[core] Fw: New Version Notification for draft-hoeglund-core-oscore-key-limits-00.txt
Rikard Höglund <rikard.hoglund@ri.se> Thu, 25 February 2021 09:54 UTC
Return-Path: <rikard.hoglund@ri.se>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EFB403A16A5 for <core@ietfa.amsl.com>; Thu, 25 Feb 2021 01:54:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ri.se
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id njVkvMtFRne2 for <core@ietfa.amsl.com>; Thu, 25 Feb 2021 01:54:46 -0800 (PST)
Received: from EUR05-VI1-obe.outbound.protection.outlook.com (mail-vi1eur05on2068.outbound.protection.outlook.com [40.107.21.68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 569133A16A6 for <core@ietf.org>; Thu, 25 Feb 2021 01:54:45 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=cJ/w9jvq6MPIs2G16OYG97eSxGEvoDA1i2bA4QytofUYfQDXjD1eo1meUz0WvKXsXM+Oh75m3hm0Z65K4lWntu+YFIsoHj3GXY4PIua/TBGfPrIvJLXz40S2SKy/0RZX0MJGL8sJylECw6yg+fzFkzGuXIyl4nXYoy5MalS0aM/aTokX6MAmhp9nSSVamTtBohVedCJFC6Aa8tEgr8+w3PokTveA5vqkogNmxcSH/DYM2kA8I8iPWJK9qlz2gtAYB0r5Yp4c2ATiRaVBi5IZpfvIKgOPglMfaW2cH3N/AiE0JcXqknmjkg82B47828j3nFRfKRBhntdqTLSHeg0BNA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=iqX9yDaf7KM1sBwH8WiNOgyJ9CpntKBnPBZijTHdlTM=; b=kSB/28602WsDY+P2m8H/EqiCiTJTZmZGfTks6siMy+8qbknV2WOfTNjZLSzQjMzk8sBC4oBpp0pZ6XtiEn4gXoldiano0M5FKa3FZonM8L791W2ZrxVlKVkXVZoQrQrY0kHBtsEUkWOwZetUB7W6z7yiLd6h/rGn1nSteneIUni50seLV0R7Ljn5uoC0P0z1TXKUwiSJyk3V/StMGF4vkRmMUsNXjLLIda2d+pMlljT7yuCodiHgrkUPkvjA3CSErH8zztvWZonkFU8ATPgpHDHLb7MUO9jfRahtKjJKCSB4YnUsjece9/CACQT/CAl9nePXIdxwb0ch3uQflCAPTw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ri.se; dmarc=pass action=none header.from=ri.se; dkim=pass header.d=ri.se; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ri.se; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=iqX9yDaf7KM1sBwH8WiNOgyJ9CpntKBnPBZijTHdlTM=; b=Oqz4wqcfpzNGHrEmTVFfNSLs0BK24Rs9YvHI/NMyhGRRft8erOq6hlBA2/ZfGt5kS07lhz/8IfNbho15VuzXNkbgS7xGeMfiuZzVdr+e9KK5DZvS48r3KSnUBsODpBZkx0eoPEcr0B3ncWvVtHx//YGdkKLMYAWbpnhwjHwCSkY=
Received: from HE1P18901MB0043.EURP189.PROD.OUTLOOK.COM (2603:10a6:3:9b::19) by HE1P18901MB0235.EURP189.PROD.OUTLOOK.COM (2603:10a6:3:96::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3868.29; Thu, 25 Feb 2021 09:54:43 +0000
Received: from HE1P18901MB0043.EURP189.PROD.OUTLOOK.COM ([fe80::300a:1114:baea:a1a5]) by HE1P18901MB0043.EURP189.PROD.OUTLOOK.COM ([fe80::300a:1114:baea:a1a5%10]) with mapi id 15.20.3868.033; Thu, 25 Feb 2021 09:54:43 +0000
From: Rikard Höglund <rikard.hoglund@ri.se>
To: "core@ietf.org" <core@ietf.org>
Thread-Topic: New Version Notification for draft-hoeglund-core-oscore-key-limits-00.txt
Thread-Index: AQHXBub/+RSmg8u+P0qWc+cs+0+fgqpoqnua
Date: Thu, 25 Feb 2021 09:54:43 +0000
Message-ID: <HE1P18901MB0043FDF359FA0A2A00734F77839E9@HE1P18901MB0043.EURP189.PROD.OUTLOOK.COM>
References: <161375663635.29021.5183681155799278431@ietfa.amsl.com>
In-Reply-To: <161375663635.29021.5183681155799278431@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=ri.se;
x-originating-ip: [85.228.122.38]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: a080884e-eef7-4794-3873-08d8d973603a
x-ms-traffictypediagnostic: HE1P18901MB0235:
x-microsoft-antispam-prvs: <HE1P18901MB023540E000FF677CDFFC4672839E9@HE1P18901MB0235.EURP189.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: zZCbkJd55vEgeHtm05x7xkZ6vJfvQNKD598B6nvdlqWlPY259F06YEO7AvKceBEe8aWwBFjmiqdFbcIvaGpMHQjc5o+va2XUDx5994P5vzuK1iybcdc8m9XOugh2o7M0gjR6nT/JgfxsHAwTU3JJhKZkaZATyr9Eaq+7vhFpp7/jRSmT1uu1aq6dafo5opPexLnBN2x71VXWV2Zr69LsLxKo2QNGxfWmRDaEEDBKEwIA6H82Dwh3IFNqjyjnAGXJoV4gKHpzhm5UhuJ/aN36TK4C7oG/XXcaRQg+xuE6DX39SUw3rW5JWcMwi5mnWd4uII23O7FcbuBfXSuwcbA0ioCGkCZLvsprywMx+ioLJAaIaBT+uaDvVdgHjAaa9YYf8UUCbdNvZ3YM9aqxIHHotMfiAwzxE8vKkmW8Bi0NX6dfrZfo5E/g4mGTxtJUyP9mUQAKv9EiUBmvvH9bCmiKeEzDieFSbvhyL3khh/Rmz1TIs335Jb/xl3hGH/Wma5tsq0PHH2bduJpyzHQ6ZXjYntWWzjLMxczbqDhprCEp1txHzsFyOPppZzbPHOCsRPNXDmSf+Q2xzFiOI5EfUcUR4A==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:HE1P18901MB0043.EURP189.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(4636009)(366004)(376002)(136003)(396003)(346002)(39850400004)(26005)(186003)(966005)(15650500001)(478600001)(86362001)(8936002)(2906002)(316002)(71200400001)(6916009)(8676002)(19627405001)(66556008)(45080400002)(66946007)(52536014)(9686003)(166002)(5660300002)(6506007)(53546011)(7696005)(66574015)(76116006)(66476007)(64756008)(83380400001)(55016002)(66446008)(33656002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: AR02Gh84S8n+/AzYN5ceat7F6i6cDkyryU9Nh338h7sQUAChPuBHaH7TY3g97LEZheccdTGuJNmynd7PQF16CT1TlXKIFqGmy4NsfNlYSI8d6YzjABHSSWyV/6FhkUZ66LOsLVxcJ71qsfM+/+hjHVXl2bQiqkCU5tGQSb4XaGTjlfn2GYIrvdx5fZ1hxQll9xnmrUcFDN9D68v7I6JN29Tx0OBAaMzhdfUeakzt6E8QDWHt+y4g5HG6M2DHRxbLkrF7bJzM90qIEIdKEPA9lSP8QtGAp7gfN8641EX525D89iEW3zktU9vdvmdkQJhmU6fCL+OKV3BaRMzpgLdPyPjXpf+O6j1Yq0LjMEd4aie0bCXTuziXq257FzrgrnBM2rxovmYHISlTD6l7s8LDV4Xl0ihbU8T3Ybx1C/rm+yN+nCSI0r4EQE86dN3n8Knrnp1xValLREU+qKvcKLaB1eTDxukPipc6MTb1V3jy/660s7ucYWWdwHJZ4/WD0sZipL1o3V9GSMZCvRjva111goRDlsau5CHEteYMc+aFJN0AvbbQau2Y2Fo1cuwVTsWppXW4moO0Elv+gqOcJnbrO5cSEuadeuu8VtyhQ6Uu+eT1ixMOqQydci+0vAhumKYeF9K1wYjULyVrjukBlHSN3gihdwjTA/vjSwahc2ncCnieey7lLCrkJISiqBqejuuBNwXNiMWgE/NtcRypacsYyObpOmn+ER7YNEH0x+Uy2nX134qK0KKzIX+yDeDPmeZKVLytlzSkxKdrJb95XCpjSBNG1hgMbKiFeM6pGwMLvT4yVcmhFh8fARlsV5419KBER6E3vNeDFeCbSkET/W12VHEUitUV7hRYYrKPLT3h914hAbH+3ollK/5ogQGcpPVu5FRzykWr0B1CJXCI4GgowmEUanKTzY5QU6xPMvi4IDT/r5oaCLV/1P+57GSeAMtbSCOVyxNzaU3wDvk34waoBwHnThycCeJrXx7f3+tGAcQdX73L5+C87w9IzDZBj/BRubJU1iMwtQ/2dB6LDN8aH9Wp6zkztQ/X271vD/pMOoNkaA5lhFbTVEFN7ASKxobTifEQp0+nv1OuIEplbe71qD2feLTthYLNbmzWpND9C3/NcGGwghTbvahcDF1w0Exnplkwyr+7KW4+wKYDRKGu8kWUPo2iCW6MRWeiXWVHrtPDy96vNn8fF3LwQy7em+GFX3dnfW095tAGBTAFAxP8vJWEmGYveuIUSGdrm+7UWn0WKE5erDooQCXOcZVt0lUlLM+mpipnQ4igjY+YTpm/rgv0kjZwwth3LuGKAhAK6ms=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_HE1P18901MB0043FDF359FA0A2A00734F77839E9HE1P18901MB0043_"
MIME-Version: 1.0
X-OriginatorOrg: ri.se
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: HE1P18901MB0043.EURP189.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: a080884e-eef7-4794-3873-08d8d973603a
X-MS-Exchange-CrossTenant-originalarrivaltime: 25 Feb 2021 09:54:43.0190 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5a9809cf-0bcb-413a-838a-09ecc40cc9e8
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 5A0RWowJvwXOCwmJaxLi1RXZTE3uJtqRUm2bQ1U3eohuUulOnf833JzolSfLnz0Pd4LN9trKS2bX/CMU+J67Kg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1P18901MB0235
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/VQSC8Mr07br2cDtq2cOlI6zX8mA>
Subject: [core] Fw: New Version Notification for draft-hoeglund-core-oscore-key-limits-00.txt
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Feb 2021 09:54:51 -0000
Hello CoRE, We have recently submitted a new draft "AEAD Key Usage Limits in OSCORE". https://tools.ietf.org/html/draft-hoeglund-core-oscore-key-limits-00 This document considers the CFRG draft at [1], and accordingly defines how two peers using OSCORE must take limits of the used AEAD algorithm into account, and what steps to take in order to preserve the security of their communications. This includes details on the limits for key usage, instructions for messages processing and a brief overview of existing mechanisms to rekey OSCORE. This work follows a discussion started around IETF 109 [2][3] and recently continued with a broader scope [4]. Any feedback, questions or comments are welcome. Best wishes Rikard Höglund [1] https://tools.ietf.org/html/draft-irtf-cfrg-aead-limits-02 [2] https://mailarchive.ietf.org/arch/msg/core/bbzZCt6ZZn4ysR7yLujPNscBF3g/ [3] https://datatracker.ietf.org/meeting/109/materials/slides-109-core-sessb-ietf-109-core-aead-limits-oscore-00 [4] https://mailarchive.ietf.org/arch/msg/core/h5JHgX5wTBkJtrKl_ezswiCdUBI/ ________________________________ From: internet-drafts@ietf.org <internet-drafts@ietf.org> Sent: Friday, February 19, 2021 18:43 To: Marco Tiloca <marco.tiloca@ri.se>; Rikard Höglund <rikard.hoglund@ri.se> Subject: New Version Notification for draft-hoeglund-core-oscore-key-limits-00.txt A new version of I-D, draft-hoeglund-core-oscore-key-limits-00.txt has been successfully submitted by Rikard Hoeglund and posted to the IETF repository. Name: draft-hoeglund-core-oscore-key-limits Revision: 00 Title: AEAD Key Usage Limits in OSCORE Document date: 2021-02-19 Group: Individual Submission Pages: 9 URL: https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Farchive%2Fid%2Fdraft-hoeglund-core-oscore-key-limits-00.txt&data=04%7C01%7Crikard.hoglund%40ri.se%7Ce6b2a6a03fa3468b3f3108d8d4fe1fc3%7C5a9809cf0bcb413a838a09ecc40cc9e8%7C0%7C0%7C637493535236581866%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=idqLof2Nf7U%2BsHyoO%2F0Pt%2FY7iazBHmn2jBTZwSvzDzc%3D&reserved=0 Status: https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-hoeglund-core-oscore-key-limits%2F&data=04%7C01%7Crikard.hoglund%40ri.se%7Ce6b2a6a03fa3468b3f3108d8d4fe1fc3%7C5a9809cf0bcb413a838a09ecc40cc9e8%7C0%7C0%7C637493535236581866%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=dEkYUUM7AN%2FAUpsEQ7SgaRHeMJBQA%2BekjZlZTwteSvE%3D&reserved=0 Htmlized: https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Fdraft-hoeglund-core-oscore-key-limits&data=04%7C01%7Crikard.hoglund%40ri.se%7Ce6b2a6a03fa3468b3f3108d8d4fe1fc3%7C5a9809cf0bcb413a838a09ecc40cc9e8%7C0%7C0%7C637493535236581866%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=pzoPc0ARBCQmxFqoPUXcm1nXSzSteZMfnLf7Wlg%2Fqkg%3D&reserved=0 Htmlized: https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftools.ietf.org%2Fhtml%2Fdraft-hoeglund-core-oscore-key-limits-00&data=04%7C01%7Crikard.hoglund%40ri.se%7Ce6b2a6a03fa3468b3f3108d8d4fe1fc3%7C5a9809cf0bcb413a838a09ecc40cc9e8%7C0%7C0%7C637493535236581866%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=Yit87j47zLL99nUJCWEywfgRgBHyCJMBYS%2BNQxLfIpE%3D&reserved=0 Abstract: Object Security for Constrained RESTful Environments (OSCORE) uses AEAD algorithms to ensure confidentiality and integrity of exchanged messages. Due to known issues allowing forgery attacks against AEAD algorithms, limits should be followed on the number of times a specific key is used for encryption or decryption. This document defines how two peers using OSCORE must take these limits into account and what steps they must take to preserve the security of their communications. Therefore, this document updates RFC8613. Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. The IETF Secretariat
- [core] Fw: New Version Notification for draft-hoe… Rikard Höglund