Re: [core] OSCORE: Questions about Section 5.2

Christian Amsüss <christian@amsuess.com> Thu, 11 October 2018 13:31 UTC

Return-Path: <christian@amsuess.com>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 35731130DD6 for <core@ietfa.amsl.com>; Thu, 11 Oct 2018 06:31:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5uAd9BVZWn7B for <core@ietfa.amsl.com>; Thu, 11 Oct 2018 06:31:28 -0700 (PDT)
Received: from prometheus.amsuess.com (prometheus.amsuess.com [5.9.147.112]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F2B11127148 for <core@ietf.org>; Thu, 11 Oct 2018 06:31:27 -0700 (PDT)
Received: from poseidon-mailhub.amsuess.com (unknown [IPv6:2a02:b18:c13b:8010:a800:ff:fede:b1bd]) by prometheus.amsuess.com (Postfix) with ESMTPS id B98C641AD8; Thu, 11 Oct 2018 15:31:25 +0200 (CEST)
Received: from poseidon-mailbox.amsuess.com (hermes.amsuess.com [10.13.13.254]) by poseidon-mailhub.amsuess.com (Postfix) with ESMTP id 021712A; Thu, 11 Oct 2018 15:31:23 +0200 (CEST)
Received: from hephaistos.amsuess.com (hephaistos.amsuess.com [IPv6:2a02:b18:c13b:8010::71b]) by poseidon-mailbox.amsuess.com (Postfix) with ESMTPSA id 9412810E; Thu, 11 Oct 2018 15:31:22 +0200 (CEST)
Received: (nullmailer pid 18159 invoked by uid 1000); Thu, 11 Oct 2018 13:31:21 -0000
Date: Thu, 11 Oct 2018 15:31:21 +0200
From: Christian =?iso-8859-1?Q?Ams=FCss?= <christian@amsuess.com>
To: Jaro Fietz <jaro.fietz@aisec.fraunhofer.de>
Cc: core@ietf.org, martin.striegel@aisec.fraunhofer.de, stefan.hristozov@aisec.fraunhofer.de, jaro.fietz@gmx.de
Message-ID: <20181011133119.GC7477@hephaistos.amsuess.com>
References: <bd95ea38-7425-13d6-a955-1e60a5bd0945@aisec.fraunhofer.de> <20181011110943.GE31858@hephaistos.amsuess.com> <bdb05cc8-7418-a65c-b4a1-6111e1467c13@aisec.fraunhofer.de>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="LwW0XdcUbUexiWVK"
Content-Disposition: inline
In-Reply-To: <bdb05cc8-7418-a65c-b4a1-6111e1467c13@aisec.fraunhofer.de>
User-Agent: Mutt/1.10.1 (2018-07-13)
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/TMw6bABkIuVeA51f6u2cIo6JEao>
Subject: Re: [core] OSCORE: Questions about Section 5.2
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Oct 2018 13:31:30 -0000

Hello Jaro,

> > The expectation is that the shortest (zero-length) ID would be used in
> > cases wherever that's beneficial, eg. when a constrained device
> > primarily utilizes one context in which it is addressed as a server.
>
> This is an interesting optimization. I'm not too sure about the actual
> benefits though. To me this would only result in the constrained nodes being
> able to shave off a few bytes of allocation when constructing the response
> and saving their sender_id to persistent storage.

It's much more about message size. There are applications that need to
get an OSCORE message through w/o fragmentation over single link layer
messages (6TiSCH joining), and this helps fitting things in there.

> I'm implementing OSCORE on top of zephyr (not integrated into it) for an
> embedded board. Currently it isn't open source, but I asked my advisor,
> who'll forward the request to the supervisor.
> Judging from your github history I expect you ask for RIOT-OS? :)

Indeed, RIOT is what I have in mind. There have been successful cases of
code shared between Zephyr and RIOT, and I think that collaboration
could be fruitful here, if licensing permits.

At any rates, I'm looking forward to interoperate with a constrained
application in future plug tests.

Best regards
Christian

-- 
To use raw power is to make yourself infinitely vulnerable to greater powers.
  -- Bene Gesserit axiom