Re: [Lake] [lake-wg/reqs] Placeholder for resumption (e743c87)
Michael Richardson <mcr+ietf@sandelman.ca> Tue, 11 February 2020 14:10 UTC
Return-Path: <mcr@sandelman.ca>
X-Original-To: lake@ietfa.amsl.com
Delivered-To: lake@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9AE511200C5 for <lake@ietfa.amsl.com>; Tue, 11 Feb 2020 06:10:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 2.5
X-Spam-Level: **
X-Spam-Status: No, score=2.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, KHOP_HELO_FCRDNS=0.399, RCVD_IN_SBL_CSS=3.335, SPF_HELO_NONE=0.001, SPF_SOFTFAIL=0.665] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NdkKc3ByVrOU for <lake@ietfa.amsl.com>; Tue, 11 Feb 2020 06:10:15 -0800 (PST)
Received: from relay.sandelman.ca (minerva.sandelman.ca [IPv6:2a01:7e00::3d:b000]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 502A212012C for <lake@ietf.org>; Tue, 11 Feb 2020 06:10:15 -0800 (PST)
Received: from dooku.sandelman.ca (unknown [IPv6:2a02:8109:b6c0:52b8:584d:5a6f:7ed3:c298]) by relay.sandelman.ca (Postfix) with ESMTPS id C84471F459 for <lake@ietf.org>; Tue, 11 Feb 2020 14:10:13 +0000 (UTC)
Received: by dooku.sandelman.ca (Postfix, from userid 179) id E3D371A29C5; Tue, 11 Feb 2020 15:10:12 +0100 (CET)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: lake@ietf.org
In-reply-to: <CABcZeBMLBqOcK=Tb8qKw=MBpuF8pb5z6YR_N8YWS4pHp6zH+2g@mail.gmail.com>
References: <lake-wg/reqs/commit/e743c873a24f03c88019df5ca275660677f56e8a@github.com> <lake-wg/reqs/commit/e743c873a24f03c88019df5ca275660677f56e8a/37200172@github.com> <23690.1581337124@dooku> <CABcZeBMLBqOcK=Tb8qKw=MBpuF8pb5z6YR_N8YWS4pHp6zH+2g@mail.gmail.com>
Comments: In-reply-to Eric Rescorla <ekr@rtfm.com> message dated "Tue, 11 Feb 2020 05:11:50 -0800."
X-Mailer: MH-E 8.6; nmh 1.7+dev; GNU Emacs 25.2.1
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Date: Tue, 11 Feb 2020 15:10:12 +0100
Message-ID: <2680.1581430212@dooku>
Archived-At: <https://mailarchive.ietf.org/arch/msg/lake/9IzHp7eiesqN5yZisBpPH0sVCCU>
Subject: Re: [Lake] [lake-wg/reqs] Placeholder for resumption (e743c87)
X-BeenThere: lake@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Lightweight Authenticated Key Exchange <lake.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lake>, <mailto:lake-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lake/>
List-Post: <mailto:lake@ietf.org>
List-Help: <mailto:lake-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lake>, <mailto:lake-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Feb 2020 14:10:18 -0000
Thanks for the discussion.
{editing}
Eric Rescorla <ekr@rtfm.com> wrote:
> Your question begs a more general question, which I think speaks to 'session
>> resumption' situation, I think.
>>
>> And I guess there is distinction between:
>> 1) avoiding expensive authentication, assuming a round for PFS.
>> 2) avoiding expensive authentication, no PFS
>> 3) re-establishing state after a restart, or a long sleep.
>> (the responder might have expired the session data)
>>
> 4) doing an exchange to rekey for PFS
>>
> Actually, you don't need an exchange at all to get PFS: just ratchet the
> keys forward as in TLS 1.3 KeyUpdate.
Ah, good point.
>> (3) is different in a connectionless CoAP situation where there isn't a TCP
>> session to maintain. Do we include mechanism in AKE, integrating into
>> OSCORE, such the responder initiates a session resume when it sees an
>> OSCORE
>> context that it does not recognize?
> Good question. I had mostly been thinking of the setting in which the
> sender knew it was reestablishing "connection" state (this can be true even
> with UDP-type protocols as long as there is a concept of association). I
> think this is what you mean with (1) and (2), right?
I think that this is going to be a common case that the initiator will not
know it has to resume. A responder ("Resource Server"- RS in ACE
terminology) will have memory for N-crypto slots.
N will be a number somewhere between 4 and 64.
If there are <N clients, then all is well.
If there are more (likely), then the RS will practice some kind of LRU
algorithm on the slots. It might be reasonable to partition the table into
frequent callers, and infrequent sensors.
For some sensors, they will do the key management once, will get an OSCORE
context and they will need to do the entire session setup/resumption in as
few as 1-RT.
I think that ACE already has some logic here, but I am not sufficiently
steeped in that art to name it. (I find I have to write code before I truly
know anything)
I think that LAKE will need to provide to rest of it.
{I finally watched the IETF106 LAKE WG recording today.
What time-travelling fun. Especially at 2x playback speed.
I think that I had RATS at the same slot.}
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works | network architect [
] mcr@sandelman.ca http://www.sandelman.ca/ | ruby on rails [
--
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
-= IPv6 IoT consulting =-
- Re: [Lake] [lake-wg/reqs] Placeholder for resumpt… Michael Richardson
- Re: [Lake] [lake-wg/reqs] Placeholder for resumpt… Eric Rescorla
- Re: [Lake] [lake-wg/reqs] Placeholder for resumpt… Michael Richardson
- Re: [Lake] [lake-wg/reqs] Placeholder for resumpt… Göran Selander