IETF Logo Mail Archive

Re: [Cose] Key management for MACs (was Re: Review of draft-schaad-cose-msg-01)

Mike Jones <Michael.Jones@microsoft.com> Thu, 02 July 2015 17:52 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7A86E1A1B4A for <cose@ietfa.amsl.com>; Thu, 2 Jul 2015 10:52:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZdMYg1S9OJnA for <cose@ietfa.amsl.com>; Thu, 2 Jul 2015 10:52:51 -0700 (PDT)
Received: from na01-bn1-obe.outbound.protection.outlook.com (mail-bn1bon0703.outbound.protection.outlook.com [IPv6:2a01:111:f400:fc10::1:703]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0563D1A1B48 for <cose@ietf.org>; Thu, 2 Jul 2015 10:52:50 -0700 (PDT)
Received: from BY2PR03MB443.namprd03.prod.outlook.com (10.141.141.152) by BY2PR03MB255.namprd03.prod.outlook.com (10.242.37.22) with Microsoft SMTP Server (TLS) id 15.1.207.12; Thu, 2 Jul 2015 17:52:45 +0000
Received: from BY2PR03MB442.namprd03.prod.outlook.com (10.141.141.145) by BY2PR03MB443.namprd03.prod.outlook.com (10.141.141.152) with Microsoft SMTP Server (TLS) id 15.1.201.16; Thu, 2 Jul 2015 17:52:39 +0000
Received: from BY2PR03MB442.namprd03.prod.outlook.com ([10.141.141.145]) by BY2PR03MB442.namprd03.prod.outlook.com ([10.141.141.145]) with mapi id 15.01.0201.000; Thu, 2 Jul 2015 17:52:39 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>, Brian Campbell <bcampbell@pingidentity.com>, Jim Schaad <ietf@augustcellars.com>
Thread-Topic: [Cose] Key management for MACs (was Re: Review of draft-schaad-cose-msg-01)
Thread-Index: AQHQtO7otSq2x1sR40SvzKRDC45tbp3IdCkg
Date: Thu, 02 Jul 2015 17:52:39 +0000
Message-ID: <BY2PR03MB442C02F758E34B29BBD0CEAF5970@BY2PR03MB442.namprd03.prod.outlook.com>
References: <CA+k3eCQUPxZfWM9XcKaTLN-WOx2cHEi9SAGSRFTtv71iSCUqdQ@mail.gmail.com> <559576A9.9090002@gmx.net>
In-Reply-To: <559576A9.9090002@gmx.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: gmx.net; dkim=none (message not signed) header.d=none;
x-originating-ip: [50.47.90.173]
x-microsoft-exchange-diagnostics: 1; BY2PR03MB443; 5:sOFJOBkyj1nnFxQGDZ2jrhEbjIkVN/hVg174++PtowjsQtcrXcNmKk8C1H+BNLUh2ewj9wiRIgKi57UQYNnU4YdTb+QN3LOQRn40VDUxHk2AJlvBhuL/k0RuSzt7KZJ1NRgJ4iVlPa4NesC2wAdTog==; 24:Y0Cbgw1OR724Ro2W2NEoh7jPa6zRKUg2YAkQN5qqWlWZj4szqz9B8C6yb46oQo4RAlMzFXVAqWFln3cm1JGo7L/MfDbwjovgpf2t2V3uo7s=; 20:rDnrNRjBU3IYcm6B6EiLq5oi+RQTnaWSoMXJZ1/AdgWJ67JYhIjST5i3ElQIVQHbvVdP0eL+UVx18tNkQL9k7A==
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:; SRVR:BY2PR03MB443; UriScan:; BCL:0; PCL:0; RULEID:; SRVR:BY2PR03MB255;
x-microsoft-antispam-prvs: <BY2PR03MB4437352447DA94E62EE61C0F5970@BY2PR03MB443.namprd03.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(2401001)(5005006)(3002001); SRVR:BY2PR03MB443; BCL:0; PCL:0; RULEID:; SRVR:BY2PR03MB443;
x-forefront-prvs: 06259BA5A2
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(377454003)(13464003)(74316001)(66066001)(86362001)(87936001)(189998001)(2656002)(2950100001)(19580395003)(92566002)(2900100001)(19580405001)(5001960100002)(15975445007)(102836002)(77096005)(5002640100001)(106116001)(230783001)(86612001)(46102003)(99286002)(5003600100002)(50986999)(62966003)(77156002)(5001770100001)(40100003)(122556002)(76176999)(54356999)(33656002)(76576001); DIR:OUT; SFP:1102; SCL:1; SRVR:BY2PR03MB443; H:BY2PR03MB442.namprd03.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en;
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-originalarrivaltime: 02 Jul 2015 17:52:39.6087 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY2PR03MB443
X-Microsoft-Exchange-Diagnostics: 1; BY2PR03MB255; 2:jm5i+aT23MabP3hRDAg0lpuGZMnPzUSbISgoYtgtcUo9brJXuaM6y801lL68Yvmy; 3:mPZOaPnU+JUP/Khj5RDhag8Z4lp2H4Eluv9gHrkgNZ8wuJ5r2dkarptDAkRB7YnHF6K0Y0J8vKQRorXpzl3fm4HLKJXYNbu5759q/+UDgyFpAH5kZD4ZBsxsDqs5qCbIjengd9/K/WShflPXhvg+Vw==; 25:bFIE05McWVIurpeRyQ/kfPrrmklAG3fCCo2CXlSAIsd7cguUFdGFMpZUj0BJ1C519A6hz0msP//D3suso7pY3lETQGX+GDYlLWKLXUjETRrI787QKc238VG/a/LhfGdofm2wKTa4LIMivRk8PY8hRvsMLAJddZqnXEuOIMLabUHhvErleJgheEZNcsLe2UheEtUWidZmgfeucI1UcHqMAVPxCegZ6OPdxCD5YEdWLgp2tyOsYcwaNysicxXJqG7HFopk4qxMJ+WuCN0vlLnoeQ==; 23:4lYj4lvCZOoAo4CrDxdm9RsVWUcJT5IMQFOttgZ0blKXM65fFv3ORqIwyjiPv1ITM66YE/yuk4a6Y4ltkRwa1686nH1lsmos0jIiUyG0aqFj9pIViQCF99sOflimYJxDu9OqIKPyyZW5gdW9vx+iHg9DwpcT77RC4rvP7yCi/luRLbcUtNapuUPmOdYhQfaCkbmNZ9WcKioSCEMHMo7ElR3Si8ReL/Lt3SD9jp1qyK2qDtb9qRl7rh//IsFQECFr
X-OriginatorOrg: microsoft.com
Archived-At: <http://mailarchive.ietf.org/arch/msg/cose/bDMzTKhvKB2jpXzEjQXSdSrDt_8>
Cc: "cose@ietf.org" <cose@ietf.org>
Subject: Re: [Cose] Key management for MACs (was Re: Review of draft-schaad-cose-msg-01)
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Jul 2015 17:52:53 -0000

If MACs without key management were insecure, I'm sure that JWS [RFC 7515] wouldn't have survived the SecDir review or the IESG review since it has no key management for MACs, but it did.

The question is what *additional* value key management adds in the MAC case.

(I completely understand the value of key management in the encryption case.  If you're using a deterministic content encryption algorithm and you're encrypting the same plaintext with the same key without key management, the ciphertext values will match, allowing attackers to correlate messages.  Using a randomly generated content encryption key means that encryptions of the same plaintext result in different ciphertext values - preventing this correlation.  But the payload in a MAC is not a secret, so there's no equivalent benefit in the MAC case.)

				-- Mike

-----Original Message-----
From: Hannes Tschofenig [mailto:hannes.tschofenig@gmx.net] 
Sent: Thursday, July 02, 2015 10:37 AM
To: Brian Campbell; Jim Schaad
Cc: Mike Jones; cose@ietf.org
Subject: Re: [Cose] Key management for MACs (was Re: Review of draft-schaad-cose-msg-01)



> Particularly for constrained devices, it is unlikely that applications 
> will want to pay the performance penalty of generating and encrypting 
> a key management key to perform a MAC operation.  Heck, they may not 
> have credible random number generation in the first place!  And they 
> are likewise unlikely to want to pay the message size penalty of 
> carrying the encrypted key.

It would be good to know what devices you have in mind in this discussion.

I personally don't think we should target devices that cannot even do key management for symmetric cryptography. I would even argue that we should aim for devices that support a random number generator and are also able to do public key crypto.

We are not doing ourselves a flavor if we place artificial constraints on our protocols that make them pretty insecure in practice. We already have enough insecure IoT devices in the market.

Here is the slide deck I presented in the LWIG group at the last IETF meeting; it explains the performance of state-of-the-art crypto on common Cortex M class MCUs.
https://www.ietf.org/proceedings/92/slides/slides-92-lwig-3.pdf

Ciao
Hannes

v2.23.0 | Report a Bug | By Email