IETF Logo Mail Archive

Re: [Cose] Key management for MACs (was Re: Review of draft-schaad-cose-msg-01)

Derek Atkins <derek@ihtfp.com> Wed, 08 July 2015 16:44 UTC

Return-Path: <derek@ihtfp.com>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 81A0B1A1A40 for <cose@ietfa.amsl.com>; Wed, 8 Jul 2015 09:44:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.389
X-Spam-Level:
X-Spam-Status: No, score=-1.389 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HELO_MISMATCH_ORG=0.611] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IM6wTMQYuBAo for <cose@ietfa.amsl.com>; Wed, 8 Jul 2015 09:44:25 -0700 (PDT)
Received: from mail2.ihtfp.org (MAIL2.IHTFP.ORG [204.107.200.7]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6D8341A1A3D for <cose@ietf.org>; Wed, 8 Jul 2015 09:44:25 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail2.ihtfp.org (Postfix) with ESMTP id 3398EE2036; Wed, 8 Jul 2015 12:44:24 -0400 (EDT)
Received: from mail2.ihtfp.org ([127.0.0.1]) by localhost (mail2.ihtfp.org [127.0.0.1]) (amavisd-maia, port 10024) with ESMTP id 18077-04; Wed, 8 Jul 2015 12:44:22 -0400 (EDT)
Received: from securerf.ihtfp.org (unknown [IPv6:fe80::ea2a:eaff:fe7d:235]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mocana.ihtfp.org", Issuer "IHTFP Consulting Certification Authority" (verified OK)) by mail2.ihtfp.org (Postfix) with ESMTPS id DEA66E2034; Wed, 8 Jul 2015 12:44:21 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ihtfp.com; s=default; t=1436373861; bh=QS6KN9eqfJVCrMrFBCQIsoDFa2z2/fpGh5mbqbA3lNk=; h=From:To:Cc:Subject:References:Date:In-Reply-To; b=YzoWehnWEtH/vN8+OTm6yTX12N9kBkfYJtbojedx+beUZumo5IgTQ/sMPUnAc64mo /+lZHAfiaeQOg0W/nfwCuR/BJfcW4lLhLPFB5Ob9RoJKWM1RUf99m5fe1IKZmAukjN sseTpyCfY++WYrSsv9iW2EDgKQXR+A4nlPgqLv1I=
Received: (from warlord@localhost) by securerf.ihtfp.org (8.14.8/8.14.8/Submit) id t68GiLA1003774; Wed, 8 Jul 2015 12:44:21 -0400
From: Derek Atkins <derek@ihtfp.com>
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>
References: <CA+k3eCQUPxZfWM9XcKaTLN-WOx2cHEi9SAGSRFTtv71iSCUqdQ@mail.gmail.com> <559576A9.9090002@gmx.net>
Date: Wed, 08 Jul 2015 12:44:21 -0400
In-Reply-To: <559576A9.9090002@gmx.net> (Hannes Tschofenig's message of "Thu, 02 Jul 2015 19:36:41 +0200")
Message-ID: <sjm380ya9ay.fsf@securerf.ihtfp.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-Virus-Scanned: Maia Mailguard 1.0.2a
Archived-At: <http://mailarchive.ietf.org/arch/msg/cose/me-SmuQdLSdf18WwpIiAcLwjGlc>
Cc: Jim Schaad <ietf@augustcellars.com>, Brian Campbell <bcampbell@pingidentity.com>, Mike Jones <Michael.Jones@microsoft.com>, cose@ietf.org
Subject: Re: [Cose] Key management for MACs (was Re: Review of draft-schaad-cose-msg-01)
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Jul 2015 16:44:26 -0000

Hannes Tschofenig <hannes.tschofenig@gmx.net> writes:

>> Particularly for constrained devices, it is unlikely that applications
>> will want to pay the performance penalty of generating and encrypting a
>> key management key to perform a MAC operation.  Heck, they may not have
>> credible random number generation in the first place!  And they are
>> likewise unlikely to want to pay the message size penalty of carrying
>> the encrypted key.
>
> It would be good to know what devices you have in mind in this discussion.
>
> I personally don't think we should target devices that cannot even do
> key management for symmetric cryptography. I would even argue that we
> should aim for devices that support a random number generator and are
> also able to do public key crypto.

I agree with all of this except for the RNG.  You don't need an RNG for
many use cases and can perform good security.  But of course it does
depend on the use-case.

> We are not doing ourselves a flavor if we place artificial constraints
> on our protocols that make them pretty insecure in practice. We already
> have enough insecure IoT devices in the market.

Sure.. Many IoT devices don't even try :)

> Here is the slide deck I presented in the LWIG group at the last IETF
> meeting; it explains the performance of state-of-the-art crypto on
> common Cortex M class MCUs.

I would quickly argue it's not "state-of-the-art" crypto.  It's ECC.
There are ... better... key agreement algorithms out there for IoT.

> https://www.ietf.org/proceedings/92/slides/slides-92-lwig-3.pdf

:)

> Ciao
> Hannes

-derek
-- 
       Derek Atkins                 617-623-3745
       derek@ihtfp.com             www.ihtfp.com
       Computer and Internet Security Consultant

v2.23.0 | Report a Bug | By Email