[Lake] EDHOC exporter use patterns
"Sipos, Brian J." <Brian.Sipos@jhuapl.edu> Fri, 25 October 2024 17:00 UTC
Return-Path: <Brian.Sipos@jhuapl.edu>
X-Original-To: lake@ietfa.amsl.com
Delivered-To: lake@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F0C6FC1519AE for <lake@ietfa.amsl.com>; Fri, 25 Oct 2024 10:00:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=jhuapl.edu
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zn5XE4ipMvm3 for <lake@ietfa.amsl.com>; Fri, 25 Oct 2024 10:00:44 -0700 (PDT)
Received: from aplegw01.jhuapl.edu (aplegw01.jhuapl.edu [128.244.251.168]) by ietfa.amsl.com (Postfix) with ESMTP id A6C13C14F6B5 for <lake@ietf.org>; Fri, 25 Oct 2024 10:00:43 -0700 (PDT)
Received: from pps.filterd (aplegw01.jhuapl.edu [127.0.0.1]) by aplegw01.jhuapl.edu (8.18.1.2/8.18.1.2) with ESMTP id 49PGwpEk010139 for <lake@ietf.org>; Fri, 25 Oct 2024 13:00:42 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jhuapl.edu; h=content-type : date : from : message-id : mime-version : subject : to; s=JHUAPLDec2018; bh=IPydnNLJ91q4nNu+5PE+OUhATaaQ4HykQSWM+QkACwA=; b=OdrySLalbPylhUdmlAXCVbGwL6qiLVPJhU1LKkqf+SF6WEwqIYXHwWMCLHI7oAifJJAc tysPyeXJHQZ4EZ8d6YXuOqx5hiAEVMDlx6esEsdBPu+jyuuEKT8LYD06Sm/6qSt1z76N 1hLR1+t5xW6ZVoUOSMfSwac7KDucR1FMRCNKlGPPKyqvbw60KDlPICUhIM4RWx45iNSv VqD7AbNNimxegmAFQQdqFx+e3ENKnGwMkbjUoxchFf4ZnD2CDYVrIeOI1Uy+41rHxgcB 7XJEDs8T8+RHVLwX8H79qcliuKrHaiuy76zLDQaoCt5fzi/mlxY6914qAdXWzkTfdfeb ag==
Received: from aplex20.dom1.jhuapl.edu (aplex20.dom1.jhuapl.edu [10.114.162.5]) by aplegw01.jhuapl.edu (PPS) with ESMTPS id 42emhgu85b-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for <lake@ietf.org>; Fri, 25 Oct 2024 13:00:42 -0400
Received: from APLEX21.dom1.jhuapl.edu (10.114.162.6) by APLEX20.dom1.jhuapl.edu (10.114.162.5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1544.11; Fri, 25 Oct 2024 13:00:42 -0400
Received: from APLEX21.dom1.jhuapl.edu ([fe80::20d7:9545:f01e:9b2]) by APLEX21.dom1.jhuapl.edu ([fe80::20d7:9545:f01e:9b2%5]) with mapi id 15.02.1544.011; Fri, 25 Oct 2024 13:00:27 -0400
From: "Sipos, Brian J." <Brian.Sipos@jhuapl.edu>
To: "lake@ietf.org" <lake@ietf.org>
Thread-Topic: EDHOC exporter use patterns
Thread-Index: Adsm/oZ0iQSx0p6eTlCc52YjpjiJ4Q==
Date: Fri, 25 Oct 2024 17:00:27 +0000
Message-ID: <36afd58ff62444d1af3615d9937cbd56@jhuapl.edu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [10.114.162.19]
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="SHA1"; boundary="----=_NextPart_000_0018_01DB26DD.BCFA74C0"
MIME-Version: 1.0
X-CrossPremisesHeadersFilteredBySendConnector: APLEX20.dom1.jhuapl.edu
X-OrganizationHeadersPreserved: APLEX20.dom1.jhuapl.edu
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1051,Hydra:6.0.680,FMLib:17.12.62.30 definitions=2024-10-25_14,2024-10-25_02,2024-09-30_01
Message-ID-Hash: F23HSUGJGTDRUKZFYCELPX2IP6ZIQE6J
X-Message-ID-Hash: F23HSUGJGTDRUKZFYCELPX2IP6ZIQE6J
X-MailFrom: Brian.Sipos@jhuapl.edu
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [Lake] EDHOC exporter use patterns
List-Id: Lightweight Authenticated Key Exchange <lake.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/lake/8xcgIZn3gCVaSKtGfXLRyRAezVk>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lake>
List-Help: <mailto:lake-request@ietf.org?subject=help>
List-Owner: <mailto:lake-owner@ietf.org>
List-Post: <mailto:lake@ietf.org>
List-Subscribe: <mailto:lake-join@ietf.org>
List-Unsubscribe: <mailto:lake-leave@ietf.org>
All, I'm looking into detail design for an application embedding of EDHOC which needs to derive multiple shared secrets across a long time period. It would be logically acceptable for this application to use a single EDHOC_Exporter [1] label with unique contexts for each shared secret. It's not clear to me whether there is an expectation that the `PRK_exporter` state would be preserved for as long as an application might need to use it, or if applications are expected to do any exporting immediately as the EDHOC messages are being processed and not at all afterward. Is there some detail that I am missing from current RFC 9528? For example, the OSCORE use of EDHOC derives a single immediate set of secrets (the "master secret" and "master salt") and uses those for later derivations of OSCORE-specific shared secrets. Since I don't know of any other current users of EDHOC it's difficult to determine if this pattern must be followed or if there is allowance for other patterns of exporter use. While this might seem like an implementation matter, I would prefer to not require behavior from an EDHOC API that does things in unexpected or invasive ways. A two-phase derivation pattern will get the same resulting need but might be more conforming to EDHOC use expectations. Thanks for any feedback, Brian S.
- [Lake] EDHOC exporter use patterns Sipos, Brian J.