Re: [core] 🔔 Confirming adoption of draft-hoeglund-core-oscore-key-limits-02 as a CoRE WG document
Christian Amsüss <christian@amsuess.com> Mon, 15 November 2021 14:31 UTC
Return-Path: <christian@amsuess.com>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 48BD33A0CB5 for <core@ietfa.amsl.com>; Mon, 15 Nov 2021 06:31:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PwdHzkZAwGOg for <core@ietfa.amsl.com>; Mon, 15 Nov 2021 06:31:06 -0800 (PST)
Received: from prometheus.amsuess.com (alt.prometheus.amsuess.com [IPv6:2a01:4f8:190:3064::3]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8F7353A0CAC for <core@ietf.org>; Mon, 15 Nov 2021 06:31:05 -0800 (PST)
Received: from poseidon-mailhub.amsuess.com (095129206250.cust.akis.net [95.129.206.250]) by prometheus.amsuess.com (Postfix) with ESMTPS id A736640418; Mon, 15 Nov 2021 15:31:01 +0100 (CET)
Received: from poseidon-mailbox.amsuess.com (poseidon-mailbox.amsuess.com [IPv6:2a02:b18:c13b:8010:a800:ff:fede:b1bf]) by poseidon-mailhub.amsuess.com (Postfix) with ESMTP id 4FC46154; Mon, 15 Nov 2021 15:30:59 +0100 (CET)
Received: from hephaistos.amsuess.com (unknown [IPv6:2a02:b18:c13b:8010:a8a2:900b:f999:58a7]) by poseidon-mailbox.amsuess.com (Postfix) with ESMTPSA id E6161CD; Mon, 15 Nov 2021 15:30:58 +0100 (CET)
Received: (nullmailer pid 235290 invoked by uid 1000); Mon, 15 Nov 2021 14:30:58 -0000
Date: Mon, 15 Nov 2021 15:30:58 +0100
From: Christian Amsüss <christian@amsuess.com>
To: John Mattsson <john.mattsson@ericsson.com>
Cc: Jaime Jiménez <jaime@iki.fi>, "core@ietf.org" <core@ietf.org>
Message-ID: <YZJvIqiO9PebQ/u5@hephaistos.amsuess.com>
References: <97d7f098-ff89-4dae-a9dd-be09225553aa@www.fastmail.com> <YYqg2NNe5sYq7O6A@hephaistos.amsuess.com> <HE1PR0701MB30509A4728E4C8F88B45C00389989@HE1PR0701MB3050.eurprd07.prod.outlook.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="8mA/8xMYCGx/QR37"
Content-Disposition: inline
In-Reply-To: <HE1PR0701MB30509A4728E4C8F88B45C00389989@HE1PR0701MB3050.eurprd07.prod.outlook.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/ClwcSF0BUVxDas8BpgT0WY1yQrY>
Subject: Re: [core] 🔔 Confirming adoption of draft-hoeglund-core-oscore-key-limits-02 as a CoRE WG document
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Nov 2021 14:31:11 -0000
Hello John, KUDOS authors,
On Mon, Nov 15, 2021 at 10:22:46AM +0000, John Mattsson wrote:
> I think it would be good to discuss if the KUDOS rekeying mechanism
> should/could be used to also update the identifiers. KUDOS resets the
> sequence numbers. I have not thought about this in any detail or that
> it is something we should do, I just suggest that we discuss it.
The two are related but at different layers; any solution combining them
would need to operate on both. (KUDOS sending unprotected nonces, new
KIDs would need to be negotiated in encrypted data).
It may help to see them independent initially:
* KUDOS allows using new key material from a preexisting context, with
sequence numbers starting at 0 again, but keeps the same KIDs.
* KID switchovers could be announced using inner options -- "Please
address me as ${my_new_sender_ID} henceforth".
Keeping the master key, whoever changes their KID needs to be aware of
all KIDs previously used on that shared context. In particular, the ID
needs to stay unused until the peer has acknowledged (eg. by using the
new ID) that it didn't try to switch to that ID at the same time.
The requirement to know history (lest a sender key get drived a second
time) is what makes KID changes convenient to do at KUDOS time (when the
list of previously used KIDs is empty again).
BR
c
--
To use raw power is to make yourself infinitely vulnerable to greater powers.
-- Bene Gesserit axiom
- [core] 🔔 Confirming adoption of draft-hoeglund-co… Jaime Jiménez
- Re: [core] 🔔 Confirming adoption of draft-hoeglun… Christian Amsüss
- Re: [core] 🔔 Confirming adoption of draft-hoeglun… John Mattsson
- Re: [core] 🔔 Confirming adoption of draft-hoeglun… Christian Amsüss
- Re: [core] 🔔 Confirming adoption of draft-hoeglun… Jaime Jiménez