD P0Y1oilToVBXNsV5yaahiJaZ0irNQi1vmUoqWimKGFEiSuX2WvTf7znPc87hvLwcLTOyck6T kc0LGeo0hUjClJ1vEw70p+SpAiordgev/iygg62jH9hjVITFskZFoYuSI0l8miaHF/xD4yUp va8K6Szj9itt+Z0iHZqXGJATB/gg6LpmxAYk4WT4JYLla7UsET8QPBmrEv8T79ZNDBFVFBR8 qqLtgsFFNPR1dVPEKaTAvDEsImIKwZehYpF9jQgHQHmHzsGuOBo+F89RdnbBkVBduoZI/Qy8 v75IE1bCw5rfjJ0ZvA+MI9OOuhSHwWCr2cEIu8PqG6tjDo09YHzOTJGTMFg6BmjCbrAw+4u1 sxv2hxbjNEN6Y0GvL2FJxhvedtZt5b1g0JyPCEdC+/1qx5mAPyIY7ZhkiOEH3wx6MWE5LI81 MiQ0hMFcf29rUircfDAgIrwL+r6XboVes7A4MenolmEeahv0qAgpTf9dYULcJvvCo3Z/ghHQ UxlNEt5wO39GbHK8hTP0ls0xFYitR25aXpuQnhwUpOQFTaJWm5mhzOCzm9HmL3nesh7wGC18 PW5DmEOKHdJAVZ5KxqpztLnpNgQcrXCVhp7aLEmT1LlXeSEzTricxmttaCfHKDykGzJnlQwn q7P5VJ7P4oW/LsU5yXWo2RLki27t9QmlkqOcpkwrmpoGb3fOc7i7pWneU6laGjkqHW6cpkrC e+++GJWHxYb0n6sTSrep9/i4uBpWDt2JH9+ff9omtZazccOJXjGDpbN7Q4zNoqwLrYGXYryt nEa3dFJuq9TfqJsI6tD0KJ4mnNU1HRafeLbcHa5sViQrGG2KOtCPFrTqPy+KfMUhAwAA
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/f-vOWvSgFEUUfCUX4egqVxraT7k>
Subject: [Ace] CFRG Crypto Review Panel reviews of draft-selander-ace-cose-ecdhe-12
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 03 Mar 2019 23:52:52 -0000

For those of you that are not following the CFRG list. The CFRG Crypto Review Panel has recently provided two reviews of draft-selander-ace-cose-ecdhe-12

Russ Housley:
https://mailarchive.ietf.org/arch/msg/cfrg/6WN2C2RYGTIAInE2jIUco6L9pO8

Stanislav V. Smyshlyaev:
https://mailarchive.ietf.org/arch/msg/cfrg/2OY2om1FjhNNBmUzwYJroHv7eWQ

Main comments were that more text on compromises was needed in security considerations and that the optimization to omit the connection identifier may not be worth the added complexity, but please read the reviews yourself.

As announced here https://mailarchive.ietf.org/arch/msg/cfrg/7O-UnZP59LO1YY0_tToZgdEirt0 the comments from Russ and Stanislav have already been addressed in the GitHub version of the draft. Other comments/suggestions have been added to GitHub issues for discussion.

https://tools.ietf.org/rfcdiff?url1=https://tools.ietf.org/id/draft-selander-ace-cose-ecdhe.txt&url2=https://EricssonResearch.github.io/EDHOC/draft-selander-ace-cose-ecdhe.txt

Cheers,
John

v2.23.0 | Report a Bug | By Email