Re: [Ace] multicast
"Beck, Stefan" <S.Beck@osram.com> Thu, 19 October 2017 10:56 UTC
Return-Path: <S.Beck@osram.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A483713321C for <ace@ietfa.amsl.com>; Thu, 19 Oct 2017 03:56:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.021
X-Spam-Level:
X-Spam-Status: No, score=-2.021 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=osram.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aMHQCnbuIkng for <ace@ietfa.amsl.com>; Thu, 19 Oct 2017 03:56:19 -0700 (PDT)
Received: from EUR01-DB5-obe.outbound.protection.outlook.com (mail-db5eur01on0089.outbound.protection.outlook.com [104.47.2.89]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3C45B133221 for <ace@ietf.org>; Thu, 19 Oct 2017 03:56:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Osram.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=bQA89W4iauMTiyLqqU518rMeM5mT9Ut7LwghU1BZQl0=; b=CZDzpC0TONbMJXB4tg8+zwVJ9w25FKqaRCWsNEpbJ7IMxcQP6JVSxP8g88pBwpsGx4md1M0rbnpAbbuvme/XiD4PSm3iQVjOQGp4z2LeA2sjpBSdu0tbgYzbZUWvm2/JvSbr6bKaTynoT2VGThnu63kcHZuaDnxwbktbmNq6HJs=
Received: from VI1PR07MB3328.eurprd07.prod.outlook.com (10.175.244.10) by VI1PR07MB3328.eurprd07.prod.outlook.com (10.175.244.10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.77.5; Thu, 19 Oct 2017 10:56:17 +0000
Received: from VI1PR07MB3328.eurprd07.prod.outlook.com ([fe80::5d7d:2995:baf9:4567]) by VI1PR07MB3328.eurprd07.prod.outlook.com ([fe80::5d7d:2995:baf9:4567%13]) with mapi id 15.20.0077.023; Thu, 19 Oct 2017 10:56:16 +0000
From: "Beck, Stefan" <S.Beck@osram.com>
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>, "ace@ietf.org" <ace@ietf.org>
Thread-Topic: multicast
Thread-Index: AdNIng8OaAKxM8piQaWt4FllrU9xPQAJf8iA
Date: Thu, 19 Oct 2017 10:56:16 +0000
Message-ID: <VI1PR07MB332865092FF1706CE06ED4E285420@VI1PR07MB3328.eurprd07.prod.outlook.com>
References: <AM4PR0801MB2706A17C5668DA0B2B1D9834FA420@AM4PR0801MB2706.eurprd08.prod.outlook.com>
In-Reply-To: <AM4PR0801MB2706A17C5668DA0B2B1D9834FA420@AM4PR0801MB2706.eurprd08.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [32.66.115.40]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; VI1PR07MB3328; 6:vH195O2xBdgRdvA7Gj4z1Uu/NHmivtcNvfj5ikyN8a0RJlChBIG+DmHrr2bdgpi8jWqHxU0P/4FdfNmpU1cwjsqHeine79Emgzfhia1Kn+GJnX2ufs2ysVXdZ7AGD7t9SIhzsrhhdNUhUAAR9jZ2HVnzMrH2uAcfcSWCl+QmFUToEsdT0dK9JUtlAGjhc0HAxNJmY5VxbQihJzb1rUxnPlncuWuZk0P3Hhpf95u7ZPGwzdsuxMR/WwguR8H328M4++tKhJ2cH30ze4UzBn2D1oTx+f0uIAMEc0QNxQA7/AX71vhtR+wwFPrGe2OQBDIogUxHGP/vbWrWWxsKOiFSbw==; 5:45IBTwVVzBbMbZFjhwCKR13pp9ep3QazyBceEPTLnlVqRxL92vwNlclQU7+38lVsqGwhRGDXCwglneH/nibmS9hg/JX1nupPnVVKh4L0tgXRW2Jy2F13GLhTM5rc3jAxz2mn8fH8pQzAkZZbeMs0cw==; 24:uh3gINCuWjnbQYRCFYcU68zqXpbeClNQNEPjA9TBFVB0z5ahGrrk1/Zwgz0rTIhcVqViNBYYAzxa+WpWw4fv6D+6DEJmo51zNm3yEY/SCNk=; 7:ag4fPctUDHW0zDRC6fbhW3MWMlVR752y5YDuyPLvCzi3bu1bidfzN4TO1wXhLH7CSU+ZUSg6aa5zmbl85bXVoqf1udrnYM0snAT+KQIg2q26T78icEifVU/ahG2VSVH9zRsGaVAY+4TLdPqga2ZPOa4G4GAz61Ze/9DkZGuvHfuOyU4FU4tYcGXbBzMTWpFrA14zpurBaS0y5sVfsqcym5J8XVi8SoNE9puCfslQl74=
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: e164df82-b0e2-490f-320f-08d516e005cf
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(2017030254163)(4534011)(4602075)(4627075)(201703031133081)(201702281549075)(2017052603229)(49563074)(201703131423086); SRVR:VI1PR07MB3328;
x-ms-traffictypediagnostic: VI1PR07MB3328:
x-exchange-antispam-report-test: UriScan:(192374486261705);
x-microsoft-antispam-prvs: <VI1PR07MB3328BFBEB9566302240132E985420@VI1PR07MB3328.eurprd07.prod.outlook.com>
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(102415395)(6040450)(2401047)(8121501046)(5005006)(100000703101)(100105400095)(10201501046)(93006095)(93001095)(3002001)(6041248)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123555025)(20161123560025)(20161123558100)(20161123564025)(20161123562025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:VI1PR07MB3328; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:VI1PR07MB3328;
x-forefront-prvs: 0465429B7F
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(346002)(376002)(39860400002)(377454003)(53754006)(51914003)(189002)(199003)(6506006)(99286003)(99936001)(54356999)(53546010)(68736007)(25786009)(110136005)(7696004)(50986999)(6436002)(5660300001)(8936002)(76176999)(7116003)(7736002)(229853002)(305945005)(66066001)(55016002)(221733001)(101416001)(8676002)(3660700001)(6246003)(189998001)(72206003)(97736004)(2950100002)(33656002)(3280700002)(3480700004)(966005)(105586002)(81156014)(3846002)(14454004)(2900100001)(2906002)(74316002)(478600001)(86362001)(81166006)(2501003)(6306002)(9686003)(53936002)(316002)(106356001)(6116002)(5250100002)(102836003); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR07MB3328; H:VI1PR07MB3328.eurprd07.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (protection.outlook.com: osram.com does not designate permitted sender hosts)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=S.Beck@osram.com;
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="SHA1"; boundary="----=_NextPart_000_0406_01D348D9.A55FABD0"
MIME-Version: 1.0
X-OriginatorOrg: Osram.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Oct 2017 10:56:16.7180 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: ec1ca250-c234-4d56-a76b-7dfb9eee0c46
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR07MB3328
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/pW3kD-mq0JUJO5FZq9RhhJpTeEQ>
Subject: Re: [Ace] multicast
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Oct 2017 10:56:24 -0000
Hi Hannes, Thanks for the warm welcome! See inline my comments... Stevie > From: Ace [mailto:ace-bounces@ietf.org] On Behalf Of Hannes Tschofenig > Sent: Thursday, October 19, 2017 8:02 AM > To: ace@ietf.org > Subject: [Ace] multicast > > Hi all, > > During the ACE conference call we had a few new participants, namely Stevie, > Piotr and Marius, from the lighting consortium Fairhair attending. > Great to see new participants "on-board". > > Stevie explained that he needs a document that contains a solution using > asymmetric and symmetric cryptography, that they intend to use the > asymmetric solution whenever there is no low latency requirement > (and for unicast communication), and only use the symmetric key approach > when the low latency requirements demand it. > > Is this a correct summary? [Stevie] Well, slightly different. First, my interest is to separate unicast from multicast communication completely. (Use of DTLS, for all unicast communication) For multicast, my focus is on using asymmetric encryption for authentication & integrity, and using symmetric encryption for confidentiality. I see high chances for reasonable options to achieve this with the given drafts [1] / [2] / [3], even supporting the "low-latency" requirements we need, also considering the main ideas from [4]. Note this is still mostly a "gut feeling" today - as I am still not familiar enough with all potentially relevant details. Let me (better: us) give some more days to elaborate on that before starting broader discussion... [1] https://tools.ietf.org/html/draft-ietf-ace-dtls-authorize-01 [2] https://tools.ietf.org/html/draft-tiloca-core-multicast-oscoap-03 [3] https://tools.ietf.org/html/draft-tiloca-ace-oscoap-joining-00 [4] https://tools.ietf.org/html/draft-somaraju-ace-multicast-02 > > Ciao > Hannes > > PS: Stevie also mentioned that he likes draft-tiloca-ace-oscoap-joining-00.txt > but not draft-somaraju-ace-multicast. This was rather surprising since > draft-somaraju-ace-multicastwas written by the lighting community (in the > OpenAIS project) specifically addressing the low latency requirements of that > community. Stevie, could you explain? [Stevie] I did (and still do) support draft-somaraju-ace-multicast, see also my email to the list in March [5]. I just think that there should not be two competing drafts, where there is chance to combine them (especially when there's a chance to improve the security aspects within that common approach). I cannot speak for the OpenAIS project, but at least in the Fairhair Alliance there is currently common sense to focus on one approach (i.e. not attempting to "revive" draft-somaraju-ace-multicast) [5] https://mailarchive.ietf.org/arch/search/?email_list=ace&q=stevie
- [Ace] multicast Hannes Tschofenig
- Re: [Ace] multicast Beck, Stefan
- Re: [Ace] multicast Hannes Tschofenig
- Re: [Ace] multicast Beck, Stefan
- Re: [Ace] multicast Derek Atkins
- Re: [Ace] multicast Hannes Tschofenig
- Re: [Ace] multicast Beck, Stefan
- Re: [Ace] multicast Michael StJohns
- Re: [Ace] multicast Beck, Stefan
- Re: [Ace] multicast Hannes Tschofenig
- Re: [Ace] multicast Beck, Stefan
- Re: [Ace] multicast Hannes Tschofenig
- Re: [Ace] multicast Derek Atkins
- Re: [Ace] multicast Michael Richardson