[core] New Version Notification for draft-hoeglund-core-oscore-key-limits-01.txt

Rikard Höglund <rikard.hoglund@ri.se> Fri, 16 July 2021 11:37 UTC

Return-Path: <rikard.hoglund@ri.se>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E6DDD3A333B for <core@ietfa.amsl.com>; Fri, 16 Jul 2021 04:37:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ri.se
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4t3VBbsiqgi1 for <core@ietfa.amsl.com>; Fri, 16 Jul 2021 04:37:24 -0700 (PDT)
Received: from EUR05-VI1-obe.outbound.protection.outlook.com (mail-vi1eur05on2081.outbound.protection.outlook.com [40.107.21.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7311F3A333A for <core@ietf.org>; Fri, 16 Jul 2021 04:37:24 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=FqyPNT8NF4fJLHxBh7QJphX3bbIzQ3I9HD/OKCuBmEl8svTC48UGwDLS57RBhYn02t9vBm+ehPNW2crqPANFbt4Ln0E5S7tBO+e5VmP5U+QE3eYJWRfy+B6twEdFIj9cW6MlVIzpMNLE4T0QMGdV5bWI+Az1bkgha09Oa9OIP31G+GBMCaK41sJUOrPZExOpqDk6QRA5qZD7JN1sfouZt6wDedC8lGTeaG4+J0htUrgOh/er5uWTTI0U5iueWFSQ+jA8q4FLyDOKDC4l3x020B54FHw0ea8RWX7/DoczfNFzSJbYEBlYpb5OBPnFgPaHimN7pMc/hA4ejXuMHbVYaw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=DCeAZSt9UsvPtGrcumPTSmfrMX/rj9dw7mhkBun8uzg=; b=Wb0DYQCzfNAyVCeseuy9UpUOLZA02MGwrvKKVsRQgVWBgaolp6bI9uDwr3kPR6x72kCFG4xkuM+YjKoj4t4j5H7OYywbTZDdPjvI1dWL61FtuPqgaLBpeWYvOW9u2fZNae29UoS6R0DoLn4ROUSWBkgfVDrPU95JR+OYioMJDmOQT3ExmbCSit0fwd0atpP83h33teA+Cj7CF18pvP59bqVDXida3sb4kwSz3VuK7jqwrjxwY6cSg1KbViyVI7MiB3VMHYYTPa90TYK5UwgvZOaQ/ETBUtBa6LwxuUtvst9/lg3B5yoaTbTBRqEJwF2k9OULfTgafm7R6w1ivr13NA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ri.se; dmarc=pass action=none header.from=ri.se; dkim=pass header.d=ri.se; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ri.se; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=DCeAZSt9UsvPtGrcumPTSmfrMX/rj9dw7mhkBun8uzg=; b=JHdef8+iKD6Lkp2nrVpSY8eJgA6tmGmqtK4V1qzVnPEZ7NY2HPowZQXvI+M5JZ3tX8xa8FrXWtrbV9m4uHU0R9d1F5tFIxbtfbWpPWgbyS4ofTT6iLABqxn4fX3gWX8fJbWwC7arWSSOJmqpvEdRHvou1OxT91MKK80dIg04J4w=
Received: from AM9P189MB1571.EURP189.PROD.OUTLOOK.COM (2603:10a6:20b:30d::9) by AM8P189MB1363.EURP189.PROD.OUTLOOK.COM (2603:10a6:20b:237::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4331.21; Fri, 16 Jul 2021 11:37:21 +0000
Received: from AM9P189MB1571.EURP189.PROD.OUTLOOK.COM ([fe80::8c90:1aa4:4f3c:6b4f]) by AM9P189MB1571.EURP189.PROD.OUTLOOK.COM ([fe80::8c90:1aa4:4f3c:6b4f%5]) with mapi id 15.20.4331.026; Fri, 16 Jul 2021 11:37:21 +0000
From: =?iso-8859-1?Q?Rikard_H=F6glund?= <rikard.hoglund@ri.se>
To: "core@ietf.org" <core@ietf.org>
Thread-Topic: New Version Notification for draft-hoeglund-core-oscore-key-limits-01.txt
Thread-Index: AQHXdyt0OY5GC2TKS0uS2E+ievEvI6tFffR7
Date: Fri, 16 Jul 2021 11:37:21 +0000
Message-ID: <AM9P189MB1571439A130A663EC13540A783119@AM9P189MB1571.EURP189.PROD.OUTLOOK.COM>
References: <162610065278.15528.15134519536449122090@ietfa.amsl.com>
In-Reply-To: <162610065278.15528.15134519536449122090@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=ri.se;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 29f463d3-0242-4c6f-8400-08d9484e1322
x-ms-traffictypediagnostic: AM8P189MB1363:
x-microsoft-antispam-prvs: <AM8P189MB1363876B3A495908A838A82983119@AM8P189MB1363.EURP189.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 5km5I7OSKQ6tys7QZmwP6s3V0i1rVEPUhQfvLzqHJGLJXX9f/jX7iOV3Sfu3Rb5PuDV1Tl2mZs3Z0NwPzi58R8muTJe+R4Q8ML82uPgpvffLRcygkVFtoa2cXHjtsFvCpPyjuJMKFaDiDkHXskpyK5knOMqprMGKUOdKVmnIxXKI86AhakiaAeT9uY5+wnliTaLq71yxDBEyiC4zqtkbHE8DPJvagAXQfBp6A0TSgkVtIuA9x5pzuREe3L/eIYTayYVcLjppVjiz2UHNMWjmGoTpr+XAYpvhlh6tv6UhVX8vWvyALVSlahTxhZbqDwUD1N+pDM71Iv6ytNuOLmG+inHW2+iM6RmowQ0/o198o5t9BKqmamUajuwAPdF5gmdyzoZK6Xnyu+ljWhy8THGbx1xudIXaZtmcOBZHIvIE20/yognrdtYtLJ/Oeh+pF/7uyv7C9RgpEPkT2pnMQQ7BzVMaNzGKBIiZmcMoqd0/Rybt8ysjDjtasKhtJSy2oI/6tuhKyZ/YmKBHp0fqraXXnWDAq/Nfn02nfzLpgSsRBnrnq7fJxB/n/B0AQJIwvRSC7dIS1ekPhCg5yMBvD/XPpzBFuBlzcSzq+7zmas/txM9gdHP9QQW5JEwx6bOQq88ja9AEHL0E7raVn3/RHRP3E5VPYIAssrCB48WcPdoggG6uRmXQKbF8lx4NPp/2XApm7Avf4bGxyi5xNgbrhp+VcW3DWlW1NOFphn/lE/6MjjU8a15tmthNFUiS0WIkxa9qJxEACQ9UiQdKLbZ+EmcPpwNOoXrUbGAGNS8XG/J6pu0=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM9P189MB1571.EURP189.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(4636009)(366004)(346002)(396003)(39850400004)(136003)(376002)(7696005)(66574015)(83380400001)(52536014)(2906002)(122000001)(9686003)(38100700002)(166002)(15650500001)(71200400001)(86362001)(19627405001)(6916009)(478600001)(45080400002)(316002)(76116006)(966005)(8676002)(55016002)(8936002)(5660300002)(53546011)(66556008)(6506007)(64756008)(186003)(66946007)(26005)(33656002)(66446008)(66476007)(38070700004); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?iso-8859-1?Q?ClLk06KPv5HeHoObUZYYBxOuqgn5ddUuxL2Rrsjv6y9sALnrtoiW1/zw9M?= =?iso-8859-1?Q?cs/yUDqqApj9MG8NUxriAU8+UufkcE/h1b6hSsj/A8/D5OFeNMWwP3NKXK?= =?iso-8859-1?Q?vsR7X0VbLz+idnmqlzPbFNUubxcd/1+QuunZVci1Y6jCstTkPXadK629nh?= =?iso-8859-1?Q?e5V3JEh+d155VuSXtEuQabnkA8V7CxGZX3td6dNYW/WIMLNsK39XSda0kP?= =?iso-8859-1?Q?cCo4KYnms8MKlmou+6SeBHr7OABbgu8solu4G7XHJGMFgklr5JEGzaPeax?= =?iso-8859-1?Q?T7/W+taPWdBRPVzufPm2o9l7n01Cx3E2XxtTG9jyBtJC6Gv2TjGaK9hywQ?= =?iso-8859-1?Q?sLcjStNkrqi0BegmoMP9yEzL7GpQ3c/X9nSqC8VU3YoDC0KPwPcbac8JSv?= =?iso-8859-1?Q?3d9dA5oZ11KJR89v4pY26frhpqeEzXvcClusfaUY9BGgZoRPm05SNRY3M5?= =?iso-8859-1?Q?jOuXR5daYpTzDuU82muLqwwXB/a9M19azzJojuUHzkziQZxBxewF1P2mFK?= =?iso-8859-1?Q?PrIqzWc3nL0lER9QxvFmrvjlGeefd+VjRNXQ/Mt0+73LSPA+yyoXhS2e4F?= =?iso-8859-1?Q?FupbxAqD+kxwh5ktBE7lkEXD3tXDs0K0JfwBHfSXjtgDDWTWRKcomDf/6w?= =?iso-8859-1?Q?sreBQ/zbMyMoMfYUn98y+eBEVl25RQ60tC4qXcfuRGV3SHDtfVVK9SVtcJ?= =?iso-8859-1?Q?cah5tCsK4oKbTfRL9U/vnYFkZZeU5T3ri7aTGfKvQQabBdtwLGawY65qYf?= =?iso-8859-1?Q?DaKPKWGUS1+uxSTUAZIXFvJ61uDc9/MStnxEiIG/UaywjRaepglqPaU6Ug?= =?iso-8859-1?Q?skGudiNwQIk8vmC2dB+VyUrpYbsumyjZC20B8cbqgbmMmUTpSbrbC96gnJ?= =?iso-8859-1?Q?BamYmx8Ws8je7HhX0qIq5mk2oRQkdhIDeBgtJMgUCqORFTpRjHgcw3SGTw?= =?iso-8859-1?Q?UK3kBNmfia8VZT7rZS+U4A/RAGk47H4O3G0pVlnVGVDRcjwLuTh7JEhrGq?= =?iso-8859-1?Q?uMl7RiUGJznPmcR/iF3K8xTbDE9V/yR60A4POeDvJd5ih+Rlqt1R+/remh?= =?iso-8859-1?Q?DMlS3vnOlyb4WMKJKg88TDV34uuh20XJNuR4Jd8JU4Z0kgaMzx0niJajve?= =?iso-8859-1?Q?xmTT3YKxea8Z+3aTSzKc9s5qCezrxUrSYWoIWhQei5EZmeY2shBAe17ffP?= =?iso-8859-1?Q?VTy6Vo+/ZfL0yjShALhg23rHxJojemeKiXxeunf6lZ+PAKXpyRlr2nfgEr?= =?iso-8859-1?Q?jUfLRQVnWp+v6yBrD0lQ0fkxo39J1wc5bKO+LbyGKGCj4ib6voQhBnKYUB?= =?iso-8859-1?Q?3gWquuSPRGJBmqdF5fVF3CSOQBfESc9hZvpcwB2H1vbi0os=3D?=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_AM9P189MB1571439A130A663EC13540A783119AM9P189MB1571EURP_"
MIME-Version: 1.0
X-OriginatorOrg: ri.se
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AM9P189MB1571.EURP189.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 29f463d3-0242-4c6f-8400-08d9484e1322
X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Jul 2021 11:37:21.4188 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5a9809cf-0bcb-413a-838a-09ecc40cc9e8
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: I41nMdDfbvKHnSXC4ewyTst2fwDH1MoFOswP//2QjQzTWqwvTvN92dgkudDzymgi3zDdbZxLKue/PmFDH5L7BQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM8P189MB1363
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/bvaHkvxlfRL_1NLqhbjEWU8dBj0>
Subject: [core] New Version Notification for draft-hoeglund-core-oscore-key-limits-01.txt
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Jul 2021 11:37:30 -0000

Hello CoRE,

We have submitted an update for the draft "Key Update for OSCORE" --- previously known as "AEAD Key Usage Limits in OSCORE".
https://datatracker.ietf.org/doc/html/draft-hoeglund-core-oscore-key-limits-01

This document considers the CFRG draft at [1], and accordingly defines how two peers using OSCORE must take limits of the used AEAD algorithm into account, and what steps to take in order to preserve the security of their communications, e.g., performing a rekeying. Also, this document specifies a lightweight method that two peers can use to update their keying material and establish a new OSCORE Security Context.

Building on what discussed during the CoRE interim at [2], this update covers especially the following points:
1) The proposed key limits have been revised, mostly based on input from John Mattsson as per slide 11 of [3].
2) As reflected by the title change, the document scope has been broadened to include also a key update method, that the two peers can use to update their OSCORE Security Context.

Comments are very welcome!

[1] https://datatracker.ietf.org/doc/draft-irtf-cfrg-aead-limits/
[2] https://datatracker.ietf.org/meeting/interim-2021-core-04/session/core
[3] https://datatracker.ietf.org/meeting/110/materials/slides-110-saag-analysis-of-usage-limits-of-aead-algorithms-00.pdf

Best wishes
Rikard Höglund

________________________________
From: internet-drafts@ietf.org <internet-drafts@ietf.org>
Sent: Monday, July 12, 2021 16:37
To: Rikard Höglund <rikard.hoglund@ri.se>se>; Marco Tiloca <marco.tiloca@ri.se>se>; Rikard Höglund <rikard.hoglund@ri.se>
Subject: New Version Notification for draft-hoeglund-core-oscore-key-limits-01.txt


A new version of I-D, draft-hoeglund-core-oscore-key-limits-01.txt
has been successfully submitted by Rikard Höglund and posted to the
IETF repository.

Name:           draft-hoeglund-core-oscore-key-limits
Revision:       01
Title:          Key Update for OSCORE
Document date:  2021-07-12
Group:          Individual Submission
Pages:          21
URL:            https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Farchive%2Fid%2Fdraft-hoeglund-core-oscore-key-limits-01.txt&amp;data=04%7C01%7Crikard.hoglund%40ri.se%7Ca852159407fe4157e00d08d94542969d%7C5a9809cf0bcb413a838a09ecc40cc9e8%7C0%7C0%7C637616974557681475%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=kPrsqBxyArLYJ%2F2GStdR3Y1ue4tc1Q7AVCIDmMY%2FjgU%3D&amp;reserved=0
Status:         https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-hoeglund-core-oscore-key-limits%2F&amp;data=04%7C01%7Crikard.hoglund%40ri.se%7Ca852159407fe4157e00d08d94542969d%7C5a9809cf0bcb413a838a09ecc40cc9e8%7C0%7C0%7C637616974557681475%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=t8CQXg608X5QAk9MjfScx%2FhojlgBXtonN%2BeDcKXPAqE%3D&amp;reserved=0
Html:           https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Farchive%2Fid%2Fdraft-hoeglund-core-oscore-key-limits-01.html&amp;data=04%7C01%7Crikard.hoglund%40ri.se%7Ca852159407fe4157e00d08d94542969d%7C5a9809cf0bcb413a838a09ecc40cc9e8%7C0%7C0%7C637616974557686445%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=KqlGT%2F2atIi30rDaEEqMiU%2FVypdFhismYAffqvK%2FtCA%3D&amp;reserved=0
Htmlized:       https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Fdraft-hoeglund-core-oscore-key-limits&amp;data=04%7C01%7Crikard.hoglund%40ri.se%7Ca852159407fe4157e00d08d94542969d%7C5a9809cf0bcb413a838a09ecc40cc9e8%7C0%7C0%7C637616974557686445%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=6KdeONArX%2Bc3VJSmMt%2BWKC0VpFm3UgGvrL8bleKT5qo%3D&amp;reserved=0
Diff:           https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Frfcdiff%3Furl2%3Ddraft-hoeglund-core-oscore-key-limits-01&amp;data=04%7C01%7Crikard.hoglund%40ri.se%7Ca852159407fe4157e00d08d94542969d%7C5a9809cf0bcb413a838a09ecc40cc9e8%7C0%7C0%7C637616974557686445%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=itYHNW%2FKFsWR7x3cn50HsrKLKqN7wb9wazh3HqeEQiE%3D&amp;reserved=0

Abstract:
   Object Security for Constrained RESTful Environments (OSCORE) uses
   AEAD algorithms to ensure confidentiality and integrity of exchanged
   messages.  Due to known issues allowing forgery attacks against AEAD
   algorithms, limits should be followed on the number of times a
   specific key is used for encryption or decryption.  This document
   defines how two OSCORE peers must follow these limits and what steps
   they must take to preserve the security of their communications.
   Therefore, this document updates RFC8613.  Furthermore, this document
   specifies a lightweight method that two peers can use to update their
   keying material and establish a new OSCORE Security Context.




The IETF Secretariat