[core] Rekeying of OSCORE

Göran Selander <goran.selander@ericsson.com> Tue, 10 November 2020 17:16 UTC

Return-Path: <goran.selander@ericsson.com>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7FE603A0D38 for <core@ietfa.amsl.com>; Tue, 10 Nov 2020 09:16:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.101
X-Spam-Level:
X-Spam-Status: No, score=-2.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bxsyGHPH-kvf for <core@ietfa.amsl.com>; Tue, 10 Nov 2020 09:16:39 -0800 (PST)
Received: from EUR02-VE1-obe.outbound.protection.outlook.com (mail-eopbgr20078.outbound.protection.outlook.com [40.107.2.78]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6359F3A0D67 for <core@ietf.org>; Tue, 10 Nov 2020 09:16:37 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=bmqYc4Y0ihTCca3oIet4kNSM2oyM3ly0HeQNWi4AZXPwU8P2ykraODDcdBWcg3OnNEYVfPjlx2zhp2peGA8VsiLe8p+im/Wsb8eLKaPuoQKsTlc5Y3XRFDQrco/BdMVkGX8BuGASzddk8FKjO++jSB5f3xMNxozA6mvlG207OfbPJNSS630YR8DuEgwTpJZJ3ilPBKxIoCf7IiqTADIgmY1daC/hX0NutJQJHX8aQWNsSs+4EQ+OIcWr5mpSNxcqitQV0iqKyHqCt7fXSunPoXr9Zy52FErebkeR7hxPYBXu7fIZRKMSMLgrDLDycRQclW/DlpgBnO1sY1sAcUUBwg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=5mZ3qDI4dRgFBBCkdfsa3YgeNUspT5LBimNR8K4bSz8=; b=lqYq9bFMphdikAPLesMQnn4vhN6Pqlbs3k15WH4G/cC+lIiHo/pksArYvb8ExHbNMq2xFZnfZU2PXwsKJB5PNRGsmpf1sOs+Ss9AVJzb75DlpbEwK1b9KXsKOsmBA5RS5ZtubK/QTJrD0bZn9LaBSflxR1sAC5Pht7r2ym2x/F3HKSZv7j44ir98cB+JVTSjpCWQoKQ3I6Ph9fmMp8cBHsdz5PuVU6YUFnWTDDRFa6s5qKWoJGVPfuAcocNFj1Xo7Mknwl11DDncy3lj1bKYJZWOzDxF934aVXBLwtRBFJ7w0334nAC7nbxX6Ry50pVAgMdiUBbDy7tDNjyiBdy56w==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=5mZ3qDI4dRgFBBCkdfsa3YgeNUspT5LBimNR8K4bSz8=; b=fonQcMI7mALGaKbeqVt9+ww+hs6oLNQ5dJ+0pVuD2qp4RAWj+6yaFAg27m+u4BTH6NgPIA5YfmTf3NaENQ1yWxvtY+OqP9bec+RXYysLxf3DvjofjIyGwrcCdji9kB9gX8M9/bd81vm/gC0/zjvTfiBfiU1Lg0VeO0xuomv08t0=
Received: from HE1PR0702MB3674.eurprd07.prod.outlook.com (2603:10a6:7:82::14) by HE1PR07MB4268.eurprd07.prod.outlook.com (2603:10a6:7:9b::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3541.18; Tue, 10 Nov 2020 17:16:30 +0000
Received: from HE1PR0702MB3674.eurprd07.prod.outlook.com ([fe80::c99c:9978:10bb:e231]) by HE1PR0702MB3674.eurprd07.prod.outlook.com ([fe80::c99c:9978:10bb:e231%3]) with mapi id 15.20.3541.015; Tue, 10 Nov 2020 17:16:30 +0000
From: Göran Selander <goran.selander@ericsson.com>
To: "core@ietf.org" <core@ietf.org>
Thread-Topic: Rekeying of OSCORE
Thread-Index: AQHWt4FYPBPhelkGJU+APZ3wAykSEg==
Date: Tue, 10 Nov 2020 17:16:30 +0000
Message-ID: <HE1PR0702MB367468727A5B2C33F3C1ECC9F4E90@HE1PR0702MB3674.eurprd07.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=ericsson.com;
x-originating-ip: [83.251.145.232]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: f2b82a19-6276-4c15-c376-08d8859c5dbd
x-ms-traffictypediagnostic: HE1PR07MB4268:
x-microsoft-antispam-prvs: <HE1PR07MB4268C6A1C566CE1A7ECF7F8BF4E90@HE1PR07MB4268.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: GFiYQI/CRHuJGgxwsHzD5ccbGZJHoAVyRjKe67Qp4vhAQdYH23W4ue+x3LbBuGuoNJfJ25XKs2gftMORjh6U1Z5tQxDu6FQ+mFpcN2UxYi5mMpdi3DVgiK+/R1/smOqiIq3appfDDD21pATuvaQSmW+Sv/u4s/kKCGDXfwZ0cl2APcI20oI0ZjmRb2j7UhdzuISjEFd1eYPwUxNZbBRHFvbmn2yrvC1hGqfib1h9Eft2u5JEQ3oVoi5w/IjyiPk32ljfhHP7Fz5L4rKKpejWUGC00gj2sPjC/d/3ierW3gON4uP1qITsA/c12Lf9eaExFElaHzQ8PuBxywAyt6vZX/ECTCoTrjNKyzuc5yMaXEZQvji0PrCXRXWwiafPihvLB8hk97Tjlqm38g2MrW3gFg==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:HE1PR0702MB3674.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(7116003)(71200400001)(55016002)(5660300002)(166002)(9686003)(8936002)(6506007)(966005)(52536014)(498600001)(26005)(66476007)(64756008)(66446008)(186003)(33656002)(6916009)(2906002)(66556008)(66946007)(7696005)(86362001)(83380400001)(76116006)(3480700007)(8676002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: 0c0fFN5Lo626doebSzlfzj9+9XM09onFxQDqoPEimdoUmLH5efJlZFKYorBOA2LMJDfJqF2Ckl5IfrahIKyvLWEj6lINu5+9lCjWSUkgmCabmL6ttOM1UrEWC3zh/kgGTbZppvj/q9w1KpghYKwXC5Pkx2ROv4QlOxVi6PX/0Bb3v5SBi/EziiMEoNzuys+czOQmamjeqDaxfEpv+8jw06yedUycBg5hDEUncXKuTitYS5fMqSTsao88sy/uMALLvP2q+VR73tdBKEsxMUY9ICwnBs4CQ/8+Yhq3dSD3ErKFtikqyQTmWAM6yeIJfsFCV1h8cmn7tGwQtN7WiKQC8Z2EQkaiHg9NrYuRguIa+dhQb2os2gHWp9nGJVEWiza2X6UL8bQ2oWomVf6n37zhrlq8czXFn5EYBR4ib0quASSGAX0lmF1gZFmAmehuNeOkShdtBFh2bFWGPClCgkW+wmL5q7gPn3CQ/60vl+LrhJQ7IrvT/mBLnJ65nsBgi4x8ZOqcxvGgSwTYO340CboK4pFT94SqOxlMT5WwUjeY0jBF97S0X42aRORZJZwf2j+3A5XEAYQvdFiy8GSlt82Hi0RCq+fEezelrGz0vr71j7xvrRlUdLVDP6JJlkuTAGD9Ry07SJ/Jb+5fzsaM3O1EMBMdpWqi/qquCEsThaaWukvLynAEb1bJ9XgMuwIJET09FlPIZaUUuLmTJEz7C0bWbvokzDylkROYYd+NrmspxPIK3sipBnDe8tBvD5gOVLhAmsrn77Q3ft2nBYhcGZoZyGPpEas+dlkAUbihkytQ0KTobzdKb44AFcw3l5sQ1axhGPVh+gs89InI01kZxgteLCFlyPUheuu9hlKuupQM/7FYCvJMKBkfp0YWmQDzph3os/074XlpyYCANIzLzxiaPQ==
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_HE1PR0702MB367468727A5B2C33F3C1ECC9F4E90HE1PR0702MB3674_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: HE1PR0702MB3674.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: f2b82a19-6276-4c15-c376-08d8859c5dbd
X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Nov 2020 17:16:30.5715 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 4N+KmX138HoDmA3bKIl+vdV1/TdYfA2sWm2Mik1e39x3RN2CWB8FGPtwDA2J/4ndV4t4VADb4yFPtXyDdbly8Xl0MhJrub1ELebCC/+ohTo=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR07MB4268
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/Z_K_4EhbHDk2wLcJFBEHMlMlBC8>
Subject: [core] Rekeying of OSCORE
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Nov 2020 17:16:42 -0000

All,

There is ongoing work in CFRG on usage limits of AEAD algorithms [1]. Thomas already raised the question what is the impact on OSCORE [2]. A related discussion has now started om the LAKE GIthub [3].

There are at least two different aspects:

  1.  What is the acceptable probability for IoT? This relates to adapt the assumptions of the CFRG document to the IoT setting. There is to my knowledge no activity on this aspect.


  1.  How can we do this rekeying for OSCORE? As discussed in [3] there may be advantages making additions to OSCORE (rather than EDHOC) to allow rekeying as part of OSCORE processing. Should we allocate a little time at IETF 109 to discuss this?


(Items 1 & 2 are independent. With a solution to 2, this may be used with the bounds of [1], potentially leading to too frequent rekeying but on the safe side.)


Göran


[1] https://tools.ietf.org/html/draft-irtf-cfrg-aead-limits
[2] https://mailarchive.ietf.org/arch/msg/core/rK96-Dsyhl4EmtJpOriYEENLs0g/
[3] https://github.com/lake-wg/edhoc/issues/20