Re: [Ace] CoAP-EAP draft

Christian Amsüss <christian@amsuess.com> Mon, 11 October 2021 09:10 UTC

Return-Path: <christian@amsuess.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 350B73A0D94; Mon, 11 Oct 2021 02:10:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zocj7taLiThV; Mon, 11 Oct 2021 02:10:45 -0700 (PDT)
Received: from prometheus.amsuess.com (prometheus.amsuess.com [5.9.147.112]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9A4EA3A0D91; Mon, 11 Oct 2021 02:10:44 -0700 (PDT)
Received: from poseidon-mailhub.amsuess.com (unknown [IPv6:2a02:b18:c13b:8010:a800:ff:fede:b1bd]) by prometheus.amsuess.com (Postfix) with ESMTPS id B4DAF400D8; Mon, 11 Oct 2021 11:10:40 +0200 (CEST)
Received: from poseidon-mailbox.amsuess.com (poseidon-mailbox.amsuess.com [IPv6:2a02:b18:c13b:8010:a800:ff:fede:b1bf]) by poseidon-mailhub.amsuess.com (Postfix) with ESMTP id CB3CF106; Mon, 11 Oct 2021 11:10:35 +0200 (CEST)
Received: from hephaistos.amsuess.com (unknown [IPv6:2a02:b18:c13b:8010:58a:38c7:d462:d25e]) by poseidon-mailbox.amsuess.com (Postfix) with ESMTPSA id 80DFF10A; Mon, 11 Oct 2021 11:10:35 +0200 (CEST)
Received: (nullmailer pid 1445517 invoked by uid 1000); Mon, 11 Oct 2021 09:10:35 -0000
Date: Mon, 11 Oct 2021 11:10:35 +0200
From: Christian =?iso-8859-1?Q?Ams=FCss?= <christian@amsuess.com>
To: Dan Garcia Carrillo <garciadan@uniovi.es>
Cc: core@ietf.org, EMU WG <emu@ietf.org>, Rafa Marin-Lopez <rafa@um.es>, "ace@ietf.org" <ace@ietf.org>
Message-ID: <YWP/i+on14G8VR1j@hephaistos.amsuess.com>
References: <0cfd2df3-9264-b6fd-e58b-a93a7d8fda5f@uniovi.es> <A4C71152-DA98-47B1-9BFC-136F59CAB68A@amsuess.com> <c9cdb216-59a7-b06a-7cd0-9386e7b6f9ae@uniovi.es> <ea8e5cbd-952c-2728-eecf-cc6a668179dc@uniovi.es>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="CGi3ylTd1ybX+vat"
Content-Disposition: inline
In-Reply-To: <ea8e5cbd-952c-2728-eecf-cc6a668179dc@uniovi.es>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/fQ881mhE5OsSacVoOFzG0rHrTKE>
Subject: Re: [Ace] CoAP-EAP draft
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Oct 2021 09:10:50 -0000

Hello Dan & Rafa,

On Fri, Sep 10, 2021 at 10:42:56AM +0200, Dan Garcia Carrillo wrote:
> > * OSCORE ID derivation:
> > 
> >    * Randomly assigned full-length ideas look like an odd choice.
> >      [...]
> > 
> >      Any chance something like that can still make it in?
>
> [Authors] Did not see that as random but parametrised according to the
> crypto suite. We will try to make this as straightforward as possible
> following your comments.

the construction we recently discussed (where both peers decide actively
on the OSCORE Recipient IDs (or client ID for DTLS) they'd later want to
use as inputs to EAP) would resolve this issue conveniently.

(See coming follow-up in "About securing last exchange CoAP-EAP"[1] on
how this makes things easier over there).

BR
c

[1]: https://mailarchive.ietf.org/arch/msg/emu/bnMFV4_1uTW7sSwVOp7WzVZZCAI/

-- 
To use raw power is to make yourself infinitely vulnerable to greater powers.
  -- Bene Gesserit axiom