[core] Fw: New Version Notification for draft-hoeglund-core-oscore-key-limits-00.txt

Rikard Höglund <rikard.hoglund@ri.se> Thu, 25 February 2021 09:54 UTC

Return-Path: <rikard.hoglund@ri.se>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EFB403A16A5 for <core@ietfa.amsl.com>; Thu, 25 Feb 2021 01:54:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ri.se
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id njVkvMtFRne2 for <core@ietfa.amsl.com>; Thu, 25 Feb 2021 01:54:46 -0800 (PST)
Received: from EUR05-VI1-obe.outbound.protection.outlook.com (mail-vi1eur05on2068.outbound.protection.outlook.com [40.107.21.68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 569133A16A6 for <core@ietf.org>; Thu, 25 Feb 2021 01:54:45 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=cJ/w9jvq6MPIs2G16OYG97eSxGEvoDA1i2bA4QytofUYfQDXjD1eo1meUz0WvKXsXM+Oh75m3hm0Z65K4lWntu+YFIsoHj3GXY4PIua/TBGfPrIvJLXz40S2SKy/0RZX0MJGL8sJylECw6yg+fzFkzGuXIyl4nXYoy5MalS0aM/aTokX6MAmhp9nSSVamTtBohVedCJFC6Aa8tEgr8+w3PokTveA5vqkogNmxcSH/DYM2kA8I8iPWJK9qlz2gtAYB0r5Yp4c2ATiRaVBi5IZpfvIKgOPglMfaW2cH3N/AiE0JcXqknmjkg82B47828j3nFRfKRBhntdqTLSHeg0BNA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=iqX9yDaf7KM1sBwH8WiNOgyJ9CpntKBnPBZijTHdlTM=; b=kSB/28602WsDY+P2m8H/EqiCiTJTZmZGfTks6siMy+8qbknV2WOfTNjZLSzQjMzk8sBC4oBpp0pZ6XtiEn4gXoldiano0M5FKa3FZonM8L791W2ZrxVlKVkXVZoQrQrY0kHBtsEUkWOwZetUB7W6z7yiLd6h/rGn1nSteneIUni50seLV0R7Ljn5uoC0P0z1TXKUwiSJyk3V/StMGF4vkRmMUsNXjLLIda2d+pMlljT7yuCodiHgrkUPkvjA3CSErH8zztvWZonkFU8ATPgpHDHLb7MUO9jfRahtKjJKCSB4YnUsjece9/CACQT/CAl9nePXIdxwb0ch3uQflCAPTw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ri.se; dmarc=pass action=none header.from=ri.se; dkim=pass header.d=ri.se; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ri.se; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=iqX9yDaf7KM1sBwH8WiNOgyJ9CpntKBnPBZijTHdlTM=; b=Oqz4wqcfpzNGHrEmTVFfNSLs0BK24Rs9YvHI/NMyhGRRft8erOq6hlBA2/ZfGt5kS07lhz/8IfNbho15VuzXNkbgS7xGeMfiuZzVdr+e9KK5DZvS48r3KSnUBsODpBZkx0eoPEcr0B3ncWvVtHx//YGdkKLMYAWbpnhwjHwCSkY=
Received: from HE1P18901MB0043.EURP189.PROD.OUTLOOK.COM (2603:10a6:3:9b::19) by HE1P18901MB0235.EURP189.PROD.OUTLOOK.COM (2603:10a6:3:96::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3868.29; Thu, 25 Feb 2021 09:54:43 +0000
Received: from HE1P18901MB0043.EURP189.PROD.OUTLOOK.COM ([fe80::300a:1114:baea:a1a5]) by HE1P18901MB0043.EURP189.PROD.OUTLOOK.COM ([fe80::300a:1114:baea:a1a5%10]) with mapi id 15.20.3868.033; Thu, 25 Feb 2021 09:54:43 +0000
From: =?iso-8859-1?Q?Rikard_H=F6glund?= <rikard.hoglund@ri.se>
To: "core@ietf.org" <core@ietf.org>
Thread-Topic: New Version Notification for draft-hoeglund-core-oscore-key-limits-00.txt
Thread-Index: AQHXBub/+RSmg8u+P0qWc+cs+0+fgqpoqnua
Date: Thu, 25 Feb 2021 09:54:43 +0000
Message-ID: <HE1P18901MB0043FDF359FA0A2A00734F77839E9@HE1P18901MB0043.EURP189.PROD.OUTLOOK.COM>
References: <161375663635.29021.5183681155799278431@ietfa.amsl.com>
In-Reply-To: <161375663635.29021.5183681155799278431@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=ri.se;
x-originating-ip: [85.228.122.38]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: a080884e-eef7-4794-3873-08d8d973603a
x-ms-traffictypediagnostic: HE1P18901MB0235:
x-microsoft-antispam-prvs: <HE1P18901MB023540E000FF677CDFFC4672839E9@HE1P18901MB0235.EURP189.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: zZCbkJd55vEgeHtm05x7xkZ6vJfvQNKD598B6nvdlqWlPY259F06YEO7AvKceBEe8aWwBFjmiqdFbcIvaGpMHQjc5o+va2XUDx5994P5vzuK1iybcdc8m9XOugh2o7M0gjR6nT/JgfxsHAwTU3JJhKZkaZATyr9Eaq+7vhFpp7/jRSmT1uu1aq6dafo5opPexLnBN2x71VXWV2Zr69LsLxKo2QNGxfWmRDaEEDBKEwIA6H82Dwh3IFNqjyjnAGXJoV4gKHpzhm5UhuJ/aN36TK4C7oG/XXcaRQg+xuE6DX39SUw3rW5JWcMwi5mnWd4uII23O7FcbuBfXSuwcbA0ioCGkCZLvsprywMx+ioLJAaIaBT+uaDvVdgHjAaa9YYf8UUCbdNvZ3YM9aqxIHHotMfiAwzxE8vKkmW8Bi0NX6dfrZfo5E/g4mGTxtJUyP9mUQAKv9EiUBmvvH9bCmiKeEzDieFSbvhyL3khh/Rmz1TIs335Jb/xl3hGH/Wma5tsq0PHH2bduJpyzHQ6ZXjYntWWzjLMxczbqDhprCEp1txHzsFyOPppZzbPHOCsRPNXDmSf+Q2xzFiOI5EfUcUR4A==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:HE1P18901MB0043.EURP189.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(4636009)(366004)(376002)(136003)(396003)(346002)(39850400004)(26005)(186003)(966005)(15650500001)(478600001)(86362001)(8936002)(2906002)(316002)(71200400001)(6916009)(8676002)(19627405001)(66556008)(45080400002)(66946007)(52536014)(9686003)(166002)(5660300002)(6506007)(53546011)(7696005)(66574015)(76116006)(66476007)(64756008)(83380400001)(55016002)(66446008)(33656002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: =?iso-8859-1?Q?AR02Gh84S8n+/AzYN5ceat7F6i6cDkyryU9Nh338h7sQUAChPuBHaH7TY3?= =?iso-8859-1?Q?g97LEZheccdTGuJNmynd7PQF16CT1TlXKIFqGmy4NsfNlYSI8d6YzjABHS?= =?iso-8859-1?Q?SWyV/6FhkUZ66LOsLVxcJ71qsfM+/+hjHVXl2bQiqkCU5tGQSb4XaGTjlf?= =?iso-8859-1?Q?n2GYIrvdx5fZ1hxQll9xnmrUcFDN9D68v7I6JN29Tx0OBAaMzhdfUeakzt?= =?iso-8859-1?Q?6E8QDWHt+y4g5HG6M2DHRxbLkrF7bJzM90qIEIdKEPA9lSP8QtGAp7gfN8?= =?iso-8859-1?Q?641EX525D89iEW3zktU9vdvmdkQJhmU6fCL+OKV3BaRMzpgLdPyPjXpf+O?= =?iso-8859-1?Q?6j1Yq0LjMEd4aie0bCXTuziXq257FzrgrnBM2rxovmYHISlTD6l7s8LDV4?= =?iso-8859-1?Q?Xl0ihbU8T3Ybx1C/rm+yN+nCSI0r4EQE86dN3n8Knrnp1xValLREU+qKvc?= =?iso-8859-1?Q?KLaB1eTDxukPipc6MTb1V3jy/660s7ucYWWdwHJZ4/WD0sZipL1o3V9GSM?= =?iso-8859-1?Q?ZCvRjva111goRDlsau5CHEteYMc+aFJN0AvbbQau2Y2Fo1cuwVTsWppXW4?= =?iso-8859-1?Q?moO0Elv+gqOcJnbrO5cSEuadeuu8VtyhQ6Uu+eT1ixMOqQydci+0vAhumK?= =?iso-8859-1?Q?YeF9K1wYjULyVrjukBlHSN3gihdwjTA/vjSwahc2ncCnieey7lLCrkJISi?= =?iso-8859-1?Q?qBqejuuBNwXNiMWgE/NtcRypacsYyObpOmn+ER7YNEH0x+Uy2nX134qK0K?= =?iso-8859-1?Q?KzIX+yDeDPmeZKVLytlzSkxKdrJb95XCpjSBNG1hgMbKiFeM6pGwMLvT4y?= =?iso-8859-1?Q?VcmhFh8fARlsV5419KBER6E3vNeDFeCbSkET/W12VHEUitUV7hRYYrKPLT?= =?iso-8859-1?Q?3h914hAbH+3ollK/5ogQGcpPVu5FRzykWr0B1CJXCI4GgowmEUanKTzY5Q?= =?iso-8859-1?Q?U6xPMvi4IDT/r5oaCLV/1P+57GSeAMtbSCOVyxNzaU3wDvk34waoBwHnTh?= =?iso-8859-1?Q?ycCeJrXx7f3+tGAcQdX73L5+C87w9IzDZBj/BRubJU1iMwtQ/2dB6LDN8a?= =?iso-8859-1?Q?H9Wp6zkztQ/X271vD/pMOoNkaA5lhFbTVEFN7ASKxobTifEQp0+nv1OuIE?= =?iso-8859-1?Q?plbe71qD2feLTthYLNbmzWpND9C3/NcGGwghTbvahcDF1w0Exnplkwyr+7?= =?iso-8859-1?Q?KW4+wKYDRKGu8kWUPo2iCW6MRWeiXWVHrtPDy96vNn8fF3LwQy7em+GFX3?= =?iso-8859-1?Q?dnfW095tAGBTAFAxP8vJWEmGYveuIUSGdrm+7UWn0WKE5erDooQCXOcZVt?= =?iso-8859-1?Q?0lUlLM+mpipnQ4igjY+YTpm/rgv0kjZwwth3LuGKAhAK6ms=3D?=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_HE1P18901MB0043FDF359FA0A2A00734F77839E9HE1P18901MB0043_"
MIME-Version: 1.0
X-OriginatorOrg: ri.se
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: HE1P18901MB0043.EURP189.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: a080884e-eef7-4794-3873-08d8d973603a
X-MS-Exchange-CrossTenant-originalarrivaltime: 25 Feb 2021 09:54:43.0190 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5a9809cf-0bcb-413a-838a-09ecc40cc9e8
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 5A0RWowJvwXOCwmJaxLi1RXZTE3uJtqRUm2bQ1U3eohuUulOnf833JzolSfLnz0Pd4LN9trKS2bX/CMU+J67Kg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1P18901MB0235
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/VQSC8Mr07br2cDtq2cOlI6zX8mA>
Subject: [core] Fw: New Version Notification for draft-hoeglund-core-oscore-key-limits-00.txt
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Feb 2021 09:54:51 -0000

Hello CoRE,

We have recently submitted a new draft "AEAD Key Usage Limits in OSCORE".

https://tools.ietf.org/html/draft-hoeglund-core-oscore-key-limits-00

This document considers the CFRG draft at [1], and accordingly defines how two peers using OSCORE must take limits of the used AEAD algorithm into account, and what steps to take in order to preserve the security of their communications. This includes details on the limits for key usage, instructions for messages processing and a brief overview of existing mechanisms to rekey OSCORE.

This work follows a discussion started around IETF 109 [2][3] and recently continued with a broader scope [4].

Any feedback, questions or comments are welcome.

Best wishes
Rikard Höglund

[1] https://tools.ietf.org/html/draft-irtf-cfrg-aead-limits-02
[2] https://mailarchive.ietf.org/arch/msg/core/bbzZCt6ZZn4ysR7yLujPNscBF3g/
[3] https://datatracker.ietf.org/meeting/109/materials/slides-109-core-sessb-ietf-109-core-aead-limits-oscore-00
[4] https://mailarchive.ietf.org/arch/msg/core/h5JHgX5wTBkJtrKl_ezswiCdUBI/

________________________________
From: internet-drafts@ietf.org <internet-drafts@ietf.org>
Sent: Friday, February 19, 2021 18:43
To: Marco Tiloca <marco.tiloca@ri.se>se>; Rikard Höglund <rikard.hoglund@ri.se>
Subject: New Version Notification for draft-hoeglund-core-oscore-key-limits-00.txt


A new version of I-D, draft-hoeglund-core-oscore-key-limits-00.txt
has been successfully submitted by Rikard Hoeglund and posted to the
IETF repository.

Name:           draft-hoeglund-core-oscore-key-limits
Revision:       00
Title:          AEAD Key Usage Limits in OSCORE
Document date:  2021-02-19
Group:          Individual Submission
Pages:          9
URL:            https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Farchive%2Fid%2Fdraft-hoeglund-core-oscore-key-limits-00.txt&amp;data=04%7C01%7Crikard.hoglund%40ri.se%7Ce6b2a6a03fa3468b3f3108d8d4fe1fc3%7C5a9809cf0bcb413a838a09ecc40cc9e8%7C0%7C0%7C637493535236581866%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=idqLof2Nf7U%2BsHyoO%2F0Pt%2FY7iazBHmn2jBTZwSvzDzc%3D&amp;reserved=0
Status:         https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-hoeglund-core-oscore-key-limits%2F&amp;data=04%7C01%7Crikard.hoglund%40ri.se%7Ce6b2a6a03fa3468b3f3108d8d4fe1fc3%7C5a9809cf0bcb413a838a09ecc40cc9e8%7C0%7C0%7C637493535236581866%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=dEkYUUM7AN%2FAUpsEQ7SgaRHeMJBQA%2BekjZlZTwteSvE%3D&amp;reserved=0
Htmlized:       https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Fdraft-hoeglund-core-oscore-key-limits&amp;data=04%7C01%7Crikard.hoglund%40ri.se%7Ce6b2a6a03fa3468b3f3108d8d4fe1fc3%7C5a9809cf0bcb413a838a09ecc40cc9e8%7C0%7C0%7C637493535236581866%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=pzoPc0ARBCQmxFqoPUXcm1nXSzSteZMfnLf7Wlg%2Fqkg%3D&amp;reserved=0
Htmlized:       https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftools.ietf.org%2Fhtml%2Fdraft-hoeglund-core-oscore-key-limits-00&amp;data=04%7C01%7Crikard.hoglund%40ri.se%7Ce6b2a6a03fa3468b3f3108d8d4fe1fc3%7C5a9809cf0bcb413a838a09ecc40cc9e8%7C0%7C0%7C637493535236581866%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=Yit87j47zLL99nUJCWEywfgRgBHyCJMBYS%2BNQxLfIpE%3D&amp;reserved=0


Abstract:
   Object Security for Constrained RESTful Environments (OSCORE) uses
   AEAD algorithms to ensure confidentiality and integrity of exchanged
   messages.  Due to known issues allowing forgery attacks against AEAD
   algorithms, limits should be followed on the number of times a
   specific key is used for encryption or decryption.  This document
   defines how two peers using OSCORE must take these limits into
   account and what steps they must take to preserve the security of
   their communications.  Therefore, this document updates RFC8613.




Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

The IETF Secretariat