IETF Logo Mail Archive

Re: [Cfrg] When TLS is an overkill...

John Mattsson <john.mattsson@ericsson.com> Mon, 04 March 2019 07:41 UTC

Return-Path: <john.mattsson@ericsson.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9C4C3127598 for <cfrg@ietfa.amsl.com>; Sun, 3 Mar 2019 23:41:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.3
X-Spam-Level:
X-Spam-Status: No, score=-4.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com header.b=DQRYYUjQ; dkim=pass (1024-bit key) header.d=ericsson.com header.b=OcY4S/fl
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Dk8KfEoWH49B for <cfrg@ietfa.amsl.com>; Sun, 3 Mar 2019 23:41:13 -0800 (PST)
Received: from sesbmg22.ericsson.net (sesbmg22.ericsson.net [193.180.251.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B8B73124B0C for <cfrg@irtf.org>; Sun, 3 Mar 2019 23:41:11 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; d=ericsson.com; s=mailgw201801; c=relaxed/relaxed; q=dns/txt; i=@ericsson.com; t=1551685270; x=1554277270; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:CC:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=u5qAuMH1nkb8NP/SY8TJ11B8MbOVJ0lPXZq4icHwUoQ=; b=DQRYYUjQmwWR/lnWu4PN2JZWA0jxU+SM6xw100hab58r11ZlglHFBWW6tjC1GtAd a7OQgqiT5NHI5rh339ImusoEbc2yZzh98zXn0MTwoj6GvZtbmbcckcVVd8TkBuYV FIgvSc91+fPyg+GSzv4eoc+qrwU1cdvRcq6dIj5dIXo=;
X-AuditID: c1b4fb30-f93ff7000000355c-36-5c7cd696dd34
Received: from ESESBMB502.ericsson.se (Unknown_Domain [153.88.183.115]) by sesbmg22.ericsson.net (Symantec Mail Security) with SMTP id C1.0C.13660.696DC7C5; Mon, 4 Mar 2019 08:41:10 +0100 (CET)
Received: from ESESBMB503.ericsson.se (153.88.183.170) by ESESBMB502.ericsson.se (153.88.183.169) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3; Mon, 4 Mar 2019 08:41:09 +0100
Received: from EUR02-AM5-obe.outbound.protection.outlook.com (153.88.183.157) by ESESBMB503.ericsson.se (153.88.183.170) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3 via Frontend Transport; Mon, 4 Mar 2019 08:41:09 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=u5qAuMH1nkb8NP/SY8TJ11B8MbOVJ0lPXZq4icHwUoQ=; b=OcY4S/flNp5SXBlV0A0yuH9Y9Hk8izpcqnp4EXqETWcCuzcDAfu2rD7J6/BEVBP1advjG4yW8PQVCTDQDsdz1DxFcBxriJpmiFQESwvkk/DdMxrZvMvd/mw9BAERtfAjY4dzEtT8o2Q8hQ7AT6fuhfylzlTpadXs5uFrlo+rE+o=
Received: from DB6PR07MB4165.eurprd07.prod.outlook.com (10.168.23.22) by DB6PR07MB3464.eurprd07.prod.outlook.com (10.170.219.153) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1686.10; Mon, 4 Mar 2019 07:41:09 +0000
Received: from DB6PR07MB4165.eurprd07.prod.outlook.com ([fe80::dc25:7420:6e04:9eb3]) by DB6PR07MB4165.eurprd07.prod.outlook.com ([fe80::dc25:7420:6e04:9eb3%3]) with mapi id 15.20.1686.016; Mon, 4 Mar 2019 07:41:09 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: "Dr. Pala" <director@openca.org>, "Stanislav V. Smyshlyaev" <smyshsv@gmail.com>
CC: "cfrg@irtf.org" <cfrg@irtf.org>
Thread-Topic: [Cfrg] When TLS is an overkill...
Thread-Index: AQHUzSK9qAbZibE2EEGFRBLhSU1gxqXwrSMAgAAJUoCACntLAA==
Date: Mon, 04 Mar 2019 07:41:08 +0000
Message-ID: <848BB150-1C2E-42A7-8683-162B448DE4FF@ericsson.com>
References: <307807bf-09eb-96c7-028f-df9573463b11@openca.org> <CAMr0u6k1Yc=TmNRte=ZhJ0aQ9th-YSSL9hzozgddzqxwXcXZPg@mail.gmail.com> <b2c4dab3-e0d5-2d1b-83e5-5a2161321d07@openca.org>
In-Reply-To: <b2c4dab3-e0d5-2d1b-83e5-5a2161321d07@openca.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.16.1.190220
x-originating-ip: [82.214.46.143]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 28ded3c5-e74e-459f-5f84-08d6a074c45a
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600127)(711020)(4605104)(2017052603328)(7153060)(7193020); SRVR:DB6PR07MB3464;
x-ms-traffictypediagnostic: DB6PR07MB3464:
x-microsoft-exchange-diagnostics: 1;DB6PR07MB3464;23:X9k/GIDhfdsR2ptwswTITgp5qXeNHUYFEq8PCUbTEuHrHKEW7kD68MxC2Rw5DVAMaTIjY1bcksWPRWUV4zAWzVSpLnE0qFQWV9AihjMfc3koHhqbXsrgsVBrk/nnGIND53NTOVCQx6Z3U5yDNjHJqySDNxSO7gZFhBqRkom7MYmF4oqvf19OMDNRs8CIuChCEA7fqjO/fJ+ycFzEsS4W0DqUHxXaL/Ab2gWzvIdmSMtp+gPnoTyLeoVMckuI6SEJQDw8mzqYc14u80gYRrSEebIKUD+L8OnvEjDVMH7GH2nNQhflakOuJojBC3YHi+epq5zsa7YEt8XgZMhhn25MoaW04nEGVL3R3QcVdcPfG7DaHcgifppT0Yq/+ekNlxksRo2bdMogQFd5LtKqWnHQqCdftRJD62g+PPfQ9RLcLPx3z7F5Lr7Esgdva6x3Z8VrVpycqlA9+YBZN8ZoJmrCDEkzdmGvxqn4uB9Nyclr+4AZZbjnWr+Y2MOWLu5ld5f+r92+AOiU+wpSD5/jkY69XR706yNx2DEnZgPyEa1QWrgswYFKX5VSkpZYYvwHPsmJahjpw4fd/6RJGswYXd2SN2Tc109/5lHrs/iv+5PxgItje0NSfrd+7muah1gqPJCTrx/y2W6N93+YtsWGjga8GIDSN7ZBdRNbHJpdfbtA1k+xeADDk3uyFHZ7ajBwt1zOc9dE4FQ+55U7YyXKQZCyByGuC7FtKGCuZwifWtBpQRGeZ1/w0r0tHSFZG4noPX1ojcoDRu3n2oUt3MSJ0bhn2dwDx/6UdG+zJSxekVkL6mLMQjmoLNWy57BHzJoLecV6YY+Byv4Qb9PcnPUaydemvYnnU1d84VI2BwGYxYCiIgBiIt4fqTZHoLfmmy0He+bsTmDyKC0aOsmKbTVdAJFeDD5T2070LHziJxNoWOgnDsvrBczOFSlA5HQYKeEieFf74Pnrn0V+AKMCNdGSnRQfxIfS+rc9HNmYf/FyKdwPLbIH8PztrhOHIxMyPz0pssJUoM1NRvDvD77PKNGUbGCyaZoAXGF/HKo2SysTm3YyKB2eLLXjia8JVKNhtvAGqGOP0putMa1U7j93BebIzkZFQKOUKz2ryZK5a0zFwNGbIRKH7v7CLNMMI4yW0nigwVFnxi+monAajMg9+oFV8sz/kckJlfgt3EZSaTEYDYZPcKigFrtmp7E+k5QuZ7Zbq6SRsOAtNKfhhbtALeg+zsQJ8DVuJi5V/Yd7IKxWhB+JjkTjdKRtccAxo22+LTsP+IbrINOl/RLmJvm0LR37Nx1uYJKGOl8GStKTXbhJvkkuNJpTzT17HyDBz0qbMmApuiMwAxdazPO63cgg6obRm2yGBw==
x-microsoft-antispam-prvs: <DB6PR07MB34648F6BA1D0D87046EE03CA89710@DB6PR07MB3464.eurprd07.prod.outlook.com>
x-forefront-prvs: 09669DB681
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(39860400002)(366004)(376002)(396003)(346002)(136003)(199004)(189003)(51914003)(11346002)(446003)(81156014)(36756003)(229853002)(2906002)(6486002)(256004)(6506007)(486006)(6346003)(6436002)(2616005)(102836004)(4326008)(476003)(44832011)(81166006)(97736004)(6246003)(8936002)(186003)(86362001)(26005)(66066001)(8676002)(3846002)(790700001)(6116002)(478600001)(58126008)(316002)(68736007)(110136005)(83716004)(53936002)(6512007)(7736002)(82746002)(99286004)(966005)(76176011)(14454004)(6306002)(33656002)(5660300002)(54896002)(71190400001)(71200400001)(106356001)(25786009)(105586002); DIR:OUT; SFP:1101; SCL:1; SRVR:DB6PR07MB3464; H:DB6PR07MB4165.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=john.mattsson@ericsson.com;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: j3H61pDBjzhOWnfuAchUepW/7XxnY2lg0f7YvsVfu41EGHBWg2WKcG3kgcr61TmkFocl8kEFryFLfOiX7Hzj9AFEMv8SsVBFtU9fLKJZgvmGsvTSD9dn4jA/BTaZnd1qXmi8NH8CwWdAJ0eKi1Iy2VgWLzJ7Lidjng/rU5W5rXD8QMuOsK5PnR7oaBZMoSlijLvGBZPL7aksC47LO5gsNjcLc6+IiuD7UWBgRlHVAoWXoMPPB65iJvP50bRiO97MQpgt43PsJCpHWeusWXgR1Ns1yA0ME8GPZvK1iUVPDKQWrO0jqWuF5qJnfjuKBqJJbOyPjWbkKdqMB+pgtsuerbBhK9TUCaod2jiQuq0pROlHRiWVFKedY6TluC6rdwfCSnw/lZeKyKZsAioUahG3aBIfHnKa+MYId8/PDmvGkrQ=
Content-Type: multipart/alternative; boundary="_000_848BB1501C2E42A78683162B448DE4FFericssoncom_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 28ded3c5-e74e-459f-5f84-08d6a074c45a
X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Mar 2019 07:41:08.9470 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB6PR07MB3464
X-OriginatorOrg: ericsson.com
X-Brightmail-Tracker: H4sIAAAAAAAAA02SbUhTURjHO/fe7V5Ho+N8e9IMnEIl+FIYWOTU+uKHXpTSIgRd8/rSbNW9 ZllS05BEW9k0bStTSkzEUNNsihhOk9JEKghtpq0s9Uv2QpQa1q6nwG+/5/n/n/M/z+FwtKpb 5stlGXJ4waDNVssVjOXQIzGk8nV+cnhjkSyy9FcvFfm4ZXfk8FgbFUPHdVrfsnHlrX3yuKpr k0w8fVixI43PzsrlhTBNqiLz6hun7MRz3ZmBtuuMEc2lliA3DnAE2N5bUAlScCrcj8D2+Q8r CSr8A4GjJYYIdymona5lpYLBZTSMVjykiGKmoKurWUYKJ4KR0UpGmpfjcKjuNspLEMt54kRw JkhdGgfCneanlMQeOBQmzXNyiT1xGPQPFdKEd0Jhj2O5z+AgMA3bl/1KHA39jktyEmVDUFb3 3SVwnBvWQO+NNZIHYW/4OdhEkSwfeDNVQ5E1MdR1j9CEvWD2w5JMYi9XbvuVdwzpB8BQT8M/ jz+8rClFhPfA3ISFlnIBjyGw3p6XESEYCswWlghNKqgpkKY5V6EHx1A68ayD+RcTiHiMcjAO fpGT9+Xh3v0iVIZCrCsuS1gH5iora11e2h2eWaYYq+tYGm+C5q4wYgmAilInS3gjFN2q/sdx MNzRyK701CKuEXmJvHjkWMaWLaG8kKUTxeOGUAOf8wC5/lRv+2K4Dc1Ox9oR5pB6tVLfl5+s kmlzxbxjdgQcrfZU9rxytZRp2ryzvHA8RTiVzYt25Mcxah/lb5V7sgpnaHN4Pc+f4IX/KsW5 +RpRxOmL+q27Mu+Odgg604bKKFY/E/Sy3t6qiB5NStp+bSHA21o/3nFnaXBgxqP4iYcpe1Ua v3d2bd3PoOCDrxLKxzRCF9Yv2hpOao5+Uu3zDsxf81Graez4ut60mOgf/Fb8NmLr3Hau+Kbf gQvl6YbYy33jYfstKeejUHxCU9VCjUnNiJnazcG0IGr/AmsNqaxPAwAA
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/CeUgnmrMxjbU54BaIEBrlOv1e-Y>
Subject: Re: [Cfrg] When TLS is an overkill...
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Mar 2019 07:41:16 -0000

Hi Max,
As you say, EDHOC was not designed to be a general protocol for everything, it was designed to be a very lightweight implementation of the SIGMA protocol to provide keys for OSCORE. That being the case, the protocol should illustrate how a minimal but still practical implementation of SIGMA-I can look like, I hope you find it useful. EDHOC  relies on COSE for all cryptographical parts and will support what COSE standardizes. While RFC 8152 did not support certificates, Jim Schaad is currently working on standardizing support for certificates in COSE, and this will work with EDHOC as well.
https://tools.ietf.org/html/draft-ietf-cose-x509
Cheers,
John
From: Cfrg <cfrg-bounces@irtf.org> on behalf of "Dr. Pala" <director@openca.org>
Organization: OpenCA Labs
Date: Monday, 25 February 2019 at 17:38
To: "Stanislav V. Smyshlyaev" <smyshsv@gmail.com>
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] When TLS is an overkill...


Hi Stanislav,

I have not read it yet - from the abstract it seems it provides the solution for CBOR/COSE for ECDHE. It is definitely relevant - thanks for the pointer. From what I see, it seems that this is another example of the need for having such BCP (?) that can be implemented in different environments and can use different encodings (e.g., JSON, ASN.1, Binary, XML, etc.)

The specific I-D seems to be a bit too restrictive for a generic protocol - i.e., does not supports certificates, only intended for CBOR/COSE, and does only one algorithm for key exchange: I am thinking more in the direction of an "algorithm-independent" approach that would not require updating when new algorithms for key-exchange, for example, are standardized and deployed (e.g., hash-based signatures) and can support traditional, post-quantum, and future algorithms (as long as no "new paradigm" is introduced). However, besides all these "ecosystem-specific" limitations, the work goes in the same direction as what I am saying here: establish an encryption algorithm and a key by using 3 messages only.

Thanks for the pointer, I will look more closely into that document to see what they include in those messages and why.

Cheers,
Max

v2.23.0 | Report a Bug | By Email