Re: [Cfrg] When TLS is an overkill...
"Dr. Pala" <director@openca.org> Mon, 25 February 2019 16:37 UTC
Return-Path: <director@openca.org>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 75F261277CC for <cfrg@ietfa.amsl.com>; Mon, 25 Feb 2019 08:37:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.889
X-Spam-Level:
X-Spam-Status: No, score=-1.889 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_PASS=-0.001, T_HK_NAME_DR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sdlC4tVPqZOY for <cfrg@ietfa.amsl.com>; Mon, 25 Feb 2019 08:37:22 -0800 (PST)
Received: from mail.katezarealty.com (mail.katezarealty.com [104.168.158.213]) by ietfa.amsl.com (Postfix) with ESMTP id AB5F2130E7B for <cfrg@irtf.org>; Mon, 25 Feb 2019 08:37:22 -0800 (PST)
Received: from localhost (unknown [127.0.0.1]) by mail.katezarealty.com (Postfix) with ESMTP id 54E023741061; Mon, 25 Feb 2019 16:37:22 +0000 (UTC)
X-Virus-Scanned: amavisd-new at katezarealty.com
Received: from mail.katezarealty.com ([127.0.0.1]) by localhost (mail.katezarealty.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id pBcdqp00VgF7; Mon, 25 Feb 2019 11:37:16 -0500 (EST)
Received: from CableLabsMacWork.hsd1.co.comcast.net (c-73-203-120-205.hsd1.co.comcast.net [73.203.120.205]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.katezarealty.com (Postfix) with ESMTPSA id 7AFCD37407FD; Mon, 25 Feb 2019 11:37:16 -0500 (EST)
To: "Stanislav V. Smyshlyaev" <smyshsv@gmail.com>
Cc: cfrg@irtf.org
References: <307807bf-09eb-96c7-028f-df9573463b11@openca.org> <CAMr0u6k1Yc=TmNRte=ZhJ0aQ9th-YSSL9hzozgddzqxwXcXZPg@mail.gmail.com>
From: "Dr. Pala" <director@openca.org>
Organization: OpenCA Labs
Message-ID: <b2c4dab3-e0d5-2d1b-83e5-5a2161321d07@openca.org>
Date: Mon, 25 Feb 2019 09:37:15 -0700
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:60.0) Gecko/20100101 Thunderbird/60.5.1
MIME-Version: 1.0
In-Reply-To: <CAMr0u6k1Yc=TmNRte=ZhJ0aQ9th-YSSL9hzozgddzqxwXcXZPg@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------22E41C90F7AA87F69F3D8648"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/AuSLoTHqkntDc81RqRy3s1MQfWw>
Subject: Re: [Cfrg] When TLS is an overkill...
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Feb 2019 16:37:25 -0000
Hi Stanislav, I have not read it yet - from the abstract it seems it provides the solution for CBOR/COSE for ECDHE. It is definitely relevant - thanks for the pointer. From what I see, it seems that this is another example of the need for having such BCP (?) that can be implemented in different environments and can use different encodings (e.g., JSON, ASN.1, Binary, XML, etc.) The specific I-D seems to be a bit too restrictive for a generic protocol - i.e., does not supports certificates, only intended for CBOR/COSE, and does only one algorithm for key exchange: I am thinking more in the direction of an "algorithm-independent" approach that would not require updating when new algorithms for key-exchange, for example, are standardized and deployed (e.g., hash-based signatures) and can support traditional, post-quantum, and future algorithms (as long as no "new paradigm" is introduced). However, besides all these "ecosystem-specific" limitations, the work goes in the same direction as what I am saying here: establish an encryption algorithm and a key by using 3 messages only. Thanks for the pointer, I will look more closely into that document to see what they include in those messages and why. Cheers, Max On 2/25/19 9:03 AM, Stanislav V. Smyshlyaev wrote: > Dear Max, > > Just a quick comment: have you had a chance to have a look at the > protocol (also a SIGMA-based one) described in > https://tools.ietf.org/html/draft-selander-ace-cose-ecdhe-11? It may > not be the silver bullet but is definitely worth considering when > thinking about such questions. > > Best regards, > Stanislav > > пн, 25 февр. 2019 г. в 18:56, Dr. Pala <director@openca.org > <mailto:director@openca.org>>: > > Hi CFRG, > > I am working on some aspects about provisioning credentials and > authenticating devices and I noticed that sometimes people use TLS > to establish a secure channel with a server even when all they > want to do (i.e., no extra features/checks/etc.) could potentially > be achieved in just 2/3 messages. An example of this is EAP - > whenever a secure channel needs to be established, EAP-TLS, > EAP-TTLS, EAP-TEAP, etc. must be supported to tunnel the 2nd > method that will be used for authentication. > > My question for the group is: if we were to use a "simple" way to > establish the secure channel, are there recommendations for what > should be in those messages ? What would be the minimum set of > required data that MUST be included in the exchange ? > > A rough example of such messages could be (A = Client, B = Server): > > * [A] { Supported Encryption Algorithms List, > Supported Key-Exchange Algorithms List, > Encryption Initialization Data, > MSG Authentication } -> [B] > > * [B] { Selected Encryption Algorithm and Params, > Selected Key-Exchange Algorithm and Params, > Key-Exchange Params (e.g., ECDHE), > (Optional) Credentials (e.g., Certificate Chain), > Encryption Initialization Data, > MSG Authentication } -> [A] > > * [A] { Selected Encryption Algorithm and Params, > Selected Key-Exchange Params (e.g., ECDHE), > Key-Exchange Params (e.g., ECDHE), > (Optional) My Credentials Encrypted (e.g., Certificate > Chain), > MSG Authentication } -> [B] > > From now on, the two parties end up with a shared secret key and > agreed-upon encryption algorithm. > > In environments where the number of exchanged messages matter - > EAP is a great example of that - having a standardized method that > provides the possibility of establishing a secure communication > channel very easily would be great. After that, I think that > either the TLS layer can kick in and manage the encryption or > other options might be used for the encryption of the data itself > (e.g., directly encrypting the data record by record). > > Looking forward to hearing from you, > > Cheers, > Max > > > -- > Best Regards, > Massimiliano Pala, Ph.D. > OpenCA Labs Director > OpenCA Logo > _______________________________________________ > Cfrg mailing list > Cfrg@irtf.org <mailto:Cfrg@irtf.org> > https://www.irtf.org/mailman/listinfo/cfrg > -- Best Regards, Massimiliano Pala, Ph.D. OpenCA Labs Director OpenCA Logo
- [Cfrg] When TLS is an overkill... Dr. Pala
- Re: [Cfrg] When TLS is an overkill... Adam Langley
- Re: [Cfrg] When TLS is an overkill... Stanislav V. Smyshlyaev
- Re: [Cfrg] When TLS is an overkill... Dr. Pala
- Re: [Cfrg] When TLS is an overkill... Carsten Bormann
- Re: [Cfrg] When TLS is an overkill... Peter Gutmann
- Re: [Cfrg] When TLS is an overkill... Dr. Pala
- Re: [Cfrg] When TLS is an overkill... Peter Gutmann
- Re: [Cfrg] When TLS is an overkill... Ruslan Kiyanchuk
- Re: [Cfrg] When TLS is an overkill... kris
- [Cfrg] Higncryption and CNKE might be useful Re: … 赵运磊
- Re: [Cfrg] When TLS is an overkill... John Mattsson