IETF Logo Mail Archive

Re: [core] CoRE WG Virtual Interim 2021-04-28

John Mattsson <john.mattsson@ericsson.com> Thu, 29 April 2021 09:57 UTC

Return-Path: <john.mattsson@ericsson.com>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 000133A3843 for <core@ietfa.amsl.com>; Thu, 29 Apr 2021 02:57:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.102
X-Spam-Level:
X-Spam-Status: No, score=-2.102 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id StTY6T5XkJfR for <core@ietfa.amsl.com>; Thu, 29 Apr 2021 02:57:48 -0700 (PDT)
Received: from EUR01-HE1-obe.outbound.protection.outlook.com (mail-eopbgr130048.outbound.protection.outlook.com [40.107.13.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A8D9F3A3844 for <core@ietf.org>; Thu, 29 Apr 2021 02:57:48 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=hROtHY9/49Fzhzx9wDqs1nB3wk3gCOW01ULqCvENeapDel9ni7W2Dl1d4RbhCxobg7IQui0v8BN/m+p4di6q1/S1GgBK0bwfWtLA/mbW8381IVVwtHT9YfUXcIVBHfYRVyJORKdmKzzxc0SI9swXJgcFSCriIJQADGWWfFvODTaoYUfSVgnV8AvZcmpgs4RnQ+t6d/VRPRCxySI3MjzZNI89O3M++kweeIhqZjv0CvnM0AhXsuf3GEQeLM1GbPV0SvDXlruDC8oC0+n0yc5UcU3KrxZwnAa04qdZfD94iaEhuyqGO5MjY5EMFL98H16dT+qgelk04kXv3DvpxU9ASQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ppHMs5YqpUcIEzECSNkRsaoD0Qi6OrmVcr1piHOa3Dw=; b=VIANas2Xhjd/EJcSjfNCYZ0kxQy/k8mv/NduDgIfgbgCoQ2Uwslre6zsUwYplJZo8kVEd7g6PsyIWetOpdl6xMIylhhQjPlAE9r0WcsadLyohyGSlex1TpVnzpg8UhNs0OXK3QtWKFu2MHkc9oSxBh27xqRlJw/2bbE1tkCNxlS6omBrNIMp4RewAYfA70jTVG/7M1Yr3NNMe/vL7QHiv1npO8PUiYB3ryRswnMFEeMVLhX9+SFL5CYOOPDeLvlsCaImV83PDYsTsinM2Vf3j/v1e4qj7T4o3i1fpuNdKvY0rOu+mjMzzO/Hrgb7J4wxglavQO9xLgA3+wOW8mv+zw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ppHMs5YqpUcIEzECSNkRsaoD0Qi6OrmVcr1piHOa3Dw=; b=tHaN+Mh4RPEKgNbMkc/X/xThqGEeL/WmB6yzqQnGM+4ahmb8f9q0BLTTwLQIbdUasI8VEbHSDF8DdSxMAJ/iKevgd1Pyqe7uJaElojTJ+YGM43Xn+g7ZhTD7Y543Pe6pVIASBkBlkT305+xsZy3Pes/JIPqYwnKqcyjp3KJvXfc=
Received: from HE1PR0701MB3050.eurprd07.prod.outlook.com (2603:10a6:3:4b::8) by HE1PR07MB3193.eurprd07.prod.outlook.com (2603:10a6:7:35::33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4087.19; Thu, 29 Apr 2021 09:57:45 +0000
Received: from HE1PR0701MB3050.eurprd07.prod.outlook.com ([fe80::b071:a4a:817d:2d3]) by HE1PR0701MB3050.eurprd07.prod.outlook.com ([fe80::b071:a4a:817d:2d3%11]) with mapi id 15.20.4087.025; Thu, 29 Apr 2021 09:57:45 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: Marco Tiloca <marco.tiloca@ri.se>, "core@ietf.org WG (core@ietf.org)" <core@ietf.org>
Thread-Topic: [core] CoRE WG Virtual Interim 2021-04-28
Thread-Index: AQHXNsiCCFaD/+DjsUKQH1vRAF1Q/qrJ35qAgAGQjwA=
Date: Thu, 29 Apr 2021 09:57:45 +0000
Message-ID: <008617DF-D15B-4597-A7B4-F13E3B06C95F@ericsson.com>
References: <9c14ea30-3f76-f840-7e7b-901dcb1c8678@ri.se> <69df215a-b7de-c837-75ee-d118af8b9304@ri.se>
In-Reply-To: <69df215a-b7de-c837-75ee-d118af8b9304@ri.se>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.48.21041102
authentication-results: ri.se; dkim=none (message not signed) header.d=none;ri.se; dmarc=none action=none header.from=ericsson.com;
x-originating-ip: [81.225.97.222]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: bf564412-cb53-4f20-461e-08d90af53cd8
x-ms-traffictypediagnostic: HE1PR07MB3193:
x-microsoft-antispam-prvs: <HE1PR07MB31935289A21ADF98BA94E29A895F9@HE1PR07MB3193.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:4502;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: ngxHQReJ7Fldl3CFfNVefVeUZj1/Gl3we5i7NOmpyVw82SGqyoIHCmQNei+SLkyR+y8o/6ymqjPJFJQeP77L+UOW4/0cCIPSO34o1MEkTv6KNoaPs//J5Ernt7i3TKbYJae+oRh1/n/MH/E3hCB72TODQDI2ECbqNHoVU18ksx+tAfKj60DKhuEjdVyb3SVqnMqn9db5fbaiensgto/uO3vMMxjn2u/5gT+ovn37DKB23gDPxs4SVNUSeJsGeJTcUUmgIdv02szlX0rc7s4tHXzgkoi+IvyzcJqhBK5Wu7EQ0OuVCQtrX7C6XCmkBOUTYkW2Bu+ZbLYeYnob5+2dRNionD9eIM6ot5CW/6qObFJ9k4P3xyzVrtIJMeAVMwUG8M0PgpyPDnBpKOG4o0g9Va03gio3E9v4W/qdXEiQx0+OSIVIfYUhLSdlb2aNXUKcIIChH00t4oLiHFi0QpEjseYPnlOwYLqTUz+5W6C/twbcVQeYpnSdvsoSBz/PquS6280m9c6QRv/UEiUhJ47Z74GhNMif45jMLSX3MDTn7H4lpH5hCIYmHUz2Y+sc4VDGSHseYddPTwEucAkzpvlXNQXmX9Hy48n7MFBklA3qm3ypVR5zoN4pS8p0qKgAazp77E9k2yIPmEb8hL5izKaVZCoai/1PHzlTPr1u5jmOLsTyUOg0A5jH/LZFVpH3FGXvo2eKu0CERtvoPaOMJxIhawwKUpfM0FaKoNmb9nq6Lo4=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:HE1PR0701MB3050.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(136003)(366004)(39860400002)(396003)(346002)(376002)(6486002)(2906002)(71200400001)(478600001)(33656002)(5660300002)(8676002)(966005)(66946007)(6506007)(2616005)(66574015)(66556008)(64756008)(66476007)(76116006)(6512007)(66446008)(110136005)(316002)(36756003)(44832011)(122000001)(26005)(83380400001)(38100700002)(16799955002)(186003)(86362001)(53546011)(8936002)(45980500001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: AFFrjuRAy+969jfVOA8bf6InxMjKvkyeXQ5GaBnADe+Std8kbQ2OVSI9EPwFr6j3Mohu9hrONmSH5pePPRNRa/qTfj34MZqhxp0yN0INBoSDZm7WQSbZRdVaCgxOCQRveBS5OjPF30xTuJM15HPU1ymqA17RNkA6HelQAFmxbm5ciVN8JVCGRA/JnBUkS6bIqMiDnTjSRlEVoI2D59hOv0dHzRy2ojd8UHyrqzhG0FYm+RCC0FM8yhK5F3VqrHrw822trkdC3q75HItKWgVZXkUVB6eRwSqdOWxuGP4gr13qQbnJDs5c8ZnXxhuybKBJCb1BNinJxiZIA/FYgjL1q9ghmy3CVzDlTY/N+9lWSSbL68EwEOhvZc5GX4cZEbmpunKZ8GC3bjXNgHdNrmhQZ59szIYE7fmaEFco2eaztqPDbcOWZray3LsiUDOj3aNB2DCcv5oDrwj3y2NUyh5D36g3+N1O1jkw4DzrDEycRgEKG5wr4nYzfMR1AV7G2hcfKrC158PV9DFGG6JBkHgQBVOkblFzD/onuSsZFpA9eSTrdlwBUgbGtVj1UaCVI0vPrhwlRfA0k3REpcuwIRIRy02zEG72C7+JBb9KRCOQ3S1ylBJaFIshVFp0B9itJMXOLohnPjCos/gQnrcY24SZdscr0dYTwLWHfMzNDpigMnmlG1Dz4KjtD8xtw0qdxnyCoDzIOkeCSo5wAUq4QwW9g1e7HhB25CUpCeiveRCzNGppf6SUhVNEAfXTjvP/hEp9Io7UTeOZu5UBwakE1+MsMgEr/ZMfguKjbQfGacYQ+cGvuTKOwkc2hUu0p94bRFTuwAWAnEghv0/jFKfZBhBGGZ2aRsHNUdV7K8OM1P+HWDwSEooR1pDNANHu+sbutqViAEFl2HycG3AZmCfRQyv1+EwY7Bt97JujROzaTWFSRDu4bEuKEMayf0XQQUCJB8sLzr9k1b02s6LftOjQP1+yfeGwsNOUu0T8x5m2/YR3Ng3TzAQNzPOyTF7+9wcxDHE1HEm6CPpW8G4JiUSJAGLi0cx+bpfZifsnDAq0QDIeyR9m+/vP9Qp/eF3Mr62g+ZKIh1fqWtOxoIZ15Vhh8AIWFOxfkFaNJmBfZg9f6bbqEgVP3pFadW5aLnptevEc4OqQ7XYGH0GY8RdJCY7yVDvT3oXRcxZJ5CCV+YG6NrntRwTOfFK6XlRc+/nVmjHZFlgqIvpBu4IGClK7zkv8i3US5QV1WbRRnCz+NZNSCScTS2bBGTaHbC7ArvZCeb7uZrngD3hUiLIZLtqbTwGsVYph/vhB3rIYs/TZvkZ9CPRrOl1884dSUeV92H/g/aJ4G5Yo
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <FA9BE4152AFF984D997630497FA6BF16@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: HE1PR0701MB3050.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: bf564412-cb53-4f20-461e-08d90af53cd8
X-MS-Exchange-CrossTenant-originalarrivaltime: 29 Apr 2021 09:57:45.2668 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: x2TH568e9YN9HfcOqCSAlOq+G4/0ggpooFlHncsFmd6cN6ZV3zDwvSBM7wJOft9rlXpQ/BmYTRhb/+PCJV4qzArOkuXHH3geEXTRjh64n5Y=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR07MB3193
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/kRwdiI25ROW1dIzO2o1b0OwsJLk>
Subject: Re: [core] CoRE WG Virtual Interim 2021-04-28
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Apr 2021 09:57:54 -0000

Hi,

Below are my thoughts after the interim yesterday:

- Two equally important reasons to rekey, AEAD limits and forward secrecy. A document
  updating OSCORE should treat both with equal weight.
- Frequent rekeying require efficient rekeying, should be published together.
- Other questions like error messages etc., needs to be specified at the same time.
- The limit setting process used in TLS is flawed and should probably not be used at all.
- The limits in TLS are secure, any limits equal or lower does not need motivation.
- Poly1305 v, GCM v, ChaCha20 q does not need any AEAD limits at all.
- CCM v, CCM q, GCM q should be rekeyed around 2^23 - 2^24.5 like in TLS
- CCM_8 v could be used much longer, maybe 2^35 
- Should consider lowering l and CCM q compared to TLS to make CCM_8 behave even more like perfect MAC (right now the attacker can look at 2^23 messages and then send a single forgery attempt). This single forgery attempt succeds with probability 2^60.
- Might be easier to set simple limit of q, v = 2^20 or 2^23 for all algorithms.
- The limit l = 2^10 is measured in blocks (worst case), In bytes the limit is
  2^10 * 2^4 = 2^14 bytes = 16 kB.
- Can be discussed which limits should be MUST or SHOULD.
- Focus on discussion needs to be on how q,v,l limits and rekeying affect applications.

Cheers,
John

-----Original Message-----
From: core <core-bounces@ietf.org> on behalf of Marco Tiloca <marco.tiloca@ri.se>
Date: Wednesday, 28 April 2021 at 14:04
To: "core@ietf.org WG (core@ietf.org)" <core@ietf.org>
Subject: Re: [core] CoRE WG Virtual Interim 2021-04-28

Dear all,

Just a reminder that we are having our virtual interim meeting in 
slightly less than 2 hours [1].

Please find below the information to join.

Best,
Marco and Jaime

[1] https://datatracker.ietf.org/meeting/interim-2021-core-04/session/core


=== Meeting Information ===

Jabber: core@jabber.ietf.org

Etherpad: https://codimd.ietf.org/notes-ietf-interim-2021-core-04-core

Meeting link: 
https://ietf.webex.com/ietf/j.php?MTID=m888a990760425271a1327f53c6714b07

Meeting number: 185 248 9231
Password: constrained


More ways to join

Join by video system
Dial 1852489231@ietf.webex.com
You can also dial 173.243.2.68 and enter your meeting number.

Join by phone
1-650-479-3208 Call-in number (US/Canada)
Access code: 185 248 9231


On 2021-04-21 18:07, Marco Tiloca wrote:
> Dear all,
>
> Just a reminder that we'll have a virtual interim meeting on 
> Wednesday, April 28th at 14:00 UTC. The agenda is available at [1].
>
> Best,
> Marco and Jaime
>
> [1] 
> https://datatracker.ietf.org/meeting/interim-2021-core-04/session/core
>

-- 
Marco Tiloca
Ph.D., Senior Researcher

Division: Digital System
Department: Computer Science
Unit: Cybersecurity

RISE Research Institutes of Sweden
https://protect2.fireeye.com/v1/url?k=4c4a5987-13d16165-4c4a191c-86073b36ea28-2adec21f03723771&q=1&e=dc609331-6b2f-490c-b545-f937c703f065&u=https%3A%2F%2Fwww.ri.se%2F

Phone: +46 (0)70 60 46 501
Isafjordsgatan 22 / Kistagången 16
SE-164 40 Kista (Sweden)

v2.23.0 | Report a Bug | By Email