Re: [Iotops] Group OSCORE message sizes in -iotops-security-protocol-comparison

Marco Tiloca <marco.tiloca@ri.se> Tue, 11 April 2023 14:33 UTC

Return-Path: <marco.tiloca@ri.se>
X-Original-To: iotops@ietfa.amsl.com
Delivered-To: iotops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0E602C1522D9 for <iotops@ietfa.amsl.com>; Tue, 11 Apr 2023 07:33:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ri.se
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vhOeUZmpzljj for <iotops@ietfa.amsl.com>; Tue, 11 Apr 2023 07:33:40 -0700 (PDT)
Received: from MM0P280CU005.outbound.protection.outlook.com (mail-swedensouthazlp170110001.outbound.protection.outlook.com [IPv6:2a01:111:f403:c203::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EE7F0C14EB1E for <iotops@ietf.org>; Tue, 11 Apr 2023 07:33:39 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Zm1IWvgD0NEoyoPkNT9N5Df5YBCABtbg1M9W5tRN1vAg4J49sG/8gCz6lCEPu6wTRmosQRUERZkLzMGHOQRyhKBT4JG8YN6P2t/0Booqaqy+waaFcs7l7jOej3ZlWlHe51ilEZXdqOmxKNGHxekIqxzkx7a/6KM+7YDJNXJFWfBwJ98rPus+uqEy5e8j3qz6999/4BkmbdVVS6+0VrHKg/39W178/VRKklvXx3LKYehwv82zmSy8K+0aJXA04U4iml2da5KR+DqOTbiis7OEzE1jk6bKHlb6UH6Xc8IWkbMlPMOU84+lcY0+R7y0SO2gymHLDeZPZOIxE32ljwlvfA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=0TcUxBbkghhpIBdPxVglu037iaxKYBMRihX3pTaXFrI=; b=AD74SuyoNB3KOMlRtmKK9YEh0MwK1aVAzd9zyL6Ur0Eq5m1rOBnpysLKMDtW7FFVfvjxcsdzeZGhcHrQpjUlmJBRX02Gbmytf/iP3nwWYwqys3CjsOGTSjnwCx4tk26bRkKT0U9JdttzSAyNEXGEA5CoaGpPx47qQpFupfDMw9TXvqPXWoYiHdxsTlbDWN9RzRgmAmGtP/xIZuUS/3O80eDqikBX8/31mEzK6QTpxCOiXy0hoaMekyZ9CYDvvo0lNpZBYNax4EBbl7gfKoO+BmHcbOjTIp2EyGnKKXj/1a8d4K0XS0hDLDXyEFf/4lGgSxzfpu3bLSOzulKA6RlOhg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ri.se; dmarc=pass action=none header.from=ri.se; dkim=pass header.d=ri.se; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ri.se; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=0TcUxBbkghhpIBdPxVglu037iaxKYBMRihX3pTaXFrI=; b=PW7qbjtLGlWX0dRMYfg7YR0R8V/Mh9OBLF8iCrcwAxhC6V2BR6MuPLn3DBw7pYB2Frw1ZiZsMJlk5HX60ouLhxXRmJYuHVHSdeF/5Wk8M3SyAnLwY3znL4zx8eyQkHHQtrbq8HG6wz+Ta0cp15rgwymrR8NZyJi/1vf7fXBeFLI=
Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ri.se;
Received: from GVZP280MB0459.SWEP280.PROD.OUTLOOK.COM (2603:10a6:150:47::17) by GVZP280MB0236.SWEP280.PROD.OUTLOOK.COM (2603:10a6:150:46::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6277.38; Tue, 11 Apr 2023 14:33:35 +0000
Received: from GVZP280MB0459.SWEP280.PROD.OUTLOOK.COM ([fe80::3419:d3ca:2152:6500]) by GVZP280MB0459.SWEP280.PROD.OUTLOOK.COM ([fe80::3419:d3ca:2152:6500%7]) with mapi id 15.20.6277.038; Tue, 11 Apr 2023 14:33:35 +0000
Message-ID: <25f26141-df9c-b3a1-1208-16253e2905a1@ri.se>
Date: Tue, 11 Apr 2023 16:33:34 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.9.0
Content-Language: en-US
To: John Mattsson <john.mattsson=40ericsson.com@dmarc.ietf.org>, "iotops@ietf.org" <iotops@ietf.org>
References: <GVXPR07MB9678B5C08A89334610BD490589969@GVXPR07MB9678.eurprd07.prod.outlook.com>
From: Marco Tiloca <marco.tiloca@ri.se>
In-Reply-To: <GVXPR07MB9678B5C08A89334610BD490589969@GVXPR07MB9678.eurprd07.prod.outlook.com>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="------------sR40JPeYQJ9C4fWdF0uFNGKv"
X-ClientProxiedBy: GVX0EPF000013DA.SWEP280.PROD.OUTLOOK.COM (2603:10a6:144:1::12) To GVZP280MB0459.SWEP280.PROD.OUTLOOK.COM (2603:10a6:150:47::17)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: GVZP280MB0459:EE_|GVZP280MB0236:EE_
X-MS-Office365-Filtering-Correlation-Id: 5457526f-4441-412b-d606-08db3a99bb7e
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: qB9x9i948mrg6dpj0p81CSHKTdpHa1QiaOZvk4zH7cZI5GnESc+jSIMYFp4+CWG9mcoKieg0lWyV0dhcfgbiunP+BW4e8M4ZG40rP5QuprWthr53rR/9mtaibnSOr87oVNYE4bFwmmY2RL3b1twPmmFCJJBJptrpUtnHSGVIRF+HkvNB+Pey9glqKIJtuEEHjNjUGfj+RZ8XnEjQT21mPVbTX7kjWWRpgbRh7aEjgH46hg1D0KzJG4syDYVNvulKtKcsTtMGoXjRVkvt19GKfls/OaXlPs97eE5XeJfhBx5XSrNnDd07W82o+mMhuigM+3gxZf1Zw++KEPbkx/bXQ+0H0j5lta59ZuXle0LWISCG8stcbl05h9mqJC0Hs6/9c3s8B2GeD3rcnGXBrofgNTuuiCaUDFDCoFVTPwoLEFEEL69Fw3djb/1tG4GOwb48edhc+BdupS4s/8ECNLvfluFvez1URa/jYXj50LyRUXf2nhO2cCyd9w28rY1H9FhMYlAcO/56H+B2sVmiwg9gS0kipn0PyaTqEfPV2fnVN0PndMa96oi7e5QtxhFlmQZC8Pr6D8I3NUPhh34QcH698YGdfrFL1mM63spdwYzopRzKHUtnE4oWqTdcIYVT6R2x
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:GVZP280MB0459.SWEP280.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230028)(4636009)(396003)(366004)(136003)(346002)(39860400002)(376002)(451199021)(41300700001)(478600001)(45080400002)(31696002)(86362001)(31686004)(316002)(8676002)(66946007)(66556008)(110136005)(66476007)(8936002)(966005)(6486002)(5660300002)(235185007)(166002)(44832011)(2616005)(21480400003)(186003)(36756003)(38100700002)(26005)(53546011)(6506007)(33964004)(6512007)(83380400001)(2906002)(15650500001)(45980500001)(43740500002); DIR:OUT; SFP:1101;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: DJmN6Ylltro14xqZqnD0DBJxTpwbfR44r23DSudegU6qUMAj312teq8W1bVixp1deJjDK9Ss63TcYSWqc+UN3zlsMzXCngsJoFF51D3ZikqeGQYKXfM3LI/ifZjhGablSb83yrK/IQNLjQeQTVdeCqYheiOH+SXlxLMCIyLmrJWnz2NR1sDTW7xU/FxoX06zZKdR6GqdR0UeMb+9AQ7Zi+mOWZjAjDJy2jFadH+1x49eJH6YNdx2a8cj5/zuD449NQG+SD3ZxoM2RBimDVxqtHuaN7+wsEHFmZeW/PTNqT/C25Kw2qR6C8xO0FgLcUnn2osdEjaxLarf2IxSSWq4fPdID3e1GSATfHjdckfLfGPvafFAKmSwE+gy0FdX5cJPznhyPKm5QrUwlq6Tc+8zTaoDnM+8QByyUlUL2jJGHa09IDkv1pkFpFNOxYH5iPsz6qhkAJyi6AQvg75VE6eMlxj8o9GAVSGGKPscsboTF6a++Z48tnmLuKNZ2ENU0/4Zlae0Nh7J0EFZmK5pqD6KES8OqMMDRdXGOf212CUKU3/3IUR3BUU8vF0vO4m7Q1CJ9Yj8nR+R3O5T8Mvl7x40AdpfjwKccP1HwmYycTE9AWgoseTSQ1Nz/hO6rYN2ZLFL7b/GT8Nza6Z4wh7fm13Ko0gSh9Bc5tv2rJaFW13tDeWwQ+PUgE2yYB9KpxslMq3eIUM39Iy1DuNI5HoV77aRnzPX1CrxBF+zmdZafmMeVA/j0/DMMgsPjQvhmb7ZM8ASY60RrTNk2Gt5+0mO2VPvB+txfShaIKrxyf1AFLDpNk5vPNZ4BxQAHB0zLEyHYGOaXzjeq5Fi2xqGnn/ktVA+VTrqIucTY+o0RoLyfIC++YCY9XH8e5glR1NqCe8JunYINJU5DROWKMn4zcRP9C+RfSLwlF5LBRJ0at/dzWnOTAeYddBN90JjNssab5apoflsG7cyucmp4GEKKfPDrPnNnizxvU6xBw2xGkSh0eG6/Y/iKU2JOpCV3QfK7cT+MaxJQuWacuZdT56JQYtygPVoPtNLxdUr/x9wpaUHF33ZQemjTgPKNo7zl7491GOv5ObOOw0elmDVbpFBYvCrtZb3oPQNMPLgym4iip15Wcbw6IbESCG/7Kkt80iqlerdqb6YV9Voh/LhrcIRoDRQpFwbb1cC/cvNI21LUuezZhimtgJAdRe9DjPbERNOercqVEVILA4QRluDBSTNhh7sfSc97pyhUCd3Ee8kvXbxJpIXD/8QVcXAIeuAKQeywIZU++jFeQXHI41kcZA2EweRdq9xisWfvg1BpsT5OtITRYClkj+sa8BnDwcYAFnIihQ9eEpqQzWAaGN3ZUNx0+9sIEG9YqTqoaZiEoi/YnBG8lQY+/Txv7snbALt/RjSJ3UWjwpCg4Q0ocSeuXOL0S8et7cf44141DBTPm+Jpf3KLsYduTl/YmxDvGQt4uZyZEsz+HSHraqF6Y1Qv/GAhqvqndzPtSWWI5+P9S0vot+0u//FcFHc3jjd91WSXZiuLvSg5Qb3VD0XseKQsccgc/I5jh62tcD4s0W1wsIIajYANsIeZttndUGjEqbLnmdvKy+CywaX
X-OriginatorOrg: ri.se
X-MS-Exchange-CrossTenant-Network-Message-Id: 5457526f-4441-412b-d606-08db3a99bb7e
X-MS-Exchange-CrossTenant-AuthSource: GVZP280MB0459.SWEP280.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 Apr 2023 14:33:35.4749 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 5a9809cf-0bcb-413a-838a-09ecc40cc9e8
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: eazNKSoDZb6Bhth4jtnpqzZJLsi75oHblNv90d2Qg4D31/+3RLsmnnHpngKfFJELxf1tzTREa2SKaLb3F2tPKg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: GVZP280MB0236
Archived-At: <https://mailarchive.ietf.org/arch/msg/iotops/hD908ZL_ycHx-bFxlFsfTe7eEA0>
Subject: Re: [Iotops] Group OSCORE message sizes in -iotops-security-protocol-comparison
X-BeenThere: iotops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IOT Operations <iotops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/iotops>, <mailto:iotops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/iotops/>
List-Post: <mailto:iotops@ietf.org>
List-Help: <mailto:iotops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/iotops>, <mailto:iotops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Apr 2023 14:33:45 -0000

Hi John,

On 2023-04-07 17:05, John Mattsson wrote:
> Marco wrote: >Then you would have a overhead triple (11, 11, 11), i.e. 
> the Sender ID size does not play a role in theresponse overhead.
>
> Thanks Marco, fixed in -01
>

==>MT
Thanks!
<==

>
> Are the following values for I-D.ietf-core-oscore-edhoc correct?
> “EDHOC is typically sent over CoAP which would add 4 bytes to flight 
> #1 and #2 and 5 or 20 bytes to flight #3 depending on if OSCORE is 
> used [I-D.ietf-core-oscore-edhoc].”
>

==>MT
I think this can be expanded as follows.

You are assuming that:
- The CoAP token has a length of 0 bytes
- The CoAP Content-Format is not specified in the EDHOC messages
- EDHOC is run with the forward message flow

We should also assume that:
- The used connection identifiers (at least C_R) is one of the 49 
identifiers whose encoding on the wire is 1 byte in size
- The URI Path of the EDHOC resource at the CoAP server is, e.g., 
"edhoc". This admittedly deviates from the most expected 
".well-known/edhoc" but it still gives an (adjustable) fair idea.

That said, the following should be the additional overhead due to CoAP 
used as transport.

* For EDHOC message_1

--- CoAP header: 4 bytes
--- CoAP token: 0 bytes
--- URI-Path option with value "edhoc": 6 bytes
--- Payload marker 0xff: 1 byte
--- Dummy connection identifier "true": 1 byte

Total: 12 bytes


* For EDHOC message_2

--- CoAP header: 4 bytes
--- CoAP token: 0 bytes
--- Payload marker 0xff: 1 byte

Total: 5 bytes


* For EDHOC message_3 without the combined request

--- CoAP header: 4 bytes
--- CoAP token: 0 bytes
--- URI-Path option with value "edhoc": 6 bytes
--- Payload marker 0xff: 1 byte
--- Connection identifier C_R (wire encoding): 1 byte

Total: 12 bytes


* For EDHOC message_3 without the EDHOC + OSCORE combined request

All the overhead contributions from the previous case is gone. That is:

--- There is no message transporting only EDHOC message_3 anymore. You 
just take advantage of what the EDHOC + OSCORE combined request does. 
This removes the CoAP header, CoAP token, URI-Path option and payload 
marker counted above when EDHOC message_3 is sent as a separate message.
--- You also lose the connection identifier C_R, since this is anyway 
already specified in the 'kid' of the OSCORE option of the combined request.

However, you do have the 1-byte overhead due to the EDHOC option in the 
EDHOC + OSCORE combined request.

Hence, the total overhead due to CoAP transporting EDHOC message_3 when 
using the EDHOC + OSCORE combined request is 1 byte.
<==


==>MT
Also, please replace the reference to draft-tiloca-lpwan-8824-update 
with a reference to draft-tiloca-schc-8824-update, as recently resubmitted.

Best,
/Marco
<==

>
> Cheers,
>
> John
>
>

-- 
Marco Tiloca
Ph.D., Senior Researcher

Phone: +46 (0)70 60 46 501

RISE Research Institutes of Sweden AB
Box 1263
164 29 Kista (Sweden)

Division: Digital Systems
Department: Computer Science
Unit: Cybersecurity

https://www.ri.se