IETF Logo Mail Archive

[Lake] FW: New Version Notification for draft-selander-lake-edhoc-01.txt

John Mattsson <john.mattsson@ericsson.com> Fri, 13 March 2020 18:13 UTC

Return-Path: <john.mattsson@ericsson.com>
X-Original-To: lake@ietfa.amsl.com
Delivered-To: lake@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E93023A07F8 for <lake@ietfa.amsl.com>; Fri, 13 Mar 2020 11:13:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.101
X-Spam-Level:
X-Spam-Status: No, score=-2.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hnQAHdxqARuZ for <lake@ietfa.amsl.com>; Fri, 13 Mar 2020 11:13:22 -0700 (PDT)
Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05on20628.outbound.protection.outlook.com [IPv6:2a01:111:f400:7e1b::628]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 50D1A3A07F5 for <lake@ietf.org>; Fri, 13 Mar 2020 11:13:22 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=dDD/Bq0EhdKLL0nWQDiFAH92BEGZt+3RaW/fdqpFp1Qj0ibXHrBEMN0T/TAyddbC6Q2tMQgh30bqo0IAabkMhWGhfBqD7RsH+jws2x7P7J4100SpYwYfD3VAKrgj7V5NJ7DIfpEk1dasaq2LSlOop3fMxq+OY+zXMLaHQLTE+I50y5Cg7sDj7vTQv5gjnmGha3EAWVlzbezQNU/LueloGOYCe2q6htpekhRx7Qhwtc+ZxnWfOnpDMkFXTtmWViqXX6G/ECOpRnfGGFEKbamahK2J5vshAU4c7cgWhIEk98n1HoudegAItcl8PrCB8kBAufOmwOw8ng3frmHGTw/ZaQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;bh=5ih9FaaLUcr/3kiMeXSLHmsd1gVXwy5fHGxJk8v0xqE=; b=jVhvVQkRYzjrQtwCmHS6H9ZA0R35VLU9VdZfA/DKjwyaRmr1pwmXC3mUVN30F112EttXI0PtImQyGHTn/V22Yt3hLhRKRUk6KqcUkNPpm9y9+9n3yfnESgzqlAzeD9r5Ky0fIimfmsWVLX4FIrZ/yMwJd6wYwQt992skJA2DzvyYcwqcRWSv6smaP0wPGzgoaPqq3b/a5QrShHP2HdN8vO32ItMOHdKh184YNAryUrgxaMOqFm4Ln3e/WV9hzIdxPJTW6/N+Lf9Ai9U3n2d4kNe3TW5Ky47CC9T77z97GKzx93VUc2qCew/pRVAUc6cZmv6di+ljIpyWSUOi92hK0w==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;bh=5ih9FaaLUcr/3kiMeXSLHmsd1gVXwy5fHGxJk8v0xqE=; b=GzRE1JQhlcU7nNgfCYlkGsoWxlMSTCRGOPFVLBStGVIwoCUNv1SMelqUNZtAcLNsSjMiV+8tGXJ1Cko18mqvlpZftsvoF9tlaYqTm+IP6jbNCyxRjxJs5S817OhZd1OKhoaBobcmj5zbcYzr1WO9Vnxq/ze5y5XrHHohWUG3tpo=
Received: from AM6PR07MB4134.eurprd07.prod.outlook.com (52.134.114.155) by AM6PR07MB4693.eurprd07.prod.outlook.com (20.177.38.222) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2814.6; Fri, 13 Mar 2020 18:13:19 +0000
Received: from AM6PR07MB4134.eurprd07.prod.outlook.com ([fe80::501f:822f:f9b5:eb71]) by AM6PR07MB4134.eurprd07.prod.outlook.com ([fe80::501f:822f:f9b5:eb71%7]) with mapi id 15.20.2814.007; Fri, 13 Mar 2020 18:13:19 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: "lake@ietf.org" <lake@ietf.org>
Thread-Topic: New Version Notification for draft-selander-lake-edhoc-01.txt
Thread-Index: AQHV9jkVSorYRoQdLEGdasXwKftlTqhG6lyA
Date: Fri, 13 Mar 2020 18:13:19 +0000
Message-ID: <0BF0EBF2-3729-4F44-8741-E38D04250352@ericsson.com>
References: <158377530368.5487.16131956287497512046@ietfa.amsl.com>
In-Reply-To: <158377530368.5487.16131956287497512046@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.35.20030802
authentication-results: spf=none (sender IP is ) smtp.mailfrom=john.mattsson@ericsson.com;
x-originating-ip: [2a02:8071:82ba:f700:61ef:19bd:95:2140]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 05036a26-d9ef-40c3-18e0-08d7c77a35c1
x-ms-traffictypediagnostic: AM6PR07MB4693:
x-microsoft-antispam-prvs: <AM6PR07MB4693B5FC8CA7E1A3ED38086F89FA0@AM6PR07MB4693.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 034119E4F6
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(366004)(136003)(376002)(396003)(346002)(39860400002)(199004)(66446008)(64756008)(6512007)(66556008)(71200400001)(76116006)(33656002)(6486002)(8936002)(966005)(86362001)(53546011)(36756003)(91956017)(66946007)(81166006)(6506007)(44832011)(2906002)(66476007)(6916009)(15650500001)(66574012)(316002)(186003)(5660300002)(2616005)(8676002)(81156014)(478600001); DIR:OUT; SFP:1101; SCL:1; SRVR:AM6PR07MB4693; H:AM6PR07MB4134.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: RqG5MI0ML4z8m8uD3Tychyy2CjJN+lYS6xLGSdq+uMswspm03Wme+5KkOPWHlXgT6aOJx8uo1TTVsoDPFb/1j96w66zBeV1eVzK7YCex6CE2W/2dn51DPPpWk63nfZe/+yZMTgjqM6b7uLxIaE9Jt53KQBnJbTD+0njWNVWVCsP0AAvB8uN9sbwZl0wBEmCHqjlLaDKecUV82ylvEHMdSQpHVOSqQZIF2/+CKGEG9pqllA7t/QTKSlkIssvHPZeUniQWlch9uwRA7G5G+FIbXv5CvG7aCqZHjZ2Ww0lzlGTEk+E//utf2ZECw4pqt6wFKXika0tGBxSImZBMLi9FnG6cV9jXs2zStEMR3Cuq1GBqiL8yJZzQimg4b/eCRwBH6S/GDPIQ9/Jw9Fy/JFEpKOlD/I0Kqo8S2nuZWWPYwWHeiQJHWSEj2IJCscxBPbHeXL8rCH99XdLC1/VpJ8iFzMZhsW3qVwHuj54JjqEyFH6JFyPArQezp5FO42lpO5nTrUDRklZQhPJD9wfwp9c6Tw==
x-ms-exchange-antispam-messagedata: lQJ4dfDSXzChMby/WjarTZR6ea3EqnQU6C7FPUpfGyBVEh35Tngk4ohmjRmb9DvHGPE/jKFLvMEkycVqUBwVuUiuVdq3n0AdQuP0mDu9YujyL2yKVugWHaofL8eosCvdYL2x7tMpOZ9j5qSp/9I3mGqzLFuvdfWw4UGkLrwGcZb3rwKSkUkofKZCAaHaQfNJ92ibn86GikwT6dPXSLuG4g==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <95CBB0DC097F2A4CA5AD753C67C2ED5D@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 05036a26-d9ef-40c3-18e0-08d7c77a35c1
X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Mar 2020 18:13:19.5830 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: wGPof8dp2xCubaws2KRhdcBwd35wGonPPoLu5/Av8hEpJWtOiZ2DRlgTx2S+0zNCO8+vvEVccE5PZyBy9jRPHIx6ck9PViu+s70Dpgb5SUE=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR07MB4693
Archived-At: <https://mailarchive.ietf.org/arch/msg/lake/1iMgz6gME845yXVXCj4Dj-WfwHo>
Subject: [Lake] FW: New Version Notification for draft-selander-lake-edhoc-01.txt
X-BeenThere: lake@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Lightweight Authenticated Key Exchange <lake.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lake>, <mailto:lake-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lake/>
List-Post: <mailto:lake@ietf.org>
List-Help: <mailto:lake-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lake>, <mailto:lake-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Mar 2020 18:13:25 -0000

Hi, we have submitted draft-selander-lake-edhoc-01

Main changes is that the signature and static DH modes have been merged together and the overhead has been minimized further. EDHOC will be able to do both PSK and RPK authentication over 3 unfragmented frames in 5-hop 6TiSCH and 51 byte LoRaWAN. Since the last update we have made a large number of changes resulting from comments and feedback from people who work on implementation or verification of EDHOC

- One LAKE requirement is to support mixed cerificate and RPK modes. To minimize the overhead for such modes, we have merged the signature and static DH modes into a asymmetric mode which allows mixed signature and static DH authentication.
- With the new mixed mode it was more optimal to use a MAC-then-Sign approach like IKEv2 instead of Sign-then-MAC like TLS 1.3. This is also more aligned with the SIGMA-I paper which does not discuss Sign-then-MAC.
- As disucssed in the SIGMA paper, the second message only requires IND-CPA encryption instead of IND-CCA as there is no confidentiality protection against active attackers anyway.
- The key derivation for static DH authentication has been changed from a parallel to a serial structure based on the suggestions from Karthik Bhargavan on the list.
- The encoding of connection and key identifiers was optimized. There is now 49 values that take 1 byte on the wire.
- SIGMA puts a lot of effort to protect against weaknesses in the PKI process. To protect against similar weaknesses in RPK distribution process, EDHOC now allows an optional subject name (put in external_aad) when RPKs are used.
- The asymmetric mode now makes use of a new SIGNATURE_OR_MAC field based on a suggestion from Eric Rescorla. 
- The info structure in the key derivation was simplified and by defining an EDHOC-KDF function in terms of HKDF-Expand, it became possible to more clearly define how keys are derived in the body of the text as requested by Klaus Hartke.
- After comments from Klaus Hartke regarding the SUITES encoding, the option to signal a cipher suite as an array has been removed. This also meant that the index could be changed to the int of the selected cipher suite.
- AD was missing from the external_aad of the signature and internal MAC, it is now covered.

- Party U and V were renamed Initiator and Responder.
- The key naming has been changed inspired by suggestions from Karthik Bhargavan on the list.
- After suggestions from Klaus Hartke the introduction has been expanded to better explain pre-requisites such as transport, correlation, and trust anchors.
- The introduction has been expanded with sections discussing auxiliary data, identities, and negotiation.
- After suggestions from Karl Norrman, the key derivation now clarifies how and why the two different HKDF steps are used.
- The TBD for the COSE header attributes has been updated to their temporary assignments.
- We have a generated a much larger set of test vectors covering most of the specification.

Cheers,
John

-----Original Message-----
From: "internet-drafts@ietf.org" <internet-drafts@ietf.org>
Date: Monday, 9 March 2020 at 18:35
To: Göran Selander <goran.selander@ericsson.com>, Göran Selander <goran.selander@ericsson.com>, Francesca Palombini <francesca.palombini@ericsson.com>, John Mattsson <john.mattsson@ericsson.com>, John Mattsson <john.mattsson@ericsson.com>
Subject: New Version Notification for draft-selander-lake-edhoc-01.txt

    
    A new version of I-D, draft-selander-lake-edhoc-01.txt
    has been successfully submitted by =?utf-8?q?John_Preu=C3=9F_Mattsson?= and posted to the
    IETF repository.
    
    Name:		draft-selander-lake-edhoc
    Revision:	01
    Title:		Ephemeral Diffie-Hellman Over COSE (EDHOC)
    Document date:	2020-03-09
    Group:		Individual Submission
    Pages:		60
    URL:            https://www.ietf.org/internet-drafts/draft-selander-lake-edhoc-01.txt
    Status:         https://datatracker.ietf.org/doc/draft-selander-lake-edhoc/
    Htmlized:       https://tools.ietf.org/html/draft-selander-lake-edhoc-01
    Htmlized:       https://datatracker.ietf.org/doc/html/draft-selander-lake-edhoc
    Diff:           https://www.ietf.org/rfcdiff?url2=draft-selander-lake-edhoc-01
    
    Abstract:
       This document specifies Ephemeral Diffie-Hellman Over COSE (EDHOC), a
       very compact, and lightweight authenticated Diffie-Hellman key
       exchange with ephemeral keys.  EDHOC provides mutual authentication,
       perfect forward secrecy, and identity protection.  EDHOC is intended
       for usage in constrained scenarios and a main use case is to
       establish an OSCORE security context.  By reusing COSE for
       cryptography, CBOR for encoding, and CoAP for transport, the
       additional code footprint can be kept very low.
    
                                                                                      
    
    
    Please note that it may take a couple of minutes from the time of submission
    until the htmlized version and diff are available at tools.ietf.org.
    
    The IETF Secretariat

v2.23.0 | Report a Bug | By Email