Re: [Lake] [Ace] ace-ake-auth updates for latest EDHOC principles
Göran Selander <goran.selander@ericsson.com> Wed, 12 October 2022 13:51 UTC
Return-Path: <goran.selander@ericsson.com>
X-Original-To: lake@ietfa.amsl.com
Delivered-To: lake@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2EA57C1522D3; Wed, 12 Oct 2022 06:51:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.678
X-Spam-Level:
X-Spam-Status: No, score=-2.678 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.571, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AUYZVS7iF_SP; Wed, 12 Oct 2022 06:51:43 -0700 (PDT)
Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05on2089.outbound.protection.outlook.com [40.107.20.89]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AD470C1522C3; Wed, 12 Oct 2022 06:51:42 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=EJ1nM0ejftwN0neJEjXhVwGundM7Jazz7mrc8M16DVhD8ctLpNYWdOKVqMFP1jyDoIJdcCZL6+M3idMYOT3BmaVnZb3WOX7EdXSJlv3DScNS36AP42qlatAD4SzHgYqNC/76yXxM5AzRCQOKp9Yig1zebltAtoKZ5wzzdUz7jTqBP6FxM8iR/5NOQCSwPm+ApYt459zifuix51LbLOKEP8P9pA+dyu5UvQefCjfaKqHHTUc8eW332KgiYADwIVIISG6KzqP2ZEEA8diL4xWagFGiBZQbaCVfY986GE/AxgZe9lDU/hGkseK5RMa6X3s1a0hksjrvVdYS/cTliD8Mww==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=CnQo1j0N2AkDED43GwAaWI/q1gCLU+oBAmt7x9baRIY=; b=avuzOqoyztI0kvEuGxTDWwrc9NdsXJog3cDr+BuXu4SwpTpN11Qte/pD3Gf0jLsCAlYiPhyyUXm208BHVxMGuNaYjOA9NN35n8KY/aYQNZHnYWaoB+UcClCDDRwYGLo47KvrDjbAG+c/PJ82VlOTeT4YL3Ia8ouek6lwpL4GPaNHTENkksAFHF8sgvScvwHvpS7DJMr84hKDPT8ykAm5XrvY+ko9S2+EYmOvIy0JYhu36hVGhBb+X4WZhyX/7pXKo1mximNZ9eemuxxto1zOMutPip6ATTferAhODTQsR4Rb056jT6WvIbWMTih7x3imbocFePz35CPLB0resDiu4g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=CnQo1j0N2AkDED43GwAaWI/q1gCLU+oBAmt7x9baRIY=; b=FC/+MVJWsHSbWzGCiyGHdgLK5KHK5UvrPcF2ScqW6jgAEr9o2OfXCiAf5xyanNvvObxH38S/BKHswS8W021P9QOfhmk9h0Cv7GlsedmobfqulXiBDn9b7HxJ3T9xltLBgpXZwjlrqOclamL+mu/eqiNNvtTFaNrMnYp/v6A4+LM=
Received: from PAXPR07MB8844.eurprd07.prod.outlook.com (2603:10a6:102:24a::19) by DB9PR07MB7130.eurprd07.prod.outlook.com (2603:10a6:10:21c::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5723.14; Wed, 12 Oct 2022 13:51:39 +0000
Received: from PAXPR07MB8844.eurprd07.prod.outlook.com ([fe80::7c15:62a1:13eb:f7d0]) by PAXPR07MB8844.eurprd07.prod.outlook.com ([fe80::7c15:62a1:13eb:f7d0%4]) with mapi id 15.20.5723.013; Wed, 12 Oct 2022 13:51:39 +0000
From: Göran Selander <goran.selander@ericsson.com>
To: "lake@ietf.org" <lake@ietf.org>
CC: "ace@ietf.org" <ace@ietf.org>, "anima@ietf.org" <anima@ietf.org>
Thread-Topic: [Ace] ace-ake-auth updates for latest EDHOC principles
Thread-Index: AQHY3j33OshcBnixJ0SbPWxj7BvuOK4KwJAk
Date: Wed, 12 Oct 2022 13:51:39 +0000
Message-ID: <PAXPR07MB884444EE7A8BA533899C7E13F4229@PAXPR07MB8844.eurprd07.prod.outlook.com>
References: <8787.1665580990@localhost>
In-Reply-To: <8787.1665580990@localhost>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: PAXPR07MB8844:EE_|DB9PR07MB7130:EE_
x-ms-office365-filtering-correlation-id: 261685b3-9855-4fdb-b505-08daac58e33d
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: Az+bZZCypEHxSvCB9sP5cNUu5jH+fZrKdtm1SYMQGGoUAQ97V+/uN7B10EfRhrUOME/99tfCYPddnNeW3qb8LBLP67kykqLmuBm4PF89kg+boYVr1a9gHMDKFTsyKMMxQHzzdXSIzoM1/0QUX8xkFunQRk65zvX1MdVO23V0kqMoP02BnuoeooJvQjERpe5GUG8oprxehvy26R5BcstdnrHN4GvmYkEIpF8o+6taptK9+mlCbWv+KclFIPFkc8/BwzYTTAOkMbavTVAQ5Ex7cJm0PEvypyCxOZaqLKCINtGqVcHx07JfUTVgAiKhj+SDUHKTECKjOB0piYH9hKdynk5PvgYv3j6JlN7O195aa85+RosJ5eR3dZ0UBBqdsbBAYUtZcHcm/vpytI/YC+ZuQkOX8mEsohH2bE7HEzBTbrgYXVqStf3G5Qif/hHOKV5sTodFMEcFBCbdOTwMWexEf3timXOXl/OK3IV+XuJXA9p5jhBn+JSsNn5JLQQcSdBA/iTzspNmJzBt6fr0xII4Sln/ad8T2eXBCUVjGH+FyQMyUQTMoJDVukYlXE8TJxyVevs4ioCZFVZGiWZLbUTNU57NL9YWHCIo3WU/0lVdq/Kn+yBOVX6hxeuDvhJqnIKRsyxdX5yr/nCQoIZJ09c1yszvVTVIPjXinzs0dvg7pL1wF+bZZK7un4WH9YIAHibf8SVmnAtStt4bbRFJnkCO3u5Ya6OabRpp20eTguuN5Q2lZ5yKHOHxOaIvMut9ioE2aXbZWebieZu+sLlKC59k32NdHuRkJXuNbLd4Zn97g0gPLcooBxXMpgQ+MbVaRERScPUniBn0Byg3xj5XP5OJpihA2kU8PZUzfhLAbWt/2UIyshH27ZauPXj1823/oTQu
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PAXPR07MB8844.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230022)(4636009)(39860400002)(136003)(376002)(396003)(366004)(346002)(451199015)(66899015)(86362001)(33656002)(38070700005)(166002)(122000001)(38100700002)(82960400001)(2906002)(478600001)(15650500001)(5660300002)(55016003)(6506007)(9686003)(26005)(53546011)(83380400001)(66574015)(186003)(7696005)(966005)(316002)(6916009)(54906003)(450100002)(91956017)(76116006)(66946007)(66556008)(66476007)(66446008)(64756008)(8676002)(4326008)(41300700001)(71200400001)(52536014)(8936002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: SggpAh8chQuSj87Ms3w5tUsBplXHEN2oh10lwR+4+ndKYDIfm4RVINQlpHyCKeCE7hKqYsF2sehmiEtKQAUFr0ti2bkmZ1domtG+9bNFDBCmFN0+tYu9lUPUSzNadE/V9UsM+SMJj5pSwZB/Y8x/oXQW5/eZ6yaFaKdlOeKpiLuodXyz1ZVL/cVMnichTObvMGt3aHZKQRIJw1575TFg2iwd9HCZl6h35wYkh1Y7Z/NhbPTixPqllldZaFsoK7jLP9guNoT2YUqqquT/zH5kwWMOOaSeEFhiXHDEKjZTLni3XvzPuxSVaxENcmrYPFP1OE4gHcZ6S6DKUoz5D3ZMWk8/LJBUmc8vkGhQgs/4TWNx9n2bPIQVg/s0ZewBTlQyB5NouiBn+XbJQhytdlVIw5nc8EtqH8Pj4MOipoh4IiEjsdJ9kmwJnRIz5R6JQakCtdgULdw9f6WgmafTXs3G43P0ILQ24Sw6s+PNASCnkZH3j35iMu+lwhPLHlibi+sim7CxBrYoa2Bq6UsWVlpg7WoXEF7mE/VfQg3JG0yNy9N1339fCvQRBK5lH07vNob4fCUpBhf1O0nSuft0w9IQwzk5416l4iEslHqebpTdv2bVm4vUF9YiYUlQIaNP3DdJqf5lS5S5R4JTA9WVqmIBq64MPK41dXMLnIMoZEcMKEmDvDbaX0r4pyJPzjCJhESa17Y96QIcozp9rLV0y248NW8oGKdtvaOahMJfnJaDjP8za8dlRUHH73y36nefW8TCWozktKHhOagXmsJvIZL0Ns8NOWnvyohIorott/sLvV1oZXwUZCtkkafOGYJDlJg+KrY+iNn8jgYStEOfggO1W88wORTzgb5l54vQpJ0o0yZwfzsPRafzAN0oNOMiq/hg7LJhYeJtXA/0APS8ahx0mGUKszUmZ5cEbzYxcCy4YsyqCLt1EdfAzm8cQV0ZXBM0kmvVBh8SngY5VvFANBtMRG12Y6xE2xjGnLnwsmRJ7yA5OcxsJIxnORLZXb6cxPG8dkAx2i+2jrZ3wmU+q1RHljo+S69DeWQZNpUB8QXkonCSFsGB/4egGzsfmps7DIyaxgWjMBfzXi5y2xd3k3FCJCsUe7qYrID6dB/0r+kBBlKkzpEhHzt4Z7MecVsB1DVC9Vv8BQbcgcN8oDTP62Zt+X5e/MbhF34WjZx8REVHI/wVaZg1UWTClSDVcjiU2weO5/hpwAHhYOJ4dVBDMaj4XUeIp+0CKjZz6c8oYdneTSxr7eEwEJR2fjyXEUAQxBroQpgAXShHz2ZA2LHNAXPT1BM74f9qWWUe8+OrZGelpXxQt6zv7Pghe4qopTQ5Gp2MqwYd6vdbuNN4X1qMykZYDiXikI6j1n6O+rkbYhCYUtU2/kQ2M7BUQSOQZoIHckjvuESJPTqz7tcSWW6Lfa9sKoRM7b+95KvVBJZVXI42Czoutf9xLK3NA41MEBfj3dHPgXMVBS2m4pW0Lk9XOnzD0lf7QX7FI7nIpPtNFosDIilJUUoAo6AF/YH+3RvfSFXJ+365VazNRHazLszoqkkhLs9IrIMa3qN8UGttKBm3AIYhT/RQAPgNiZaVayHqXMjZ4YCD81yNbT5pLDB4VPANxjkSwqTIpWLLwmHYtzCClOY=
Content-Type: multipart/alternative; boundary="_000_PAXPR07MB884444EE7A8BA533899C7E13F4229PAXPR07MB8844eurp_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: PAXPR07MB8844.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 261685b3-9855-4fdb-b505-08daac58e33d
X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Oct 2022 13:51:39.5761 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: mjWzAgi1ICNgsemiUxPAB+RCbMmD20uekao9nC6fEi28tuEvPCf7LV+h7Zf0sSroLSuKQef8mSjjfDpZUpKZsDQUhGTVH60hLAvDpmrTUQc=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB9PR07MB7130
Archived-At: <https://mailarchive.ietf.org/arch/msg/lake/624Cx8xiSeHcmx-h7diFEzIMyDE>
Subject: Re: [Lake] [Ace] ace-ake-auth updates for latest EDHOC principles
X-BeenThere: lake@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Lightweight Authenticated Key Exchange <lake.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lake>, <mailto:lake-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lake/>
List-Post: <mailto:lake@ietf.org>
List-Help: <mailto:lake-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lake>, <mailto:lake-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Oct 2022 13:51:47 -0000
Some additional comments inline: From: Ace <ace-bounces@ietf.org> on behalf of Michael Richardson <mcr+ietf@sandelman.ca> Date: Wednesday, 12 October 2022 at 15:24 To: lake@ietf.org <lake@ietf.org> Cc: ace@ietf.org <ace@ietf.org>, anima@ietf.org <anima@ietf.org> Subject: [Ace] ace-ake-auth updates for latest EDHOC principles The authors of draft-selander-ace-ake-auth have been discussing how to update this draft to reflect some of the changes in EDHOC. Specifically, there is a concern that ace-ake-auth reveals too much in message_1, things which EDHOC has worked hard to keep private. One planned change in the next version is to shift the trust model from: * the trusted third party, W, is trusted to decide to which authenticator V the identity of the device U is revealed to: * the device U decides to which authenticator V it reveals its identity. Since the authentication credential of U may be large it is still desirable that V can obtain it from W rather than over the constrained link between U and V, but - to match the changed trust assumption above - at a different time in the protocol: after message_3 instead of before message_2. For those that don't know ace-ake-auth, it fits into the "Ultra-constrained" onboarding column for the diagram that was part of https://datatracker.ietf.org/doc/html/draft-richardson-enrollment-roadmap-03 (and was in the IoT-Dir wiki, which needs to be resurrected. The diagram is also visible at: https://protect2.fireeye.com/v1/url?k=31323334-501cfaf3-313273af-454445554331-bbfeee37309f6b5e&q=1&e=ed56df95-0487-4240-99b5-7a62a7af1bd5&u=https%3A%2F%2Fgithub.com%2Fanima-wg%2Fenrollment-roadmap%2Fblob%2Fmaster%2Ftechnology-components.svg ) The ACE connection is that the backend (aka "BRSKI-MASA" protocol equivalent) was leveraged against the ACE mechanism. There is now some reconsideration here. Fundamentally, it would be nice to know where the document adoption is going so that we'd know where to have public discussions about the trade-offs. (please note reply-to) Michael’s way of saying that LAKE is a natural candidate. This draft is building on EDHOC and matches a request from the LAKE WG to produce an example showing how the External Authorization Data message fields can be applied. The location of the MASA (aka "W" in the document) is provided in the clear during message_1, with the actual device serial number encrypted to W using a static DH key that the pledge ("U") has been provisioned with. It would be nice to move some of this from message_1 to message_3, which would guard better against on-path attacks that impersonate V. See above. Göran The URL provided during message_1 is visible to any observers, and since this is onboarding, any network privacy is not yet applicable. OTH, the authorization step needs to complete before message_2 can properly be formed, as it contains enough of the RFC8366 constrained-voucher semantics that it allows the pledge (U) to authenticate V. Knowing the identity of the MASA may tell you a lot about the device in question. This is a place where having many MASA outsourced to a big MASA helps with privacy. It's also a place where perhaps oblivious-HTTP might help. There is a question about what the security policy of W is. Is it TOFU-ish, aka promiscious MASA, or does *it* know which device has been sold to whom? Also, the URL for the MASA is ideally very very short :-) -- Michael Richardson <mcr+IETF@sandelman.ca> . o O ( IPv6 IøT consulting ) Sandelman Software Works Inc, Ottawa and Worldwide
- [Lake] ace-ake-auth updates for latest EDHOC prin… Michael Richardson
- Re: [Lake] [Ace] ace-ake-auth updates for latest … Göran Selander