IETF Logo Mail Archive

Re: [Cose] Key management for MACs (was Re: Review of draft-schaad-cose-msg-01)

Hannes Tschofenig <hannes.tschofenig@gmx.net> Thu, 02 July 2015 17:45 UTC

Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 04C641A0382 for <cose@ietfa.amsl.com>; Thu, 2 Jul 2015 10:45:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aH3DDcVqDTek for <cose@ietfa.amsl.com>; Thu, 2 Jul 2015 10:45:35 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.17.20]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4DA861A0302 for <cose@ietf.org>; Thu, 2 Jul 2015 10:45:35 -0700 (PDT)
Received: from [192.168.131.140] ([195.149.223.251]) by mail.gmx.com (mrgmx101) with ESMTPSA (Nemesis) id 0MZgdm-1ZTtau2hB8-00LW92; Thu, 02 Jul 2015 19:45:30 +0200
Message-ID: <559576A9.9090002@gmx.net>
Date: Thu, 02 Jul 2015 19:36:41 +0200
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0
MIME-Version: 1.0
To: Brian Campbell <bcampbell@pingidentity.com>, Jim Schaad <ietf@augustcellars.com>
References: <CA+k3eCQUPxZfWM9XcKaTLN-WOx2cHEi9SAGSRFTtv71iSCUqdQ@mail.gmail.com>
In-Reply-To: <CA+k3eCQUPxZfWM9XcKaTLN-WOx2cHEi9SAGSRFTtv71iSCUqdQ@mail.gmail.com>
OpenPGP: id=4D776BC9
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="XFjsARA4WxR8H4Xi4Kiil5A2B6mHQMVQC"
X-Provags-ID: V03:K0:iOc15KtLGq3z+9/KS6qoNDg9dCBUMlSLBRe+RpI4eXdu5n8/kb5 ThbokpRRkzhr+kvX8QWdeSzR3sSfTqETBWqQdq51HbfayzqoHoh/w/eHuWRGXuXHkR61sCX JByWvHojPvV3EypCgk3ZAIWCu55bvGgR8lkildqt13C4c9fL3F5uUozifU4vn3Ua1Y8VFb3 JPJFtqN0LlrW2EXu+0DZA==
X-UI-Out-Filterresults: notjunk:1;V01:K0:9N57rFrv7JU=:iPkjK5AYXLEwsrXuSZ5RiH L0124NAQ+H3sP9U3fXj+3lNrjofoXoQwPns7GsgNyzkm+HcROrQCpUZySvrCi4nptX0E84yEp jtXTN1F56kUz8Ger1lE5bQxa8vRT8Xa4T4sDkMJaXYkK3ZmBdNRfowZmiFHnSggCd/MJGd25o cdTSOOXGImK8zFJD00MdMRDf+AVHQQt4DIobgvacTxzEFYR1lollzWssczxgssw1SMnPrBv3A mBOnjW7xIcf25aSOB6WtBTF7DMn6Jhr0Xr/6nGyw5CbjlA3ZH3qo0S9kKm62l8kilgNE/Zgi8 WBRKQ27lKNM1ex2SQ7c3tEqedcnO5dJixTBIw3+Cb4YYhYUn4mIH5BlwT0U9dLXf7HH0c7fXr cnMbgzBPrfRCOtoeuSjxKdxVtrOZ141sfQDSBgtwP39/R/22hiU9667QMDupV4O7/nKUBNc7q EvN090bO2jTJQpPKIhYNZhrXGF+I6ooXwOfl/q6Id7qc8TFiJ0n23MOPsprmz12S1Bb3kIXnu Oi4Oq2TqNO3Z94kcH7HvfAf0iiKOCVrDSjqxV1Xg1vbnU+Nx7oAMZeED1+n2wuQCO2D7YCCh+ iXkjxSOwktZzLAudxl5PnF2+2pgaI2x9Ng0COgTAr2CbzqpGXSxin9r6TD/0oxrSR4U5E4/J+ K5XsgwEHj7JbjPELEjBfEeC1P2OshqvNag4vTh4IAAgX6PA==
Archived-At: <http://mailarchive.ietf.org/arch/msg/cose/E-bvi5JkG-ZUznkg6l06iJcfLas>
Cc: Mike Jones <Michael.Jones@microsoft.com>, cose@ietf.org
Subject: Re: [Cose] Key management for MACs (was Re: Review of draft-schaad-cose-msg-01)
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Jul 2015 17:45:37 -0000


> Particularly for constrained devices, it is unlikely that applications
> will want to pay the performance penalty of generating and encrypting a
> key management key to perform a MAC operation.  Heck, they may not have
> credible random number generation in the first place!  And they are
> likewise unlikely to want to pay the message size penalty of carrying
> the encrypted key.

It would be good to know what devices you have in mind in this discussion.

I personally don't think we should target devices that cannot even do
key management for symmetric cryptography. I would even argue that we
should aim for devices that support a random number generator and are
also able to do public key crypto.

We are not doing ourselves a flavor if we place artificial constraints
on our protocols that make them pretty insecure in practice. We already
have enough insecure IoT devices in the market.

Here is the slide deck I presented in the LWIG group at the last IETF
meeting; it explains the performance of state-of-the-art crypto on
common Cortex M class MCUs.
https://www.ietf.org/proceedings/92/slides/slides-92-lwig-3.pdf

Ciao
Hannes

v2.23.0 | Report a Bug | By Email