IETF Logo Mail Archive

Re: [Cose] Key management for MACs (was Re: Review of draft-schaad-cose-msg-01)

Mike Jones <Michael.Jones@microsoft.com> Fri, 10 July 2015 19:32 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 993171B2A5B for <cose@ietfa.amsl.com>; Fri, 10 Jul 2015 12:32:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id A1rMyfXukqbk for <cose@ietfa.amsl.com>; Fri, 10 Jul 2015 12:32:15 -0700 (PDT)
Received: from na01-bn1-obe.outbound.protection.outlook.com (mail-bn1bon0722.outbound.protection.outlook.com [IPv6:2a01:111:f400:fc10::1:722]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 831771B2A8A for <cose@ietf.org>; Fri, 10 Jul 2015 12:32:15 -0700 (PDT)
Received: from BL2PR03MB433.namprd03.prod.outlook.com (10.141.92.19) by BL2PR03MB433.namprd03.prod.outlook.com (10.141.92.19) with Microsoft SMTP Server (TLS) id 15.1.207.12; Fri, 10 Jul 2015 19:31:51 +0000
Received: from BL2PR03MB433.namprd03.prod.outlook.com ([10.141.92.19]) by BL2PR03MB433.namprd03.prod.outlook.com ([10.141.92.19]) with mapi id 15.01.0207.004; Fri, 10 Jul 2015 19:31:51 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Brian Campbell <bcampbell@pingidentity.com>, Derek Atkins <derek@ihtfp.com>
Thread-Topic: [Cose] Key management for MACs (was Re: Review of draft-schaad-cose-msg-01)
Thread-Index: AQHQuZ1WtSq2x1sR40SvzKRDC45tbp3Ur3mAgAASs4CAAFIqAIAABpOR
Date: Fri, 10 Jul 2015 19:31:51 +0000
Message-ID: <BL2PR03MB4337E817F064C5DAB0A74C8F59F0@BL2PR03MB433.namprd03.prod.outlook.com>
References: <CA+k3eCQUPxZfWM9XcKaTLN-WOx2cHEi9SAGSRFTtv71iSCUqdQ@mail.gmail.com> <559576A9.9090002@gmx.net> <sjm380ya9ay.fsf@securerf.ihtfp.org> <CA+k3eCSoQhxKV16v6fmWEtG1LqYEaqm8zHjDvWpGOJdb_8=Y5A@mail.gmail.com> <c258533cdd7daea071145d684db4d05a.squirrel@mail2.ihtfp.org>, <CA+k3eCRtu=-YPWuLx93VPaGLpvhTuu_kBp9YDjdBg6Xkksefjg@mail.gmail.com>
In-Reply-To: <CA+k3eCRtu=-YPWuLx93VPaGLpvhTuu_kBp9YDjdBg6Xkksefjg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: pingidentity.com; dkim=none (message not signed) header.d=none;
x-originating-ip: [167.220.23.11]
x-microsoft-exchange-diagnostics: 1; BL2PR03MB433; 5:aLcgXySlF7HFjPeWoHHvNY25kn/Q8zM/4JmhuhPy3tdziyQmB9ToYi1kM8oH3sLXp/FAB23BQGqi/iOaIgdza/Se0A0GJ72UTyDpj6LEZ/IzKidkY3K0d66aFu8WWCAkGHyfM3rm8JAQY+r9kVUkMw==; 24:YPqTMIHBSrDNHA5MMT/6GYuUOxyNoniTnEAJEpcHz3rb4crnSvtaW1eCOTfMXC9LUmiKCDEVcUfK1lB/NY5JlxnINAM9IkJpLwqPM1/Gh9c=; 20:iB6wD7w8M7S6b2N8gHP2j47MoLW+6WsyE/PEsRLCbW8zrd/jpVfLzxtEwr+6pwqQWBdrVDpvrSrDUf1ZaBOJKw==
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BL2PR03MB433;
x-microsoft-antispam-prvs: <BL2PR03MB433A731357C672F9AF8B52EF59F0@BL2PR03MB433.namprd03.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(108003899814671);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(2401001)(5005006)(3002001); SRVR:BL2PR03MB433; BCL:0; PCL:0; RULEID:; SRVR:BL2PR03MB433;
x-forefront-prvs: 06339BAE63
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(377454003)(24454002)(74316001)(99286002)(33656002)(92566002)(106116001)(19580395003)(19580405001)(93886004)(2656002)(230783001)(87936001)(86612001)(76176999)(86362001)(16236675004)(66066001)(50986999)(54356999)(5001960100002)(46102003)(5003600100002)(76576001)(189998001)(77156002)(5001920100001)(122556002)(40100003)(2900100001)(16601075003)(2950100001)(19617315012)(62966003)(5002640100001)(5001770100001)(15975445007)(102836002)(77096005); DIR:OUT; SFP:1102; SCL:1; SRVR:BL2PR03MB433; H:BL2PR03MB433.namprd03.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en;
Content-Type: multipart/alternative; boundary="_000_BL2PR03MB4337E817F064C5DAB0A74C8F59F0BL2PR03MB433namprd_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Jul 2015 19:31:51.8254 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL2PR03MB433
Archived-At: <http://mailarchive.ietf.org/arch/msg/cose/CnpAg1nCRpOBEcz0XJL9KxE0rXo>
Cc: Jim Schaad <ietf@augustcellars.com>, Hannes Tschofenig <hannes.tschofenig@gmx.net>, "cose@ietf.org" <cose@ietf.org>
Subject: Re: [Cose] Key management for MACs (was Re: Review of draft-schaad-cose-msg-01)
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Jul 2015 19:32:17 -0000

+1
________________________________
From: Brian Campbell<mailto:bcampbell@pingidentity.com>
Sent: ‎7/‎10/‎2015 12:08 PM
To: Derek Atkins<mailto:derek@ihtfp.com>
Cc: Hannes Tschofenig<mailto:hannes.tschofenig@gmx.net>; Jim Schaad<mailto:ietf@augustcellars.com>; Mike Jones<mailto:Michael.Jones@microsoft.com>; cose@ietf.org<mailto:cose@ietf.org>
Subject: Re: [Cose] Key management for MACs (was Re: Review of draft-schaad-cose-msg-01)

That's fair, Derek. I just hope the WG keeps both in mind.

On Fri, Jul 10, 2015 at 8:14 AM, Derek Atkins <derek@ihtfp.com<mailto:derek@ihtfp.com>> wrote:

On Fri, July 10, 2015 9:07 am, Brian Campbell wrote:
> On Wed, Jul 8, 2015 at 10:44 AM, Derek Atkins <derek@ihtfp.com<mailto:derek@ihtfp.com>> wrote:
>
>> Hannes Tschofenig <hannes.tschofenig@gmx.net<mailto:hannes.tschofenig@gmx.net>> writes:
>> > We are not doing ourselves a flavor if we place artificial constraints
>> > on our protocols that make them pretty insecure in practice. We
>> already
>> > have enough insecure IoT devices in the market.
>>
>> Sure.. Many IoT devices don't even try :)
>>
>
> I just want us to be cognizant of the possibility that a dense complicated
> crypto messaging syntax will probably not change that situation. If it's
> not easy and approachable, it has the potential to be ignored.

That's only half the problem.  Many people ignore security because there
is this belief "I can't reasonably run those algorithms on my devices."

So I would augment this to say that it not only needs to be easy and
approachable, but it also needs to be implementable on the hardware.  That
often rules out many cryptographic algorithms (like RSA and DH, and
sometimes even ECC) depending on space, power, and timing constraints of
the devices.

-derek
--
       Derek Atkins                 617-623-3745<tel:617-623-3745>
       derek@ihtfp.com<mailto:derek@ihtfp.com>             www.ihtfp.com<http://www.ihtfp.com>
       Computer and Internet Security Consultant

v2.23.0 | Report a Bug | By Email