[hrpc] Some follow up from the 5G presentation today
John Mattsson <john.mattsson@ericsson.com> Wed, 23 March 2022 12:35 UTC
Return-Path: <john.mattsson@ericsson.com>
X-Original-To: hrpc@ietfa.amsl.com
Delivered-To: hrpc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id D297D3A0E0A
for <hrpc@ietfa.amsl.com>; Wed, 23 Mar 2022 05:35:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.11
X-Spam-Level:
X-Spam-Status: No, score=-2.11 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1,
DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
HTML_MESSAGE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01,
URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key)
header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id Y5nKY0Ht3FAi for <hrpc@ietfa.amsl.com>;
Wed, 23 Mar 2022 05:35:25 -0700 (PDT)
Received: from EUR05-VI1-obe.outbound.protection.outlook.com
(mail-vi1eur05on20619.outbound.protection.outlook.com
[IPv6:2a01:111:f400:7d00::619])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id 4589F3A0F04
for <hrpc@irtf.org>; Wed, 23 Mar 2022 05:35:25 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=O/47CHyoR4/r8wsXmhc4k26lE+kbuj5jbrIq8sShEBhLelqnn7FMgE/pN/pJWziMHoAXDSlIf2qyuqXWlxamToVZ/ExF3KfWv/BEkgHAyEEkMIHH2rac96byNOVe9e/ecQMQ0dOSFYUbQDK6quQP9xQGpZaJDPEJLjwvxtOjyavcjpUanYP7/N4BeB5FWdIOxInW/BXi4mxLaOMwqhq5U/PJWTkfHB3+YAGTlugaiJinF0H/eQ4FZ75aDqsoP+1K4SsWgIjqFRwHFymbv0yL4sSpoURW0SsIZc+qhPr7QBTZWxBvxALVZSQZb3iAR8ga/LVr7hII/2SGcFlN+8V84w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=+wlYA/AxpyTsdoqvZzDmpl13uhH3XD57BMi4zVs6Keo=;
b=KfNUFOHtQPrf1QsD13FJSCJIUvud4wbcbATaH7eDMaU0SBK7PjgUWWVBcDG5SVxewaNRRT4aI/cN8ADqH6u40vWcbMggFKeTCZ7NlESWzWqpM2VuyMdLbmRV2JFPhqYwMVdw4i+UExSjgEvB9bT1gJvnNKI2jYkaVTJUnbpobibjl7sqSLdbbQP41y9FYdtWjfGZsRCC/FnqL+IdjNXwkKfv+N3Juk3v6B1Jhbd7e9y/VG5Dm1xmr8ZiBXJeIHJ8QZx0CnDLo/aDvyHfuAtxVBDNd01Yv3sdK9j3M5RLW79bD0UH8Ucbw57CXu00efRAD7KbpGSxn/ISz2JzSEn3LQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com;
dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com;
s=selector1;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=+wlYA/AxpyTsdoqvZzDmpl13uhH3XD57BMi4zVs6Keo=;
b=Obmf4wWqPfiTBMn6ph8tuJROSH4GAWkK1Jr7ZlvTy0EjSURyO6/OcBE3yFCWIXoomM4KNjPZjPHsV8UkY/+RK0QSPRy779/lz2TLLUrxV/MBw65BGedtMm6cJwoL+WTw+HoM5O0pkEHqi4eeHeC5ejOVISO2aC2cVSi9UPCUfdo=
Received: from HE1PR0701MB3050.eurprd07.prod.outlook.com (2603:10a6:3:4b::8)
by DB6PR07MB4247.eurprd07.prod.outlook.com (2603:10a6:6:51::20) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5102.16; Wed, 23 Mar
2022 12:35:18 +0000
Received: from HE1PR0701MB3050.eurprd07.prod.outlook.com
([fe80::b462:480e:b937:c62c]) by HE1PR0701MB3050.eurprd07.prod.outlook.com
([fe80::b462:480e:b937:c62c%7]) with mapi id 15.20.5102.017; Wed, 23 Mar 2022
12:35:17 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: "hrpc@irtf.org" <hrpc@irtf.org>
Thread-Topic: Some follow up from the 5G presentation today
Thread-Index: AQHYPrBhmAL6xTwfdUKPGnyCzW+IRQ==
Date: Wed, 23 Mar 2022 12:35:17 +0000
Message-ID: <HE1PR0701MB3050E2C2294DABE40ED558CE89189@HE1PR0701MB3050.eurprd07.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed)
header.d=none;dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 62780f8a-dcf4-4368-cef5-08da0cc99686
x-ms-traffictypediagnostic: DB6PR07MB4247:EE_
x-microsoft-antispam-prvs: <DB6PR07MB4247DBC6D91E5216C43AF5FE89189@DB6PR07MB4247.eurprd07.prod.outlook.com>
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: YsEqPGsd/9jZ+7Q0xF9OaoTOvsOhvgQTLH6DghV5BsGlU8A457qGwFHZnrNXcBvEoC8pUAdutbutMoHGGYO4mn986ABqvjg++onQUvGqBiU57jOcri/uyz8nmZjWL24Tx0SbGuPmj4/UcY9LnF4B8vOgpkX8kwTSwJURKkm9QIeUC/Q4Q7js9dpzmnpCRR1aVPRNfDbpY08j6hnFIDn00G48FmAUUvQIwh7cuSRyQQR3aqsLtaaIThrqz3gClvEE2flTzZQxT2uc/kZjUQhPkvFac6J81xj6UhKByMkO3pStFj6TvuKa3tXSYxcsXdJLIIhQH/sEbS8F2Zn1tqRVQuK+0PHSmNkISP/v3eoy3bWWgt8QqWxUULnCL6IxHOxqSMVpPjOAFRVEQW/Kv2tzHvYDBHivWKz08atM8H1oZo6YKskgy/G6JPioP7qNIWArqlzhkYO8YIi/a1owGx40ny2BKSnsqyuV+LzNswDOpVcXhVyY4r6pJw9walWOyiH073BSkaAlGDYwinnAk9bmCpYravGlY2J27+ZLqKxaJb+M/fiXdVqgbSGwAvKj2hBiTKJ4Sf4J+gI95In3+6VQ9CeitAPVW8dVwR17D/uKccQ03lu2Vt57i2Gef8jinGCa/jlv4AZDxyQ8SCUMAP38B4kaUPQBogDE8cZxxLGDx0uz+KOQW03ETXKOMLCzfHz8cVtiGU1lPq7cphsY0qXhs1s/YXq6CN4hWJ/qPtVar3KGgONIk8aX/qajsJc7tJActTS2dlj/aDDSgyY24EgUfM7w403h+cZGjheeBWb5zv3PcOpGPZQW2dmVJe1wVnJE7zab+YFW0OVWFnzbpzCiojYUShaSNvkEHWw0E4+Jqa7oaCmddSmzunWtEXyYO4/V
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:;
IPV:NLI; SFV:NSPM;
H:HE1PR0701MB3050.eurprd07.prod.outlook.com; PTR:; CAT:NONE;
SFS:(13230001)(4636009)(366004)(86362001)(26005)(508600001)(966005)(9686003)(66556008)(66476007)(7696005)(6506007)(55016003)(8936002)(71200400001)(2906002)(38070700005)(122000001)(186003)(82960400001)(64756008)(44832011)(66946007)(52536014)(5660300002)(83380400001)(66446008)(33656002)(6916009)(316002)(8676002)(91956017)(76116006)(38100700002)(437434003)(460985005);
DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?rTsEcb4PxG7lOepp0ApsRpJCrPjmyebEJRAVlC2AzbPwFPKxzFAAIL+FEFNQ?=
=?us-ascii?Q?1Ul1HVo6nn7rYHaEy091KSqYGtYCoyvutQghZc5RWmaSPwbyfe3LtLKfRLq5?=
=?us-ascii?Q?lA4kRQhB4JjUQBy2J2aYYeFrxeALAeR5qUlICDCRRD5qp76A4VyXF/Xwo+Dz?=
=?us-ascii?Q?0LFU15ANwBTqogHwnOK0vxy/oK2iPC/xWqdUObOq+O9xC48JnVh3rCfBCPn2?=
=?us-ascii?Q?KLJ3B8r03jjp4F2bcvvfyyvAFgTGX7CYnf13pVIAM5ir9Za+2TxKz+7uJwHo?=
=?us-ascii?Q?vHUFrfqYGWxMffi5qf/b8lmKC+EDUqbUWWA5JvdMyGL3PPMbvGk7zgF05zyt?=
=?us-ascii?Q?vQkMaEKCi1ZLLWV9YiZhq9Cmajm5FsKzTzEe7fp30489mNS5kq8sIUD+tOvU?=
=?us-ascii?Q?v+jb7Q87GIeQXrgI6YgHgO7UX5KvjkboDuxiaFSiHvNrHlchnrYbDqR9PhJX?=
=?us-ascii?Q?OHYyTtwdq1Roj9Qlsqdp+Hd3R6Eh3DQ0nb/VqeRKvy8S5W3/bAeWmw92Q87v?=
=?us-ascii?Q?YUxJO6VWHPjp4tRbbXLTO9qnJUjvSNi6OGtn/R+Rmhv9W8hDp3ofAgefqoAn?=
=?us-ascii?Q?1b8bKNrqgF5SLJGzWgsk8ZjDntoRrnFwLeu6Mj1XJ7UIHEOXK46Ll1QWAHTR?=
=?us-ascii?Q?+xR/uUMlZjZuV6x0fgDyvsiihJ7MD2RQjJC+qonECu7+o7QSJ6xdynfOrkyG?=
=?us-ascii?Q?K4ZoxtjQL0/QT2QXmeZrThm9LMRavCCNoQRJURetdwSs2gA7Lo4QBvvPD5KB?=
=?us-ascii?Q?yRoyRvJQx5l+jB9tMOW4O3ftVUb///AL0dFa09czVSz4JcYPdohU0L0jLNBu?=
=?us-ascii?Q?mn4C5x64pRG0udLjvp3Ie0Mw8IPyq+RV8w6AHqBNTteS7yE+yVmak9h3tjJk?=
=?us-ascii?Q?brb2H/oi/1HM69RvAKkyLMbp/kUcf/7lLIljhJpSo9ueO6z1PGwMLhT3EtpB?=
=?us-ascii?Q?Zlvmgewz31Tkwgyvq2evuSJ/VGcXG3MwE4dOs/EmiML047tlyYIs6vApAPaX?=
=?us-ascii?Q?k/FPPI4SD0J+zwLhjRmJ55yap8+mjBd4Qdkaf6UIr1BoSJ3p4cDSF/vR3/JC?=
=?us-ascii?Q?Pg1aN914y6Di14mTnzNJh8W7WXLQn7j52ux+3SK94Y+wWQJuDA97w0VPwlD3?=
=?us-ascii?Q?xw8wotB+it8rzQmP9Q1JUonHvBwCYApkH/YuLlKCSvTb/r4et2MhR2AzxhwT?=
=?us-ascii?Q?XGrRmUlPwmuBxUtd6EtsWGcr4oDi6YK/FPnTZeIJWb/IhzN0R792od4YHf0n?=
=?us-ascii?Q?aOoMB5PHxn6rs+vRWf86Y+3SFD99Zv8WgxZNzSLVFHF/VcxjErCO7uRUcOBX?=
=?us-ascii?Q?cxw2gbMRBjigyTz+Mj6KiK7rw0QnGaLRAl6s6RAWSb+Q4SfzqDGrIuXCUBCN?=
=?us-ascii?Q?YRMrY/8CAX1NMqRaxcX4JPhLudf4x1bdcD+a+aGaD/wyzETi5dkkbPUgvctv?=
=?us-ascii?Q?tJ3AWj3dN0rYfAiVwGdm1sJbriahbeWYae7h5E+4RUdnMvVvjmwTEUWiuJrX?=
=?us-ascii?Q?+avGgWQ9vtgCTaY=3D?=
Content-Type: multipart/alternative;
boundary="_000_HE1PR0701MB3050E2C2294DABE40ED558CE89189HE1PR0701MB3050_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: HE1PR0701MB3050.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 62780f8a-dcf4-4368-cef5-08da0cc99686
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Mar 2022 12:35:17.6442 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 1BRkExiL+StIslFAAcfDL92Kc2rEGktCi3FbWSr6h60taKB+p/TKP42Z8CBoc2PU/JzGoXvXXqWA64VZFjq/9++asCg+K3XGOcUYFO+xyhg=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB6PR07MB4247
Archived-At: <https://mailarchive.ietf.org/arch/msg/hrpc/gBxnVzqjw6TdoRoqkwZ9Kzz-ufw>
Subject: [hrpc] Some follow up from the 5G presentation today
X-BeenThere: hrpc@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: hrpc discussion list <hrpc.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/hrpc>,
<mailto:hrpc-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/hrpc/>
List-Post: <mailto:hrpc@irtf.org>
List-Help: <mailto:hrpc-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/hrpc>,
<mailto:hrpc-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Mar 2022 12:35:32 -0000
Hi, Some requested follow up from the 5G presentation today. - 3GPP TSG SA WG3 (SA3) is responsible for defining the requirements and specifying the architectures and protocols for security and privacy in 3GPP systems. SA3-LI is formally a subworking group of SA3 but functions as a separate working group with different participants. https://www.3gpp.org/specifications-groups/sa-plenary/sa3-security Here you can find specifications, work items, and meeting documents. Meeting document contains all contributions (also not approved) and meeting reports ordered by meeting. - If you are looking for the companies that objected to introduce forward secrecy in 5G-AKA, that can be found here under "New KI: Existing authentication procedure lacking the PFS property". https://www.3gpp.org/ftp/tsg_sa/WG3_Security/TSGS3_97_Reno/Report/MeetingReport__SA3_97.docx I find the lack of forward secrecy in 5G-AKA unacceptable from both a security and privacy perspective. The more this topic is highlighted and discussed, the better. - Mail achieves for all 3GPP email lists can be found here: https://list.etsi.org/scripts/wa.exe?INDEX https://list.etsi.org/scripts/wa.exe?A0=3GPP_TSG_SA_WG3 - There is unfortunately no easy way to find out which mechanisms are actually used in different mobile network. If someone want to do the work, a good start would be to check and document the use of IMSI encryption in 5G in networks around the world. (SUCI can optionally use the NULL encryption algorithm). - Regarding IETF, I think IETF needs to be better at marking everything not following best practice as "NOT RECOMMENDED" even if used by certain industries. I think there are many candidates for this is almost all areas and groups of the IETF. - As I said feel free to contact me for any discussion on mobile network security and privacy, or the use of Diffie-Hellman in general. Cheers, John
- [hrpc] Some follow up from the 5G presentation to… John Mattsson