IETF Logo Mail Archive

Re: [Lake] [core] 🔔 Working Group Last Call (WGLC) of draft-ietf-core-oscore-edhoc-06

Christian Amsüss <christian@amsuess.com> Fri, 10 March 2023 15:12 UTC

Return-Path: <christian@amsuess.com>
X-Original-To: lake@ietfa.amsl.com
Delivered-To: lake@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 128FCC14CF0C; Fri, 10 Mar 2023 07:12:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.899
X-Spam-Level:
X-Spam-Status: No, score=-6.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fbWJfkj06TNZ; Fri, 10 Mar 2023 07:12:07 -0800 (PST)
Received: from smtp.akis.at (smtp.akis.at [IPv6:2a02:b18:500:a515::f455]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 753AAC14CEFC; Fri, 10 Mar 2023 07:12:03 -0800 (PST)
Received: from poseidon-mailhub.amsuess.com (095129206250.cust.akis.net [95.129.206.250]) by smtp.akis.at (8.17.1/8.17.1) with ESMTPS id 32AFBxjR095347 (version=TLSv1.2 cipher=ECDHE-ECDSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Mar 2023 16:12:00 +0100 (CET) (envelope-from christian@amsuess.com)
X-Authentication-Warning: smtp.akis.at: Host 095129206250.cust.akis.net [95.129.206.250] claimed to be poseidon-mailhub.amsuess.com
Received: from poseidon-mailbox.amsuess.com (poseidon-mailbox.amsuess.com [IPv6:2a02:b18:c13b:8010:a800:ff:fede:b1bf]) by poseidon-mailhub.amsuess.com (Postfix) with ESMTP id 6DDD31CF65; Fri, 10 Mar 2023 16:11:59 +0100 (CET)
Received: from hephaistos.amsuess.com (unknown [46.183.103.8]) by poseidon-mailbox.amsuess.com (Postfix) with ESMTPSA id DED1B1F19E; Fri, 10 Mar 2023 16:11:58 +0100 (CET)
Received: (nullmailer pid 28009 invoked by uid 1000); Fri, 10 Mar 2023 15:11:57 -0000
Date: Fri, 10 Mar 2023 16:11:57 +0100
From: Christian Amsüss <christian@amsuess.com>
To: John Mattsson <john.mattsson=40ericsson.com@dmarc.ietf.org>
Cc: Carsten Bormann <cabo@tzi.org>, "core@ietf.org" <core@ietf.org>, "lake@ietf.org" <lake@ietf.org>
Message-ID: <ZAtIvQh4m4lrvWRK@hephaistos.amsuess.com>
References: <F02C5E48-A196-45EC-8576-6BC67EC26AD3@tzi.org> <Y+1b4qX6Ya7BCbvk@hephaistos.amsuess.com> <7A07B432-3DD7-4517-B22D-C5C58E9910E6@tzi.org> <HE1PR0701MB3050C70FC1FE5487A9F4D8A489A99@HE1PR0701MB3050.eurprd07.prod.outlook.com> <DD9413CD-9613-4991-9402-B6F385B979A3@amsuess.com> <HE1PR0701MB3050C697D14B8B87B002092C89AE9@HE1PR0701MB3050.eurprd07.prod.outlook.com> <98F49E51-61F7-4521-AA69-C1A5E1EB6978@amsuess.com> <GVXPR07MB967835954A9495780E83172D89B59@GVXPR07MB9678.eurprd07.prod.outlook.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="7X1xwX+GouxgXcUU"
Content-Disposition: inline
In-Reply-To: <GVXPR07MB967835954A9495780E83172D89B59@GVXPR07MB9678.eurprd07.prod.outlook.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/lake/97G3L0GmvHON-v4_GvxYp_bV714>
Subject: Re: [Lake] [core] 🔔 Working Group Last Call (WGLC) of draft-ietf-core-oscore-edhoc-06
X-BeenThere: lake@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Lightweight Authenticated Key Exchange <lake.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lake>, <mailto:lake-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lake/>
List-Post: <mailto:lake@ietf.org>
List-Help: <mailto:lake-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lake>, <mailto:lake-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Mar 2023 15:12:11 -0000

On Thu, Mar 09, 2023 at 10:40:32AM +0000, John Mattsson wrote:
> A reason why you sometimes want to decouple authentication from key
> derivation and continuing the security protocol is that authentication
> might take a long time (request to some database, popup for the human
> user to click OK/Deny, etc). The EDHOC specification should be clear
> on what is allowed and not. If always waiting for authentication is
> preferred from an implementation perspective then maybe EDHOC should
> mandate that. The important part is that everybody agrees on what is
> possible and not.

Good points; it might easily be practical for the responder to derive
the keys once message 3 is received, rather than wait for all
confirmations to arrive.

> > Then maybe "[on error], OSCORE key material MUST NOT be derived from the EDHOC exchange, let alone
> > be used to protect the respone"?

Then, "MUST NOT be used" is probably the better wording.

BR
c

-- 
To use raw power is to make yourself infinitely vulnerable to greater powers.
  -- Bene Gesserit axiom

v2.23.0 | Report a Bug | By Email