Re: [Cose] Key management for MACs (was Re: Review of draft-schaad-cose-msg-01)
"Jim Schaad" <ietf@augustcellars.com> Wed, 08 July 2015 17:37 UTC
Return-Path: <ietf@augustcellars.com>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 58C4D1A1BB8 for <cose@ietfa.amsl.com>; Wed, 8 Jul 2015 10:37:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yE3BhT5rCjpT for <cose@ietfa.amsl.com>; Wed, 8 Jul 2015 10:37:17 -0700 (PDT)
Received: from smtp4.pacifier.net (smtp4.pacifier.net [64.255.237.176]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 503841A1BD1 for <cose@ietf.org>; Wed, 8 Jul 2015 10:37:17 -0700 (PDT)
Received: from hebrews (174-21-18-91.tukw.qwest.net [174.21.18.91]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: jimsch@nwlink.com) by smtp4.pacifier.net (Postfix) with ESMTPSA id 4551D38F11; Wed, 8 Jul 2015 10:37:16 -0700 (PDT)
From: Jim Schaad <ietf@augustcellars.com>
To: 'Derek Atkins' <derek@ihtfp.com>, 'Hannes Tschofenig' <hannes.tschofenig@gmx.net>
References: <CA+k3eCQUPxZfWM9XcKaTLN-WOx2cHEi9SAGSRFTtv71iSCUqdQ@mail.gmail.com> <559576A9.9090002@gmx.net> <sjm380ya9ay.fsf@securerf.ihtfp.org>
In-Reply-To: <sjm380ya9ay.fsf@securerf.ihtfp.org>
Date: Wed, 08 Jul 2015 10:37:33 -0700
Message-ID: <00b301d0b9a4$c62234d0$52669e70$@augustcellars.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 15.0
Thread-Index: AQGMo9E7lz5K1VbQVek9kTd0WZ5EKwIS9FwIAZ9xFnKePG4f4A==
Content-Language: en-us
Archived-At: <http://mailarchive.ietf.org/arch/msg/cose/iCriaJlLa_kS03_-o6LOGqKXV_o>
Cc: cose@ietf.org
Subject: Re: [Cose] Key management for MACs (was Re: Review of draft-schaad-cose-msg-01)
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Jul 2015 17:37:19 -0000
I will freely admit that I do not know what the sizes of constrained devices are today. Based on the talks that I have heard on what is a constrained device, I generally think of a range starting with a Z80 plus some side hardware for AES and work up from there. I generally don't think of 286's as being all of that constrained let alone something that can actually do 64-bit natively. At that point all one is looking at is power supply constraints. Jim > -----Original Message----- > From: Derek Atkins [mailto:derek@ihtfp.com] > Sent: Wednesday, July 08, 2015 9:44 AM > To: Hannes Tschofenig > Cc: Brian Campbell; Jim Schaad; Mike Jones; cose@ietf.org > Subject: Re: [Cose] Key management for MACs (was Re: Review of draft- > schaad-cose-msg-01) > > Hannes Tschofenig <hannes.tschofenig@gmx.net> writes: > > >> Particularly for constrained devices, it is unlikely that > >> applications will want to pay the performance penalty of generating > >> and encrypting a key management key to perform a MAC operation. > >> Heck, they may not have credible random number generation in the > >> first place! And they are likewise unlikely to want to pay the > >> message size penalty of carrying the encrypted key. > > > > It would be good to know what devices you have in mind in this > discussion. > > > > I personally don't think we should target devices that cannot even do > > key management for symmetric cryptography. I would even argue that we > > should aim for devices that support a random number generator and are > > also able to do public key crypto. > > I agree with all of this except for the RNG. You don't need an RNG for many > use cases and can perform good security. But of course it does depend on > the use-case. > > > We are not doing ourselves a flavor if we place artificial constraints > > on our protocols that make them pretty insecure in practice. We > > already have enough insecure IoT devices in the market. > > Sure.. Many IoT devices don't even try :) > > > Here is the slide deck I presented in the LWIG group at the last IETF > > meeting; it explains the performance of state-of-the-art crypto on > > common Cortex M class MCUs. > > I would quickly argue it's not "state-of-the-art" crypto. It's ECC. > There are ... better... key agreement algorithms out there for IoT. > > > https://www.ietf.org/proceedings/92/slides/slides-92-lwig-3.pdf > > :) > > > Ciao > > Hannes > > -derek > -- > Derek Atkins 617-623-3745 > derek@ihtfp.com www.ihtfp.com > Computer and Internet Security Consultant
- [Cose] Key management for MACs (was Re: Review of… Brian Campbell
- Re: [Cose] Key management for MACs (was Re: Revie… Hannes Tschofenig
- Re: [Cose] Key management for MACs (was Re: Revie… Mike Jones
- Re: [Cose] Key management for MACs (was Re: Revie… Hannes Tschofenig
- Re: [Cose] Key management for MACs (was Re: Revie… Jim Schaad
- Re: [Cose] Key management for MACs (was Re: Revie… Jim Schaad
- Re: [Cose] Key management for MACs (was Re: Revie… Derek Atkins
- Re: [Cose] Key management for MACs (was Re: Revie… Jim Schaad
- Re: [Cose] Key management for MACs (was Re: Revie… Brian Campbell
- Re: [Cose] Key management for MACs (was Re: Revie… Jim Schaad
- Re: [Cose] Key management for MACs (was Re: Revie… Ilari Liusvaara
- Re: [Cose] Key management for MACs (was Re: Revie… Brian Campbell
- Re: [Cose] Key management for MACs (was Re: Revie… Derek Atkins
- Re: [Cose] Key management for MACs (was Re: Revie… Derek Atkins
- Re: [Cose] Key management for MACs (was Re: Revie… Ilari Liusvaara
- Re: [Cose] Key management for MACs (was Re: Revie… Jim Schaad
- Re: [Cose] Key management for MACs (was Re: Revie… Brian Campbell
- Re: [Cose] Key management for MACs (was Re: Revie… Mike Jones
- Re: [Cose] Key management for MACs (was Re: Revie… Brian Campbell
- Re: [Cose] Key management for MACs (was Re: Revie… Brian Campbell
- Re: [Cose] Key management for MACs (was Re: Revie… Jim Schaad
- Re: [Cose] Key management for MACs (was Re: Revie… Jim Schaad
- Re: [Cose] Key management for MACs (was Re: Revie… Brian Campbell
- Re: [Cose] Key management for MACs (was Re: Revie… Brian Campbell
- Re: [Cose] Key management for MACs (was Re: Revie… Jim Schaad
- Re: [Cose] Key management for MACs (was Re: Revie… Mike Jones
- Re: [Cose] Key management for MACs (was Re: Revie… Brian Campbell
- Re: [Cose] Key management for MACs (was Re: Revie… Derek Atkins
- Re: [Cose] Key management for MACs (was Re: Revie… Ilari Liusvaara