IETF Logo Mail Archive

Re: [core] Chairs' review of draft-ietf-core-stateless-03.txt

Thomas Fossati <Thomas.Fossati@arm.com> Fri, 01 November 2019 09:27 UTC

Return-Path: <Thomas.Fossati@arm.com>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2992012012E for <core@ietfa.amsl.com>; Fri, 1 Nov 2019 02:27:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=Z30GA1l1; dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=armh.onmicrosoft.com header.b=PqeYXZrs
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5ZZuQo7aVBKx for <core@ietfa.amsl.com>; Fri, 1 Nov 2019 02:27:30 -0700 (PDT)
Received: from EUR02-HE1-obe.outbound.protection.outlook.com (mail-eopbgr10056.outbound.protection.outlook.com [40.107.1.56]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E83C51200C3 for <core@ietf.org>; Fri, 1 Nov 2019 02:27:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=3iGcBFUsrrzNpfAQ7aCodL/e72paD7m8xSwT798Mwd0=; b=Z30GA1l1pA0FsR4HgbEhFqgOuKWcNpRiUegkORvn4nd1AKUE1yDMKQwvleiBXx7x0lUep7buHHauhu2Dw8i3/tvP14HLOmbACwkRMnrnt/lGcoMFOq9kHMiq0l6v8117f35mZkCCO25pDjJ8XBCJ1/t07A0e0wpNtZDnyakQpds=
Received: from DB7PR08CA0032.eurprd08.prod.outlook.com (2603:10a6:5:16::45) by AM6PR08MB3432.eurprd08.prod.outlook.com (2603:10a6:20b:47::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2408.24; Fri, 1 Nov 2019 09:27:26 +0000
Received: from AM5EUR03FT011.eop-EUR03.prod.protection.outlook.com (2a01:111:f400:7e08::202) by DB7PR08CA0032.outlook.office365.com (2603:10a6:5:16::45) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2408.20 via Frontend Transport; Fri, 1 Nov 2019 09:27:26 +0000
Authentication-Results: spf=fail (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; ietf.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;ietf.org; dmarc=none action=none header.from=arm.com;
Received-SPF: Fail (protection.outlook.com: domain of arm.com does not designate 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com;
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by AM5EUR03FT011.mail.protection.outlook.com (10.152.16.152) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2387.20 via Frontend Transport; Fri, 1 Nov 2019 09:27:26 +0000
Received: ("Tessian outbound 0cf06bf5c60e:v33"); Fri, 01 Nov 2019 09:27:25 +0000
X-CheckRecipientChecked: true
X-CR-MTA-CID: a8c674ac3358a1bc
X-CR-MTA-TID: 64aa7808
Received: from 4fb70613605c.2 (cr-mta-lb-1.cr-mta-net [104.47.4.57]) by 64aa7808-outbound-1.mta.getcheckrecipient.com id 077D9A43-CF4B-4176-90A0-708032ACC915.1; Fri, 01 Nov 2019 09:27:20 +0000
Received: from EUR02-AM5-obe.outbound.protection.outlook.com (mail-am5eur02lp2057.outbound.protection.outlook.com [104.47.4.57]) by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 4fb70613605c.2 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384); Fri, 01 Nov 2019 09:27:20 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Q3Shp1xZaYYzAXXjyn42ipBWLdG30ZmsBN2BYO9/nKcwMIj8y95rwQz7u8dlzhOI53PofzOByVuqHygCQogZX3le6xklxgdyfI0qchVZ1ywA19FHwAc4r3E1EbmbxBqJlgADNY9juh82+N+tt7kckNPAwp/jyAWO5m85VfpY0hYsZQgMYyJiCT9TAgr6Ib59q6OgMqegY/Jk1o0MQnIlZllT5U04Jlhoq+LuIpltc95aQCvREkO383tit2WSn4PTreEsOkeoS2t5jCvcdz9mAlGSbS4QlVV0P+YTFZIM3qQsaZZEALY4FXzEobRwTi3wnk7pzegHw4fbuGNKlIGWUQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=2ojrH5WbHbkj1m5a1aTpIZkWOCuZe0ZHUjjsYRHRUeQ=; b=H/1/GBXuh8sJII7Ca04bg371q4yLYCmaDYisEsI9jn5wyM+KZ29JcEeL/50rptCr9s9d/hwTKp0UIQKmcu9aGCcCo6K/38yV13tnqd438sxskjsoXIf96gIWMji7t8KBcOHv8kQ0XgTeVDfh21k2rg/TpNepyQkYOKDuOcSyA0+TSnXveD9NNEAbI1aMie7bq4XhddArf+HU3pwYWTi12FYgtQwnO3cbI9SiDWX+kjeU87w0NzwHsOUj8UZTsJELwihL5LlKgaL/JVA2K6UDUyjbi7D457ThhmOjHoq4f/X2YDQrSifWu6ZmItHw8otggMhRe9moBwCTd08AxtAPLw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=2ojrH5WbHbkj1m5a1aTpIZkWOCuZe0ZHUjjsYRHRUeQ=; b=PqeYXZrsNXCThJi42Jzvijaa2tjxuwdTTDWVLCPEo2N9ZsZbxoh4U3HARQGeaqiD8+SdqlDBtuK2VHQMDPt3qk1dOzvITrkxIOD9cP5vFzg5IXt8yMkQbhEo9K5pFwFgiRWd5Br2+6j4UEnX1R/9Bjwui+ZsSN8KOZkOSaXuU5E=
Received: from AM6PR08MB4231.eurprd08.prod.outlook.com (20.179.18.151) by AM6PR08MB3271.eurprd08.prod.outlook.com (52.135.164.152) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2408.24; Fri, 1 Nov 2019 09:27:18 +0000
Received: from AM6PR08MB4231.eurprd08.prod.outlook.com ([fe80::8855:3670:214e:4791]) by AM6PR08MB4231.eurprd08.prod.outlook.com ([fe80::8855:3670:214e:4791%6]) with mapi id 15.20.2408.024; Fri, 1 Nov 2019 09:27:17 +0000
From: Thomas Fossati <Thomas.Fossati@arm.com>
To: Carsten Bormann <cabo@tzi.org>
CC: Core WG mailing list <core@ietf.org>, Thomas Fossati <Thomas.Fossati@arm.com>
Thread-Topic: [core] Chairs' review of draft-ietf-core-stateless-03.txt
Thread-Index: AQHVkA3YEJ6KX4GxvUKlGfPZMuTycqd1UmQAgACNDoCAAC2NgA==
Date: Fri, 01 Nov 2019 09:27:17 +0000
Message-ID: <1E2451F6-553A-48A7-A97D-20245A9AD4FF@arm.com>
References: <157237477119.11043.4363082013315464920@ietfa.amsl.com> <F964F5EF-96F7-49EC-BECB-0604B16F31FF@tzi.org> <27A826D9-5F28-4044-BE61-E7CD1C05EA90@arm.com> <781AE8D3-761F-461E-A727-C918391E158D@tzi.org>
In-Reply-To: <781AE8D3-761F-461E-A727-C918391E158D@tzi.org>
Accept-Language: en-GB, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.1e.0.191013
Authentication-Results-Original: spf=none (sender IP is ) smtp.mailfrom=Thomas.Fossati@arm.com;
x-originating-ip: [217.140.106.49]
x-ms-publictraffictype: Email
X-MS-Office365-Filtering-HT: Tenant
X-MS-Office365-Filtering-Correlation-Id: ad0a68c0-81ae-4a12-b00c-08d75eadb57c
X-MS-TrafficTypeDiagnostic: AM6PR08MB3271:|AM6PR08MB3271:|AM6PR08MB3432:
x-ms-exchange-transport-forked: True
X-Microsoft-Antispam-PRVS: <AM6PR08MB3432D2803A97741F2CA52B959C620@AM6PR08MB3432.eurprd08.prod.outlook.com>
x-checkrecipientrouted: true
x-ms-oob-tlc-oobclassifiers: OLM:10000;OLM:10000;
x-forefront-prvs: 020877E0CB
X-Forefront-Antispam-Report-Untrusted: SFV:NSPM; SFS:(10009020)(4636009)(366004)(346002)(376002)(39860400002)(396003)(136003)(199004)(189003)(8676002)(81166006)(81156014)(229853002)(478600001)(6436002)(64756008)(6246003)(14454004)(6486002)(25786009)(76116006)(26005)(54906003)(91956017)(8936002)(99286004)(6512007)(66946007)(4326008)(66476007)(66556008)(76176011)(58126008)(316002)(53546011)(102836004)(36756003)(6506007)(71200400001)(186003)(2906002)(66066001)(7736002)(6916009)(66446008)(71190400001)(305945005)(86362001)(256004)(14444005)(486006)(5660300002)(11346002)(476003)(2616005)(3846002)(33656002)(6116002)(446003); DIR:OUT; SFP:1101; SCL:1; SRVR:AM6PR08MB3271; H:AM6PR08MB4231.eurprd08.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: uqNjIvAn3TUa8CKpEmb5LJvaTNCYZGkJxG38yIDOZImHAvlHLOdXrhWKldEHQmpnN73C7ucBb8C02gHAL8mtWott6cQ7vh6M3x3Sc/cHkLWPVynjBwNaxR+zsoMv/yuGuy3BY2iURBlZi3pd7OYCa75LZwq3FUTm65pvaRZiKwHjjW8ITTBtsFzgzerwgElII10iSutwLuO0rfzUJ8e262ji9I7rnTZoJVSXDQ8WvyWX9qUOqi8Vw9CtUIRThD/mRyiQ0VGACZmjA65EZd2bDJ/XnEhnwqLo9WFUHz35Du0aX1OfVcxtMo3VmSz6g9tJQ0ZaYZjfUfC6zCYHlrCtJEWr9HunO6t3soPrtTJ92C/xDItXxt/+CyykmluJRSm1kPXKOVlcZF4Lg/XLTxaIs2YG4UqSYLNPeC2m1FcJCwSMzExgYv+KfgJ50tEsi8o/
Content-Type: text/plain; charset="utf-8"
Content-ID: <DADAF6E6051388469688375A7BEE5E9F@eurprd08.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR08MB3271
Original-Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Thomas.Fossati@arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: AM5EUR03FT011.eop-EUR03.prod.protection.outlook.com
X-Forefront-Antispam-Report: CIP:63.35.35.123; IPV:CAL; SCL:-1; CTRY:IE; EFV:NLI; SFV:NSPM; SFS:(10009020)(4636009)(346002)(396003)(136003)(376002)(39860400002)(1110001)(339900001)(199004)(189003)(40434004)(8676002)(26826003)(229853002)(81166006)(81156014)(478600001)(105606002)(6246003)(14454004)(6486002)(25786009)(36906005)(26005)(54906003)(8936002)(99286004)(6512007)(4326008)(6862004)(70206006)(70586007)(76176011)(23676004)(58126008)(316002)(2486003)(102836004)(76130400001)(53546011)(36756003)(6506007)(186003)(22756006)(2906002)(47776003)(66066001)(7736002)(305945005)(86362001)(436003)(14444005)(5024004)(5660300002)(486006)(336012)(11346002)(476003)(2616005)(3846002)(126002)(33656002)(6116002)(356004)(446003)(50466002); DIR:OUT; SFP:1101; SCL:1; SRVR:AM6PR08MB3432; H:64aa7808-outbound-1.mta.getcheckrecipient.com; FPR:; SPF:Fail; LANG:en; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; A:1; MX:1;
X-MS-Office365-Filtering-Correlation-Id-Prvs: 19fed241-d0ef-4947-6e5d-08d75eadb06f
X-Forefront-PRVS: 020877E0CB
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: aOkBdCN0Q2D6UplslYkoyZRvPvAAS9lEKQNFs9Y7B8UYSXyoieW6jIGuIhee3VkaZwpNy6wFp4Ph5x2jaWItLGEqn9EDhL0tBxPLqBFRrI1f903q1VhvwZkB1lLATqi8TisOJ9Ta9iLBGYget6giINEqFib7d9S5DKOsjVjygST+5yh73oa88YZ0Xs1EQdpvZwFX8ZToqTrrDqeB5MoLFvy7qJnasfDws7MGk33YW+1DwiST4MWq5FzQpq3Q+nLkXOHXkbxGNBfT9V80IThFSuIiacyblq7QGDqH7nK6ppposZxU4Ps2L2/uha4DjzZf7Tpw+zQTXEhJWwJ0oH5lzNc9NKNcBq5kYJ2DfHbW8YgrGXJHpqa0qqPWPBxiG8sZzUpQldDK/pwmIhBpjXnniwPrqreaMcCnSOIp+lvhnan73e5/9ZxZgHlfLsSZ6vr5
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Nov 2019 09:27:26.2854 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: ad0a68c0-81ae-4a12-b00c-08d75eadb57c
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR08MB3432
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/gfqxPgHuDEepoP6-dubTGv4OXuk>
Subject: Re: [core] Chairs' review of draft-ietf-core-stateless-03.txt
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Nov 2019 09:27:33 -0000

On 01/11/2019, 06:44, "Carsten Bormann" <cabo@tzi.org> wrote:
> > On Oct 31, 2019, at 23:19, Thomas Fossati <Thomas.Fossati@arm.com> wrote:
> > On 31/10/2019, 17:08, "core on behalf of Carsten Bormann" <core-bounces@ietf.org on behalf of cabo@tzi.org> wrote:
> > >
> > >   When using AES-CCM, repeated use of the same nonce under the
> > >   same key
> > >
> > > Not just AES-CCM, just about any AEAD.
> >
> > The problem is not with AEAD per se, we could have picked GCM-SIV
> > and there would have been no trouble.  The problem is with the
> > underlying CTR.
>
> Right, that’s why my proposed text specifically talks about
> "encryption mode that depends on a nonce".

Yes, I think your suggestion is a good one.

> > Quibbles aside, the document recommends CCM -- over other AEAD
> > constructions -- and does so consciously, I think, to provide the
> > best trade-off between overall security, wire efficiency and
> > processing cost.
> >
> > This point does not surface in the current text, but the
> > recommendation for CCM is actually quite precise, and maybe worth an
> > upper-case RECOMMENDED?
>
> I agree that this is a good recommendation.  It is not an
> interoperability requirement, though (and 64 bits of authenticator may
> actually be a bit low for some applications), so the purist in me
> isn’t thrilled about using a BCP 14 keyword.

Correct. I was pondering over a "strongly recommends" instead, but it's
probably not the right thing to say either.

OK, apologies for the noise :-)



IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

v2.23.0 | Report a Bug | By Email