IETF Logo Mail Archive

Re: [Emu] FW: New Version Notification for draft-ingles-eap-edhoc-05.txt

John Mattsson <john.mattsson@ericsson.com> Wed, 08 November 2023 06:04 UTC

Return-Path: <john.mattsson@ericsson.com>
X-Original-To: emu@ietfa.amsl.com
Delivered-To: emu@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4E7D6C18E19C for <emu@ietfa.amsl.com>; Tue, 7 Nov 2023 22:04:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.109
X-Spam-Level:
X-Spam-Status: No, score=-7.109 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7_rlc1YpGC4X for <emu@ietfa.amsl.com>; Tue, 7 Nov 2023 22:04:26 -0800 (PST)
Received: from EUR02-AM0-obe.outbound.protection.outlook.com (mail-am0eur02on2081.outbound.protection.outlook.com [40.107.247.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 05C10C14CE54 for <emu@ietf.org>; Tue, 7 Nov 2023 22:04:14 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=bDZsJohPVNT1FbyXb585E1w/Atl/UIt33a8A5ekNNx9mnl5EzaOqCEvHDNDdXnJdSPuhMWdj7/rOn/iosqHyrinxo86pyKYCEIzC/bO0khQPSfkOUBQ2jcPj/Ei/8bz5stLrneQTHizS+sYiOT2l+aqSi4ynNGyu05uP19KxCD6vJCa66Hz4dBKvxU0ICem+5FSyBbfZmZPUwR/dvqC9p6QCvwwzi9Ii3CKrRAAvKMs1YRXILqSfuGPQuw1cCs4/ar/t13yXTU8ukOiTQMBvhDwE+9zbbAgi5ijIMmAD+CuVrhYTkmvVewNl7920kgMrPgPRorTU5Z2qq3/qoKRkiw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=SmnTI+vk73O8EpXuSoS1PmUzFW0YldMqwwiDc0lf39o=; b=cz/Q70QsKKVfa1Dhh/nvF96A4sIVfRY1KCGGVg4goX5p1hqHkrDCBHHgYfDXEp14uSYyfnP5KcNM68BUscfaAgJefC3//+X8pCnAJ/5M5VVfPyuWa0rgPxKe1lon/WvCOmdKTBd+VspPmJ5fc747V+PjROZlxww8tQFpKX9+Kz/KXlMImoCOJ2FG28D2FitWNxHwkuprUSQqSLyfNLfph1jrD9ydorPbVDhbYp1Fsd2jH0kaGhOi1RdSp6tYkdHjiKDqJGMEFsuN0fTBB/K/yh8ERR35OYwVOM85bF14Nypw3aSoDpokp3t54+O5M6AEEHyXVkjHf+FvD9k4iqxQnQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=SmnTI+vk73O8EpXuSoS1PmUzFW0YldMqwwiDc0lf39o=; b=svrMCaQxqQmt6c19bqs8wz8Bn3oB9Aw8nGW/QCx9FZBwPlu6rN/iXZEP8eBc89QhxC0ByIcIS+vmM0OAbFDSRpLuhvbM+3eXOYu0an5ohoQdG0yp/c/cRjY+yc4iUmzFvpOwpwERDO7xmuFQeaWWYhwQgm53Aiem7UTNvXMnSygRlleemaHOt5QemHYGA6ry9MmivgsZuarUMo0hHl3kNRECwfqyCylrcJmh20MwC6c7WKlTp9wkHM6WujqTGu3Vq6u4DO7eNBXkA1FV4popYE4L3wOZ3cxPdcBV8OdSi3+lzFpc47N5Ssb9xUGX8hlX3CxGc292lslt0ZMC/KO0yw==
Received: from GVXPR07MB9678.eurprd07.prod.outlook.com (2603:10a6:150:114::10) by AM7PR07MB6577.eurprd07.prod.outlook.com (2603:10a6:20b:1aa::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6954.29; Wed, 8 Nov 2023 06:04:11 +0000
Received: from GVXPR07MB9678.eurprd07.prod.outlook.com ([fe80::5b7e:93e:145a:7cbb]) by GVXPR07MB9678.eurprd07.prod.outlook.com ([fe80::5b7e:93e:145a:7cbb%2]) with mapi id 15.20.6954.029; Wed, 8 Nov 2023 06:04:11 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: Alexander Clouter <alex+ietf@coremem.com>
CC: EMU WG <emu@ietf.org>
Thread-Topic: [Emu] FW: New Version Notification for draft-ingles-eap-edhoc-05.txt
Thread-Index: AQHZ5VEyHsA7sNyIcUiTkdrC5hYBebAwUWd3gD8csQCAAACpaA==
Date: Wed, 08 Nov 2023 06:04:11 +0000
Message-ID: <GVXPR07MB96785BE3779F2928B094223489A9A@GVXPR07MB9678.eurprd07.prod.outlook.com>
References: <169450647537.58011.6980212842488331191@ietfa.amsl.com> <GVXPR07MB96788859323504248877159F89C1A@GVXPR07MB9678.eurprd07.prod.outlook.com> <2fa072aa-85a5-4903-994c-c43359f9c604@app.fastmail.com>
In-Reply-To: <2fa072aa-85a5-4903-994c-c43359f9c604@app.fastmail.com>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: GVXPR07MB9678:EE_|AM7PR07MB6577:EE_
x-ms-office365-filtering-correlation-id: 92d81887-852d-4615-cfcd-08dbe0208746
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 8+RdhvEcaTJFiOUv0j+trg2f6L3rowgKroI3gDav+ZHWPQRdr8aSoHPm9ZebLU32qZ0Quq+9cR1ZM8aocdhr0jT5jc8C4qudu3PXbSOoFvO//3lkHgvDRmD+XA3Pte4WhxCEYUb2Ig+7xi6F/XuxPoI1k/3z+4fmy3vn3IZFNqhnDqXezMgFcpIgtSZIwJCGp6jP2mDKYu5fRwBOVUo9399yAs880qhgTgFAaXb4Sp/elrwLVEPYOvXBVbjPFlAwnbuLdIkpoWzUA4lI2yIoAVTF01ynKkHxgdl9zA1Up1YqeDCqkDispyJDdpyReKr1n+V5bsRV2zIDkelI6Tc+7cNqSZx1LOpXybeYcdqEL6cDq7xxhWg/tICgw30FnCHKwHesCmtGiGezSrH1PyCpLQ/4sk+ln8m+i+Q0OXdyKqSO2ncTMamd9k4Dyc5Z/BFz+1wXvcopOJIWir1wsXISHvDo0/8+KKzWBbg5fVNTAJgS2Dc0IRqXhLV8o/LtGa/EmQz/8uu4r4lJSOnEvZjyumSZRQiWmvWkxSMBReHES6kP++uoJ5NisWou/fWVFJjWWMIXs/UJQYaGSAPvY2GfXianjR+Y1Yocx4GEY8SnLABw2mgaLKWkzY6Av5eTJ31nQ2PSDsDTtY4Lyzy5KR0BPGG+I1QxIt2L4p3r/YBFYLipKw/p8aj2SyH09uktYenU
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:GVXPR07MB9678.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(39860400002)(366004)(376002)(136003)(396003)(346002)(230922051799003)(64100799003)(186009)(1800799009)(451199024)(478600001)(966005)(66556008)(66946007)(71200400001)(64756008)(66446008)(6506007)(76116006)(53546011)(7696005)(316002)(9686003)(8936002)(52536014)(4326008)(15650500001)(8676002)(2906002)(66476007)(5660300002)(44832011)(41300700001)(82960400001)(33656002)(86362001)(38070700009)(83380400001)(38100700002)(166002)(122000001)(26005)(55016003); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: ndf3ks5Ejrh1D8Wn5rezykUy5MNRNEVBB4FUvelK73TY76qgJAL8zEspKxw8wQeL9D2grRIqaAzSr2omcxIBE7FoPl5HPXhmSO6hpwvodtswBU7eUdehE046ZIhVHiWJQ7cOMbbEDBxpmG5kitvzcIsyyAuz7ihCB3bGqpoueoyVam5hZptxg1HcBhYv8rgVsi707R/7nt8XxE6rllg8W1gXIuBLZ6mLu0OYih15skQ7OXNM07HVuQ/7MNMmcgHgIWvZlqYJUd6o7KfF/G5NCCoTWl/YWuNrc6pnFL7Ps1B3Bmf+rVKs1seh0uuNAThrs9AmbcSXn55/7HmFKq+8ycXduYnjSVw/rzeFMlyOtE1f0iBT2dWnlryTUp7YZhqVHITcL0bO8vrUi/RyiMVN3T7yW0EsMy2gSDkngcO36r10HExrihAt7swQzAVisQPJKOwQancZh1MnLguaRY3v1OrVDt+Sh14a/E3TscquZE/jIKozlRXPPcamJXMTtFQOvlixvksyWCwNbhDjvE1SO9bRv6pKaCFBlcr0oj6oKGgiX43xWCOT0vw5wEWfRsFDBwMBaOR6xqTR3EnF07FgEN1u5SfKtORyueUoaRpiqQ0LWNY66TCUrfi6YITIoz6zL11j7taQb9cbWiNs2VBuo6tohwUjl3Ze8M//cniY6q0GswqoW1FuTAX7XYdzSB5MZ4J2/7LVLZCbbbPbumxoq87/JdxNVkr9Ogtgg56uH8fUp7OkD0zUeiaUqooAY+5+2vW6AGlM19WFyVv2sWoxay5FMSI8pQIeVhpXp2jcHXhTqHv1u3hwgxyA9VV/eOTWVVEEBjVAf8lKSMUhcDIZ8XSQhZ6OCxwr1VluzKjCZCjXDCj8VgX+pXgvanGEsGJeLXpe6FEB8Jn7JC5v03tF+Lb0iXUz+vT7mIAP8LUGXlDL3na32uWvHEWmY/Gv36q6C3YZBwuMZVMYs8GTTeUf+sIskYH9JBG/AzF9rPU87M7gq1JKBvReBM072MBUva/xYPuKC49P1od2828thkTE8aA/Tpr8TWJBC3V52BJ1Tt7OEAIe7b6188ZP1X5YeDhL/KREc3nIJXyGa7BkYVw1UIzHXY7Rc3S28qj1vRD/6zvr4UmDAxLY0nOSy1yRtxgYALhenq7u5D7Q3SWY9TMPkeutB/YNy4GbV7bFjK5JiDdrJIwMguQSJEaLAlsChbFTtKKdcXxRI++CN0ga6YvViYQXp6f/lxtitJ5bFF7EFPo00OHeHtx13gY6gswl66pAtufC6TgHRCLWdYwPxj5F22OwxC5xbtCq3K3NopKEjLnBxwonsCE5z4HyzOiFmTbSaak3m8f3wP/mMZ8EEXM4GBsDAMAeHY17HbDk/tdwkBEQKbsUoQ2TR/BZqXIsHhuURJl5WorRu6G8WAIR3FJPLRQ+D48NzdXgQ61KkARIdSezxULnxLP3p1iksz9NF/wh8SiKA6y0/hfud/1GVDam6fJnxpHfhjjLjyX5C37Ziht2PE0xPpjGKWqu7BXc1LGpFKO1kvPROhVoM+q1q74k0lRdVYzC119BuXK2Eag0vuK0VVELX/f04xdoD4Wx5tGgbTArqPviVA7bR5A65Lbs/g/9NB4LNAtvcV0XDwpJ8Lo=
Content-Type: multipart/alternative; boundary="_000_GVXPR07MB96785BE3779F2928B094223489A9AGVXPR07MB9678eurp_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: GVXPR07MB9678.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 92d81887-852d-4615-cfcd-08dbe0208746
X-MS-Exchange-CrossTenant-originalarrivaltime: 08 Nov 2023 06:04:11.5863 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 1cAnU58GM76UNgJca2benmEQmkUvfmTkobRwOWs/aIuj1XOozwQFG3Nu0QOfX8Rhqn8B1/fBeKY5eURgydGZgYhUQ+2eCVXfPhLBCn6eMtg=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM7PR07MB6577
Archived-At: <https://mailarchive.ietf.org/arch/msg/emu/Ye3i3dqTCVoZlRRFique4S2KZAs>
Subject: Re: [Emu] FW: New Version Notification for draft-ingles-eap-edhoc-05.txt
X-BeenThere: emu@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/emu/>
List-Post: <mailto:emu@ietf.org>
List-Help: <mailto:emu-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Nov 2023 06:04:30 -0000

Hi,

For message sizes you can find a comparision of EDHOC, TLS, TLS with RPK, and cTLS can be found in the document below. You would have to add the EAP(-TLS) request reponse layers.
https://datatracker.ietf.org/doc/draft-ietf-iotops-security-protocol-comparison/

Other important metrics for IoT devices are memory, code size, energy, cpu cycles, which are also lower. Code size does of course depend on what you want to support in addition to EAP-EDHOC. If you are a constrained device already supporting CBOR, COSE these can be reused for EDHOC. If you support EAP-TLS the only resuse in EAP-EDHOC would be the algorithms.

>If you can show that there is seemingly no way to get EAP-TLS (or anything else)
I don’t know what you mean with anything else, but I think the EMU WG does likely not want to do changes to TLS. cTLS seems quite optimized, I that is a far as you come while not making larger changes that would invalidate the security proofs.

Cheers,
John

From: Alexander Clouter <alex+ietf@coremem.com>
Date: Tuesday, 7 November 2023 at 18:04
To: John Mattsson <john.mattsson@ericsson.com>
Cc: EMU WG <emu@ietf.org>
Subject: Re: [Emu] FW: New Version Notification for draft-ingles-eap-edhoc-05.txt
Hello,

On Thu, 28 Sep 2023, at 15:47, John Mattsson wrote:
>
> EDHOC is high level very similar to the TLS 1.3 handshake but has much
> smaller message sizes and is therefore useful in IoT. EAP-EDHOC is just
> EDHOC over EAP using the EAP-TLS request and response packet formats.

To help get me behind this it would be interesting to see comparisons made against existing EAP methods.

For example, how much smaller and better for your use case is EAP-EDHOC compared to:

 * plain vanilla flavoured EAP-TLS
 * why is NewSessionTicket (session resumption)
 * though a draft, make some predictions if there was a EAP-cTLS (based off draft-ietf-tls-ctls) implementation
 * what if RPK (RFC7250) was an option; draft-chen-emu-eap-tls-ibs attempted this but also lacked information on how much you gained by doing this
 * could "Trusted CA Indication" (RFC6066, section 6) help; though it probably would need adding to OpenSSL[1]

How much slimmer do you need EAP-TLS to be to make EAP-EDHOC no longer necessary? Or is the shape of it just completely inappropriate?

>From my perspective, I see work in the pipeline that could be called on to trim EAP-TLS in a manner that would only require implementers to make tweaks to their existing implementations.

If you can show that there is seemingly no way to get EAP-TLS (or anything else) to fit the bill, it would convince me that this is a good place to put my energy into.

Cheers

Alex

[1] https://protect2.fireeye.com/v1/url?k=31323334-501cfaf3-313273af-454445554331-0fe24c0b277e0f2f&q=1&e=1b3185be-29f0-47b3-8f30-b7b626dfd6eb&u=https%3A%2F%2Fgithub.com%2Fopenssl%2Fopenssl%2Fissues%2F3029

v2.23.0 | Report a Bug | By Email