[Lake] draft-ietf-lake-reqs-02

Hannes Tschofenig <Hannes.Tschofenig@arm.com> Sat, 21 March 2020 09:05 UTC

Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: lake@ietfa.amsl.com
Delivered-To: lake@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 210A13A12A2 for <lake@ietfa.amsl.com>; Sat, 21 Mar 2020 02:05:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=KrvE0yt/; dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=KrvE0yt/
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xHWkpjnXWnIN for <lake@ietfa.amsl.com>; Sat, 21 Mar 2020 02:05:03 -0700 (PDT)
Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05on2056.outbound.protection.outlook.com [40.107.20.56]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0C9DC3A12A1 for <lake@ietf.org>; Sat, 21 Mar 2020 02:05:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; =?utf-8?q?h=3DFrom=3ADate=3ASubject=3AMe?= =?utf-8?q?ssage-ID=3AContent-Type=3AMIME-Version=3AX-MS-Exchange-SenderADCh?= =?utf-8?q?eck=3B_bh=3DaySbGBbJ7dKVF76SsfEP9j8DY7ehnrdKkEHBdgpNDa8=3D=3B_b?= =?utf-8?q?=3DKrvE0yt/wWT5r1t8GAhP4oM9/tKl2Fm23yrVnfWR2TtrjDDrK0fCrZHGEXWVR5?= =?utf-8?q?9dmQ0Zf5gT6Q8TDL6qcTJpc7YpGudHbypI4DvoH2nJLootupOuVqVUchUOADpCaAi?= =?utf-8?q?jV2LelyiFqpT3mkDnJyROXe0QleDUwzkzLsU+aPbJuxg=3D?=
Received: from DB8PR03CA0034.eurprd03.prod.outlook.com (2603:10a6:10:be::47) by AM0PR08MB4291.eurprd08.prod.outlook.com (2603:10a6:208:13b::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2814.22; Sat, 21 Mar 2020 09:04:59 +0000
Received: from DB5EUR03FT016.eop-EUR03.prod.protection.outlook.com (2603:10a6:10:be:cafe::e3) by DB8PR03CA0034.outlook.office365.com (2603:10a6:10:be::47) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2835.18 via Frontend Transport; Sat, 21 Mar 2020 09:04:59 +0000
Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; ietf.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;ietf.org; dmarc=bestguesspass action=none header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com;
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by DB5EUR03FT016.mail.protection.outlook.com (10.152.20.141) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2814.13 via Frontend Transport; Sat, 21 Mar 2020 09:04:59 +0000
Received: ("Tessian outbound 2fd788417c13:v48"); Sat, 21 Mar 2020 09:04:59 +0000
X-CR-MTA-TID: 64aa7808
Received: from 940870f5a467.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id 79D4CF7D-58EB-4E40-844B-1CBD5961D305.1; Sat, 21 Mar 2020 09:04:54 +0000
Received: from EUR04-DB3-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 940870f5a467.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Sat, 21 Mar 2020 09:04:54 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; =?utf-8?q?b=3DBhrLU5pito/Weg7ewPff6RxoUmRxgS2zrlkM7P5hR9F+rI6C2mOuLbu6Wu7DJ?= =?utf-8?q?Y1LorrcBZysEQhvAg4TGU3XUAdgrIuvUTdW8XYpnaBjLHJMOqcGaMtNT7bMi6ME3N?= =?utf-8?q?QJLSEGCdPpDb7VhHZ9XciD6ssrpqnbWz9qKLpPupt6HzKdchbJQqWMK74PoFNeVih?= =?utf-8?q?9GEaAyFAABl0/HIchDNP6EjJ4Cj5/ghWIBNJvQiFM99ylu7rTit/svAoJsD97GXlp?= =?utf-8?q?YYOsgDn5omGklVQAU7IBAgS0aVgU7IO9gCDXKKJ+Q2QpZ1jOhYuP75f/n1+9IkC3q?= =?utf-8?q?GbFTkfV+RMkzshtOIDdQw=3D=3D?=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; =?utf-8?q?h=3DFrom=3ADate=3ASubject=3AMessage-ID=3ACont?= =?utf-8?q?ent-Type=3AMIME-Version=3AX-MS-Exchange-SenderADCheck=3B?= =?utf-8?q?bh=3DaySbGBbJ7dKVF76SsfEP9j8DY7ehnrdKkEHBdgpNDa8=3D=3B_b=3DE7381y?= =?utf-8?q?mwA/VZHyUBeCntTEohOrMmqm70DK7F47tqtxV1UM172eNWjgG/oYOi63M33ZSEBDw?= =?utf-8?q?jg6SNpFGd/ipwCHUGwzex0rJVUuLll2XiY3KAvDrFtrPamkQ5qd3lI2qag7n1CR7g?= =?utf-8?q?SRVO2fcay/bPtT5hcTs7RqXBq01U6ctFEPI748sdd8d5W3MBYk3AAWvFID2/uZ4wi?= =?utf-8?q?uKkrVOtFh7yBOcrHJIND8HH8RFQlwK4eSZPUHDUMJCR5wRu2JRVfWvvquGhE7lssh?= =?utf-8?q?TZ4p72i0G5ChkSBs3HYrYTSet9QjIE/f25cC9hNv23NGPJ78VR6I1tU8HCjFGXu6x?= =?utf-8?q?CQjKSTV79rg=3D=3D?=
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; =?utf-8?q?h=3DFrom=3ADate=3ASubject=3AMe?= =?utf-8?q?ssage-ID=3AContent-Type=3AMIME-Version=3AX-MS-Exchange-SenderADCh?= =?utf-8?q?eck=3B_bh=3DaySbGBbJ7dKVF76SsfEP9j8DY7ehnrdKkEHBdgpNDa8=3D=3B_b?= =?utf-8?q?=3DKrvE0yt/wWT5r1t8GAhP4oM9/tKl2Fm23yrVnfWR2TtrjDDrK0fCrZHGEXWVR5?= =?utf-8?q?9dmQ0Zf5gT6Q8TDL6qcTJpc7YpGudHbypI4DvoH2nJLootupOuVqVUchUOADpCaAi?= =?utf-8?q?jV2LelyiFqpT3mkDnJyROXe0QleDUwzkzLsU+aPbJuxg=3D?=
Received: from AM0PR08MB3716.eurprd08.prod.outlook.com (20.178.23.205) by AM0PR08MB3251.eurprd08.prod.outlook.com (52.134.124.151) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2814.21; Sat, 21 Mar 2020 09:04:53 +0000
Received: from AM0PR08MB3716.eurprd08.prod.outlook.com ([fe80::2159:870b:25df:e612]) by AM0PR08MB3716.eurprd08.prod.outlook.com ([fe80::2159:870b:25df:e612%5]) with mapi id 15.20.2835.017; Sat, 21 Mar 2020 09:04:53 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: "lake@ietf.org" <lake@ietf.org>
Thread-Topic: draft-ietf-lake-reqs-02
Thread-Index: AdX/XOtSyzEYcGXzR/O28xKapMPz8g==
Date: Sat, 21 Mar 2020 09:04:53 +0000
Message-ID: =?utf-8?q?=3CAM0PR08MB3716B630F3EAB7B7929B8892FAF20=40AM0PR08MB3?= =?utf-8?q?716=2Eeurprd08=2Eprod=2Eoutlook=2Ecom=3E?=
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ts-tracking-id: 95f0ce42-a20d-4694-a8d6-e8f61966338c.0
x-checkrecipientchecked: true
Authentication-Results-Original: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com;
x-originating-ip: [213.162.72.200]
x-ms-publictraffictype: Email
X-MS-Office365-Filtering-HT: Tenant
X-MS-Office365-Filtering-Correlation-Id: c2c312a0-8123-48b3-a1f9-08d7cd76ef26
x-ms-traffictypediagnostic: AM0PR08MB3251:|AM0PR08MB4291:
X-Microsoft-Antispam-PRVS: =?utf-8?q?=3CAM0PR08MB4291167D5463C8AE6D35B194FAF?= =?utf-8?q?20=40AM0PR08MB4291=2Eeurprd08=2Eprod=2Eoutlook=2Ecom=3E?=
x-checkrecipientrouted: true
nodisclaimer: true
x-ms-oob-tlc-oobclassifiers: OLM:10000;OLM:10000;
x-forefront-prvs: 034902F5BC
X-Forefront-Antispam-Report-Untrusted: SFV:NSPM; =?utf-8?q?SFS=3A=2810009020?= =?utf-8?b?KSg0NjM2MDA5KSgzNjYwMDQpKDM5NjAwMykoMzk4NjA0MDAwMDIpKDEzNjAwMyko?= =?utf-8?b?MzQ2MDAyKSgzNzYwMDIpKDE5OTAwNCkoNjkxNjAwOSkoODExNTYwMTQpKDUy?= =?utf-8?b?NTM2MDE0KSg2NjQ3NjAwNykoNjQ3NTYwMDgpKDI2MDA1KSg2Njk0NjAwNyko?= =?utf-8?q?76116006=29=289686003=29=2866556008=29=2881166006=29=2833656002?= =?utf-8?b?KSg4Njc2MDAyKSg1NTAxNjAwMikoMTg2MDAzKSg4NjM2MjAwMSkoODkzNjAwMiko?= =?utf-8?q?66446008=29=2871200400001=29=282906002=29=286506007=29=2856603000?= =?utf-8?q?02=29=28316002=29=287696005=29=28478600001=29=3B?= DIR:OUT; SFP:1101; SCL:1; SRVR:AM0PR08MB3251; H:AM0PR08MB3716.eurprd08.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1;
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: =?utf-8?q?5xBqTkibpYh4SOzF8Uypum?= =?utf-8?q?bHb3X7SPNX76xXYY5mTB4hSoHMTWJ5FrZDk09Jp/bRQ0nPYcyGO8F3cE2a1BqMW4T?= =?utf-8?q?6JdxCU4uywrPfgk1P/8kVwlcGhVqg3FJz/2dAQXjs0feJKrEe2cPqLS86tLIYVNlm?= =?utf-8?q?Q4IrJLzn0L8Ey5CVFE0YwOIMsAo878mP3gYPD8tGnXYdRRX827WomP+UGAZCF1Xfs?= =?utf-8?q?kzW7tby/tRLyrKweDy0G4lsZ58UMDFUThB+x5C0pAcguOfwPxMzTsHRX9JVIak/Jo?= =?utf-8?q?wmGlUDU6KWFJzllqO6X++WKKL2SXkdZjI4/YvR77ShKfv9zJvr2oSIShosx48jeX0?= =?utf-8?q?+mzRRy+Az8sTw3+Rh9TXYjKRUVN2o2v1sC/AD5BsK0Np2C3/W9Ccwzg1mUGMZMloD?= =?utf-8?q?fEGJD2/wQSxslhbc2wSukdghzoUcWOQAsRZy?=
x-ms-exchange-antispam-messagedata: =?utf-8?q?YUKBzwUgr9WPJIuuSG4dNcOcibmAkx?= =?utf-8?q?/1gF6POgDci9e+H0HcaA4Q5YXWbhX/GNrFAsrPVWC0VslzhUgOQ+oGA8+Z6LaVpD7?= =?utf-8?q?+AT6zj39o9IRKAB/3xCdQSAvWWwVVufLRnd2CSW+C+AD6Q3mD/0sHWw=3D=3D?=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_AM0PR08MB3716B630F3EAB7B7929B8892FAF20AM0PR08MB3716eurp_"
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR08MB3251
Original-Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: DB5EUR03FT016.eop-EUR03.prod.protection.outlook.com
X-Forefront-Antispam-Report: CIP:63.35.35.123; IPV:CAL; SCL:-1; CTRY:IE; EFV:NLI; SFV:NSPM; =?utf-8?b?U0ZTOigxMDAwOTAyMCkoNDYzNjAwOSkoMzQ2MDAyKSgz?= =?utf-8?b?OTg2MDQwMDAwMikoMTM2MDAzKSgzOTYwMDMpKDM3NjAwMikoMTk5MDA0KSg0?= =?utf-8?q?6966005=29=2870586007=29=2826826003=29=2847076004=29=2881156014?= =?utf-8?b?KSg4Njc2MDAyKSgyOTA2MDAyKSg3Njk2MDA1KSg2OTE2MDA5KSg4MTE2NjAwNiko?= =?utf-8?q?86362001=29=2870206006=29=28478600001=29=28336012=29=2852536014?= =?utf-8?b?KSgxODYwMDMpKDU1MDE2MDAyKSgzNTYwMDQpKDY1MDYwMDcpKDMxNjAwMikoNTY2?= =?utf-8?b?MDMwMDAwMikoMzM2NTYwMDIpKDk2ODYwMDMpKDg5MzYwMDIpKDI2MDA1KSgz?= =?utf-8?q?0864003=29=3B?= DIR:OUT; SFP:1101; SCL:1; SRVR:AM0PR08MB4291; H:64aa7808-outbound-1.mta.getcheckrecipient.com; FPR:; SPF:Pass; LANG:en; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; A:1;
X-MS-Office365-Filtering-Correlation-Id-Prvs: 68b35e1b-1cb5-42e3-1fef-08d7cd76eb7b
X-Forefront-PRVS: 034902F5BC
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: =?utf-8?q?bmUSAdI6yDeA0+b2+BC4yzl4IixYcoP?= =?utf-8?q?dfoYzr85+up532PjvqDfFiee90JQmarGU9YPUO3n+sNk+XTMJS/qu1Q3jtGCROT8X?= =?utf-8?q?AtUZgI+QKQIKqYMSwvzuaFCl+Ug1zyoRwBM+59OvwIMtch9Jc1cs/L+bxP0LePZgd?= =?utf-8?q?Ogoh09tPxQsdqPCFskyffGqbPhLwZLLFuyQ5sqsWuvovEnL3XmjzD0vI9fdfWrvns?= =?utf-8?q?CWPciDxM8GtK1fF7ywA4S84zdJ8905So4wzTNKfCinkzNn0u7kW00WWy1YvrMY1C3?= =?utf-8?q?dZMejX2d7fKFgnBmmmDionAnJ7zMPYH4xuIqjbo/lhDP1oX/eKgEq1Qd3MbUylAnz?= =?utf-8?q?IGMejXrqDThgc/WglKSsg4dAhda2pBtZsVyNeoS7t8Wr7q5ZrS7BfbNkAtYcuguTY?= =?utf-8?q?GL+xlNk473tWdxyzpwRMSzQybouihujrqVkDmpVNrRsSg2uzNn90nZLfLnw6SdA/9?= =?utf-8?q?DoJAf/OuAUAx96rjxkXi8b7DV7fyZwvLSxYi9qgSy4yKwswQ=3D=3D?=
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Mar 2020 09:04:59.8265 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: c2c312a0-8123-48b3-a1f9-08d7cd76ef26
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR08MB4291
Archived-At: <https://mailarchive.ietf.org/arch/msg/lake/X25ozE52R9quEWIyHH6TCeO_1DE>
Subject: [Lake] draft-ietf-lake-reqs-02
X-BeenThere: lake@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Lightweight Authenticated Key Exchange <lake.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lake>, <mailto:lake-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lake/>
List-Post: <mailto:lake@ietf.org>
List-Help: <mailto:lake-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lake>, <mailto:lake-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 21 Mar 2020 09:05:09 -0000

Hi all,

Given the WGLC I reviewed this document and below are a few comments.

The introduction lists of number of specifications that reference OSCORE.
I know that the authors are super keen in having those listed and hence I would
argue for only one change: The text on LwM2M  says
"
   *  OMA Specworks LwM2M version 1.1 [LwM2M] defines bindings to two
      challenging radio technologies where OSCORE will be deployed:
      LoRaWAN and NB-IoT.
"
Just because something is in a spec does not imply that it will get deployed (or
even widely implemented). The jury is still out and let's wait and see how
successful OSCORE will be for LwM2M.


A remark regarding the following two paragraphs:

   OSCORE was
   tailored for use with lightweight primitives that are likely to be
   implemented in the device, specifically CoAP [RFC7252], CBOR
   [RFC7049] and COSE [RFC8152].

   The AKE shall
   specify how COSE can be reused for identification of credentials and
   algorithms of OSCORE and the AKE, as extension point for new schemes,
   and to avoid duplicated maintenance of crypto library.

In embedded crypto implementations there are typically several layers, namely
* the implementation of cryptographic algorithms (AES, SHA256, etc.)
* an encoding scheme for transmission over the wire (e.g. COSE, TLS Record Layer, X.509 certificates, etc.)
* the actual key exchange protocol

The different layers may be used by different components and different requirements may exist for them.
For example, the stage 1 bootloader may be implemented in ROM, may only use a signature verification function, and is probably optimized for code size and fast signature verification but does not care about RAM usage (because there is no other program running at that time). A device management solution, code that is running when the device is working under normal conditions, will have different requirements. Furthermore, the code for these two systems may actually be written by different parties and re-use & maintenance may actually be more complex than it looks like.

>From our investigations the biggest code size impact is actually with the cryptographic algorithms. Hence, I disagree that there is a requirement for the AKE to use COSE. (I understand that OSCORE uses COSE but only requires a small sub-set of it. In general, it seems that everyone just implements a subset of COSE.) If I develop an AKE that is good for low end IoT devices but it does not use COSE why would that be a problem?
(Note that I have seen IoT devices implementing different CBOR parsers as well. The reason is the same why developers pick and choose certain COSE components.)

I wonder how the following two paragraphs relate to each other. The first paragraph
appears to be saying that reliable transport cannot be assumed. The second
transport says that it has to be assumed.

   The AKE cannot rely on messages being exchanged in both directions
   after the AKE has completed, because CoAP/OSCORE requests may not
   have a response [RFC7967].

   Moreover, the AKE must support transport over CoAP.  Since the AKE
   messages most commonly will be encapsulated in CoAP, the AKE must not
   duplicate functionality provided by CoAP, or at least not duplicate
   functionality in such a way that it adds extra costs in terms of code
   size, code maintenance, etc.  It is therefore assumed that the AKE is
   being transported in a protocol that provides reliable transport,
   that can preserve packet ordering and handle message duplication,
   that can perform fragmentation and protect against denial of service
   attacks, such as provided by the CoAP Echo option
   [I-D.ietf-core-echo-request-tag].

You may need to indicate what exactly you mean by "CoAP" because CoAP is in
the meanwhile a long, long list of specifications adding pretty much every functionality
you can imagine.

Furthermore, I don't see a problem of adding features to an AKE even if they are
available in CoAP or in a CoAP extension. The reason is that the AKE may therefore
be run on top of a wider range of underlying protocols. It may also make the AKE more
robust and easier to use for developers.

Could you elaborate a bit more on this sentence? I am also wondering what the
AKE  design implications of the non-CoAP-based transport are?

>   The AKE may use other transport than CoAP.

I don't think there is a good understanding in the industry about the reasons why companies deploying
IoT systems prefer one credential type over the other. Hence, I would omit this statement.

> PSKs are often used in a first deployment because of their perceived simplicity.

You may want to make references here to justify the statement of the massive
breaches of PSK-based provisioning systems in IoT environments. (Not that
PKI-based systems have been free of problems either...)

> However, PSK-based provisioning has inherent weaknesses.  There has
>   been reports of massive breaches of PSK provisioning systems,

I would delete the sentence below because
(a) many IoT devices have some form of user interface, and
(b) the lack of a user interface is not necessarily relevant to the need for
different credential provisioning schemes.

>  The common lack of a user interface in constrained devices leads to
>   various credential provisioning schemes.

I think you are downplaying the importance of unlinkability with your statement
on identity protection for connection identifier. There has been a lot of work
in the TLS and the QUIC working groups on this topic. Happy to provide details.

>   Other identifying information that needs to be transported in plain
>   text is cipher suites and connection identifiers.

I think you should also mention that the use of OSCORE and an AKE at the CoAP
level provides different privacy features than using the protection at a layer below.
This may be important in light of the development of QUIC (and consequently in TLS)
where a lot of attention was paid to offer confidentiality protection of information
like the FQDN/URL.

Regarding "Auxiliary Data": I don't think it is appropriate to refer to access tokens
as auxiliary data given that those, particularly when used as PoP token, are actually
closer to certificates or Kerberos tickets.

In the same section you are then talking about the idea of sending CSR messages.

I think those are very different use cases and the implications for the design of the AKA
should better be separated. To me it appears that the ability convey a CSR/Cert exchange
falls more under the category of "early data" (and could be very similar to sending
data along-side the exchange before the AKA has been finished) while the access token use
is an alternative certificate format.

Denial of Service: We have seen that developers have problems with using a denial of service
mechanism when it is not built into the AKA. Even with CoAP deployments developers ran into
problems with reflection attacks. In your design you push this DDoS mitigation outside the
AKA and I think that's a bad design approach because application developers will get it wrong
(from what we know so far).

Ekr talked about the performance aspects already and this has been fuzzy all along.
I would like to understand whether there are "hard bounds" or whether this is just something
in the line of "We would like to have an AKE with all the features of TLS but with a few bytes less
overhead".

Out of curiosity, I am wondering which features of the TLS protocol have not yet been covered in
form of requirements.

For example, I am not seeing functionality like:
 * OCSP stapling, indication with CAs a client supports,
 * post handshake client authentication,
* ticket-based resumption,
* the ability to use server-side authentication only (with client side authentication happening later)
Ciao
Hannes

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.