Re: [core] [ALU] Re: Question reg. draft-fossati-tls-iot-optimizations-00
"Hudalla Kai (INST/ESY1)" <Kai.Hudalla@bosch-si.com> Wed, 02 November 2016 15:49 UTC
Return-Path: <Kai.Hudalla@bosch-si.com>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 62F461296B9 for <core@ietfa.amsl.com>; Wed, 2 Nov 2016 08:49:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.901
X-Spam-Level:
X-Spam-Status: No, score=-6.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4WvlnbQCn8vF for <core@ietfa.amsl.com>; Wed, 2 Nov 2016 08:48:54 -0700 (PDT)
Received: from smtp6-v.fe.bosch.de (smtp6-v.fe.bosch.de [IPv6:2a03:cc00:ff0:100::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 53D68128874 for <core@ietf.org>; Wed, 2 Nov 2016 08:48:54 -0700 (PDT)
Received: from vsmta13.fe.internet.bosch.com (unknown [10.4.98.53]) by imta23.fe.bosch.de (Postfix) with ESMTP id 3754E15800BA for <core@ietf.org>; Wed, 2 Nov 2016 16:48:52 +0100 (CET)
Received: from be6vw2exc01.bosch-si.com (vsgw24.fe.internet.bosch.com [10.4.98.24]) by vsmta13.fe.internet.bosch.com (Postfix) with ESMTP id 99C512E4032A for <core@ietf.org>; Wed, 2 Nov 2016 16:48:51 +0100 (CET)
Received: from BE6PW2EXD00.bosch-si.com ([fe80::4027:bf9e:f016:559a]) by be6vw2exc01.bosch-si.com ([::1]) with mapi id 14.03.0319.002; Wed, 2 Nov 2016 16:49:20 +0100
From: "Hudalla Kai (INST/ESY1)" <Kai.Hudalla@bosch-si.com>
To: "core@ietf.org" <core@ietf.org>
Thread-Topic: [core] [ALU] Re: Question reg. draft-fossati-tls-iot-optimizations-00
Thread-Index: AQHSNRLsxw+ZhmUfhkiE76fll++38qDFxkwA
Date: Wed, 02 Nov 2016 15:49:20 +0000
Message-ID: <1478101730.3603.9.camel@bosch-si.com>
References: <D43F9ABE.74B48%thomas.fossati@alcatel-lucent.com>
In-Reply-To: <D43F9ABE.74B48%thomas.fossati@alcatel-lucent.com>
Accept-Language: en-US, de-DE
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.56.65.50]
Content-Type: text/plain; charset="utf-8"
Content-ID: <29B1C6BFD769BC40AAB1659BC02E4131@bosch-si.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-TM-AS-MML: disable
X-TM-AS-Product-Ver: IMSS-7.1.0.1679-8.0.0.1202-22674.005
X-TMASE-MatchedRID: qsaWi0FWcYuwtrD/qG0ruia1MaKuob8PC/ExpXrHizxlRzIE7Ct1DGKp MJoimBcb6BK26O6ZLjuRo6QHiw+C9c1ybZtba3mcaJiWzzHYz3S0k7HugtylSJUQzHWBKOFAOaw ylDS+jFqekrOjtm4oRm2mEJbW9AZhf+uqpAZbKofgcGljJ5AnZylayzmQ9QV0uFgZ2FJVs4xjPe BHMnDSMHn3uXOA53T6/njIDSnhvTvBpzFhXMIZwBfY306nA3boXccelkX/ubAFXFSkfaz0cb7qf 3d2iYd478jtP3NLmadbyi58IgIlUQ3OSHz4ECKIlUgQqGVMqmxbdOqDH81KSlarYdToziqFI6qq 9xPsXYg/HtJ6KuaFTcyP6PRI7KmHdwEIsxXSnzpVTfJWlqPdDCH2Y0Xxk8nYgrAXgr/AjP0s7EL qy7JDxksZxKIDfViuZEMv0zWaXme5Hmf1ZFy/igL09KI3I2Dpd29HD0hr7HaFc6z4a7q/xRxwZG G1rlDqz38PBR1z87n5ULgjwq+ERVkmrXvRXTvgdu0sr+M0vAs7UrmIzxDooCJ8zskw0dbrXdIam khiua9OePlKVqhFdWlDZJI0ni2HcdV1fv9AzTDY5KPiokD1Bpb07sTmkdICmyiLZetSf8n5kvmj 69FXvKEwgORH8p/AjaPj0W1qn0SyO81X3yak87JRT27XYy9G1c1yFni0x8sYSyDoLIdTn3TpZme Xfo+0xoCyS+kAhut+3BndfXUhXQ==
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/anKQzPHMzrfUo9b9OjOwepHKI4c>
Subject: Re: [core] [ALU] Re: Question reg. draft-fossati-tls-iot-optimizations-00
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Nov 2016 15:49:05 -0000
On Mi, 2016-11-02 at 14:10 +0000, Fossati, Thomas (Nokia - GB) wrote: > Hi Achim, > > On 02/11/2016 10:33, "core on behalf of Kraus Achim (INST/ESY1)" > <core-bounces@ietf.org on behalf of Achim.Kraus@bosch-si.com> wrote: > > > > Though draft-fossati-tls-iot-optimizations-00 was published in the tls > > wg, I posted my question there. > Yes, you made the correct assumption, my fault. > > > > > Currently I'm simply not sure, if I understood the approach right, but > > according your answer, > > I guess Stephen (Farrell) may be the right person, to give an answer. > > > > With my understanding (see mail in tls, > > https://www.ietf.org/mail-archive/web/tls/current/msg21737.html), > The idea is that, during handshake, client and server negotiate the CID > extension. > > As usual with TLS, client proposes the extension, in this case indicating > the desired length of the hash chain (i.e., the number of different CIDs) > to use. > > If server supports the CID extension, it replies with the effective length > of the hash chain ("L"), which shall be equal or less than what the client > proposed. > > The shared secret output by the handshake is used to produce an ordered > list of "L" CIDs. I don't think it really matters that the production > happens via a hash chain, or any other mechanism, as long as: > 1. The produced list is the same on both sides of the wire (in values, > length and cardinality); > 2. An external observer doesn't learn anything about the next CID(s) by > passively looking at the CID(s) that have circulated so far. > > (I guess a "for i in 1..L: CID[i] = HMAC(shared_secret, string(i))" would > fit the purpose.) > Assuming that "shared_secret" is derived from the pre-master or master secret and "string(i)" means "get the ASCII representation of integer i's digits", then this function would have the additional advantage of not requiring both sides to "pre-compute" the whole list of CIDs in advance but instead being able to compute the next CID ad-hoc when it is needed, wouldn't it? The client and server would only need to keep track of counter i in this case. > > > > I see following issues with the hash chain: > > The scaling/performance depends on the "hash chain window" used to > > related the record to the dtls connection. > > As larger the window, the more I'm in doubt, if that scales. > I agree. That's why I think "client proposes, server chooses" is the > right way to negotiate it. > > > > > The robustness for clients, when we lose more packets then we assume in > > the window. > > As smaller the window, the more I'm in doubt, if it's robust enough. > I'm not sure I understand your concern here. > > The idea is that the client has it's own "CID shift" policy (e.g., based > on time, or number of packets exchanged, NAT rebinding awareness, etc.) > and will decide unilaterally when to move to the next CID in chain, until > the chain is exhausted. The server will mirror the last CID received. In > this scheme, packet loss has no impact as long as client keeps alive CIDs > that have been shifted but not yet "acknowledged" by the server on the > back channel. (This is true if both sides keep the chain in place for as > long as the security association is active.) > My only concern would be that not using the full HMAC values as the CIDs but instead only using the, say, first 6 bytes would actually make the CIDs vulnerable again. However, I am not a security expert and have no clue whether this is a problem or not. In any case, I like the idea very much :-) What do we need to do in order to bring this forward?
- [core] Question reg. draft-fossati-tls-iot-optimi… Hudalla Kai (INST/ESY1)
- Re: [core] Question reg. draft-fossati-tls-iot-op… Kraus Achim (INST/ESY1)
- Re: [core] Question reg. draft-fossati-tls-iot-op… Fossati, Thomas (Nokia - GB)
- Re: [core] Question reg. draft-fossati-tls-iot-op… Kraus Achim (INST/ESY1)
- Re: [core] [ALU] Re: Question reg. draft-fossati-… Fossati, Thomas (Nokia - GB)
- Re: [core] [ALU] Re: Question reg. draft-fossati-… Kraus Achim (INST/ESY1)
- Re: [core] [ALU] Re: Question reg. draft-fossati-… Hudalla Kai (INST/ESY1)
- Re: [core] Question reg. draft-fossati-tls-iot-op… Simon Bernard
- Re: [core] Question reg. draft-fossati-tls-iot-op… Kraus Achim (INST/ESY1)
- Re: [core] [ALU] Re: Question reg. draft-fossati-… Fossati, Thomas (Nokia - GB)
- Re: [core] [ALU] Re: Question reg. draft-fossati-… Fossati, Thomas (Nokia - GB)
- Re: [core] Question reg. draft-fossati-tls-iot-op… Simon Bernard
- Re: [core] [ALU] Re: Question reg. draft-fossati-… Simon Bernard
- Re: [core] Question reg. draft-fossati-tls-iot-op… Hannes Tschofenig
- Re: [core] [ALU] Re: Question reg. draft-fossati-… Hudalla Kai (INST/ESY1)
- Re: [core] [ALU] Re: [ALU] Re: Question reg.draft… Fossati, Thomas (Nokia - GB)
- Re: [core] Question reg. draft-fossati-tls-iot-op… Simon Bernard
- Re: [core] [ALU] Re: [ALU] Re: Question reg.draft… Simon Bernard
- Re: [core] [ALU] Re: [ALU] Re: Question reg.draft… Fossati, Thomas (Nokia - GB)
- Re: [core] [ALU] Re: [ALU] Re: Question reg.draft… Kraus Achim (INST/ESY1)
- Re: [core] [ALU] Re: [ALU] Re: [ALU] Re: Question… Fossati, Thomas (Nokia - GB)
- Re: [core] [ALU] Re: Question reg. draft-fossati-… Pascal Thubert (pthubert)
- Re: [core] [ALU] Re: [ALU] Re: Question reg.draft… Hudalla Kai (INST/ESY1)
- Re: [core] [ALU] Re: [ALU] Re: Question reg.draft… Fossati, Thomas (Nokia - GB)
- Re: [core] [ALU] Re: [ALU] Re: Question reg.draft… Hudalla Kai (INST/ESY1)
- Re: [core] [ALU] Re: [ALU] Re: Question reg.draft… Carsten Bormann
- Re: [core] [ALU] Re: [ALU] Re: Question reg.draft… Hudalla Kai (INST/ESY1)
- Re: [core] [ALU] Re: [ALU] Re: Question reg.draft… Carsten Bormann
- Re: [core] [ALU] Re: [ALU] Re: Question reg.draft… Kraus Achim (INST/ESY1)
- Re: [core] [ALU] Re: [ALU] Re: Question reg.draft… Hudalla Kai (INST/ESY1)
- Re: [core] [ALU] Re: [ALU] Re: Question reg.draft… Fossati, Thomas (Nokia - GB)
- Re: [core] [ALU] Re: [ALU] Re: Question reg.draft… Simon Bernard
- Re: [core] [ALU] Re: [ALU] Re: Question reg.draft… Hudalla Kai (INST/ESY1)
- Re: [core] [ALU] Re: [ALU] Re: Question reg.draft… Simon Bernard
- Re: [core] [ALU] Re: [ALU] Re: Question reg.draft… Hudalla Kai (INST/ESY1)