Re: [Lake] Call for adoption for draft-selander-lake-edhoc - respond by June 22

Göran Selander <goran.selander@ericsson.com> Tue, 07 July 2020 16:34 UTC

Return-Path: <goran.selander@ericsson.com>
X-Original-To: lake@ietfa.amsl.com
Delivered-To: lake@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CCD503A1145 for <lake@ietfa.amsl.com>; Tue, 7 Jul 2020 09:34:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.101
X-Spam-Level:
X-Spam-Status: No, score=-2.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gm5UXSaztd2P for <lake@ietfa.amsl.com>; Tue, 7 Jul 2020 09:33:59 -0700 (PDT)
Received: from EUR04-HE1-obe.outbound.protection.outlook.com (mail-eopbgr70054.outbound.protection.outlook.com [40.107.7.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B40B53A1141 for <lake@ietf.org>; Tue, 7 Jul 2020 09:33:58 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=MtkeyqdFn0smkkYRVIwj0XQVtOFsC45RlB69nqSrfeAMBWyV7u2b0O0+JoUHTJVLoNU6dlvzr5IQqMwJaAG4IRtM7PM0KPhuWQXa5jCk10BxkQP0GqvCxwll6fw7QO10/p61rnR31gWGc3534ef/OVlYDAGSytm7Sh9K2xq2jhYA97IRDWcIrXKwbJo7okd27cBlnNmpWjqROtq0ThjEbv5b0PKvobiCe15y/uijUGXnUk7lTYbY+nzeh6xhkjXzem2Pbyb5BSbbBAGfoW3SsfnXrttf25FaU9D2+WB4pfbGT9cNceWCI/9p6cXlYqt8HxBi2bv7FIrw1kLS+hXNDg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=M/1NxehhP1C4HmQ50TfnHZmeu5B9uQFRrzmXtwts35s=; b=dGi7aM0gaJ505GjqFJjEbN8Ef9yHjDO2s4mTOzFyw3IgrVzsOhHTadueCkZl0xjqLAZTPHQ1XLljNBid6TCdtmtw7w7CKkxG+3pr3K9ZJnhmBTumLPX+glpVodpuwKxWCwIeu9OW9JhnAY821+d9Puxzpiq+flHQ5PfTQyeHswATaNMCO+2wktWDvR2FDnIlUUfqmpxhFaX7rJgGhLSWr3USMe+sHAIALaZ50yZIbL1CeVet+QCWKxZkpQhCHQ7kRSoJ8d2w4GG6zu4sr6costYj9F2EH9nG/DEJe740OFw7bLNXuS4mCr9vnPjTMIslD8iCrT0Eg6g4vexW8CN7kA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=M/1NxehhP1C4HmQ50TfnHZmeu5B9uQFRrzmXtwts35s=; b=HvCFEUIYOz2fY1BAZOcSkOjR0ZQB3owMwt21Wp4M5OPV2VL6BQ9bgOxcU35nz54Ipuz+kNSTL1/erqNNyktZtgrnxqalFEfpQL9slFxtvt0zn1nTWWRBS8dzA0wqsqoVtks+FhOMXeIEatwz8FHO7cwqxMX+oAWj18/bgP+bqQQ=
Received: from AM0PR0702MB3665.eurprd07.prod.outlook.com (2603:10a6:208:1e::21) by AM0PR07MB4468.eurprd07.prod.outlook.com (2603:10a6:208:7a::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3174.17; Tue, 7 Jul 2020 16:33:54 +0000
Received: from AM0PR0702MB3665.eurprd07.prod.outlook.com ([fe80::75ea:232a:4132:452e]) by AM0PR0702MB3665.eurprd07.prod.outlook.com ([fe80::75ea:232a:4132:452e%4]) with mapi id 15.20.3174.020; Tue, 7 Jul 2020 16:33:54 +0000
From: =?utf-8?B?R8O2cmFuIFNlbGFuZGVy?= <goran.selander@ericsson.com>
To: Rene Struik <rstruik.ext@gmail.com>, "lake@ietf.org" <lake@ietf.org>
Thread-Topic: [Lake] Call for adoption for draft-selander-lake-edhoc - respond by June 22
Thread-Index: AQHWSOWrozytfvkznk6cTl5FQL5SvqjluLKA
Date: Tue, 7 Jul 2020 16:33:54 +0000
Message-ID: <BCDF727F-1EDA-48E0-AB5F-67D708E65D3C@ericsson.com>
References: <0f8e9d07-ffc0-7a0d-8aba-a3ea65937c1b@gmail.com> <39b11e50-6641-7c2b-6bb4-0da238135a8a@gmail.com>
In-Reply-To: <39b11e50-6641-7c2b-6bb4-0da238135a8a@gmail.com>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.38.20061401
authentication-results: gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=none action=none header.from=ericsson.com;
x-originating-ip: [83.251.145.232]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 0814e390-a78c-4968-494b-08d822938a50
x-ms-traffictypediagnostic: AM0PR07MB4468:
x-microsoft-antispam-prvs: <AM0PR07MB44682AC26166864C5492B9A9F4660@AM0PR07MB4468.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: DmdHZG2UK6AjOm8ugMktKUss4U1t0A2izftXjwOJymJdI+QuftWL73/jcrZnQLe6OuFe0tajmUCEInUAqkP33d3mGP41ZBjVde6VwOR3tFACJMI0T9TrdHwScYJorJPb7HoWFYlZpkJlALSVUEd6E5iJXCH9fpQNFd3FH5BG04gqS9Wm85OCkQiRf6NwSy2UqSbHX5wazdsW6QeI1/Z3MKiw8NmK072p37TxkkyKEuIuuoJkEnQ8Q1TzdZnIb3hPceUz9+kKc+pkm6Y1EZn4qzeM1qKzn2F1y2xHr8ddfHhK01xskU3273ofabkh841MKJA+QhtdcMR4Y4ftau/2w1Hhxg0EL9T1UComNUzSrnCqbWelw4cEW+zfg5WeH1bbs803LtX+BmbFCUb1JmRAVA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM0PR0702MB3665.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(396003)(136003)(39860400002)(376002)(346002)(366004)(85182001)(966005)(6506007)(66556008)(66946007)(66476007)(85202003)(36756003)(76116006)(83380400001)(5660300002)(478600001)(64756008)(166002)(33656002)(186003)(66574015)(6486002)(6512007)(66446008)(71200400001)(110136005)(26005)(2906002)(8936002)(8676002)(316002)(2616005)(86362001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: UvtulPWhey4Qy2oNkGPfynqnUbGsiZpLmk2CBCIwbxmDVLmKkfC19PlAYyhmys11QysAUpzybxl3mzhKpqdCEr9zAP7YgwLyMNVutNdTxrmA9XAUarYU3HtA3ZnXM3kxLRBsS82zvtVn37PFIfsH6H8yYxqNDuF048TcMoqTs0ufzK0/AiWQAdckcAwpY/YPjAW3+Q70mxBF+2wSYZj49bHnHp5wmIfPdZ52Zc2XxM8qCGgl3AM+UlsfFMWPde7ryhcOZDHuukHVbxhRxFkRZ6ySj7/q8FFiqJbwiZlpa+cR1pRu4T/m7k/U5zgKzCDAUDGMwdvbkzMYqFoDzBR3AZsSzAGFMXKSGiyCIkNXCtB6UuPblJp8aVasLl6RanQWoTc6AKg0RrzsZs7zBWxydMqMZWqaofv2J7RYKGQ0LmXkuP1FvWY41caXOu048Amb7FVCTcCFmBy6sfC1s/VJ5SWAjwNPpPDgmyQvKFZU8vbQfqyl5nO71eUqzi13LgXN
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_BCDF727F1EDA48E0AB5F67D708E65D3Cericssoncom_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AM0PR0702MB3665.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 0814e390-a78c-4968-494b-08d822938a50
X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Jul 2020 16:33:54.8150 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 3MmflmhPeGWPRBUKazKEho8SdG2fIhx6tGdyFXsZuz9eZ6yWDBO7PnqlpudyWS2qdchlvBXI07MemDXQueXbQJIbEUF+aYT/pE6Spr7YcwI=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR07MB4468
Archived-At: <https://mailarchive.ietf.org/arch/msg/lake/7QdRaENms2R0uhsYDHjNHqEYGa0>
Subject: Re: [Lake] Call for adoption for draft-selander-lake-edhoc - respond by June 22
X-BeenThere: lake@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Lightweight Authenticated Key Exchange <lake.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lake>, <mailto:lake-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lake/>
List-Post: <mailto:lake@ietf.org>
List-Help: <mailto:lake-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lake>, <mailto:lake-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Jul 2020 16:34:01 -0000

Hi Rene,

Some of your comments belong to the requirements phase, but others may still be relevant to discuss. In particular, the ciphersuite recommendations are not carved in stone by EDHOC being adopted.


From: Lake <lake-bounces@ietf.org> on behalf of Rene Struik <rstruik.ext@gmail.com>

-- some of the ciphersuite recommendations are somewhat odd. Having co-authors of this draft advocate EdDSA, while claiming this to be insecure (given easy fault attacks, esp, in IoT-setting?), in draft-mattsson-cfrg-det-sigs-with-noise-02 seems to be inconsistent.

[GS] The referenced draft speaks about ECDSA as well as EdDSA, and that completely randomized signature is not suitable for all IoT devices. It wasn’t clear to me what is inconsistent.

Why not simply use ECDSA (if one wishes ECDSA25519) and suggest a non-clamped version of ECDH (like all the co-factor ECDH schemes apart from RFC7748 do.? Why not supporting NIST curves, why enforcing both SHA512 and SHA256 at the same time, why pure-EdDSA (which requires two data passes), etc.?

[GS] EdDSA and X25519 are recommended for performance and security. As EDHOC is based on COSE, the specifics of curves of algorithms follow from RFC8152 and its successors. Any curve with a COSE code point can be supported. PureEdDSA is motivated here: https://tools.ietf.org/html/draft-ietf-cose-rfc8152bis-algs-08#section-2.2

[GS] Good point about the SHA algorithms. If I understand right there are two solutions to the problem, and the short term solution is to only use SHA512. I opened an issue:
https://github.com/lake-wg/edhoc/issues/2

Göran