IETF Logo Mail Archive

Re: [Lake] EDHOC negotiation and errors

"Sipos, Brian J." <Brian.Sipos@jhuapl.edu> Tue, 21 February 2023 20:37 UTC

Return-Path: <Brian.Sipos@jhuapl.edu>
X-Original-To: lake@ietfa.amsl.com
Delivered-To: lake@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DBEA8C1782BF for <lake@ietfa.amsl.com>; Tue, 21 Feb 2023 12:37:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.997
X-Spam-Level:
X-Spam-Status: No, score=-6.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FUZZY_XPILL=0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=jhuapl.edu
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id k30rZliMlILA for <lake@ietfa.amsl.com>; Tue, 21 Feb 2023 12:36:57 -0800 (PST)
Received: from aplegw01.jhuapl.edu (aplegw01.jhuapl.edu [128.244.251.168]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A6E7EC169533 for <lake@ietf.org>; Tue, 21 Feb 2023 12:36:57 -0800 (PST)
Received: from pps.filterd (aplegw01.jhuapl.edu [127.0.0.1]) by aplegw01.jhuapl.edu (8.17.1.19/8.17.1.19) with ESMTP id 31LIc0td019538; Tue, 21 Feb 2023 15:36:54 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jhuapl.edu; h=from : to : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=JHUAPLDec2018; bh=Ho8Wvsg3jXCUNRMBjcNse0J9JbBijeJUm+a4xLi5PtA=; b=SHzzHKGN/AzMQidR81DfLGhApaLHJNly6unOykwDX6vX3ZFXhFZEgWKq/tpQhrmzRcrG goT0DeXHQMtjjlYauVASn22Hlkq7d/u6DiMVe3bMYu0W5Iji9gimheg+NbYozdkIE2fo Horx0pu574cx/Z5xdrInQY8Dyn3zDX+c6sUmNloW32ih8B08iuTdMFHqOi3HE6R8gQ7O /9gLgDlNDvYYnghLJm4Pue+xQ2GCqTbDjjFIeqcKDfQQhlfV/Y7LkjA1clKzuyDJK6Bj EXSDLrNpBuF25WMtXdt/8ILLtbIdZGh5Uoy9pzkPfW0hrXy6XTz9Xw0Fq8HjZBugBHJv pQ==
Received: from aplex23.dom1.jhuapl.edu (aplex23.dom1.jhuapl.edu [10.114.162.8]) by aplegw01.jhuapl.edu (PPS) with ESMTPS id 3ntrkdasgh-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 21 Feb 2023 15:36:54 -0500
Received: from APLEX21.dom1.jhuapl.edu (10.114.162.6) by APLEX23.dom1.jhuapl.edu (10.114.162.8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.21; Tue, 21 Feb 2023 15:36:54 -0500
Received: from APLEX21.dom1.jhuapl.edu ([fe80::20d7:9545:f01e:9b2]) by APLEX21.dom1.jhuapl.edu ([fe80::20d7:9545:f01e:9b2%5]) with mapi id 15.02.1118.021; Tue, 21 Feb 2023 15:36:54 -0500
From: "Sipos, Brian J." <Brian.Sipos@jhuapl.edu>
To: Göran Selander <goran.selander@ericsson.com>, "lake@ietf.org" <lake@ietf.org>
Thread-Topic: EDHOC negotiation and errors
Thread-Index: AdlFcyNJVXSaBcDcS92pLvKgOKYffwATtiSHABaebwA=
Date: Tue, 21 Feb 2023 20:36:53 +0000
Message-ID: <eaf9618523934b219e890f597ccf6297@jhuapl.edu>
References: <4d31baf067a94571956ef46efe025805@jhuapl.edu> <PAXPR07MB8844F5F2D059ED1E11EEB6ACF4A59@PAXPR07MB8844.eurprd07.prod.outlook.com>
In-Reply-To: <PAXPR07MB8844F5F2D059ED1E11EEB6ACF4A59@PAXPR07MB8844.eurprd07.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [10.114.162.27]
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="SHA1"; boundary="----=_NextPart_000_063C_01D9460A.52105680"
MIME-Version: 1.0
X-CrossPremisesHeadersFilteredBySendConnector: APLEX23.dom1.jhuapl.edu
X-OrganizationHeadersPreserved: APLEX23.dom1.jhuapl.edu
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.930,Hydra:6.0.562,FMLib:17.11.170.22 definitions=2023-02-21_12,2023-02-20_02,2023-02-09_01
Archived-At: <https://mailarchive.ietf.org/arch/msg/lake/88vLJ8d1SckPWOEJIfpguZs_6KA>
Subject: Re: [Lake] EDHOC negotiation and errors
X-BeenThere: lake@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Lightweight Authenticated Key Exchange <lake.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lake>, <mailto:lake-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lake/>
List-Post: <mailto:lake@ietf.org>
List-Help: <mailto:lake-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lake>, <mailto:lake-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Feb 2023 20:37:01 -0000

Göran,

I believe that either your suggestion of a most specific error code or even a less specific code of “credential not accepted, try another” (similar to how HTTP 401 can mean try another credential) and an application profile explaining the progression of different credentials to attempt. The main distinction is that the receiving application can see this differently than the general EDHOC failure and try again in a progressive way.

 

To Michael’s point about using x5u as an alternative, in my case this is for negotiating participation on a network so there is unfortunately no wider network available prior to EDHOC succeeding.

 

From: Göran Selander <goran.selander@ericsson.com> 
Sent: Tuesday, February 21, 2023 8:20 AM
To: Sipos, Brian J. <Brian.Sipos@jhuapl.edu>; lake@ietf.org
Subject: [EXT] Re: EDHOC negotiation and errors

 


APL external email warning: Verify sender goran.selander@ericsson.com <mailto:goran.selander@ericsson.com>  before clicking links or attachments

 

Hello Brian,

 

Thanks, great comment!

EDHOC error codes was discussed at IETF 110, slides 5-12 in this set:

 <https://datatracker.ietf.org/meeting/110/materials/slides-110-lake-edhoc-consolidated-01> https://datatracker.ietf.org/meeting/110/materials/slides-110-lake-edhoc-consolidated-01

 

As I remember, looking at slide 11 with the different classes of errors, the focus was on what errors are actionable by the receiving EDHOC engine (without involving an administrator), bearing in mind that there are anyway many things that needs to be agreed upon beforehand as part of the application profile. Class 3 deals with credential/context errors, where for which we apparently didn’t specify any actionable errors. But your example provides an actionable error in this class which may occur even if both endpoints comply with an application profile in terms of credential type and COSE header to use for identification. 

 

One case when this may be useful is if a constrained device communicating with multiple endpoints needs to delete the credential of one endpoint to free space to store that of another. We have the option to reference the credential or send by value, and in this case it could be useful for the receiving endpoint to indicate that it needs to be sent. This feature also allows for a strategy where the sending endpoint could first send a reference, to try to avoid the overhead of a large credential, and then take that cost only if necessary.

 

The simplest solution seems to be an error code which means  “please send the credential by value”. Does that solve your use case?

 

A more elaborate solution is that the error message indicates e.g. supported credential types in the error message using their CBOR representation (33 for x5chain, etc.). I’m a bit hesitant to over-engineer this part, and supported credential types should anyway be known from the application profile. 

 

There is a denial of service aspect we should consider since error messages are unprotected, so at least a security consideration is needed if we go this way. The application profile may set a policy for the use of this. 

 

Another take-away from your input is that we probably should define a private range of error codes (say 32768-65535 like for the EDHOC exporter label).

 

Process-wise, I believe we should be able handle your comment like any other last-call comments (to start real soon now? 😊)

 

Comments?

 

Thanks

Göran

 

 

From: Lake <lake-bounces@ietf.org <mailto:lake-bounces@ietf.org> > on behalf of Sipos, Brian J. <Brian.Sipos@jhuapl.edu <mailto:Brian.Sipos@jhuapl.edu> >
Date: Monday, 20 February 2023 at 23:17
To: lake@ietf.org <mailto:lake@ietf.org>  <lake@ietf.org <mailto:lake@ietf.org> >
Subject: [Lake] EDHOC negotiation and errors

Hello,

I’ve been a long-time user of COSE and more recently have been investigating the use of EDHOC as a means of key agreement over long- and variable-delay links. It seems to be quite a good fit to cover the same capabilities of IPsec IKE and DTLS handshake in a transport-agnostic way. One part that seems to be missing is a standard way for EDHOC endpoints to negotiate credential contents.

 

My use case would be optimized if there was a way for an endpoint to include in the ID_CRED_x an “x5t” parameter by default for terseness with known peers but be able to have the peer signal back an “unknown credential referenced” error so that the ID_CRED_x could instead be sent with an entire “x5chain” which would then be cached on the peer. The distinction here is “unknown credential referenced” meaning the peer doesn’t have the credential versus “invalid credential type” meaning the peer can’t handle the given type (KID vs. x5t vs. x5u, etc.). The reason for this kind of negotiation is that the x5t ID would be significantly smaller than the full x5chain.

 

I don’t see any earlier mailing list discussion on this topic and there’s no private use or experimental range reserved for the error code registry, so I don’t see any way of communicating these types of negotiation in an interoperable way. Obviously a follow-on document could make these kinds of error code allocations with accompanying logic, but this seems like a ‘typical’ use case for EDHOC on an open network.

Any thoughts?

 

Brian S.

v2.23.0 | Report a Bug | By Email