IETF Logo Mail Archive

Re: [Cose] Key management for MACs (was Re: Review of draft-schaad-cose-msg-01)

"Derek Atkins" <derek@ihtfp.com> Fri, 10 July 2015 14:14 UTC

Return-Path: <derek@ihtfp.com>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8E59E1B2C09 for <cose@ietfa.amsl.com>; Fri, 10 Jul 2015 07:14:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.179
X-Spam-Level:
X-Spam-Status: No, score=-1.179 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, HELO_MISMATCH_ORG=0.611, T_DKIM_INVALID=0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z-ip4wB-Zzsb for <cose@ietfa.amsl.com>; Fri, 10 Jul 2015 07:14:26 -0700 (PDT)
Received: from mail2.ihtfp.org (MAIL2.IHTFP.ORG [204.107.200.7]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3AD021B2C5B for <cose@ietf.org>; Fri, 10 Jul 2015 07:14:20 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail2.ihtfp.org (Postfix) with ESMTP id 3729FE2034; Fri, 10 Jul 2015 10:14:17 -0400 (EDT)
Received: from mail2.ihtfp.org ([127.0.0.1]) by localhost (mail2.ihtfp.org [127.0.0.1]) (amavisd-maia, port 10024) with ESMTP id 02208-08; Fri, 10 Jul 2015 10:14:15 -0400 (EDT)
Received: by mail2.ihtfp.org (Postfix, from userid 48) id 14C54E2046; Fri, 10 Jul 2015 10:14:15 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ihtfp.com; s=default; t=1436537655; bh=S2cPyU+FZGK8Cf7yRkYVqudwZ3rp8hc51zZNRMZRJKg=; h=In-Reply-To:References:Date:Subject:From:To:Cc; b=dRZPpQmkcXal/2vUwq3LE0OFfaShRNjjLhTHPc1o5DZNssWh5AH3SBF+qWRV1zNd5 z69P59wwS05Y7L5w7Oz2+Zso1o2CPOrnO622W7zVw0Pf7SbuWiNK5uH53Ci9Bo4mmH z+GG6zQ2t31TszcI1OekFYYuFv3hs3QtzmbJWukc=
Received: from 192.168.248.204 (SquirrelMail authenticated user warlord) by mail2.ihtfp.org with HTTP; Fri, 10 Jul 2015 10:14:15 -0400
Message-ID: <c258533cdd7daea071145d684db4d05a.squirrel@mail2.ihtfp.org>
In-Reply-To: <CA+k3eCSoQhxKV16v6fmWEtG1LqYEaqm8zHjDvWpGOJdb_8=Y5A@mail.gmail.com>
References: <CA+k3eCQUPxZfWM9XcKaTLN-WOx2cHEi9SAGSRFTtv71iSCUqdQ@mail.gmail.com> <559576A9.9090002@gmx.net> <sjm380ya9ay.fsf@securerf.ihtfp.org> <CA+k3eCSoQhxKV16v6fmWEtG1LqYEaqm8zHjDvWpGOJdb_8=Y5A@mail.gmail.com>
Date: Fri, 10 Jul 2015 10:14:15 -0400
From: Derek Atkins <derek@ihtfp.com>
To: Brian Campbell <bcampbell@pingidentity.com>
User-Agent: SquirrelMail/1.4.22-14.fc20
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
X-Virus-Scanned: Maia Mailguard 1.0.2a
Archived-At: <http://mailarchive.ietf.org/arch/msg/cose/FduyUz_BjGKeW7EPCL7yXmvs9p8>
Cc: Jim Schaad <ietf@augustcellars.com>, Hannes Tschofenig <hannes.tschofenig@gmx.net>, Derek Atkins <derek@ihtfp.com>, Mike Jones <michael.jones@microsoft.com>, cose@ietf.org
Subject: Re: [Cose] Key management for MACs (was Re: Review of draft-schaad-cose-msg-01)
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Jul 2015 14:14:27 -0000

On Fri, July 10, 2015 9:07 am, Brian Campbell wrote:
> On Wed, Jul 8, 2015 at 10:44 AM, Derek Atkins <derek@ihtfp.com> wrote:
>
>> Hannes Tschofenig <hannes.tschofenig@gmx.net> writes:
>> > We are not doing ourselves a flavor if we place artificial constraints
>> > on our protocols that make them pretty insecure in practice. We
>> already
>> > have enough insecure IoT devices in the market.
>>
>> Sure.. Many IoT devices don't even try :)
>>
>
> I just want us to be cognizant of the possibility that a dense complicated
> crypto messaging syntax will probably not change that situation. If it's
> not easy and approachable, it has the potential to be ignored.

That's only half the problem.  Many people ignore security because there
is this belief "I can't reasonably run those algorithms on my devices."

So I would augment this to say that it not only needs to be easy and
approachable, but it also needs to be implementable on the hardware.  That
often rules out many cryptographic algorithms (like RSA and DH, and
sometimes even ECC) depending on space, power, and timing constraints of
the devices.

-derek
-- 
       Derek Atkins                 617-623-3745
       derek@ihtfp.com             www.ihtfp.com
       Computer and Internet Security Consultant

v2.23.0 | Report a Bug | By Email