IETF Logo Mail Archive

Re: [Crypto-panel] Request to review: draft-selander-ace-cose-ecdhe-11

"Stanislav V. Smyshlyaev" <smyshsv@gmail.com> Fri, 22 February 2019 07:58 UTC

Return-Path: <smyshsv@gmail.com>
X-Original-To: crypto-panel@ietfa.amsl.com
Delivered-To: crypto-panel@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 73FA5128D52 for <crypto-panel@ietfa.amsl.com>; Thu, 21 Feb 2019 23:58:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gIlFXOaZOrIF for <crypto-panel@ietfa.amsl.com>; Thu, 21 Feb 2019 23:58:29 -0800 (PST)
Received: from mail-qk1-x732.google.com (mail-qk1-x732.google.com [IPv6:2607:f8b0:4864:20::732]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BB0CD126D00 for <crypto-panel@irtf.org>; Thu, 21 Feb 2019 23:58:29 -0800 (PST)
Received: by mail-qk1-x732.google.com with SMTP id y140so627230qkb.9 for <crypto-panel@irtf.org>; Thu, 21 Feb 2019 23:58:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=vnsPK7AscjsdHOhL58k9myR9/qOk+0Tgvc8zmJqecPc=; b=b/+m96BxikAYsr1lOO9ZLdqmiBbpnDauOg2tZYQCY6SzqSG8efHKBoq3XGRb8z1opn psvmUGF2wKURyI5YIadORCSLDv4X8Vnm/I23igqYH07ipIRuMffHjfm8DLRpGIQ9m1Bo pA1ZnW2EG3uN/6xi8Uhkp/O4cPjNIZSA/hmpU7CJ7Q2ZCxhYWf5TJNumaUlVwh/74Cy3 bFqlDgBMDzB3MPJ9vqV0HGtlIJUaNmPw/PQkK7aeb5jlDwl9Yydr82hfGWnGFmF835iK IvFcyekIXX/SwKXIoKQKv+bwQnWi0xZptGzQL3mCIV4EYOrBHgp9nKsZ0bnG4h2BrXnK /GLA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=vnsPK7AscjsdHOhL58k9myR9/qOk+0Tgvc8zmJqecPc=; b=e+p8jGfQsrsA+aI69yM4fQWJk3lV7e+xxsGG5MJTY2XJbFFETOsaoo3ghgnUm8v30L ctdDBqanF0RWQ1CFrwgfBPTRplWFzSsir8SAD044LYISC2etJC0x1mk+Qu/W5NiRIqbv hXb/Np8rcmnJ7z6cugeFRLhX7MxiU7eOmLwOX1v7VpdNrvMJCjLahHCYDMXA3gkq7LiT oyvfblJ4Vil2oKve/v/xKnxbeB0J90VUjTbngXXe5I4r8VAbj6vUrj3b5dvIECr0mWsz M4PU4P9Yvrpl3S+o3kC8LBRfBNYk5kK5SGG/uZvR7JkL/rnyl9NMkAKbLq8STfFHoNmc iHXQ==
X-Gm-Message-State: AHQUAuZYnAxkz4bXempndr9bRRRdLyYrhZcSrzthj840VILty5XBp3fl /qCpANXMXCsUuSiDuqgU1FpeWibPeqJCFzYFM3/J9Q==
X-Google-Smtp-Source: AHgI3IYFr8R/o9vJqL4Bbh2Fy3mmdNBbNwdq/IoM5r4O9duZOCdrsBP37XKQWIdM9/7rSTOAtGn1ikFBThRV/uzzRKA=
X-Received: by 2002:a37:d612:: with SMTP id t18mr1983913qki.215.1550822308542; Thu, 21 Feb 2019 23:58:28 -0800 (PST)
MIME-Version: 1.0
References: <5e587cf8-2275-b682-e390-e83529a8d0d8@isode.com> <391B20B9-283A-4B36-805A-251D190B2E30@vigilsec.com>
In-Reply-To: <391B20B9-283A-4B36-805A-251D190B2E30@vigilsec.com>
From: "Stanislav V. Smyshlyaev" <smyshsv@gmail.com>
Date: Fri, 22 Feb 2019 12:58:16 +0500
Message-ID: <CAMr0u6nDG7wqHDBKcWm=DQRcuf_suN1dZjMNqKHRc1oNfmzk2w@mail.gmail.com>
To: Russ Housley <housley@vigilsec.com>
Cc: Alexey Melnikov <alexey.melnikov@isode.com>, "Roman D. Danyliw" <rdd@cert.org>, "crypto-panel@irtf.org" <crypto-panel@irtf.org>
Content-Type: multipart/alternative; boundary="000000000000cf7ea3058276f45c"
Archived-At: <https://mailarchive.ietf.org/arch/msg/crypto-panel/tQSY3TghENHmNablyryG6IiX3K0>
Subject: Re: [Crypto-panel] Request to review: draft-selander-ace-cose-ecdhe-11
X-BeenThere: crypto-panel@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <crypto-panel.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/crypto-panel>, <mailto:crypto-panel-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/crypto-panel/>
List-Post: <mailto:crypto-panel@irtf.org>
List-Help: <mailto:crypto-panel-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/crypto-panel>, <mailto:crypto-panel-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Feb 2019 07:58:32 -0000

Dear colleagues!

I’ll do it too.

The deadline (March, 4th) is rather tight, but I’ll try my best to provide
my review until that date.

Best regards,
Stanislav


чт, 21 февр. 2019 г. в 19:54, Russ Housley <housley@vigilsec.com>:

> Yes, I can take a look at it next week.
>
> Russ
>
>
> On Feb 21, 2019, at 9:05 AM, Alexey Melnikov <alexey.melnikov@isode.com>
> wrote:
>
> Dear Crypto Panel members,
>
> CFRG chairs received a request to review this document (maybe even 2
> reviews), ideally by March 4. (If you miss the deadline, a review that is
> completed later is still useful.) Any takers?
>
> In particular, the review should concentrate on the following aspects of
> the proposal:
>
> EDHOC (https://datatracker.ietf.org/doc/draft-selander-ace-cose-ecdhe-11)
> is being proposed as a new AKE to meet the need of constrained/IoT
> environments (such as those considered by the ACE WG). Formal analysis on
> -08 was conducted by [1] [2]. A review by the Crypto Review Panel would be
> helpful to evaluate the security properties (mutual authentication, PFS,
> and identity protection) claimed by the draft:
>
> ** Top-line: does EDHOC provide the security properties it asserts?  How do we reason about/approach answering  that question?
> ** Is this draft complete -- what would you like to see that isn't written?
> ** What areas of the draft or features of the protocol require further analysis or polish?  Are the prerequisite/assumptions clear enough?
> ** Are the choice of ciphersuites acceptable?
> ** Does the formal analysis in [1] appear credible?
> ** Does -11 appear to have addressed the concerned outlined by [1] in -08? (The authors of [1] are working on an update of the analysis on -11)
>
> A related key question being discussed is "ignoring whether the security properties of EDHOC are valid, can the 'lightweight property of EDHOC' be realized with another protocol"
>
> [1] https://link.springer.com/content/pdf/10.1007%2F978-3-030-04762-7_2.pdf
> [2] https://github.com/theisgroenbech/edhoc-proverif
>
> Thank you,
> Alexey
>
> _______________________________________________
> Crypto-panel mailing list
> Crypto-panel@irtf.org
> https://www.irtf.org/mailman/listinfo/crypto-panel
>
>
> _______________________________________________
> Crypto-panel mailing list
> Crypto-panel@irtf.org
> https://www.irtf.org/mailman/listinfo/crypto-panel
>

v2.23.0 | Report a Bug | By Email