Re: [Lake] Ways forward on MTI cipher suite text

Peter.Blomqvist@sony.com Thu, 27 January 2022 08:09 UTC

Return-Path: <Peter.Blomqvist@sony.com>
X-Original-To: lake@ietfa.amsl.com
Delivered-To: lake@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A848F3A17FC for <lake@ietfa.amsl.com>; Thu, 27 Jan 2022 00:09:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.671
X-Spam-Level:
X-Spam-Status: No, score=-7.671 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.576, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=sony.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fxynuIk1g8Cy for <lake@ietfa.amsl.com>; Thu, 27 Jan 2022 00:09:50 -0800 (PST)
Received: from mx08-001d1705.pphosted.com (mx08-001d1705.pphosted.com [185.183.30.70]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EBA573A17FA for <lake@ietf.org>; Thu, 27 Jan 2022 00:09:49 -0800 (PST)
Received: from pps.filterd (m0209319.ppops.net [127.0.0.1]) by mx08-001d1705.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 20R6N1Rk003284 for <lake@ietf.org>; Thu, 27 Jan 2022 08:09:47 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sony.com; h=from : to : subject : date : message-id : references : in-reply-to : content-type : content-transfer-encoding : mime-version; s=S1; bh=2d5KlWWE44M9f0KWqZTJxzufPAKG41VbCfcHDQkr/K4=; b=BfW2a+JBGPTrkQBaqVfRc+xqNixtP8JbJEK0RZNgMWEfFCT7HGsdN/BQPX3tbMKCvKVy rZAv6slgHXYLcxUsiqx/fsnPSyutHCAcRGMXkfsJrOvVIYpwII2n8rxcnEi6XGONfyon 4Lq6Gtsa0Yd4QZvgfORKpNnlxcLkzhJozIYCR/prfLdMm3PNuOQ1q08XTCF3ejTFXq6u Xe+UVwMvOS9OFPmg15q94JALE9bY6yM4RGgBz1Y7nJQGLG1nQw5bpAQa99cBfJnE3z5c Kwj9ABqczgNUSmHAy/A8WQuHkEoZ0COBNCz2eaS5yjHGNv5uaSW/rJbzK1EBKRJSwnSz gg==
Received: from eur01-he1-obe.outbound.protection.outlook.com (mail-he1eur01lp2059.outbound.protection.outlook.com [104.47.0.59]) by mx08-001d1705.pphosted.com with ESMTP id 3duk0k0843-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for <lake@ietf.org>; Thu, 27 Jan 2022 08:09:47 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=GHV889c8hjQNbSm6TuSN64CjG37MzRLNqo821v5qO6sjRsYCDJMEoksRtsS5Mrxhy8WtLKuOczLU2l2MJD1IWU443Ho7ss+YTgT1PKZnbbPNJLLI1MaeF80+6QSjklQvwiefpCJDOe2zetMVLn37jmm/283jbfLu4fpukAApMcX/wlEvB7sjMwFY4AooUpZV84JnUDVj1MJruCjxU+P9rcwg5u9hih67i8U5bfzRRJY0tswIRsJ+sfh0Sdrd9ygYJLalISB78GLLBxZdjT3IPClSEUSLtQLDTDWNGHrGcoQlM1dgj6r7x28Kr3USNJvgfy+uKSoAWGZjqgueVxauAg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=2d5KlWWE44M9f0KWqZTJxzufPAKG41VbCfcHDQkr/K4=; b=FpYToS3JQPA0j1ETWId0IxYuMG7iV0iqHSLGyPwutQ+DibzW3bAspIe00mrcv7Mf21M4I16JsjXTjtBiw6q6XUoegffxzQJMU7/lv/+2ZXlg59rv0LCM7zJ61MKgAsuSAO69mEug9smF30xdcip5dpQc+uPC/Uy3LlOZkozAlsyDFjbRDfdhHbdnU5pFVLw5qSB9h6m1ynn6pVzpW9NgiB7RbhGSFYAXGOlWC9SRwsNDmki46O16jmpFVK9fq1LdBEsQlyhkbxxXoO4ddcZsrO4BGEQ1Penc7f/QqGB/YCBn9cgp2dQLwT/c0EJ/mcaEyfWI99GG+w6NJm0oC8L1yQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none
Received: from AM8P193MB0979.EURP193.PROD.OUTLOOK.COM (2603:10a6:20b:1ea::23) by AM9P193MB1982.EURP193.PROD.OUTLOOK.COM (2603:10a6:20b:3b5::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4909.7; Thu, 27 Jan 2022 08:09:45 +0000
Received: from AM8P193MB0979.EURP193.PROD.OUTLOOK.COM ([fe80::e894:6cc4:bb9b:2d47]) by AM8P193MB0979.EURP193.PROD.OUTLOOK.COM ([fe80::e894:6cc4:bb9b:2d47%4]) with mapi id 15.20.4930.017; Thu, 27 Jan 2022 08:09:45 +0000
From: Peter.Blomqvist@sony.com
To: lake@ietf.org
Thread-Topic: [Lake] Ways forward on MTI cipher suite text
Thread-Index: AQHYDh+7dGT3LKZJvEyDUzfSJbWbxaxyS9oAgAA9sICAAFVkgIABG7wAgADpp4CAAJQKAIAAA5CAgAAOTICAACVqAIAAAXOAgADbO2A=
Date: Thu, 27 Jan 2022 08:09:45 +0000
Message-ID: <AM8P193MB0979023CA554A7CBA5AA1ADE83219@AM8P193MB0979.EURP193.PROD.OUTLOOK.COM>
References: <2A2081E4-BAAF-4292-925E-0B683AA6CD23@inria.fr> <24192.1643036826@localhost> <AM4PR0701MB2195208CA41C14108E5CD85AF45E9@AM4PR0701MB2195.eurprd07.prod.outlook.com> <14667.1643068411@localhost> <24988.1643129342@localhost> <HE1PR0701MB3050626ED7924371EC03DADF89209@HE1PR0701MB3050.eurprd07.prod.outlook.com> <27615.1643211310@localhost> <B61298B6-63FA-4CA3-A824-3D7D0E4A00EC@tzi.org> <HE1PR0701MB305061BD2AD2A8053B2EDBD889209@HE1PR0701MB3050.eurprd07.prod.outlook.com> <22578.1643223180@localhost> <644FCD8F-60BD-4A56-92E0-0CE45C2B1F8A@ll.mit.edu>
In-Reply-To: <644FCD8F-60BD-4A56-92E0-0CE45C2B1F8A@ll.mit.edu>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 86fa7031-4154-4b22-8525-08d9e16c6122
x-ms-traffictypediagnostic: AM9P193MB1982:EE_
x-microsoft-antispam-prvs: <AM9P193MB1982A4ECAA53F44E534E03C883219@AM9P193MB1982.EURP193.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: dEfesyjtHTSEc9En5oT0t70BjywehwBl8A14DGj0aocFXraSUJkaSvwdwYpIMMhQ//JeYxgOoWv5pJpp0pbGoj7Q/8z+NvkyEMeGIvnotmfra1hcYX44JgygpoLLXTVMqwR/TjH32hpOU8CktGbgcfIbR1JZW4rqaF6oK6nStTEqOV5Uf7i43M0LvVQQuW0Viv2XevTVd2fUcdWTPSUtVXYB1ui3HwQZzZLxT9BVCNNt9ppqWgp8OJF5m+sJ6VMm6BwTMIcUz6JXHHbBQpQerrIdFUc3Y4RlfUB6oghoDtRBXeYu1dXIrgjGa6QoFRPESQk0AAXvA56kB+6IHUKCf8aZRPM2KN+VnzYJ52ClC2o3bExfr2bFgkR/enr2Nn1dVD2zcXeil+C2fIXYJeP5KBVaZ67v0+KJXoc7JqBjs14nrHVSHPHscIEWMhCOFn2zp17KjWN9CXNM6ksQm5DHrr8bfsejL0Dtx/IGyS46cVItHveRqBr/DImYizV4xflCadqaVom+/LvXngk5RzS2/ok52cqnVR8CWbADNIS/YLLzZ6uB0LmCYaQdwgIs3C5vrN/hqsvyPRccUVzNpw4XNxwEKG3LMWC/emHP7bsMr5RciWgGbqpDn3S4cvimoNfSxNKXcxjXkMwdgx2uxfTuqqfu2dZgTSTN89DMEGqelfgLqm4b980AViLjRCuT/4qvm1BC3cGCgkFlAFmvLVhEPw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM8P193MB0979.EURP193.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(4636009)(366004)(66476007)(7696005)(5660300002)(38100700002)(76116006)(33656002)(82960400001)(6916009)(2906002)(38070700005)(66946007)(508600001)(66556008)(122000001)(66446008)(64756008)(66574015)(26005)(316002)(83380400001)(186003)(52536014)(86362001)(9686003)(8936002)(71200400001)(8676002)(53546011)(55016003)(6506007); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: lpwYXwHx/NPgpjDvl7c2gu4meQmHtz/8hosazFDfPoafRMrn2c5lHE6E011GwRZ2qRJQHj+rf+OR1AtwMGTFrz085abjqoM4bknQAC5O3KHa/bg4e6Ge8h++TAfxxBH3VpGPPxtYdJjze4ErBAELci3YxXesee1cFDptRASWoUbHbGw/7WWmkUaPjkwbyFamJrDTUuctnJ0iBpOQOGC1HmGMNzlCDkbzh0TQ7WkBRnJ+/GIxSxo0UfhIF38PiqvH9nQIxNY3kxaRL2omlhz5fWSeTWyRHXg9w3JqWlABDREM2tjpomB1W/y1ozkUU5opydddRK+eIbOqpy6aSqxhSZr7/4BpuM/PcsnihMB/0YRpgvCECdlgoUK1xavw6m89fpDJGedoaeJoF5yyCzQFPF9zmuvI01oM27COuEMmFWQAOIuRjvmCkdmhiP/tO2rYvqQ54jEOrMeP1MmPN/xRaTGzeJgEBgc/x1SYTNoJrbkPQlIhuHG4GBrzaVl/0gb1C/ep0BrMZy/YQJCJAkRdgPiQMKDisqhRzrE6aTsgq8rtKf/5pbX+DfbEsCnVFTmG61iDoiIxWAElYCkPhq4MH8zfu9d8vW4UqCzTv83fe5YpCQptFBx/lLe3ToVtA78puwOUDWuA0InMJ5Rs578D6erlxde6Q4ASR0sv6of1Rt7F7NyXVcNbqYvfk2yJHgJkq/CBAWoGCLU1n2F4OMlhwQ7WeKNcF/4Bli45bHQA43K7Pc/gq91Tcw47x+zjDBvbwrUJk1vsmj2/vIQ6lyYAHwQloKaIv5U+DhVTYVzOtXtA7+hMDdTmLDTLCnfEMUSbsDrrJ/CelXOUun4FWkzDvvKtIf9eKdh+Moots3/LvADvHt3Hpt5gsfAiAyMjkE7ZF4lDU3LTiV+GE31mPAT3V/nScNoykTtYsbI/q4y/PFdixVxc9BcclJoA7LWRyGUPnx8xuQg9+GDwg5dsOKy7AX7/NGRjrdpverMqvtQr9fWFmTiZVsaia+PaMoxD+2kwTcpsJ945PCc7+KWWOXNeuHj6u4K08cL9DYqMRePGeQt7Ae8wuQOVXN9tHW3n2y7lwrQV8yjXcPrkUczfY/m7PSF/C2co+6GFsyMsGT3SxYR0NttkEPa94ppG4v05MkQMVUFyvNAjjy/vxaU86sPpe11km7FJgZhLhdiF7lDwy3ok/SlUvE0ihTcbaDsII+ynWxV2UaPDWiQYRLrxapndgwA0QwV7oJ+3o2Okn9kqdIcu5nsb+7FYXKySxiprMIzKw2wwGL/XmEbKWEKLUBEgYOHshSjBstm/V7hlO3cV4FpvaOSR1JYhDvuCM1yHExsgd4cErCJoB/mqp6LRp7zOsQDuforwkgB2GRb2y3zGzvVBBEw/LWeb+N3VM+EDUxRR7W5VoHHQJvNKU3NjtbgLkoAUBKLRWsE44FUl8j8f2yeqa6eQXHjGu7S9oyIWgud4VxUj1e8F4eyIfbJX+Mb06zGkHmuLWxhRMCGmzDuKzCIRFZHe5FPGP4FPc3SM5KMzWmlWzRr/AoGDLIUoB89pXF5G8cFSiZ9T7kSAF33mpMJXcMgQgNTxJkYwSBhREKrtN19bnB/RiEtke/zy7ZE1Nx0XxA3hkJ21ImxDBqCamTCJyDxb9w1x3OUQByoe8lsR52G224rJUKCIAtZcSdBonA==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: sony.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AM8P193MB0979.EURP193.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 86fa7031-4154-4b22-8525-08d9e16c6122
X-MS-Exchange-CrossTenant-originalarrivaltime: 27 Jan 2022 08:09:45.1224 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 66c65d8a-9158-4521-a2d8-664963db48e4
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: mVxUEtkKLXxfhQ+cemQ5ovWaCQfJtoe81/4ZzpoD1IpwFnRu6uM91tFGMYr5N41SFhxQbjybUG1NaPFEG4ljy/RanaTOMwMzUw/YszJmQkA=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM9P193MB1982
X-Proofpoint-GUID: df7atmhu3nSD-z_1pNX6TKhpBlWIrlR5
X-Proofpoint-ORIG-GUID: df7atmhu3nSD-z_1pNX6TKhpBlWIrlR5
X-Sony-Outbound-GUID: df7atmhu3nSD-z_1pNX6TKhpBlWIrlR5
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.816,Hydra:6.0.425,FMLib:17.11.62.513 definitions=2022-01-27_02,2022-01-26_01,2021-12-02_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 phishscore=0 impostorscore=0 suspectscore=0 bulkscore=0 mlxlogscore=915 lowpriorityscore=0 clxscore=1015 spamscore=0 mlxscore=0 malwarescore=0 priorityscore=1501 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2201110000 definitions=main-2201270048
Archived-At: <https://mailarchive.ietf.org/arch/msg/lake/Drk_nEA0vnTsagbUoz7bdAqUigc>
Subject: Re: [Lake] Ways forward on MTI cipher suite text
X-BeenThere: lake@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Lightweight Authenticated Key Exchange <lake.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lake>, <mailto:lake-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lake/>
List-Post: <mailto:lake@ietf.org>
List-Help: <mailto:lake-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lake>, <mailto:lake-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Jan 2022 08:09:55 -0000

Yes,

For deployments running TSCH with RPL non-storing mode and link layer security a short MAC would be preferable.

Best
Peter

-----Original Message-----
From: Lake <lake-bounces@ietf.org> On Behalf Of Blumenthal, Uri - 0553 - MITLL
Sent: den 26 januari 2022 19:58
To: Michael Richardson <mcr+ietf@sandelman.ca>; lake@ietf.org
Subject: Re: [Lake] Ways forward on MTI cipher suite text

I concur that for real-time traffic shorter MAC should suffice.

I'd prefer ECDSA, considering attacks against EdDSA, especially within the IoT realm.

TNX
--
Regards,
Uri
 
There are two ways to design a system. One is to make it so simple there are obviously no deficiencies.
The other is to make it so complex there are no obvious deficiencies.
                                                                                                                                     -  C. A. R. Hoare
 

On 1/26/22, 13:54, "Lake on behalf of Michael Richardson" <lake-bounces@ietf.org on behalf of mcr+ietf@sandelman.ca> wrote:


    Based upon the discussion in this thread, I don't see a reason to include the
    longer MAC version.  Certainly not as a MTI, maybe not defined *at all*

    At this point, it's just a question of ECDSA vs EdDSA.

    I prefer EdDSA going forward, but acknowledge that the current state of
    hardware acceleration, library support, and provisioning system preferences
    means that ECDSA is here with us for some time.


    --
    Michael Richardson <mcr+IETF@sandelman.ca>   . o O ( IPv6 IøT consulting )
               Sandelman Software Works Inc, Ottawa and Worldwide