IETF Logo Mail Archive

Re: [Lake] Ways forward on MTI cipher suite text

"Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu> Thu, 20 January 2022 21:41 UTC

Return-Path: <prvs=901941eec9=uri@ll.mit.edu>
X-Original-To: lake@ietfa.amsl.com
Delivered-To: lake@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9D7123A22F5 for <lake@ietfa.amsl.com>; Thu, 20 Jan 2022 13:41:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sXDGZKr8AE2F for <lake@ietfa.amsl.com>; Thu, 20 Jan 2022 13:41:16 -0800 (PST)
Received: from MX3.LL.MIT.EDU (mx3.ll.mit.edu [129.55.12.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 009F03A22F3 for <lake@ietf.org>; Thu, 20 Jan 2022 13:41:15 -0800 (PST)
Received: from LLEX2019-3.mitll.ad.local (llex2019-3.llan.ll.mit.edu [172.25.4.125]) by MX3.LL.MIT.EDU (8.16.1.2/8.16.1.2) with ESMTPS id 20KLfFFL220393 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Thu, 20 Jan 2022 16:41:15 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector5401; d=microsoft.com; cv=none; b=xNW7rDp0NDTD0/ZIvU8Ckdec9nox7Zcde2Hb1zY1TIBNKCSYTgYpttFIfJ4nq+GxR1nrtT1pQqiycmcZ0/5hjSF2AkymWmtkI3v6ZrOxbLQEDvH85Up9lGp14GvAa9ZY0YcCWRYkx+JWoxaNg64+gFaXWOVMIZq5GUCMgSyu+OJAfee6rfDAm9Gz9dE8MtDsC8RDVH2Hhf2A/KWvZlhaLJC2/sncKy9lTz2u1jf1pauQLiJUjBPYM9QI3aQjwkKMTZijug9Fxg5yPbT2M4zbf35ob2z7jcYFwt9aUETAN0uEMYu8lboqKGsjGHCTpimBb4CJoTiSL7FoePjNVXcdBg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector5401; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=xUq30u1Dwx/1ffK93pwpeRc+EMbQlzMyo75HqBxpETk=; b=Cikq+VyhLje00JYJx1ODR6rLsUek4JX4fgstkISashwzfgWcRuPi0wb4sdcDgE3kev2zt4J5QRm+43aglGFWzVtckB5ncmQUFlnz4K8xbePg9WoWkIxGFVHajzWdyXVubprzxvuNiALb6d33vemyHFvscfyFYAZSiHVJ3z/WI79Z6ucsc178vZvyQjwvpkvWwbPr4vhkIaY3Vgm7yAYYj+A3HULAz+ZYP1hJyi4EL6J1OA3r+zVS8a27rnDFUfa8yXHYC4Uz7PPL5JS3x6aywiWx650J+3BqtvjDX2QqIk/DcFYmaBJvspY9kzZSllBUh6v7Art07X0irEETJcu0ig==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ll.mit.edu; dmarc=pass action=none header.from=ll.mit.edu; dkim=pass header.d=ll.mit.edu; arc=none
From: "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>
To: "lake@ietf.org" <lake@ietf.org>
CC: Mališa Vučinić <malisa.vucinic@inria.fr>, Russ Housley <housley@vigilsec.com>
Thread-Topic: [Lake] Ways forward on MTI cipher suite text
Thread-Index: AQHYDh/GZRAUUBYe10GAwxfnn8jhbqxsWo2AgAADLYCAAADBgIAAEigA
Date: Thu, 20 Jan 2022 21:41:12 +0000
Message-ID: <C7D041C5-0BA9-4C1B-908B-883EE015F4E9@ll.mit.edu>
References: <F4461112-A859-4647-B4D5-85E83A77803B@vigilsec.com>
In-Reply-To: <F4461112-A859-4647-B4D5-85E83A77803B@vigilsec.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 9aea0ea3-8b22-46e1-8279-08d9dc5d9471
x-ms-traffictypediagnostic: BN0P110MB1289:EE_
x-microsoft-antispam-prvs: <BN0P110MB1289965A6F393AA3347BD3BE905A9@BN0P110MB1289.NAMP110.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 0ee5ru8Q2hBnfvCHudL8AocD6lTvKmEHkM2GE4ccgzp5HaRAxTAFJn8SyAssUytAbwtGIpYX693ZsWTLlNQXLQiQGUf7w4+jxUEYoKV0iFmN5ncXG/+8OgBbyljmBUtrqC+DM6F2BCdohbdqGfvdVBTvy9ky/DBsiaQVDdKLpHYKqv6X+fPiJUjNy01ZaQHaTERnhqNl4lTwRb0MJ1p23C/MCSt89v/YxgVieHIVAU6bJDDzcFRXyU7MCcFEKNNAmG2lGgPHxqLKxyL4fx0W+b8YtWAvRyFmxiLDgEOrKOS5BkzWIoTB9PQjbHjDu8ZA0W9NGetwDH/ydZM4jQDEtiIdLddLJ3ZXJOseoskQ0buwMf1frJlFlprc3BbklBGu7yyuBCC2FlR+BQ1EFoP9vNygv6Kqv13WFNJ2NNSKCc/Yfpe+E1m05wYK7ei77KyL050mPhEY+kz42VWdxcN/mscieeNXT6jOGh8pACRCyFJiQP+O/AzpdAY1VhkNqeP/8ftKKGXTOoObqVlsWexvdFXpDpk+tl8l+a4I5b7GoKZCKMngtLRSf/jfHJ2Yzgxd+KDYgMw5BbBmEpX+KFiUBT8b2G/7IRBO2q45xf7AA8ArEnacMQh0/Gbs/JJKJ6a6Pr1MpTcPwOlauDk1Eig6szWDZCmhjFubTmaPeQQhYLW8hQdA+NF3DVGxJLbtnQbdNy0mN90O7emG2bPPZFL2Jqdnephlf6eAJKZ8+Zp0RMKkDpHbAA0x3XcZMHFyMyrm
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN0P110MB1419.NAMP110.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(366004)(5660300002)(966005)(6506007)(6916009)(38070700005)(71200400001)(53546011)(75432002)(508600001)(54906003)(122000001)(2906002)(186003)(4326008)(6512007)(8936002)(8676002)(66556008)(64756008)(33656002)(66446008)(66476007)(316002)(6486002)(76116006)(99936003)(83380400001)(86362001)(66574015)(2616005)(66946007)(45980500001); DIR:OUT; SFP:1102;
Content-Type: multipart/signed; boundary="Apple-Mail-900128F4-3D9C-47B9-B450-7EE3F46D4BD9"; protocol="application/pkcs7-signature"; micalg="sha-256"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BN0P110MB1419.NAMP110.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 9aea0ea3-8b22-46e1-8279-08d9dc5d9471
X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Jan 2022 21:41:12.8766 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 83d1efe3-698e-4819-911b-0a8fbe79d01c
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN0P110MB1289
X-Proofpoint-ORIG-GUID: GzUqOwYdjkuOJKetdNShzOi-artPJ657
X-Proofpoint-GUID: GzUqOwYdjkuOJKetdNShzOi-artPJ657
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.425, 18.0.816 definitions=2022-01-20_09:2022-01-20, 2022-01-20 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 bulkscore=0 mlxscore=0 adultscore=0 suspectscore=0 phishscore=0 malwarescore=0 spamscore=0 mlxlogscore=999 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2110150000 definitions=main-2201200108
Archived-At: <https://mailarchive.ietf.org/arch/msg/lake/60DWgebU8lgxIBch9XcAtCHcCqk>
Subject: Re: [Lake] Ways forward on MTI cipher suite text
X-BeenThere: lake@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Lightweight Authenticated Key Exchange <lake.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lake>, <mailto:lake-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lake/>
List-Post: <mailto:lake@ietf.org>
List-Help: <mailto:lake-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lake>, <mailto:lake-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Jan 2022 21:41:21 -0000

I agree with Russ, and support “sole“ MTI 2/3. 

TNX

Regards,
Uri

> On Jan 20, 2022, at 15:37, Russ Housley <housley@vigilsec.com> wrote:
> 
> Selecting one MTI provides the broadest possible interoperability.  I think it would be harmful at this stage to divide the implementers into 0/1 and 2/3.
> 
> Russ
> 
>> On Jan 20, 2022, at 3:33 PM, Mališa Vučinić <malisa.vucinic@inria.fr> wrote:
>> 
>> Russ,
>> 
>> Thanks for your feedback. Could you state any technical arguments why do you believe that would be the best way forward?
>> 
>> Mališa
>> 
>>>> On 20 Jan 2022, at 21:22, Russ Housley <housley@vigilsec.com> wrote:
>>> 
>>> I would prefer to see one MTI (Option 2).  I can live with that MIT being 0/1 or 2/3, and I have a mild preference for 2/3.
>>> 
>>> Russ
>>> 
>>> 
>>>> On Jan 20, 2022, at 12:03 PM, Mališa Vučinić <malisa.vucinic@inria.fr> wrote:
>>>> 
>>>> Dear all,
>>>> 
>>>> During the last LAKE interim meeting, we discussed the issue
>>>> of an MTI cipher suite and we agreed for the chairs to open a
>>>> thread on the subject. As a reminder, the previous discussion
>>>> points on this topic are summarized in github [1] and in
>>>> John’s mail dated 13 May 2021 [2].
>>>> 
>>>> We’d like to see if there is rough consensus in the WG on
>>>> this topic, at this moment in time. Knowing that the formal
>>>> analysis of the EDHOC-12 specification is under way, we
>>>> should keep in mind that additional input may arrive down the
>>>> road from teams working in the computational model.
>>>> 
>>>> As a reminder, the most recently discussed text for this
>>>> is in a PR [3] and states:
>>>> 
>>>> “For many constrained IoT devices it is problematic to support several crypto primitives. Existing devices can be expected to support either ECDSA or EdDSA. Cipher suites 0 (AES-CCM-16-64-128, SHA-256, 8, X25519, EdDSA, AES-CCM-16-64-128, SHA-256) and 1 (AES-CCM-16-128-128, SHA-256, 16, X25519, EdDSA, AES-CCM-16-64-128, SHA-256) only differ in size of the MAC length, so supporting one or both of these is no essential difference. Similarly for cipher suites 2 (AES-CCM-16-64-128, SHA-256, 8, P-256, ES256, AES-CCM-16-64-128, SHA-256) and 3 (AES-CCM-16-128-128, SHA-256, 16, P-256, ES256, AES-CCM-16-64-128, SHA-256). To enable as much interoperability as possible, less constrained devices SHOULD implement all four cipher suites 0-3. Constrained endpoints SHOULD implement cipher suites 0 and 1, or cipher suites 2 and 3. Implementations only need to implement the algorithms needed for their supported methods.”
>>>> 
>>>> The options we see at this moment in time are:
>>>> 
>>>> Option 1: Keep current text as-is unless/until more feedback
>>>> is provided that motivates re-opening this issue
>>>> Option 2: Proceed with selecting a single MTI cipher suite
>>>> 
>>>> We'd like to know if the WG can live with Option 1. Note that
>>>> doesn't mean you think option 1 is perfect, just that it's
>>>> something with which you can live. If you prefer option 2 or
>>>> some other option please suggest specific text.
>>>> 
>>>> Mališa and Stephen
>>>> 
>>>> [1] https://github.com/lake-wg/edhoc/issues/22
>>>> [2] https://mailarchive.ietf.org/arch/msg/lake/75nRaD6czYG6RqLT06Qe8C_lsaM/
>>>> [3] https://github.com/lake-wg/edhoc/pull/225/files
>>> 
>> 
> 
> -- 
> Lake mailing list
> Lake@ietf.org
> https://www.ietf.org/mailman/listinfo/lake

v2.23.0 | Report a Bug | By Email