Re: [core] Missing must in the Group OSCORE document

Jim Schaad <ietf@augustcellars.com> Tue, 04 August 2020 13:13 UTC

Return-Path: <ietf@augustcellars.com>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C77B83A0B35 for <core@ietfa.amsl.com>; Tue, 4 Aug 2020 06:13:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 59V82ZCNHtjR for <core@ietfa.amsl.com>; Tue, 4 Aug 2020 06:13:19 -0700 (PDT)
Received: from mail2.augustcellars.com (augustcellars.com [50.45.239.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E0F213A0B4A for <core@ietf.org>; Tue, 4 Aug 2020 06:13:12 -0700 (PDT)
Received: from Jude (73.180.8.170) by mail2.augustcellars.com (192.168.0.56) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Tue, 4 Aug 2020 06:13:06 -0700
From: Jim Schaad <ietf@augustcellars.com>
To: 'Marco Tiloca' <marco.tiloca@ri.se>, 'Christian Amsüss' <christian@amsuess.com>, 'Francesca Palombini' <francesca.palombini@ericsson.com>
CC: core@ietf.org
References: <04a301d66839$83672d50$8a3587f0$@augustcellars.com> <29181983-83ab-e7fa-0049-5b11df700a55@ri.se>
In-Reply-To: <29181983-83ab-e7fa-0049-5b11df700a55@ri.se>
Date: Tue, 04 Aug 2020 06:13:04 -0700
Message-ID: <058601d66a60$feceaad0$fc6c0070$@augustcellars.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 16.0
Content-Language: en-us
Thread-Index: AQFcnDjahiYL9g6XE81eEKx67w39RwG/NgnPqg2PmhA=
X-Originating-IP: [73.180.8.170]
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/A9_kV99Pfj-LsgwwofyfFIQbs9Q>
Subject: Re: [core] Missing must in the Group OSCORE document
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Aug 2020 13:13:21 -0000


-----Original Message-----
From: Marco Tiloca <marco.tiloca@ri.se> 
Sent: Tuesday, August 4, 2020 1:09 AM
To: Jim Schaad <ietf@augustcellars.com>; 'Christian Amsüss' <christian@amsuess.com>; 'Francesca Palombini' <francesca.palombini@ericsson.com>
Cc: core@ietf.org
Subject: Re: Missing must in the Group OSCORE document

Hi Jim,

On 2020-08-01 21:25, Jim Schaad wrote:
> Christian,
>
>  I have been thinking about the problem case of having a duplicate IV 
> reuse in the case where I suggested that we use separate IV spaces for 
> the group and pairwise keying materials.  I agree that this is a 
> problem, however the problem is greater than what you outlined.  This 
> is going to be a situation that will arise anytime that the request 
> comes in under one security context and the response goes out under a 
> different security context.  In this situation you will always have 
> the problem that a reflected IV value from context 1 will lead to a potential IV reuse in context 2.
>
> Missing requirement in the document:
>
> A server MUST use a PIV value from it's own sender context when ever 
> it would normally use a reflected IV, but the security context for the 
> request and response are not the same.

==>MT
I guess here "different security context" means "different protection mode" - hence different PIV space - regardless a possible group rekeying happening. Correct?

This seems to confirm the issue (1) raised in slide 9 of [1]. So this MUST-requirement would be needed if the two different PIV spaces are introduced.

Just to clarify, do you think that the requirement is needed also in the current document with only one PIV space?

[JLS] Yes this is needed in the current document even with only one PIV space because doing a rekey between the request and the response has this problem.
Jim


Thanks,
/Marco

[1]
https://www.ietf.org/proceedings/108/slides/slides-108-core-sessa-group-oscore-00
<==

>
> Jim
>
>

--
Marco Tiloca
Ph.D., Senior Researcher

RISE Research Institutes of Sweden
Division ICT
Isafjordsgatan 22 / Kistagången 16
SE-164 40 Kista (Sweden)

Phone: +46 (0)70 60 46 501
https://www.ri.se