Re: [Lake] Ways forward on MTI cipher suite text

"Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu> Wed, 26 January 2022 09:51 UTC

Return-Path: <prvs=9025edf923=uri@ll.mit.edu>
X-Original-To: lake@ietfa.amsl.com
Delivered-To: lake@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 208E43A2DD6 for <lake@ietfa.amsl.com>; Wed, 26 Jan 2022 01:51:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.794
X-Spam-Level:
X-Spam-Status: No, score=-1.794 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JC_CilQOaGip for <lake@ietfa.amsl.com>; Wed, 26 Jan 2022 01:51:07 -0800 (PST)
Received: from MX2.LL.MIT.EDU (mx2.ll.mit.edu [129.55.12.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A9CC53A2DD4 for <lake@ietf.org>; Wed, 26 Jan 2022 01:51:07 -0800 (PST)
Received: from LLEX2019-2.mitll.ad.local (llex2019-2.llan.ll.mit.edu [172.25.4.124]) by MX2.LL.MIT.EDU (8.16.1.2/8.16.1.2) with ESMTPS id 20Q9p2ID282970 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Wed, 26 Jan 2022 04:51:02 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector5401; d=microsoft.com; cv=none; b=lnL/SodBJazNd3owmf4UWwZe6wBrexrPc7/sJFnA70d6jkhOsq/M7jEGOsygmL1/D3O2XNtLPMTl+QaF1P6ctiiaeEXqvvl7i/NoMJgii64j3xqrczDm8oJVTF0055JpPfNft6KrUSXgL8s8ZbaflbgayHgDP0FNR4WIZAxkeXuRg6P9j3UEGz644eugGP6DRlvSuC76Lis7fo1O+hRkecq5CuHDxi3WrhbItNSDjTE8a34PzDDa7mhl7JWoLous1/ysucPNmyp63Npilk7zq0LEhZeIe9pFtU8E52VEZ0MHdfX6D0Mdm8dU04jwGWAUPLqIHf3L92FkAxXkMG6+5w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector5401; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Q/Ceh1SBDbb/uLpeRf9aNYzvSkuRmbgWEcordtmnHVY=; b=AAXbL3rbVfKlIJCatbeYMIP3CIbEYA0o7sCAxYjGRaES8wVS3mrJTOa0AMFT7rEQmLSfzTxLpOjw9h2lKXBzT2hx1MDsPS94MTiMptd4O2uGk+8cOT6G3Gc0ks7gFwZ9R21X/cLCQMu4lljkePOSyraWcuwXMBNrqjckugf+lOtFMaRQ69PjtnH4Y75ta+PdLjhHc+urkHCcyp9pSGZkRWordmd4dVnhyv7xG/gYQMi1GpdQB+1WsUoj0i4pQkqAp8J0HghHovESo1P3UDOD2zow++Q381tq6yOFjmrCfN10XJYBrp5ebUKhW2/jwtUzkHtodr6+bZsXUkc7wwV1EQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ll.mit.edu; dmarc=pass action=none header.from=ll.mit.edu; dkim=pass header.d=ll.mit.edu; arc=none
From: "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>
To: "Peter.Blomqvist@sony.com" <Peter.Blomqvist@sony.com>, "lake@ietf.org" <lake@ietf.org>
Thread-Topic: [Lake] Ways forward on MTI cipher suite text
Thread-Index: AQHYDh/GZRAUUBYe10GAwxfnn8jhbqx06Z6AgAAdg4D//70+gA==
Date: Wed, 26 Jan 2022 09:51:00 +0000
Message-ID: <2F92EA32-DABB-4B39-811F-F8B7738BADA9@ll.mit.edu>
References: <2A2081E4-BAAF-4292-925E-0B683AA6CD23@inria.fr> <HE1PR0701MB30505089ECEB11415901D15789209@HE1PR0701MB3050.eurprd07.prod.outlook.com> <AM8P193MB0979A9D4407FB221A738BCB983209@AM8P193MB0979.EURP193.PROD.OUTLOOK.COM>
In-Reply-To: <AM8P193MB0979A9D4407FB221A738BCB983209@AM8P193MB0979.EURP193.PROD.OUTLOOK.COM>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.56.21121100
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: cf855633-9540-4b15-d9f7-08d9e0b15bda
x-ms-traffictypediagnostic: BN0P110MB1768:EE_
x-microsoft-antispam-prvs: <BN0P110MB176809DD39429C7462C373A890209@BN0P110MB1768.NAMP110.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: gw55lVbTxpuylIdf4p/DTpOcPDryQr3akZpUHvSiYSSS6kdZj/Yty+2lTCC6xMHwe2GXHLOezYQjJXgjiZuHMD7mQPu3ywNkmaMr0qins4L4d7s5PxdQko2IKEd5AVHB/4xNsycyt0mfq60ky3GYOFEAScbuPB5AFwMncS6ZsqNI2q47nmfGPLa70gsNzt87sjlhYUx+ec973ModCglH46QLejlo+SSKNw2vNvXxtEaP8xwV18ZyO0fNxpPm+3D8F3QaecML6FR/efBkC8GrrRyRWnSMFbqVceNyjMU8qHGimkTEMc6iJYL4ax9VWC7HxK8nuizmMk0vaArBh59I2DJ3bxOgO6Dn7ps5ct+ZHET/WbgQ97eCXgXaywatAYuvyDbbcWrJK2/7ajT10IpFJc9iFEHCTJg3upbm/jx0NV3wW6Q6IRcbEVy5gVojHruY+LMmDJRzIRli+y64GXk6KDA0omGKV1cNfqlHiU+Qdnlb8jLskvWCv9je91L7IfkHxlpZDUoM2vArVDFWs8DZvAEk3yuc3V5D7xo7hlYmBM12ZCXbubYKbp1dw21yAyQ/29pM1aLvj4bVdPAN4UHLQdHM2i0bsVfEWtd745cyFmKDNIuPFE15iud04A0PcGp7zgW2mjbO6EtjoR4vn7kL5X4gxJFz2je+pD9Q6yMCTADNr+wJfhJEYqYxMNa3VlDE/kKqc/XcQWMHthIxHNuMS/3QSokEwKkqGQBAF8AJxBAuZBquJMSQbeB4TdqJfQhs0uuRtQw0fRfDM4HADPQ9gfk0GeeoLAxbv+wsT6HE05CVWbslZ99BUIKOo0PAMdhN
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN0P110MB1419.NAMP110.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(366004)(5660300002)(99936003)(186003)(8936002)(2616005)(8676002)(966005)(66574015)(122000001)(6486002)(53546011)(83380400001)(38100700002)(33656002)(26005)(86362001)(66946007)(6512007)(38070700005)(75432002)(64756008)(166002)(66476007)(66446008)(498600001)(66556008)(110136005)(71200400001)(6506007)(76116006)(2906002)(45980500001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: TM5Yj/ETyMUD1yRVGJpZdWs4gjYkj4WV1+94Vn0MjOG1kfsZucW8/G8GaVlcIqWCl+XfwTdisHTgHC23HaYZhjLOXWUXHw1+scJFrWVFnEN9QUONDkvVq5Qdvalnr6ku6fVZGcQNnYxfQAVZlvzY8Rk1IKKpcJIi3+8Ca7CcPSZI9nseDU5A1+UWMqxGaAMZ8MrIyrBSpYQbsqh9bf6Zd1zRLkRirMa6Ju5N5STqqWTxaqSojEd/rIbwItsIorfGVHF0CwAzn7IcsQfKtYO+6YODSGWoAunzshEZQq2mfTScL/9L09LrRXpZOB4BabnqES64g0vIMOjWvC3GpUCMv8rFPxObfo5rOOj87KjcDYEE71IysrqN5Xwl713zaJPuf+zuAHCzEIRhUeqCMgnuKwO5L2xHBXqgzlAaWEbfMVDBb4XZvhxmLOlo9nccgYMILCjz8+6xngqFla+4GjfUd6MkjGW/BzblPMHdwGi/zak1Ptv4QMro6aPtJ4RMX77YX3dZ/Fh8sMG1zEV3ZDwtmTSt1VBPecd+F2a0TEXedBTbpq/bWBRq8S6C2xvvzD6itCJey61BJZKijAY0b3Qb698mSKM06yGrT3HN6ILAvUe+TAXlT0rkSXLpUseNdGwJgSCVEyhk1EFepR515cwsyS/qjCZymyK88QhmgWD/tvyYCqJOqNv6RL1QqZ3g2IVhsTfaKVUZKYO2unyP8Q65oqm0QjRr29ypwXTEGB7xJugF0+LTQ6NoUN8NHdwfKi+riZclraeielpwfCM9O69do/AIYR5nVSxpvveUxNlQh9Au/z06EJUWkOvj8WrejRdesryAAmQEziFgYTcSKV2+NGCeyizmvX3emD/mJAosoVZh2o2iIZMpPWwfJqjMCoBfr59UDEPAPq7/JNt62W389gLtLVBp39xiAsDub3IrR6BZkt0STyOad/M+safayXo7jx2xPx4aCHDc4qEKxjWBC1KdurvvFFHyULJxvay1dtdOnckyxkTdMJpgr6U1z3rVJgYyJFqRO5fudghxAmjtmS1pxlgtpz7P8FCvCTr7NQlNns390TYkvBbe6ieAtmNES137x9ZMhlIJ5WDLpii9dzdM7kd2J8BscrbvwqVseySEldDb3nq5x7H5+1koJoKmig0WGXr8b9OSQWhFBKxYldWxdu38nLI2ljc9HFmdwQeFMw+xRT7rwBAsQiiN4ZFFPArrv40yJGpwtsVuCFpDbcqX0WtLArdHVExZ5ycj8syULuZf/UXMlHlw8eqjbrgB
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha256"; boundary="B_3726017459_779360539"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BN0P110MB1419.NAMP110.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: cf855633-9540-4b15-d9f7-08d9e0b15bda
X-MS-Exchange-CrossTenant-originalarrivaltime: 26 Jan 2022 09:51:00.3444 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 83d1efe3-698e-4819-911b-0a8fbe79d01c
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN0P110MB1768
X-Proofpoint-GUID: Jn_jtKtvhgq-WIz_9E3WCU__xhvh-50T
X-Proofpoint-ORIG-GUID: Jn_jtKtvhgq-WIz_9E3WCU__xhvh-50T
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.425, 18.0.816 definitions=2022-01-26_02:2022-01-25, 2022-01-26 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 phishscore=0 mlxlogscore=999 adultscore=0 malwarescore=0 mlxscore=0 spamscore=0 bulkscore=0 suspectscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2201110000 definitions=main-2201260056
Archived-At: <https://mailarchive.ietf.org/arch/msg/lake/EDRBV2_YLY3cfnPDHhXEkeBwQe8>
Subject: Re: [Lake] Ways forward on MTI cipher suite text
X-BeenThere: lake@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Lightweight Authenticated Key Exchange <lake.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lake>, <mailto:lake-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lake/>
List-Post: <mailto:lake@ietf.org>
List-Help: <mailto:lake-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lake>, <mailto:lake-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Jan 2022 09:51:12 -0000

I have had a preference to EdDSA, but In light of presentation from Rene I don’t think it is reasonable to make EdDSA an MTI.

I concur.

 

From: Lake <lake-bounces@ietf.org> On Behalf Of John Mattsson
Sent: den 26 januari 2022 08:04
To: lake@ietf.org
Subject: Re: [Lake] Ways forward on MTI cipher suite text

 

Hi,

 

I noticed to nobody has argued for EdDSA in the recent discussion. One potential way forward would maybe be to reformulate the current text without cipher suites 0 and 1. There has been several people expressing that they want the requirement to implement one or more cipher suite to be stronger. This would lead to Option 3 below.

 

- Option 3: Remove cipher suites 0 and 1 from the current text. Reformulate according to current discussion. Make implementation requirements for cipher suite 0 and 1 stronger for some types of implementations such as maybe less constrained devices, software libraries, non-closed deployments....

 

People typically have strong opinions on details. It is sometimes easier to agree on nothing. Option 4 below would align with what COSE is doing.

 

- Option 4: Just remove current text and replace it with nothing.

 

(I ignored the “2, 3, or 2 and 3” issue above, that also need to be discussed)

 

Cheers,

John

 

 

From: Lake <lake-bounces@ietf.org> on behalf of Mališa Vučinić <malisa.vucinic@inria.fr>
Date: Thursday, 20 January 2022 at 18:03
To: lake@ietf.org <lake@ietf.org>
Subject: [Lake] Ways forward on MTI cipher suite text

Dear all,

During the last LAKE interim meeting, we discussed the issue
of an MTI cipher suite and we agreed for the chairs to open a
thread on the subject. As a reminder, the previous discussion
points on this topic are summarized in github [1] and in
John’s mail dated 13 May 2021 [2].

We’d like to see if there is rough consensus in the WG on
this topic, at this moment in time. Knowing that the formal
analysis of the EDHOC-12 specification is under way, we
should keep in mind that additional input may arrive down the
road from teams working in the computational model.

As a reminder, the most recently discussed text for this
is in a PR [3] and states:

“For many constrained IoT devices it is problematic to support several crypto primitives. Existing devices can be expected to support either ECDSA or EdDSA. Cipher suites 0 (AES-CCM-16-64-128, SHA-256, 8, X25519, EdDSA, AES-CCM-16-64-128, SHA-256) and 1 (AES-CCM-16-128-128, SHA-256, 16, X25519, EdDSA, AES-CCM-16-64-128, SHA-256) only differ in size of the MAC length, so supporting one or both of these is no essential difference. Similarly for cipher suites 2 (AES-CCM-16-64-128, SHA-256, 8, P-256, ES256, AES-CCM-16-64-128, SHA-256) and 3 (AES-CCM-16-128-128, SHA-256, 16, P-256, ES256, AES-CCM-16-64-128, SHA-256). To enable as much interoperability as possible, less constrained devices SHOULD implement all four cipher suites 0-3. Constrained endpoints SHOULD implement cipher suites 0 and 1, or cipher suites 2 and 3. Implementations only need to implement the algorithms needed for their supported methods.”

The options we see at this moment in time are:

Option 1: Keep current text as-is unless/until more feedback
is provided that motivates re-opening this issue
Option 2: Proceed with selecting a single MTI cipher suite

We'd like to know if the WG can live with Option 1. Note that
doesn't mean you think option 1 is perfect, just that it's
something with which you can live. If you prefer option 2 or
some other option please suggest specific text.

Mališa and Stephen

[1] https://github.com/lake-wg/edhoc/issues/22
[2] https://mailarchive.ietf.org/arch/msg/lake/75nRaD6czYG6RqLT06Qe8C_lsaM/
[3] https://github.com/lake-wg/edhoc/pull/225/files


-- 
Lake mailing list
Lake@ietf.org
https://www.ietf.org/mailman/listinfo/lake