[Lake] EDHOC live debugging
Brian Sipos <brian.sipos+ietf@gmail.com> Thu, 20 February 2025 15:19 UTC
Return-Path: <brian.sipos@gmail.com>
X-Original-To: lake@ietfa.amsl.com
Delivered-To: lake@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D2509C180B76 for <lake@ietfa.amsl.com>; Thu, 20 Feb 2025 07:19:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 96AXJjfDWxWD for <lake@ietfa.amsl.com>; Thu, 20 Feb 2025 07:19:11 -0800 (PST)
Received: from mail-pj1-x102f.google.com (mail-pj1-x102f.google.com [IPv6:2607:f8b0:4864:20::102f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C3FA8C14CE40 for <lake@ietf.org>; Thu, 20 Feb 2025 07:19:11 -0800 (PST)
Received: by mail-pj1-x102f.google.com with SMTP id 98e67ed59e1d1-2fa8ac56891so1732155a91.2 for <lake@ietf.org>; Thu, 20 Feb 2025 07:19:11 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1740064751; x=1740669551; darn=ietf.org; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=IX7nfR1dTnRXq6Fi3sb5wliE64gqvTiIBkqJaLxRQs4=; b=blo1dvaS7aubHNNgDYT8L6ZYT2PnshXcVvLtEIdGUYPRysDT5NGC4AmWuM8bXQ+HRi t5k00E7JS68Y8hhfvyd6EPt9latX71Uzt1g7D4YvsIHk1feLb3tvLUOIHxfH0xttZ6tC +/dQBL35vF5FQnTdBhqHhk/ScQpYm2MnktrMLSsaWdFPpXdV7m6t0Bi4SGTVAqyvBgGS flpbJRDMNjUg4HODo4BPUd9vfScSNJlal9Mccf5nWA4/z3n2Aw4P+zJZmeFXfyg+dj42 1JCfBoeyekGR64TyF5GSWq+DxaXaKZi78PYSoHW8u8u3iADwUdA06wx4F4UM3fYx8gWa um3w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740064751; x=1740669551; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=IX7nfR1dTnRXq6Fi3sb5wliE64gqvTiIBkqJaLxRQs4=; b=IeLTQjKKnaPk5QlP2j9yuhU28V0OBRzxW7DWmTgeuc0ogdM2S7heX/SdsyTUYoaon6 cbKxcwCeA2QL27Vtgcb+XrnNf/eY+ICqtJA6UX1HNlSSCKRQkFmkuECBpBU1pbqu7NNi ZMtykYwsdz++CRXLjTn2pAde5FRFO3Xpg7olIUwl/1BeblZIDedyOiiCZYECF8sb4xwh YQ4bYJfZQvTRNAS7wrPYLoUuiqxoS7yU0X9k9dq9Jly5NE6pJstrv52+GLuvbY8C7259 HjCPIqxiqmgRFDhIb6upCVZo+g5glMQhOBK3EbOvxN7zeM81WjnRIW6D9Wep3/G/U/T9 VbEw==
X-Gm-Message-State: AOJu0YwSuo4W9F2sDl2rbP+49haHFsbbLKsvL4lc/cxplzWioOhXbIEX a207qbd5QUI9JwJeMOGE6AL8dhjkEZKIE4UwnYyn55nT5MsCSNWb0/BC0cFRCTDjyg0+ARAc6sE 3jfLf1fwEOq0e7qlr1kDjtsz3ZkIpZQ==
X-Gm-Gg: ASbGnctmXFLeO90IzxEViqmAhJDipmxqCOLT9J3iD9Ht0ELuCAJG7LbL5b8t7aoG4Kl IFk1w3jtClPMApqKEhJ9dFrLuzbbBT1IowT4ovHhIcygbfAsaY530yr3hzulCsBPz1IiDRU0=
X-Google-Smtp-Source: AGHT+IF5PaB0U0MZcsSi1PvzX542NnYTUc4lo2M/TX6YCBnifSJzf3nYePGZYzS64uES3HSW71FQCiTDfJf8wz1Ftqk=
X-Received: by 2002:a17:90a:a394:b0:2fc:a3b7:1099 with SMTP id 98e67ed59e1d1-2fca3b712aemr17046344a91.4.1740064750268; Thu, 20 Feb 2025 07:19:10 -0800 (PST)
MIME-Version: 1.0
From: Brian Sipos <brian.sipos+ietf@gmail.com>
Date: Thu, 20 Feb 2025 10:18:59 -0500
X-Gm-Features: AWEUYZkHDMOhhRNuruAA6K58Kiyx6Mv0AeIB5ca6Ep1CsqmP2E_Wb_ChtVUkQpE
Message-ID: <CAM1+-gii0RvsfwDbPq0KFCCc5SC6p4EivuE0Z+Zp4YEkHFB9OA@mail.gmail.com>
To: lake@ietf.org
Content-Type: multipart/alternative; boundary="0000000000005378bb062e9465e5"
Message-ID-Hash: KRF6KYYAMVNMQ5OEZBD54JUOKZBNIKCI
X-Message-ID-Hash: KRF6KYYAMVNMQ5OEZBD54JUOKZBNIKCI
X-MailFrom: brian.sipos@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [Lake] EDHOC live debugging
List-Id: Lightweight Authenticated Key Exchange <lake.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/lake/3yFB4aQPh1bWMgjnmv6WqriyEAc>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lake>
List-Help: <mailto:lake-request@ietf.org?subject=help>
List-Owner: <mailto:lake-owner@ietf.org>
List-Post: <mailto:lake@ietf.org>
List-Subscribe: <mailto:lake-join@ietf.org>
List-Unsubscribe: <mailto:lake-leave@ietf.org>
WG, Is there any general interest to enable the same type of live or offline traffic inspection and protocol debugging for EDHOC as currently enabled with TLS and DTLS using the SSLKEYLOGFILE secret storage technique [1]? EDHOC already includes a C_I which can be assumed unique under specific conditions as an analog to the keylog "client_random" correlator. The internal key schedule for EDHOC is more complex than [D]TLS, but some simplifying assumptions about which messages are available to decode would narrow down the minimum need for EDHOC shared secrets. I think using a file-based input to diagnostic tools is more hands-off and automate-able than using manual export/entry of secret fields such as what is used for IKEv2 in Wireshark [2]. Any thoughts on or support of this idea? Brian S. [1] https://datatracker.ietf.org/doc/draft-ietf-tls-keylogfile/ [2] https://www.wireshark.org/docs/wsug_html_chunked/ChIKEv2DecryptionSection.html
- [Lake] EDHOC live debugging Brian Sipos
- [Lake] Re: EDHOC live debugging John Mattsson
- [Lake] Re: EDHOC live debugging Brian Sipos
- [Lake] Re: EDHOC live debugging John Mattsson
- [Lake] Re: EDHOC live debugging Stephen Farrell