[Iotops] Group OSCORE message sizes in -iotops-security-protocol-comparison
Marco Tiloca <marco.tiloca@ri.se> Fri, 31 March 2023 03:53 UTC
Return-Path: <marco.tiloca@ri.se>
X-Original-To: iotops@ietfa.amsl.com
Delivered-To: iotops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 02CD2C14CE44; Thu, 30 Mar 2023 20:53:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ri.se
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cNyICjQLEtgW; Thu, 30 Mar 2023 20:53:15 -0700 (PDT)
Received: from MM0P280CU005-vft-obe.outbound.protection.outlook.com (mail-swedensouthazlp170110001.outbound.protection.outlook.com [IPv6:2a01:111:f403:c203::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 523BDC14CE40; Thu, 30 Mar 2023 20:53:11 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=MTFkX80uHkmLq+TeDojdDsBuTDckEvkdPLLKWY10jVMOuDPb7YaKIpoAyNApUruXvWEH91ZULcqhpD5YpoRmEdzUVi9VBU/S0XkCe8CVaXYe7OaEVO8fmh0ENfd5unlD5GzqcHp/B5hppNyx0gYsDvotJ2Pr28yvyO9N4JFFaX3VbJVJm+efVN5SvkK20FmBCOqCk4CKTNPTmE/eE4GaoMcEJCrbMvq8EiD6nDwPWSNsFv0mx4qlBuCDKS3zZI23gyz64dQXkqmGV+RLp1FcWPQdl238ap6uzD0LOzuzYh6gAP3rB4c8EPeHJwEmzv1qPvsdv/B1nG9xR0CD45/Kfw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=fjV+Jz8zR+99iys+zq99ukiSJ2VDhExPQRdnMhyzhtE=; b=COk+FnUywsZzSYyY8OkFhFSbv1rnqU7CXZgcJWBDjUjpngn/6vhlX1oHl97uzvH7odTwXPiZzGSe98IxEi2q/4Oiton3Q35KoZcJo5xq8EthuPg1sXgBGhQ/oR0WHQtX9zgqpvlz1aj8v3k0uW6KMECuzIS+ELj35slDzmZD/28BwKFy3xOQ98eGVeYlZmPBBxWeu1B4yX06HDO7XZ5mjveC6O28VbM7nelauTXFIUdguUW0E3tKYXKCsMDQWaVl4E1uGpFNVsWf5d9Kap3gUSXp1KuM2B+iDeEqGLVf2yvHhyvHpkYwLVSeVz/+xXwo6EbRphB7Tm5n/7zbsnCw3g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ri.se; dmarc=pass action=none header.from=ri.se; dkim=pass header.d=ri.se; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ri.se; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=fjV+Jz8zR+99iys+zq99ukiSJ2VDhExPQRdnMhyzhtE=; b=QYq8Fr87w9gc+dx6kCr6wQyJx7WnIqqb6ECdYSJSqnac7EZb7IXvmF/DdqMzUBwi93boXKPUXoNSRksu6eLSMhZuZNPR4OpEzTR8aL4K0A99PzsCQ4kvzJYWO3leKCgo0Ty0dhUzT9n0DSaeS7CwEKI/zSKkWPrli3s5FUp3+zQ=
Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ri.se;
Received: from GVYP280MB0464.SWEP280.PROD.OUTLOOK.COM (2603:10a6:150:37::17) by MM0P280MB0118.SWEP280.PROD.OUTLOOK.COM (2603:10a6:190:d::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6254.23; Fri, 31 Mar 2023 03:53:06 +0000
Received: from GVYP280MB0464.SWEP280.PROD.OUTLOOK.COM ([fe80::5435:d7bc:5f10:99df]) by GVYP280MB0464.SWEP280.PROD.OUTLOOK.COM ([fe80::5435:d7bc:5f10:99df%8]) with mapi id 15.20.6254.023; Fri, 31 Mar 2023 03:53:06 +0000
Message-ID: <d6bb4c40-9bf5-cc3f-75a6-be8492f3bebe@ri.se>
Date: Fri, 31 Mar 2023 12:52:49 +0900
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.9.0
Content-Language: en-US
To: draft-ietf-iotops-security-protocol-comparison@ietf.org
Cc: iotops@ietf.org
From: Marco Tiloca <marco.tiloca@ri.se>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="------------YJ1JdRC6GC80IQzXps4OR02x"
X-ClientProxiedBy: TYCP286CA0004.JPNP286.PROD.OUTLOOK.COM (2603:1096:400:26c::13) To GVYP280MB0464.SWEP280.PROD.OUTLOOK.COM (2603:10a6:150:37::17)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: GVYP280MB0464:EE_|MM0P280MB0118:EE_
X-MS-Office365-Filtering-Correlation-Id: 472d0b51-5804-4000-4188-08db319b6fb1
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: jhuBpFxULEQlCDGEFlM+Zh0rhV9HG91EAVMXE+hbciHV5WsbqrO25rJGxWbogpj/f0a2h4h960DJcGMuMeESLcvaIBwPt582/U7rqsm4/1BymU9cD+AXlKNmg9jM/F3Ubz0Q2t3mRoRFNHZTG4pO+vT8MSLAYfqZPmOssmgEBog6k+ILb9gQDkgmmTZ1cBjG5CyugJg3TZtezSvmd73r2fIYr1CC0gC+490lmmTZNOxadyoi138SFE6hJWAJGLIoTsd6aR9CuNwCvGJw8Q00q5iu7eEYjTHtd7+2o5CGD1mKUGY307srP0Nw6dJaIlfVkf2mp++fCXZwePefeulkk7M56ITLuhaeFW2XwKZNrElxMtike3RO+Gtrt21nYPnKmxTLKOfG579Bob/My3uvdKcG9RIlnUVg6dYY81aH1l3K3MMwSMfiez4zjdE0YWIVYmLntvzUNkY063UlZ7fAPdngOtzVFDp0fWEjutGAM4vbQuDlecgf4WfK7Z1sEXmuxJpox8kfg8s4o7lMfGL+Nz/AeEm4gi+vjRP4xUEucTrJ6vAdOf5CAkV5q8ZbaPOlkvekZ/uw3/Du8RroQQ8Cxf/8KYWVr0XR5G+mH+o8HwwEodVNqSimT7yG5zuBalL7Syp+XbGjUL5w0uaf4BSF4Q==
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:GVYP280MB0464.SWEP280.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230028)(4636009)(346002)(376002)(396003)(366004)(136003)(39860400002)(451199021)(450100002)(186003)(21480400003)(6666004)(33964004)(6512007)(6506007)(83380400001)(26005)(41300700001)(2616005)(478600001)(66556008)(66476007)(66946007)(316002)(4326008)(6486002)(6916009)(8676002)(966005)(38100700002)(2906002)(166002)(36756003)(86362001)(31696002)(235185007)(5660300002)(8936002)(15650500001)(44832011)(31686004)(45980500001)(43740500002); DIR:OUT; SFP:1101;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: tcGW5Dz+0cumOwAgiBWeJqZ7JDoCu5hUTSGtquYKCk4T1BTmYKX8dunif04bAA8hxnjCv0lFWGdVwrdFVrHMoCAVIXFK5rTE8IOnlOZ3VeT9aHMa6FYdzl7vqSK0wtMYyFsIv9w0fGby7WPY/ZB9sVgp15HWsWicXHCdyX7eepWvGY7a9YpPZyuDSDN6vPag8VzOqExGTujk+d7LF+WTku0vqZPsPAqrmW+qriS+jRG+wQrrxrh/0/HJau5tdLCh5J3OurL81SJ/aIRC0lmPIQP+RR4cSCHIrlcHTP4ggXePRWRGmf73A8TupIBU+N8EPgpmLVLsSaBhGrPnabLw6qjOQzDiJD7xtqbDZynclAIVgQ7vUcVbNM6a6fsCWiRh5a6A8QG3DLJ06cZsTBoLc8frOI30wOelK8wTP4QkZbMipiB5PvnN771phpyk6PAwT1c6u8Ob5E097K+9a25D4KSCuShCtoelKXnF7X0wv2HOXfRraTnvPGy7KsbDnVDmLraWcPK0S6ED9b41J07jaWPctqWrOYitIkEUX/SjW2pLphad3nJMt477BoL6W5vNUQLqPGYWznV5Ta6gwRat22AoE6Mr0FOoQYspbQN5UakzJeWhOMI41qpB7w+za7/j2GkacGRV4thLrQ0X10OblAISydqQcee3zgwactMMPNCijnTzzDtIYpJG/9riIY2zMFB9m2tiiAAFMuLq0wb4o1L2bdKFjZkN0Bls1GQqJyCCrqwvjctvKh4j2ssI4jkLBljvnZllcvcvfZIFredhK6d7jBlHsC1TQ098SXuGkc7F2pyzy3IVHR1+XoHKHadjBmLZYdd9E290DAKwaqorzc1RsvBRKpp8bn1ARmesLTGl4BRgBw1HjVn9lgEXKfGwU7hy3NDk+oFnhsaWq5SQuCHRp0Y88rFO2xIVLwsTeWG8YFfJk1oIWTWY4BaMNQ8BibD+9a9NETeDrf+T8ciNXLI+JX8UfktK6DA7T5gMdhFxunWFLWpSnTxuJfnhcyiHb/ZoxAZrvQ5RBRDhULQsPIR8gNZVQYQHifX5ODxMPpY/8pkh4VmNLiJtCmSITFh5AdzcfOJKSp9VNTukBREydWkOE5fKQyAcr2XCcrGSMlbNV2nRzl/2jU9BFGdsYf1TRqrqYqyx/YsOEZw0DCmDgx03o3vZNG+ILRgIpUy+qsOUvNacwxUdqGI1mRe7vxjxgvDjZ88uF3ixMKM1ie5yCckCe2ePbac+4elmB/N5EjC7yd9OTQaNDDmts/VMvHZOeCJmggSn4RewkypOUO7FShK7t7cDO/s7rq9Rj8CJz0gH+a/+ogX1EE+KhHUqpgH2Cdr4sU8mXw73JB3FWdqp1yNVr2fp7rUdSz2S5MaADkYwD9CUJ7cjrmQbzpe31aRGKNlX8Nzz1vbFuIH8JofZYWmss5yQ2GFTbNTP6Jg4o+1ZzB1OhZEzYb8AKfuHxebxTk0Fz34iAFfd9K6QWVA3RTcdTWa2kbyP7oiswzsfWy75zuTMNis0xSrN7qh6zHqEqtwggj/x1ZFUv0W376WQW2ueAJkrV7BexyWr8Xo2fM+HNhRGBl9RYOR3tQsHt56t
X-OriginatorOrg: ri.se
X-MS-Exchange-CrossTenant-Network-Message-Id: 472d0b51-5804-4000-4188-08db319b6fb1
X-MS-Exchange-CrossTenant-AuthSource: GVYP280MB0464.SWEP280.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 31 Mar 2023 03:53:06.7816 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 5a9809cf-0bcb-413a-838a-09ecc40cc9e8
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: vn5xAxz2zbr07NPMaZXaybvYIp1ls1mRn3guqWdH8uuglWtWLhsZEojMHqlXhRdFnP1dTWfgepn+jdBtlOCIow==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MM0P280MB0118
Archived-At: <https://mailarchive.ietf.org/arch/msg/iotops/fxwOWBGTFb6pDzttkyYgGuLhdn8>
Subject: [Iotops] Group OSCORE message sizes in -iotops-security-protocol-comparison
X-BeenThere: iotops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IOT Operations <iotops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/iotops>, <mailto:iotops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/iotops/>
List-Post: <mailto:iotops@ietf.org>
List-Help: <mailto:iotops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/iotops>, <mailto:iotops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 31 Mar 2023 03:53:20 -0000
Hello authors of -security-protocol-comparison, hello IOTOPS, Just relaying to the list my comment from the session at IETF 116. With reference to slide 6 of [1] showing Table 6 from [2], I think that the overhead shown in the last row for "Group OSCORE pairwise response" should be lower than what is in the current triple (11, 13, 14). As per [3]: "The value of the 'kid' parameter in the 'unprotected' field of response messages MUST be set to the Sender ID of the endpoint transmitting the message, if the request was protected in group mode. That is, unlike in [RFC8613], the 'kid' parameter is always present in responses to a request that was protected in group mode." Since you are considering a request protected in pairwise mode, the response (irrespective of the mode use to protect it) is not required to include the server's Sender ID. Then you would have a overhead triple (11, 11, 11), i.e. the Sender ID size does not play a role in the response overhead. These are details that are admittedly worth clarifying in the text below the comparison tables. Best, /Marco P.S. Even if the Sender ID was included in the response, I would have expected the triple to be (11, 12, 13) rather than (11, 13, 14), as considering a Sender ID of 0, 1 and 2 bytes, respectively. [1] https://datatracker.ietf.org/meeting/116/materials/slides-116-iotops-comparison-of-coap-security-protocols-00.pdf [2] https://datatracker.ietf.org/doc/html/draft-ietf-iotops-security-protocol-comparison-00#figure-6 [3] https://datatracker.ietf.org/doc/html/draft-ietf-core-oscore-groupcomm-17#section-4.2 -- Marco Tiloca Ph.D., Senior Researcher Phone: +46 (0)70 60 46 501 RISE Research Institutes of Sweden AB Box 1263 164 29 Kista (Sweden) Division: Digital Systems Department: Computer Science Unit: Cybersecurity https://www.ri.se
- [Iotops] Group OSCORE message sizes in -iotops-se… Marco Tiloca
- Re: [Iotops] Group OSCORE message sizes in -iotop… John Mattsson
- Re: [Iotops] Group OSCORE message sizes in -iotop… Marco Tiloca