[Dtls-iot] RFC 7925 - Section 16 - Session Hash
Achim Kraus <achimkraus@gmx.net> Wed, 03 June 2020 12:06 UTC
Return-Path: <achimkraus@gmx.net>
X-Original-To: dtls-iot@ietfa.amsl.com
Delivered-To: dtls-iot@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3B5DD3A1074 for <dtls-iot@ietfa.amsl.com>; Wed, 3 Jun 2020 05:06:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=gmx.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GBEyznoKgjYb for <dtls-iot@ietfa.amsl.com>; Wed, 3 Jun 2020 05:06:09 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A365C3A1073 for <dtls-iot@ietf.org>; Wed, 3 Jun 2020 05:06:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net; s=badeba3b8450; t=1591185963; bh=pmg7cLDq1WKiGTqu1R1Ue/i2Olpkzf0SHuuAAJlMti0=; h=X-UI-Sender-Class:From:Subject:To:Cc:Date; b=JJ03S1RK4987BeaOQRUQ6ZddJ8+14YIdRFQzMstwPrbtql/DzjW1HBff5vD3+7h4y cCjsNHP6y1TTYfg/Yln1WTikTX5bkomFHYCm77jYfPsK5ie/Wyfc1xoJDxTnJDyibM kxyRLd2Cne8JbeYOGTVLlSUvswTRqC+p/cCbtv2E=
X-UI-Sender-Class: 01bb95c1-4bf8-414a-932a-4f6e2808ef9c
Received: from [192.168.178.45] ([94.216.228.139]) by mail.gmx.com (mrgmx004 [212.227.17.190]) with ESMTPSA (Nemesis) id 1MulqD-1iolL622z5-00rloi; Wed, 03 Jun 2020 14:06:03 +0200
From: Achim Kraus <achimkraus@gmx.net>
To: dtls-iot@ietf.org
Cc: Hannes Tschofenig <Hannes.Tschofenig@arm.com>, Thomas Fossati <tho.ietf@gmail.com>
Message-ID: <3799d8f7-9258-69cf-e7a8-22116ddfb2f3@gmx.net>
Date: Wed, 03 Jun 2020 14:06:02 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.8.0
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: de-AT-frami
Content-Transfer-Encoding: quoted-printable
X-Provags-ID: V03:K1:/0eMauwutBcbXe4C5t4Rg6Rx/EdfWEkJrXyJ/LAXIkC3eHXkotZ ywgS3mqpv2DpBGjDRTdY3Mz8maqGvTgEIO/+Tf2AWLV5Ls6u5UQ4WizbrwJkrAgvpvYI4HA cSfbY40b2RhzHGL6h3/4h8wp4SFPn4PFzL8OshCKC9nIkBqJN96RLsxrnoZz43RIFBjU47b GbsG/wF1hIWsOYK+7aVww==
X-UI-Out-Filterresults: notjunk:1;V03:K0:jOY2R/nD0S8=:TT/PhHkCj0XJ6TXag2SKYv qOKpeif5+MR0r9n6TZMfJVKhHOTj2ZY6aXQhdZHJYFMOBoEXpBkAVlNldGIeRy0wKp3/VPqvG KqDjl0aHBVcOCFL5hVpiOVY0gPjdAa4fLXSotrOv6gPBAnHGN/Qw3NXo+zXodA+v6Wl/FtCeJ jppe7LfQv5ZOKEp2nd5bKS4nkW+RpdqcKCjeM0Y8Okjo0/VCSQUfPpcxqAvwmoz3oZGmaaRBv erMMlyq5gxy6BVKcuHd0sALsttdAx+09AB7g6U4f1/YOzi/bjxCz2knBXw978gaHmw8dOcCXv qGh9zNRXT7AyDUvH6WXnPQM4ta3DfTv5+dJQX83a+Dx0cSCZV5ZnBpvwJ4GtXMSIjuln3WNi+ hkSVd0uBY7BFFzpOdDbRTyMDJl9JbCHcR/BK5Nk+uOHgBgtWLSdiO+/qjW6TCcQPqbSwPh+AP b3LefQSLFBAucgvzo0Ud/YY1iyDR4Sz5/dpoPNDozVY6y7VBBh3N+iR8/Ktubp0gvr9lzyjuf 0BU9P7k6AMfwMgYW3PPQj3w4I+8MRsMot9tESJcHrIOE0DE4MYeEnLAFxaxpPQFAc1JHKsfSb 7vsrX38tpks51mROz0bJjTEEK3kf4x/EW0QYR48wV+2UHI1Q4Aov84qe+ZwqtgEP+rStuo4JX w9zdzg3te21MIoqaeVQK6ENfq0VBZcVCd2NVDRi7eSCg72s+KxSby3jMcB5K5VSOSaOOBSpIU E/Se64wt2CigQt13Z8UJsM6zR2b2Bd4qbRVkvSHjcUDLpCyy5ykOo7c2aefheAR7ohsW1cT6q GJHxaTC3ZZN8uYrAlGD1MJmGntpwUO/vLVqD7uOMDMP8acCOzsrgD8SfV24cMFG1keqAqEY3u PbwdB3T0w14gaOXan96SizNGVGkYXMbfEBCWWjKjUg/7zZUdMqmnj423NR+wlleUOn7+/Be9T 6Q8jV/fLS3ibUP++6lbnqtCO4VZd8PvAMmaAa/NQQgITxnxP5Re9biSF65osQ4S5VhBRNtvQO wSH+RZS3UBnuu+FUwGhzH6prEljKLvPzeyq4gzto2zA+5kOjsInf083asJP7LyAdSL/4/sSlq iOzEDtfEnwEar5erndJOYbmSi7qBNXzCSNWl3xt9rsP8tQueUP1j1SIGaxkl3IwOqS8zB/1Ki pteQHJ6/oMRnDDMtIa3iqi0e6dc/5FrvItAR4Xhdg+DDEAtcWrRJQzrIasF4WaNHE+rThQZyk fwi0l2JqHQhFOe3m1
Archived-At: <https://mailarchive.ietf.org/arch/msg/dtls-iot/misKfPRAsbl7E63bfGgM0t6_9yk>
Subject: [Dtls-iot] RFC 7925 - Section 16 - Session Hash
X-BeenThere: dtls-iot@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DTLS for IoT discussion list <dtls-iot.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dtls-iot>, <mailto:dtls-iot-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dtls-iot/>
List-Post: <mailto:dtls-iot@ietf.org>
List-Help: <mailto:dtls-iot-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dtls-iot>, <mailto:dtls-iot-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Jun 2020 12:06:10 -0000
Hi Thomas, Hi Hannes, I tried to find out, to which list this question should be sent. According https://www.rfc-editor.org/info/rfc7925 it's dtls-iot. But the last question there is from 2016. Therefore I added your addresses directly, I hope that's OK. https://tools.ietf.org/html/rfc7925#section-16 mentions: "It is, however, possible that some application-layer protocols will tunnel other authentication protocols on top of DTLS making this attack relevant again." Is there more information about that application-layer risk? Would RFC 7627 protect against that application-layer risk? I'm still wondering, if RFC 7627 comes with any benefit, if only ECDHE or PSK cipher suites are supported anyway. best regards Achim
- [Dtls-iot] RFC 7925 - Section 16 - Session Hash Achim Kraus