[Lake] FW: New Version Notification for draft-ietf-lake-edhoc-09.txt

Göran Selander <goran.selander@ericsson.com> Mon, 23 August 2021 13:39 UTC

Return-Path: <goran.selander@ericsson.com>
X-Original-To: lake@ietfa.amsl.com
Delivered-To: lake@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BBD143A18AE for <lake@ietfa.amsl.com>; Mon, 23 Aug 2021 06:39:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.553
X-Spam-Level:
X-Spam-Status: No, score=-2.553 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.452, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UZrJZrAm-Igv for <lake@ietfa.amsl.com>; Mon, 23 Aug 2021 06:39:47 -0700 (PDT)
Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05on2079.outbound.protection.outlook.com [40.107.20.79]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BD0CE3A18B7 for <lake@ietf.org>; Mon, 23 Aug 2021 06:39:47 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=M+DExLcKXSCupK/Xm5r1Yoyt3y0vIMI2KBJq+ejKbS2dcTrPgxOceHMNOyK6TJ5DNWfcR81D62c5PKocuN2HrVB/kT+iab3f8xEu606L5zD4/KDf7OVcPRSFEmuR5cK0uj5TAjABB0yRA7jIJMcI4V0NvjqSkAl1gF/mBX/WiQyi2Rvtnw7a/dj2YbiM4gntabfEw++8xmF5I6lCXPeQzJDYx0PbyLKTJpZU2VQF5xpC0fiP8r67XKWKW8jBwFdfEwb+Wc1XAOF2ec/hRS3CFi6ow1M1Sb0nvjAL3zxUYaRV4EjLvKvM62QQ/DjEEhlx2M9CSIV80RyEdXN2NDbM3A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=D+8aQzfik68YlFuRjng2LEzeu1I0JUV8GXHNs+RAxWY=; b=RDOfkD4ddDwcr5cjklqKSW16jmwLAER8gJD2HseNKgz8CsvH8QYZZqjwjUmy+Zpl+aTnR+ktGXcQEE1H2vfxvN3i7BUys3iXBFQbiKEkf/S7MzUayls6rYczvXHZggc08Ez0isc466sWw5LqTKOoUIHNDCYKeM+jS35FPLTFUWmwL2ZJpQ3bCBfqv8tU694MBA1GXyQcjQ9POP0UOx+DMAURKa6Qh6i9VurutJRD8c4iMvN1FXyorg3ZUXtfwWr+OURcu0SoNx2bEeu53s1WDzOVm1AW3lnkv+C5Ik46hyQ4PHlP42gjrrrHM9I2fbzaIz1AeIqgsIitXsWpPg7RdQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=D+8aQzfik68YlFuRjng2LEzeu1I0JUV8GXHNs+RAxWY=; b=SoQBh2ZN6Ktvy3dwpuUvC0tDMLP2FyMLgM47cNx98ZKSoMepCaIRMEJ3zTZyoZXG8cxdT1e0B5icqO9Shn17RnRQePyM56IBBl95Je2AMg/Qz7IdG10uyT0yq0kzjeaoPx3uvVsb6gfvWfsjECPkLRhJtcgpL24LKOBEkVpsygw=
Received: from HE1PR07MB3500.eurprd07.prod.outlook.com (2603:10a6:7:31::20) by HE1PR0701MB2331.eurprd07.prod.outlook.com (2603:10a6:3:73::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4457.8; Mon, 23 Aug 2021 13:39:44 +0000
Received: from HE1PR07MB3500.eurprd07.prod.outlook.com ([fe80::a141:8e66:ce19:813d]) by HE1PR07MB3500.eurprd07.prod.outlook.com ([fe80::a141:8e66:ce19:813d%7]) with mapi id 15.20.4457.012; Mon, 23 Aug 2021 13:39:44 +0000
From: =?utf-8?B?R8O2cmFuIFNlbGFuZGVy?= <goran.selander@ericsson.com>
To: "lake@ietf.org" <lake@ietf.org>
Thread-Topic: New Version Notification for draft-ietf-lake-edhoc-09.txt
Thread-Index: AQHXmByVkCkgCJXKpE2MWULjgHLA16uBOfcA
Date: Mon, 23 Aug 2021 13:39:44 +0000
Message-ID: <EE5CA284-CBE3-467E-961D-33451CCC9FFB@ericsson.com>
References: <4fb4dc84-2bd4-4525-89ee-585ad5362cb0@AM5EUR02FT027.eop-EUR02.prod.protection.outlook.com>
In-Reply-To: <4fb4dc84-2bd4-4525-89ee-585ad5362cb0@AM5EUR02FT027.eop-EUR02.prod.protection.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.52.21080801
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 463b6dae-4560-425c-907e-08d9663b77b4
x-ms-traffictypediagnostic: HE1PR0701MB2331:
x-microsoft-antispam-prvs: <HE1PR0701MB2331A6A3F7E39D036A84EADAF4C49@HE1PR0701MB2331.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: =?utf-8?B?RE11NnI5K0lNRlpLQm9pVVIvRXNtbVBad3N1YkxKVjlFQ2dQd0xvKy9vOVla?= =?utf-8?B?MnJONDBaamxqNVFESERvZkJxVVBQaXFZaFI3Y1h5MDNpWVlSNTIxdGdBWjB2?= =?utf-8?B?VktabWhrbmhXL1FYZTFLL2lvUWpRMUEwTHJwdnpHSW9CRERxS1lEM0VKbjJ4?= =?utf-8?B?ZmR0d0ttdk1jNTdYMWJMNUVmelhoaWhZTmNjVHJadmdkMlg4aDZ2Uk5BOHVt?= =?utf-8?B?SDBsSkVpNDczcDBSNFVUeXhBNE1IVmFXM3B2NDZNWWhLYktYYS9IbUNJVXI0?= =?utf-8?B?RW1teHFydmdMeHVnNU5aK3lROWc1UklGa0FmdkNNWS9mVTRJNklkc1AwWUpJ?= =?utf-8?B?bzRJTmZtV1NBeUt3ZCtYeC9EZ240TTRUV0FhWkorVmQzNVU0VVdtMzVjN2Va?= =?utf-8?B?SGJJbXFCa1k5dnAyaDVINlpOcTB4WXdnUUVncytsWDIxU2Zzam1VYTVUK3JQ?= =?utf-8?B?VTNBYzhJTXY2TUVCOWhxTFdnbkZjaDI0YmhYVGFsRnVib0dHSkd5Kzk1cjVo?= =?utf-8?B?L09ldWhpWWZ6cEdwaEJpU29Xcm1TNVF2RnNqK1plMURIbldEVVQxU3UzNU9L?= =?utf-8?B?WExWOWdoSDNvb3J2V2RwNVVmTmpiWFpWQTBnaTIvVVlzUEFHeVZjekcxa01T?= =?utf-8?B?OXhYMi82b29ueEZwVjRTc1NFV2poaVY0TTBCbEdpTXVZdmRUZ3B2Tzdubjg5?= =?utf-8?B?QS9EMXdLR1RpS0p0cmFYam5HQ1I0Ujh4NjlVeXZIeXlvRXRMQURJNW1mcGFj?= =?utf-8?B?ZGp1bnVsdXhmUW45RFg2L3IxTnBVU2RvSjNRcVRuZHpZZkdqczc5ZVN3SXND?= =?utf-8?B?VE9EZGZBOWQ3cnBuVFhidjFmeUQzeGt2M3hTSGtmQ0QzclFvbFJhM0NkNTZz?= =?utf-8?B?MExoNG1EanRIejc4UnFWMVhRVTBld05zS05Qc2RVdmhKU3hwQVpENHJJOEFW?= =?utf-8?B?OGY4MFcxMmFqNzM0UEhaNGdNenNtdkcremV1NGQvakpJVjIvNWN2bFNSSEVm?= =?utf-8?B?SnZRSGhDV1gvMENxYkxGUFpJbDVVSmtlYVdhN1ovcVF6TSs1NEFUWVN5UmY1?= =?utf-8?B?NHBEWlBlTlp2L1JMejV0RldOd2hCemNtL0FyU1FLeEZFdDFkT0tkbExaaU9t?= =?utf-8?B?R1ZLMy8xRFNTWU82RFBnRDJVNWJMeW81N0FjclNkUkpsSnQzQkZlUDRHbWJZ?= =?utf-8?B?Z0VLZmwzMDRodlcwMkcyQjZ1NnEvTEI1ODVFclkrU1dIcHRHZlJZc0Irc0Rj?= =?utf-8?B?dkw0SWNaTWVaKzBHUzd3aE5yeGdPUHpPN0c0OVhTeldtWjJodz09?=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:HE1PR07MB3500.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(71200400001)(316002)(6916009)(85202003)(6512007)(33656002)(83380400001)(122000001)(38100700002)(5660300002)(6506007)(38070700005)(186003)(15650500001)(86362001)(66556008)(8676002)(8936002)(66946007)(66476007)(76116006)(66446008)(6486002)(64756008)(66574015)(2906002)(26005)(2616005)(508600001)(966005)(36756003)(85182001)(45980500001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?utf-8?B?YU5HcGQxZGVKSmVMMjhsVjV6bUNDaVFkclk3MkplbllVeklNSVdha0JEUHhB?= =?utf-8?B?SmM2dFYzWVUyMmVONXEyeHErdi9WZDV6T1hzRGFVYUFkM2F5RkczVVFxc1RM?= =?utf-8?B?VmREblVMK3VtRTU5amYzNlJjYWxhQkw0dit5WFNkT1ZGK2tBVzIzRmV4M2hn?= =?utf-8?B?bmhmaERTb2NFWTUwclUybENzRm9RVmx6dmxQNzd2bzFIM1RWb1IwTWQvK29Z?= =?utf-8?B?dzNBL21nWGF1NE15S0tPMUNwWVFZeS9zK1NFOUd3bTA4VGJ1RTk2WElYeUw1?= =?utf-8?B?OVlaeFpyYm9hd08wTFcxSVBFc0JDYzhWMkRRRzN2WUY3ZnZVbks4Q3ZXM2hV?= =?utf-8?B?QWVMWmgxdkh6Mm8vOXBrSFlaK2RLTnJ6N05RelJ1MUZjazZwMHRUaTU4cEhl?= =?utf-8?B?YVlmbzFkUmN4WEJNTFZZQ1drTzBZVHlVRmlVWkpYNnpsa2RiQXBqbTNzcVJK?= =?utf-8?B?citYNStSNnBWZFZMRHNvT2Rad0g0dis4QUtGcDB0VEZ3d3NhRzJMc1RJYzVC?= =?utf-8?B?QTk2L3RJaU1xMU1KUlk0RnI2N1pMM2FOK1BwWWZ2THhjTUMybUYvMlFJZXFh?= =?utf-8?B?R3U4dW5ObEZndE9vYTFtVk90OXZiZVlBRU9MQXZxWXhvTEl0cHBBRS9SUWZW?= =?utf-8?B?TE5MVDc0QmRKNm1rak9xTzRaZnhvcnpQalBKWFV6aUJ5NWhXOWMvYUEvQ0Qw?= =?utf-8?B?c09mdkNiYTdBWnA5b2hlcUdHKytCZklCQ2lGZ1YzMlNaUExkcFlNMFBpVTM5?= =?utf-8?B?WGxPWnowZzl3ckVBMmIycFQxVUZsWkRQTGdnRFhCMXdwMUhGZ25NbnVIaWJm?= =?utf-8?B?aHVubU83bUgwbnFiWEIzczR3czhPdnZnKzc2NCtodEhNcjZ0elNNSlVIZ29x?= =?utf-8?B?ODBKTUdGY0ZKZ0w1ZXczMGFHL2ZLTWVzZ3k3YS9TZnU5MVFjVDl4WDhKNUdU?= =?utf-8?B?VHU1VGlGYXRwLzlCTWcxenpPMjY0VTdPSDhsS2ZPOXRWemtGRXFUTk91UTRH?= =?utf-8?B?dzVmMmNiYzhPRS9PeW50b1E3ajJWR0FDKzk4Y0gvSHAxTnJlSUt2Y1VreW81?= =?utf-8?B?WU85cWptak50ZGRyVHpwVHF3M01IYkhXb3MrSzhYUzJvOUd0b0hlWklRZ2sv?= =?utf-8?B?bDU1U2RONzBDc0Q0cDRqN1ZOUE5zZ3dlMHhPeUFYS2h0NGJOTEJ4ajIraGFl?= =?utf-8?B?d3ZkQWptNGRHR00rM0dkSm01TFJaQW91Tmh4bXFxdk5xUTQ2TytuQ0R3R3ZS?= =?utf-8?B?MWY1QXpGaWVOR1cvb3lCd0JBeGNOMmFWSlByVWlVK2tSMSs5NUFYUmJ1dTVY?= =?utf-8?B?b09IaGN5dVNpQWgyMlh1R1hmb3dtSXNoMExCZVdkL3VZb1dwc0xKVHFGcVlT?= =?utf-8?B?MDIyeGNSSGpRMjZjZjFYZmkxd3pWdEdzMXVRM0lVZWNjZDE2d2lZQU83Nno5?= =?utf-8?B?ZTN2VzlmZVJmRXFubE9KazU4MSszMnE4czFNekJLcVJpU0Fhc0p3R1VubkIw?= =?utf-8?B?eEdUUjBOY2NBMWMveTk2SlFWS200NElZcFFLMWowcGxraDNjcUszbTJXNG8z?= =?utf-8?B?L1cvTzNPMmRrR21ZS0V4aFpRVk13ejF2bjRRbzMwQWQ1ejhBOVdRczI3c0Rq?= =?utf-8?B?em9JdXA3Nnl2RnZEQ2tob29YY2JqRmxWSVVKaHFCbFczOUZqOUxDbVBUVjhr?= =?utf-8?B?LzBsSTZwRGJjaE5MOVhmRlR1VFZwV2tKbkZZNXVoQ2pMTC9UNU5mQmpLQjNP?= =?utf-8?B?bHFQcHBJcFYwdmk4ZU54b1BJQlpmUzljelZVSXRjUDd1RGtURVFsVndTUUU1?= =?utf-8?B?SHRaNFdOUEltL0YxTHR4dz09?=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <8B9D739FE8011E429B34D67DD04A770A@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: HE1PR07MB3500.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 463b6dae-4560-425c-907e-08d9663b77b4
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Aug 2021 13:39:44.5572 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 3UvBPX6CBRz322HYY9MR31q7+cKUBcnPVsk3BluVH/2N83MZIvSCcSi0HD+gDjXjN5CeJlLmw5bMHqNQ3aF976rllYm7WvmIP1selTdETTA=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0701MB2331
Archived-At: <https://mailarchive.ietf.org/arch/msg/lake/0Av46wf3UCicYCvPhmUV1-1-l-U>
Subject: [Lake] FW: New Version Notification for draft-ietf-lake-edhoc-09.txt
X-BeenThere: lake@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Lightweight Authenticated Key Exchange <lake.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lake>, <mailto:lake-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lake/>
List-Post: <mailto:lake@ietf.org>
List-Help: <mailto:lake-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lake>, <mailto:lake-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Aug 2021 13:39:54 -0000

Hello LAKE,

Following the plan from IETF 111, we have now submitted -09 addressing the major issues recorded to date. We think this is a good version for continued testing and security analysis.

The main changes compared to -08 are listed in the change log, details in the diff, here are the highlights:

* MAC_2 and MAC_3 are now generated with EDHOC-KDF instead of COSE_Encrypt0.  This change was straightforward with an update to the KDF now supporting an optional general “context” field. 

* A new parameter "EDHOC MAC length" is added to the cipher suite.

* G_Y and CIPHERTEXT_2 of message_2 are now combined into one CBOR bstr. 

* The key identifier ‘kid’ is extended to also support CBOR ints, making ‘kid2’ introduced in -08 redundant. This change was based on feedback from the COSE WG [1]. One potential next step is to move all COSE-related IANA registrations from this draft to a separate COSE draft and make an informative reference.

* The prepended byte used to distinguish message_1 in a CoAP setting is now of CBOR simple type “true” (0xf5), avoiding potential confusion with "null".

* More details on the use of different credentials, in particular CWT and UCCS.

* External authorization data is now defined as a sequence of “(type, content)”. (An IANA register for different types was already in -08.)

* Updated message size examples.

This version also has some updated security considerations + a few of restructured sections, a number of clarifications and editorials.

One thing we know has been of good use to implementers is appendix D with its test vectors and detailed transcript printouts. We have not had time to update those yet but plan to do so soon. Meanwhile we removed all content from appendix D which reduced the number of pages by 25, addressing one of the open issues (#142). We propose to put the updated transcript printouts in a separate draft in the same github repo, and replace appendix D with an informative reference.

Next steps also include closing github issues, many of which have been resolved in -09.

Any comments are welcome!


Göran

[1] https://mailarchive.ietf.org/arch/msg/cose/qGngdte4s3SEZEKM-xBEoXYUgKc/


On 2021-08-23, 14:44, "internet-drafts@ietf.org" <internet-drafts@ietf.org> wrote:


    A new version of I-D, draft-ietf-lake-edhoc-09.txt
    has been successfully submitted by Göran Selander and posted to the
    IETF repository.

    Name:		draft-ietf-lake-edhoc
    Revision:	09
    Title:		Ephemeral Diffie-Hellman Over COSE (EDHOC)
    Document date:	2021-08-23
    Group:		lake
    Pages:		75
    URL:            https://www.ietf.org/archive/id/draft-ietf-lake-edhoc-09.txt
    Status:         https://datatracker.ietf.org/doc/draft-ietf-lake-edhoc/
    Htmlized:       https://datatracker.ietf.org/doc/html/draft-ietf-lake-edhoc
    Diff:           https://www.ietf.org/rfcdiff?url2=draft-ietf-lake-edhoc-09

    Abstract:
       This document specifies Ephemeral Diffie-Hellman Over COSE (EDHOC), a
       very compact and lightweight authenticated Diffie-Hellman key
       exchange with ephemeral keys.  EDHOC provides mutual authentication,
       forward secrecy, and identity protection.  EDHOC is intended for
       usage in constrained scenarios and a main use case is to establish an
       OSCORE security context.  By reusing COSE for cryptography, CBOR for
       encoding, and CoAP for transport, the additional code size can be
       kept very low.




    The IETF Secretariat