Re: [core] KUDOS, PFS and operations considerations
Göran Selander <goran.selander@ericsson.com> Thu, 18 November 2021 06:36 UTC
Return-Path: <goran.selander@ericsson.com>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 835A63A0542; Wed, 17 Nov 2021 22:36:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.801
X-Spam-Level:
X-Spam-Status: No, score=-2.801 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.701, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I3F6FwLah6W5; Wed, 17 Nov 2021 22:36:08 -0800 (PST)
Received: from EUR03-VE1-obe.outbound.protection.outlook.com (mail-eopbgr50083.outbound.protection.outlook.com [40.107.5.83]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 65F693A0400; Wed, 17 Nov 2021 22:36:08 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Uym2FVF3SSD2oKsxLMVLyP7k8IQRIW0iZJGC9pJm174/KlCUoTvWhEJO6XG4Qb5UhPLFpRL1z03KkS5R1PsVZgjXAz7f08ai2Zz9DRiqwEE1/ogbuR6lNHBuWm5zDtCdcERjYVVUplgcokt98zdJrVMi1Mg2agS4b537+xzq2tlW6fFWsdnIk+TiypsEuz8CaVOfQTFNVEHY8HOpW8eiBCn/HcllTrXlpahiFAdKL/LH3cCwCx6Oa8FJJlKs1BGY8Rgl9leSUohuUkH6iVgGPCTw+mYgUd0+87tXeK1td/8qiPtxc+70/93jljq9Tx+lonF9E2jofeY9ZwtPEKTN3g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ZHF6fswXBEniyYVqQ4X8jNNLNLl3sRGemQBnnWfdBps=; b=ex5tbyrOTkGzSUqmdl7AI+lCg6o3xW+vw/GEHed4MjHFgA7MdBGBYxy3qgoaiem6QT+TualiS7IaW5tn37Wp/oCzMvrXL8jrNIFVjXNT5m/sV+OXId3exk5DSQY8CYMO5/KoUmwzQT9beCP6vJLB13qbbaKInhA5Xd60T464B8+61xUXxQR3dNvmWyHLstOgnICy4kjCiEI4FNGOcEgr8zoy+6M2ZCOOHzFFvuh3/TL3jUGHqMtLWA7YwWOKHYF25yVh7ZQVu7r+ypIERswCwH/I8E78Ya9Ud1hJThMQ1DCIVRRTUW/L233cZapH1yPOjn602refTd0Vn6huqajfVQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ZHF6fswXBEniyYVqQ4X8jNNLNLl3sRGemQBnnWfdBps=; b=cKLzEev211oYZuJeX+VYx4z6fmRINfUjyLn/VkCFwpPnG3J3db3LxWyzHQ3sJs3veJ2hqVQmCEVsP+IBgv5L6SkJcBe3ufKsQFcjbNGZEkNT8JZiLF7DGSV7lwPsWxbn0vSbaiH25YRJiAE9/1QcHRTBa9tF/lasDmb38YVuccc=
Received: from AM4PR0701MB2195.eurprd07.prod.outlook.com (2603:10a6:200:45::6) by AM4PR07MB3316.eurprd07.prod.outlook.com (2603:10a6:205:5::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4734.9; Thu, 18 Nov 2021 06:36:02 +0000
Received: from AM4PR0701MB2195.eurprd07.prod.outlook.com ([fe80::7dea:b76c:191:ec29]) by AM4PR0701MB2195.eurprd07.prod.outlook.com ([fe80::7dea:b76c:191:ec29%11]) with mapi id 15.20.4734.010; Thu, 18 Nov 2021 06:36:02 +0000
From: Göran Selander <goran.selander@ericsson.com>
To: Christian Amsüss <christian@amsuess.com>, "draft-hoeglund-core-oscore-key-limits@ietf.org" <draft-hoeglund-core-oscore-key-limits@ietf.org>, "core@ietf.org" <core@ietf.org>
Thread-Topic: [core] KUDOS, PFS and operations considerations
Thread-Index: AQHX294UPnsF0iTPZk6ravxX6Tw9HKwIz/QQ
Date: Thu, 18 Nov 2021 06:36:02 +0000
Message-ID: <AM4PR0701MB21954E6AF7631D0ABDE18127F49B9@AM4PR0701MB2195.eurprd07.prod.outlook.com>
References: <YZVE7O8r7aF9/0mG@hephaistos.amsuess.com>
In-Reply-To: <YZVE7O8r7aF9/0mG@hephaistos.amsuess.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 05f37391-6b83-4ca4-b861-08d9aa5db0cb
x-ms-traffictypediagnostic: AM4PR07MB3316:
x-microsoft-antispam-prvs: <AM4PR07MB33162421951BD93E77634A72F49B9@AM4PR07MB3316.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: RtxxBhwI/I8u0kDmJaELsHHkfbNXb+ValVSM6ZwjhEtm6rUwxNk2MeI9aCVz+ZNw0yClHWV0jNDKiy9zaLmcxiVBQHldn1w08iN3TEeEMHMgcs4OqeG0COO8JeJWQg9aSikefxtdvuq1GhjTZNLQ3m9EWtoL0oirNwBSh7eO5IAauEnEDknME7cuN5f3qB7vu+ILWnTs5SJhzHFu+Ivf3pZtEzCfU1+2Etv6VwPGvIPNX0D4S7GsHxupOJ2g85OxksfFzHF0dsE3Vs3GNVTEDLJXUnuFqCcg+WnsjYxecR2qqopKrDGD9Bp5bXYzsDPT2LcbIQ0zb1Kw6KRiJurknviiu3SZ5VwuCyj04HiQ7kpIDfGrMgtpJbjDHO+MiE2pdLw14VJ64b0d47udsYnutC69KGKGCY4j7iEAHAl8eZFLocR+ugFyuQUwqUUve3dN91x8U0xPwH+kHbz3dketfLd0PML5MgctpCd0jpuaRBJIQWMFIjhni355pw6jvXjMHj4GjQ98mA7B3pubiR3TrW/cT96WaMjhqNvdCTSLsvPW8QV+zt2LWLhYZk7S6uOc5GD2k/DkwRC2ZgPclGoZcirkFQ7Rbgq/cZmkj30mPFsHJ9diUICF6bVVtRVDTra5EbOa/c63CYXpXe4Ljdf+gZ4xF2N5Ri8C7mTtVq15vLAQevbw+07LrNpLuuMtJp5clRksSoXqr+gKIYhOmvuEEQ==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM4PR0701MB2195.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(86362001)(66946007)(66476007)(52536014)(82960400001)(508600001)(71200400001)(6506007)(26005)(53546011)(122000001)(5660300002)(316002)(33656002)(55016002)(110136005)(2906002)(9686003)(8676002)(66446008)(64756008)(66556008)(91956017)(66574015)(38100700002)(83380400001)(76116006)(38070700005)(8936002)(7696005)(186003); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: zu/3Xe/JaAwBd16iDcz2r2cMEAsiHcNz2Pvm70kqhKbmWqbnKyieJ0Qiemdd48cbVRm81Olq6oLFz2TXX9nJW4DPRm1jXK2/BrFHOwPYE6jVIzblOQtylDUVr9pdE251VUMkWus3P7+hV0fEYNEgJT1NDe2gokaAAFx1ilEs0ayOHP0fXF5A2yxJiMgbozfNJW3SO0fncivO1yGKkXZBCwRyMERUHBA+JL+bhsepqZjjjqmqSXoH1EKbiSX0ZkKfjQ9sAPla076eqCs37ybbAsQDpA+L0KmzL+xtEcBEyK54Oo+k1Npy3lVCvh0CLSW2y4G5Zu3BwjPXX+EauzOy7c8qh5xt33jOCVroFOR8zLuqgr7g60OEZJ59LhkKsvyUCnlF/e3lZp20I9EIeZubDQvJM2Sk8UCcIO+ofX/li2sxopWPuuZdbzvRnqrcvOdPCuqgTgClY5MC1ulynb5EkybdJIeVrrE3oTW7QCW3lLWkF430Gaot6DcTc4jLS3PggO0WXXgwm9Ho0hHDrZatGPtiAHB/QZ6bg2K9y/Bo6UGU2XVhHmz5QSIhu7bYd4O9hfvZS3xra+guB63MN4EgNpZPxZdflyUllUlZqwuhuvWZjdhjmIrVqY9yuWjJ+GMWXNLD2jkKumqg2sicG6NaaQ3l7K+PedzS756nz50ATV1+cCyLtlk7c49i3fg40+hOewlwPE4QC9oqoDCKZ/hXpK6nr4TMogGs2b3sbMEh+RXSQRFS9ZjtWcNAp3q4SvWJcHHyoxTQdJI/NHA0XjtyM9jHdbW6qEr5gwZwj7hQE5loDLkJP8Wz18ANvaWYq9jkOG2g8Q7Elzu7k5MFNNy8Bw4DiyptqRtnnAGm07XjD1kAJt9yMlrs9U0iWiva/BybOhXDQ/OxRIrg+ATVDn3Qsi5Kw3zRzqM0RUy71qLoZyqKTDcJz3fA2v89JMbQdeld9M9quZJWWq9oM8re9l/MIHo0Dgboy3rkcX9l1GUnAiHpmp3MFrvCyECAmzy//v0NZuiXphj107DripJsYu6SheAsOjs/ksOeXK/5qI3Y7A2mzBlYGgP5iSgkHw1Fl7jRVnKyjgqM+dEKTFFgMjr7cu43vPCwI0rzb4T0M0LAmS9J2oKuP73cjtDwmOVxL2PIophJOol9ZcAlYM+uQ1PCQqbbYgMNbAigTWh7BG1GcrRJWR+owE3EDtvWxpNm/UadWTj8IGDjL386SAdjNZKXzrkLWKGCb7ZcZuP6Ymquy4Ba6N/zS3pGyoE37z4AUlYFsvwQwhugCbXB6jdIUGLRLKK2QmeTHrY+mdFHkp2wrFTWsQJiCuCHgEqSWTBg2K13VzC+NkmabNsp/klioni/fILyPTPQeXq1OcWoHUH9b2tgYDHNg4bCXxHQcxsdTp8YQGWvcFad8O59xMXuvDR4AXvgAh7FUIaoATg0unOsyDNx5cbe9chsMOu0Hvzw8+mYmAbtUbzOx28yWGp8adsTq/JbKPjo8yfnr+BJbT4tmvaBIgV4Q1Ig9e2X0/dkSIM1AUco61dU5Uyvsr1xtKUQdVwlxMdEhWcFx5DyafVzC0ENXC6lhD2skku4m12Zn+jnZnfYLJWoufAOL+pq6DbMTZUmb5jQozrkHOpv/IkUlbYHKMVGqExY4Tx/XFqCl5wf4TP1mDZsMB2cs9Kqi42Dn/J9aXfsmajmmYyGGKa7OLs=
Content-Type: multipart/alternative; boundary="_000_AM4PR0701MB21954E6AF7631D0ABDE18127F49B9AM4PR0701MB2195_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AM4PR0701MB2195.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 05f37391-6b83-4ca4-b861-08d9aa5db0cb
X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Nov 2021 06:36:02.2418 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: I8dnaIgcqIcPr83e8J3DbP41ZIuG21Ta7BxF07e1mvtMqAlX/Nvu9qOiYRR98jzOylzYnY2OTESVAZV8ODRGciaxyO3OFGPW0ldO9SM2G+M=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4PR07MB3316
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/l1AGt5gRy6R-v8DFZRJ54rYexhA>
Subject: Re: [core] KUDOS, PFS and operations considerations
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Nov 2021 06:36:15 -0000
Hi Christian, Thanks for raising this point. > This is a conflict between two goals (provide PFS and enable stateless operation) ... I suppose the constraint to keep the overhead down also come in here. > ... that I currently see no easy way out of (other than introducing variants for either into the protocol) That is something worth exploring in parallel to trying to find an common solution. In combination with the change of connection IDs, this is now starting to warrant a breakout session. Göran From: core <core-bounces@ietf.org> on behalf of Christian Amsüss <christian@amsuess.com> Date: Wednesday, 17 November 2021 at 19:08 To: draft-hoeglund-core-oscore-key-limits@ietf.org <draft-hoeglund-core-oscore-key-limits@ietf.org>, core@ietf.org <core@ietf.org> Subject: [core] KUDOS, PFS and operations considerations Hello KUDOS authors, looking through the current state of KUDOS (compared to earlier discussions, and prompted by the trackability discussion coming out of EDHOC), I noticed that KUDOS nowadays discards old key material. This is nice in that it ensures that old conversations can not be deciphered from key material obtained from one of the participants later, but raises operational concerns, especially aiming to replace B.2: OSCORE keys are notoriously difficult to back up (or distribute for high reliability); in that, they behave like the stateful signing keys of HSS/LMS. A backup can only be done if the backup is replaced before the sequence number reaches a committed point (eventually stopping the running system if the backup system fails). For a distributed JRC, this is about as hard as persisting the mapping between old and new ID Context values. On embedded implementations, using OSCORE requires a device that starts up to commit something to flash memory after startup, which is an operation preferably avoided. Appendix B.2 provides a way out of this -- a device that doesn't want persistent commitment would just always do B.2 on startup and thus always start sequence numbers from 0. KUDOS as currently described helps a bit here (in that the first request can be sent without flash operations), but then requires persisting CTX_NEW and removing CTX_OLD. The new context needs to be persisted at latest before sending any second request, because if it's not, the peer may drop the old context and they have no chance of syncing again. Thus, it's not really helping to circumvent that impracticality. This is a conflict between two goals (provide PFS and enable stateless operation) that I currently see no easy way out of (other than introducing variants for either into the protocol) -- do you? BR c -- To use raw power is to make yourself infinitely vulnerable to greater powers. -- Bene Gesserit axiom
- [core] KUDOS, PFS and operations considerations Christian Amsüss
- Re: [core] KUDOS, PFS and operations consideratio… Michael Richardson
- Re: [core] KUDOS, PFS and operations consideratio… Göran Selander