Re: [core] Question about AEAD nonce uniqueness
Jim Schaad <ietf@augustcellars.com> Mon, 10 April 2017 17:09 UTC
Return-Path: <ietf@augustcellars.com>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A3570129510; Mon, 10 Apr 2017 10:09:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.991
X-Spam-Level:
X-Spam-Status: No, score=-1.991 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=augustcellars.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KyEdJjv0rDoC; Mon, 10 Apr 2017 10:09:50 -0700 (PDT)
Received: from mail4.augustcellars.com (augustcellars.com [50.45.239.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7C595127A91; Mon, 10 Apr 2017 10:09:50 -0700 (PDT)
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0022_01D2B1E2.93977E70"
Content-Language: en-us
DKIM-Signature: v=1; a=rsa-sha256; d=augustcellars.com; s=winery; c=simple/simple; t=1491844186; h=from:subject:to:date:message-id; bh=ztgYpHueWVjMio4h07v+ASNpQ7P6fhWnN9/tPjp0kqs=; b=C56nusbOyKXpbP8piJTaiHYanE0jJKFCvq4at8OjWxLsz8Gv9wIN3eG/9AWUHBXZjSKr6Fn0nJC 58Ep9rm7wk+6D8LDHKoUS9Buq7bbipKmGGWqqoo8uKSziyAnCjxGU9IsonnTyb65LJKpDG/4JzNJv c+jcfJPIHFp9KiLn2QjuvDLc5S+268N9Osjcdk8kBWqpF3GdMvFWENOysxL3S9wxyPLlVGDCAt7cn 1pHVl/NNyVxFBvD2LtxCyGKPy6/IZ8BDFvReHnRz2SSe5KFq8nv1BGbo1s+VnKUaqkAnYLLxgcuBY lAgX7LwfZRwEtNiQawnMwRjkRxYGFHvgGa/w==
Received: from mail2.augustcellars.com (192.168.1.201) by mail4.augustcellars.com (192.168.1.153) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Mon, 10 Apr 2017 10:09:45 -0700
Received: from hebrews (192.168.0.98) by mail2.augustcellars.com (192.168.0.56) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Mon, 10 Apr 2017 10:09:43 -0700
From: Jim Schaad <ietf@augustcellars.com>
To: 'Mohit Sethi' <mohit.m.sethi@ericsson.com>, 'Core' <core@ietf.org>, 6tisch@ietf.org
References: <c31694fe-43db-875d-496a-a9ab3fd3c40f@ericsson.com>
In-Reply-To: <c31694fe-43db-875d-496a-a9ab3fd3c40f@ericsson.com>
Date: Mon, 10 Apr 2017 10:09:41 -0700
Message-ID: <002101d2b21d$3ff5ba30$bfe12e90$@augustcellars.com>
MIME-Version: 1.0
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQJv4xR+uLYuNuXVlU8kA8osT/0S9aCEc6vw
X-Originating-IP: [192.168.0.98]
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/tyoMHfcF-J7pOzocLGpU6TBvn14>
Subject: Re: [core] Question about AEAD nonce uniqueness
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Apr 2017 17:09:52 -0000
There is not a problem with dealing with nonce uniqueness in this draft because each entity is going to be assigned to a unique key for transmissions. The transport key is derived from the PSK and the sender ID. Sender IDs will be unique based on the enrollment protocol in the group as each entity will have a unique identifier. Jim From: core [mailto:core-bounces@ietf.org] On Behalf Of Mohit Sethi Sent: Monday, April 10, 2017 4:51 AM To: Core <core@ietf.org>; 6tisch@ietf.org Subject: [core] Question about AEAD nonce uniqueness Hi OSCoAP authors I was trying to read the OSCoAP and 6tisch minimal security drafts. I have a question about the AEAD nonce uniqueness. RFC 5116 says that: When there are multiple devices performing encryption using a single key, those devices must coordinate to ensure that the nonces are unique. A simple way to do this is to use a nonce format that contains a field that is distinct for each one of the devices So my obvious question is how is the AEAD nonce uniqueness ensured. The PSK is known to at least two parties (more in case of some uses such as multicast OSCoAP https://tools.ietf.org/html/draft-tiloca-core-multicast-oscoap-01)?? The draft currently says that AEAD Nonce uniqueness is ensured with sequence numbers and sender context which is essentially the sender ID. But how do you ensure that the two parties have different sender ID. Especially since sender ID is not fixed length. I guess there will be other problems in case of sender ID collisions? --Mohit
- Re: [core] Question about AEAD nonce uniqueness Christian Amsüss
- [core] Question about AEAD nonce uniqueness Mohit Sethi
- Re: [core] Question about AEAD nonce uniqueness Jim Schaad
- Re: [core] Question about AEAD nonce uniqueness Göran Selander
- Re: [core] Question about AEAD nonce uniqueness Göran Selander
- Re: [core] Question about AEAD nonce uniqueness Jim Schaad
- Re: [core] Question about AEAD nonce uniqueness Mohit Sethi