Re: [Cose] Key management for MACs (was Re: Review of draft-schaad-cose-msg-01)
"Derek Atkins" <derek@ihtfp.com> Fri, 10 July 2015 14:14 UTC
Return-Path: <derek@ihtfp.com>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8E59E1B2C09 for <cose@ietfa.amsl.com>; Fri, 10 Jul 2015 07:14:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.179
X-Spam-Level:
X-Spam-Status: No, score=-1.179 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, HELO_MISMATCH_ORG=0.611, T_DKIM_INVALID=0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z-ip4wB-Zzsb for <cose@ietfa.amsl.com>; Fri, 10 Jul 2015 07:14:26 -0700 (PDT)
Received: from mail2.ihtfp.org (MAIL2.IHTFP.ORG [204.107.200.7]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3AD021B2C5B for <cose@ietf.org>; Fri, 10 Jul 2015 07:14:20 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail2.ihtfp.org (Postfix) with ESMTP id 3729FE2034; Fri, 10 Jul 2015 10:14:17 -0400 (EDT)
Received: from mail2.ihtfp.org ([127.0.0.1]) by localhost (mail2.ihtfp.org [127.0.0.1]) (amavisd-maia, port 10024) with ESMTP id 02208-08; Fri, 10 Jul 2015 10:14:15 -0400 (EDT)
Received: by mail2.ihtfp.org (Postfix, from userid 48) id 14C54E2046; Fri, 10 Jul 2015 10:14:15 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ihtfp.com; s=default; t=1436537655; bh=S2cPyU+FZGK8Cf7yRkYVqudwZ3rp8hc51zZNRMZRJKg=; h=In-Reply-To:References:Date:Subject:From:To:Cc; b=dRZPpQmkcXal/2vUwq3LE0OFfaShRNjjLhTHPc1o5DZNssWh5AH3SBF+qWRV1zNd5 z69P59wwS05Y7L5w7Oz2+Zso1o2CPOrnO622W7zVw0Pf7SbuWiNK5uH53Ci9Bo4mmH z+GG6zQ2t31TszcI1OekFYYuFv3hs3QtzmbJWukc=
Received: from 192.168.248.204 (SquirrelMail authenticated user warlord) by mail2.ihtfp.org with HTTP; Fri, 10 Jul 2015 10:14:15 -0400
Message-ID: <c258533cdd7daea071145d684db4d05a.squirrel@mail2.ihtfp.org>
In-Reply-To: <CA+k3eCSoQhxKV16v6fmWEtG1LqYEaqm8zHjDvWpGOJdb_8=Y5A@mail.gmail.com>
References: <CA+k3eCQUPxZfWM9XcKaTLN-WOx2cHEi9SAGSRFTtv71iSCUqdQ@mail.gmail.com> <559576A9.9090002@gmx.net> <sjm380ya9ay.fsf@securerf.ihtfp.org> <CA+k3eCSoQhxKV16v6fmWEtG1LqYEaqm8zHjDvWpGOJdb_8=Y5A@mail.gmail.com>
Date: Fri, 10 Jul 2015 10:14:15 -0400
From: Derek Atkins <derek@ihtfp.com>
To: Brian Campbell <bcampbell@pingidentity.com>
User-Agent: SquirrelMail/1.4.22-14.fc20
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
X-Virus-Scanned: Maia Mailguard 1.0.2a
Archived-At: <http://mailarchive.ietf.org/arch/msg/cose/FduyUz_BjGKeW7EPCL7yXmvs9p8>
Cc: Jim Schaad <ietf@augustcellars.com>, Hannes Tschofenig <hannes.tschofenig@gmx.net>, Derek Atkins <derek@ihtfp.com>, Mike Jones <michael.jones@microsoft.com>, cose@ietf.org
Subject: Re: [Cose] Key management for MACs (was Re: Review of draft-schaad-cose-msg-01)
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Jul 2015 14:14:27 -0000
On Fri, July 10, 2015 9:07 am, Brian Campbell wrote: > On Wed, Jul 8, 2015 at 10:44 AM, Derek Atkins <derek@ihtfp.com> wrote: > >> Hannes Tschofenig <hannes.tschofenig@gmx.net> writes: >> > We are not doing ourselves a flavor if we place artificial constraints >> > on our protocols that make them pretty insecure in practice. We >> already >> > have enough insecure IoT devices in the market. >> >> Sure.. Many IoT devices don't even try :) >> > > I just want us to be cognizant of the possibility that a dense complicated > crypto messaging syntax will probably not change that situation. If it's > not easy and approachable, it has the potential to be ignored. That's only half the problem. Many people ignore security because there is this belief "I can't reasonably run those algorithms on my devices." So I would augment this to say that it not only needs to be easy and approachable, but it also needs to be implementable on the hardware. That often rules out many cryptographic algorithms (like RSA and DH, and sometimes even ECC) depending on space, power, and timing constraints of the devices. -derek -- Derek Atkins 617-623-3745 derek@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant
- [Cose] Key management for MACs (was Re: Review of… Brian Campbell
- Re: [Cose] Key management for MACs (was Re: Revie… Hannes Tschofenig
- Re: [Cose] Key management for MACs (was Re: Revie… Mike Jones
- Re: [Cose] Key management for MACs (was Re: Revie… Hannes Tschofenig
- Re: [Cose] Key management for MACs (was Re: Revie… Jim Schaad
- Re: [Cose] Key management for MACs (was Re: Revie… Jim Schaad
- Re: [Cose] Key management for MACs (was Re: Revie… Derek Atkins
- Re: [Cose] Key management for MACs (was Re: Revie… Jim Schaad
- Re: [Cose] Key management for MACs (was Re: Revie… Brian Campbell
- Re: [Cose] Key management for MACs (was Re: Revie… Jim Schaad
- Re: [Cose] Key management for MACs (was Re: Revie… Ilari Liusvaara
- Re: [Cose] Key management for MACs (was Re: Revie… Brian Campbell
- Re: [Cose] Key management for MACs (was Re: Revie… Derek Atkins
- Re: [Cose] Key management for MACs (was Re: Revie… Derek Atkins
- Re: [Cose] Key management for MACs (was Re: Revie… Ilari Liusvaara
- Re: [Cose] Key management for MACs (was Re: Revie… Jim Schaad
- Re: [Cose] Key management for MACs (was Re: Revie… Brian Campbell
- Re: [Cose] Key management for MACs (was Re: Revie… Mike Jones
- Re: [Cose] Key management for MACs (was Re: Revie… Brian Campbell
- Re: [Cose] Key management for MACs (was Re: Revie… Brian Campbell
- Re: [Cose] Key management for MACs (was Re: Revie… Jim Schaad
- Re: [Cose] Key management for MACs (was Re: Revie… Jim Schaad
- Re: [Cose] Key management for MACs (was Re: Revie… Brian Campbell
- Re: [Cose] Key management for MACs (was Re: Revie… Brian Campbell
- Re: [Cose] Key management for MACs (was Re: Revie… Jim Schaad
- Re: [Cose] Key management for MACs (was Re: Revie… Mike Jones
- Re: [Cose] Key management for MACs (was Re: Revie… Brian Campbell
- Re: [Cose] Key management for MACs (was Re: Revie… Derek Atkins
- Re: [Cose] Key management for MACs (was Re: Revie… Ilari Liusvaara