Re: [Lake] Ways forward on MTI cipher suite text
"Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu> Wed, 26 January 2022 09:51 UTC
Return-Path: <prvs=9025edf923=uri@ll.mit.edu>
X-Original-To: lake@ietfa.amsl.com
Delivered-To: lake@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 208E43A2DD6 for <lake@ietfa.amsl.com>; Wed, 26 Jan 2022 01:51:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.794
X-Spam-Level:
X-Spam-Status: No, score=-1.794 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JC_CilQOaGip for <lake@ietfa.amsl.com>; Wed, 26 Jan 2022 01:51:07 -0800 (PST)
Received: from MX2.LL.MIT.EDU (mx2.ll.mit.edu [129.55.12.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A9CC53A2DD4 for <lake@ietf.org>; Wed, 26 Jan 2022 01:51:07 -0800 (PST)
Received: from LLEX2019-2.mitll.ad.local (llex2019-2.llan.ll.mit.edu [172.25.4.124]) by MX2.LL.MIT.EDU (8.16.1.2/8.16.1.2) with ESMTPS id 20Q9p2ID282970 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Wed, 26 Jan 2022 04:51:02 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector5401; d=microsoft.com; cv=none; b=lnL/SodBJazNd3owmf4UWwZe6wBrexrPc7/sJFnA70d6jkhOsq/M7jEGOsygmL1/D3O2XNtLPMTl+QaF1P6ctiiaeEXqvvl7i/NoMJgii64j3xqrczDm8oJVTF0055JpPfNft6KrUSXgL8s8ZbaflbgayHgDP0FNR4WIZAxkeXuRg6P9j3UEGz644eugGP6DRlvSuC76Lis7fo1O+hRkecq5CuHDxi3WrhbItNSDjTE8a34PzDDa7mhl7JWoLous1/ysucPNmyp63Npilk7zq0LEhZeIe9pFtU8E52VEZ0MHdfX6D0Mdm8dU04jwGWAUPLqIHf3L92FkAxXkMG6+5w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector5401; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Q/Ceh1SBDbb/uLpeRf9aNYzvSkuRmbgWEcordtmnHVY=; b=AAXbL3rbVfKlIJCatbeYMIP3CIbEYA0o7sCAxYjGRaES8wVS3mrJTOa0AMFT7rEQmLSfzTxLpOjw9h2lKXBzT2hx1MDsPS94MTiMptd4O2uGk+8cOT6G3Gc0ks7gFwZ9R21X/cLCQMu4lljkePOSyraWcuwXMBNrqjckugf+lOtFMaRQ69PjtnH4Y75ta+PdLjhHc+urkHCcyp9pSGZkRWordmd4dVnhyv7xG/gYQMi1GpdQB+1WsUoj0i4pQkqAp8J0HghHovESo1P3UDOD2zow++Q381tq6yOFjmrCfN10XJYBrp5ebUKhW2/jwtUzkHtodr6+bZsXUkc7wwV1EQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ll.mit.edu; dmarc=pass action=none header.from=ll.mit.edu; dkim=pass header.d=ll.mit.edu; arc=none
From: "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>
To: "Peter.Blomqvist@sony.com" <Peter.Blomqvist@sony.com>, "lake@ietf.org" <lake@ietf.org>
Thread-Topic: [Lake] Ways forward on MTI cipher suite text
Thread-Index: AQHYDh/GZRAUUBYe10GAwxfnn8jhbqx06Z6AgAAdg4D//70+gA==
Date: Wed, 26 Jan 2022 09:51:00 +0000
Message-ID: <2F92EA32-DABB-4B39-811F-F8B7738BADA9@ll.mit.edu>
References: <2A2081E4-BAAF-4292-925E-0B683AA6CD23@inria.fr> <HE1PR0701MB30505089ECEB11415901D15789209@HE1PR0701MB3050.eurprd07.prod.outlook.com> <AM8P193MB0979A9D4407FB221A738BCB983209@AM8P193MB0979.EURP193.PROD.OUTLOOK.COM>
In-Reply-To: <AM8P193MB0979A9D4407FB221A738BCB983209@AM8P193MB0979.EURP193.PROD.OUTLOOK.COM>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.56.21121100
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: cf855633-9540-4b15-d9f7-08d9e0b15bda
x-ms-traffictypediagnostic: BN0P110MB1768:EE_
x-microsoft-antispam-prvs: <BN0P110MB176809DD39429C7462C373A890209@BN0P110MB1768.NAMP110.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: gw55lVbTxpuylIdf4p/DTpOcPDryQr3akZpUHvSiYSSS6kdZj/Yty+2lTCC6xMHwe2GXHLOezYQjJXgjiZuHMD7mQPu3ywNkmaMr0qins4L4d7s5PxdQko2IKEd5AVHB/4xNsycyt0mfq60ky3GYOFEAScbuPB5AFwMncS6ZsqNI2q47nmfGPLa70gsNzt87sjlhYUx+ec973ModCglH46QLejlo+SSKNw2vNvXxtEaP8xwV18ZyO0fNxpPm+3D8F3QaecML6FR/efBkC8GrrRyRWnSMFbqVceNyjMU8qHGimkTEMc6iJYL4ax9VWC7HxK8nuizmMk0vaArBh59I2DJ3bxOgO6Dn7ps5ct+ZHET/WbgQ97eCXgXaywatAYuvyDbbcWrJK2/7ajT10IpFJc9iFEHCTJg3upbm/jx0NV3wW6Q6IRcbEVy5gVojHruY+LMmDJRzIRli+y64GXk6KDA0omGKV1cNfqlHiU+Qdnlb8jLskvWCv9je91L7IfkHxlpZDUoM2vArVDFWs8DZvAEk3yuc3V5D7xo7hlYmBM12ZCXbubYKbp1dw21yAyQ/29pM1aLvj4bVdPAN4UHLQdHM2i0bsVfEWtd745cyFmKDNIuPFE15iud04A0PcGp7zgW2mjbO6EtjoR4vn7kL5X4gxJFz2je+pD9Q6yMCTADNr+wJfhJEYqYxMNa3VlDE/kKqc/XcQWMHthIxHNuMS/3QSokEwKkqGQBAF8AJxBAuZBquJMSQbeB4TdqJfQhs0uuRtQw0fRfDM4HADPQ9gfk0GeeoLAxbv+wsT6HE05CVWbslZ99BUIKOo0PAMdhN
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN0P110MB1419.NAMP110.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(366004)(5660300002)(99936003)(186003)(8936002)(2616005)(8676002)(966005)(66574015)(122000001)(6486002)(53546011)(83380400001)(38100700002)(33656002)(26005)(86362001)(66946007)(6512007)(38070700005)(75432002)(64756008)(166002)(66476007)(66446008)(498600001)(66556008)(110136005)(71200400001)(6506007)(76116006)(2906002)(45980500001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: TM5Yj/ETyMUD1yRVGJpZdWs4gjYkj4WV1+94Vn0MjOG1kfsZucW8/G8GaVlcIqWCl+XfwTdisHTgHC23HaYZhjLOXWUXHw1+scJFrWVFnEN9QUONDkvVq5Qdvalnr6ku6fVZGcQNnYxfQAVZlvzY8Rk1IKKpcJIi3+8Ca7CcPSZI9nseDU5A1+UWMqxGaAMZ8MrIyrBSpYQbsqh9bf6Zd1zRLkRirMa6Ju5N5STqqWTxaqSojEd/rIbwItsIorfGVHF0CwAzn7IcsQfKtYO+6YODSGWoAunzshEZQq2mfTScL/9L09LrRXpZOB4BabnqES64g0vIMOjWvC3GpUCMv8rFPxObfo5rOOj87KjcDYEE71IysrqN5Xwl713zaJPuf+zuAHCzEIRhUeqCMgnuKwO5L2xHBXqgzlAaWEbfMVDBb4XZvhxmLOlo9nccgYMILCjz8+6xngqFla+4GjfUd6MkjGW/BzblPMHdwGi/zak1Ptv4QMro6aPtJ4RMX77YX3dZ/Fh8sMG1zEV3ZDwtmTSt1VBPecd+F2a0TEXedBTbpq/bWBRq8S6C2xvvzD6itCJey61BJZKijAY0b3Qb698mSKM06yGrT3HN6ILAvUe+TAXlT0rkSXLpUseNdGwJgSCVEyhk1EFepR515cwsyS/qjCZymyK88QhmgWD/tvyYCqJOqNv6RL1QqZ3g2IVhsTfaKVUZKYO2unyP8Q65oqm0QjRr29ypwXTEGB7xJugF0+LTQ6NoUN8NHdwfKi+riZclraeielpwfCM9O69do/AIYR5nVSxpvveUxNlQh9Au/z06EJUWkOvj8WrejRdesryAAmQEziFgYTcSKV2+NGCeyizmvX3emD/mJAosoVZh2o2iIZMpPWwfJqjMCoBfr59UDEPAPq7/JNt62W389gLtLVBp39xiAsDub3IrR6BZkt0STyOad/M+safayXo7jx2xPx4aCHDc4qEKxjWBC1KdurvvFFHyULJxvay1dtdOnckyxkTdMJpgr6U1z3rVJgYyJFqRO5fudghxAmjtmS1pxlgtpz7P8FCvCTr7NQlNns390TYkvBbe6ieAtmNES137x9ZMhlIJ5WDLpii9dzdM7kd2J8BscrbvwqVseySEldDb3nq5x7H5+1koJoKmig0WGXr8b9OSQWhFBKxYldWxdu38nLI2ljc9HFmdwQeFMw+xRT7rwBAsQiiN4ZFFPArrv40yJGpwtsVuCFpDbcqX0WtLArdHVExZ5ycj8syULuZf/UXMlHlw8eqjbrgB
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha256"; boundary="B_3726017459_779360539"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BN0P110MB1419.NAMP110.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: cf855633-9540-4b15-d9f7-08d9e0b15bda
X-MS-Exchange-CrossTenant-originalarrivaltime: 26 Jan 2022 09:51:00.3444 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 83d1efe3-698e-4819-911b-0a8fbe79d01c
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN0P110MB1768
X-Proofpoint-GUID: Jn_jtKtvhgq-WIz_9E3WCU__xhvh-50T
X-Proofpoint-ORIG-GUID: Jn_jtKtvhgq-WIz_9E3WCU__xhvh-50T
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.425, 18.0.816 definitions=2022-01-26_02:2022-01-25, 2022-01-26 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 phishscore=0 mlxlogscore=999 adultscore=0 malwarescore=0 mlxscore=0 spamscore=0 bulkscore=0 suspectscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2201110000 definitions=main-2201260056
Archived-At: <https://mailarchive.ietf.org/arch/msg/lake/EDRBV2_YLY3cfnPDHhXEkeBwQe8>
Subject: Re: [Lake] Ways forward on MTI cipher suite text
X-BeenThere: lake@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Lightweight Authenticated Key Exchange <lake.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lake>, <mailto:lake-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lake/>
List-Post: <mailto:lake@ietf.org>
List-Help: <mailto:lake-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lake>, <mailto:lake-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Jan 2022 09:51:12 -0000
I have had a preference to EdDSA, but In light of presentation from Rene I don’t think it is reasonable to make EdDSA an MTI. I concur. From: Lake <lake-bounces@ietf.org> On Behalf Of John Mattsson Sent: den 26 januari 2022 08:04 To: lake@ietf.org Subject: Re: [Lake] Ways forward on MTI cipher suite text Hi, I noticed to nobody has argued for EdDSA in the recent discussion. One potential way forward would maybe be to reformulate the current text without cipher suites 0 and 1. There has been several people expressing that they want the requirement to implement one or more cipher suite to be stronger. This would lead to Option 3 below. - Option 3: Remove cipher suites 0 and 1 from the current text. Reformulate according to current discussion. Make implementation requirements for cipher suite 0 and 1 stronger for some types of implementations such as maybe less constrained devices, software libraries, non-closed deployments.... People typically have strong opinions on details. It is sometimes easier to agree on nothing. Option 4 below would align with what COSE is doing. - Option 4: Just remove current text and replace it with nothing. (I ignored the “2, 3, or 2 and 3” issue above, that also need to be discussed) Cheers, John From: Lake <lake-bounces@ietf.org> on behalf of Mališa Vučinić <malisa.vucinic@inria.fr> Date: Thursday, 20 January 2022 at 18:03 To: lake@ietf.org <lake@ietf.org> Subject: [Lake] Ways forward on MTI cipher suite text Dear all, During the last LAKE interim meeting, we discussed the issue of an MTI cipher suite and we agreed for the chairs to open a thread on the subject. As a reminder, the previous discussion points on this topic are summarized in github [1] and in John’s mail dated 13 May 2021 [2]. We’d like to see if there is rough consensus in the WG on this topic, at this moment in time. Knowing that the formal analysis of the EDHOC-12 specification is under way, we should keep in mind that additional input may arrive down the road from teams working in the computational model. As a reminder, the most recently discussed text for this is in a PR [3] and states: “For many constrained IoT devices it is problematic to support several crypto primitives. Existing devices can be expected to support either ECDSA or EdDSA. Cipher suites 0 (AES-CCM-16-64-128, SHA-256, 8, X25519, EdDSA, AES-CCM-16-64-128, SHA-256) and 1 (AES-CCM-16-128-128, SHA-256, 16, X25519, EdDSA, AES-CCM-16-64-128, SHA-256) only differ in size of the MAC length, so supporting one or both of these is no essential difference. Similarly for cipher suites 2 (AES-CCM-16-64-128, SHA-256, 8, P-256, ES256, AES-CCM-16-64-128, SHA-256) and 3 (AES-CCM-16-128-128, SHA-256, 16, P-256, ES256, AES-CCM-16-64-128, SHA-256). To enable as much interoperability as possible, less constrained devices SHOULD implement all four cipher suites 0-3. Constrained endpoints SHOULD implement cipher suites 0 and 1, or cipher suites 2 and 3. Implementations only need to implement the algorithms needed for their supported methods.” The options we see at this moment in time are: Option 1: Keep current text as-is unless/until more feedback is provided that motivates re-opening this issue Option 2: Proceed with selecting a single MTI cipher suite We'd like to know if the WG can live with Option 1. Note that doesn't mean you think option 1 is perfect, just that it's something with which you can live. If you prefer option 2 or some other option please suggest specific text. Mališa and Stephen [1] https://github.com/lake-wg/edhoc/issues/22 [2] https://mailarchive.ietf.org/arch/msg/lake/75nRaD6czYG6RqLT06Qe8C_lsaM/ [3] https://github.com/lake-wg/edhoc/pull/225/files -- Lake mailing list Lake@ietf.org https://www.ietf.org/mailman/listinfo/lake
- [Lake] Ways forward on MTI cipher suite text Mališa Vučinić
- Re: [Lake] Ways forward on MTI cipher suite text Russ Housley
- Re: [Lake] Ways forward on MTI cipher suite text Mališa Vučinić
- Re: [Lake] Ways forward on MTI cipher suite text Russ Housley
- Re: [Lake] Ways forward on MTI cipher suite text Blumenthal, Uri - 0553 - MITLL
- Re: [Lake] Ways forward on MTI cipher suite text Peter.Blomqvist
- Re: [Lake] Ways forward on MTI cipher suite text Marco Tiloca
- Re: [Lake] Ways forward on MTI cipher suite text Göran Selander
- Re: [Lake] Ways forward on MTI cipher suite text John Mattsson
- Re: [Lake] Ways forward on MTI cipher suite text Peter.Blomqvist
- Re: [Lake] Ways forward on MTI cipher suite text Michael Richardson
- Re: [Lake] Ways forward on MTI cipher suite text Göran Selander
- Re: [Lake] Ways forward on MTI cipher suite text Michael Richardson
- Re: [Lake] Ways forward on MTI cipher suite text Stephen Farrell
- Re: [Lake] Ways forward on MTI cipher suite text Carsten Bormann
- Re: [Lake] Ways forward on MTI cipher suite text Stephen Farrell
- Re: [Lake] Ways forward on MTI cipher suite text Ira McDonald
- Re: [Lake] Ways forward on MTI cipher suite text John Mattsson
- Re: [Lake] Ways forward on MTI cipher suite text Göran Selander
- Re: [Lake] Ways forward on MTI cipher suite text Claeys, Timothy
- Re: [Lake] Ways forward on MTI cipher suite text Michael Richardson
- Re: [Lake] Ways forward on MTI cipher suite text Michael Richardson
- Re: [Lake] Ways forward on MTI cipher suite text Michael Richardson
- Re: [Lake] Ways forward on MTI cipher suite text John Mattsson
- Re: [Lake] Ways forward on MTI cipher suite text John Mattsson
- Re: [Lake] Ways forward on MTI cipher suite text Peter.Blomqvist
- Re: [Lake] Ways forward on MTI cipher suite text Blumenthal, Uri - 0553 - MITLL
- Re: [Lake] Ways forward on MTI cipher suite text Michael Richardson
- Re: [Lake] Ways forward on MTI cipher suite text Carsten Bormann
- Re: [Lake] Ways forward on MTI cipher suite text John Mattsson
- Re: [Lake] Ways forward on MTI cipher suite text Michael Richardson
- Re: [Lake] Ways forward on MTI cipher suite text Blumenthal, Uri - 0553 - MITLL
- Re: [Lake] Ways forward on MTI cipher suite text Peter.Blomqvist
- Re: [Lake] Ways forward on MTI cipher suite text John Mattsson
- Re: [Lake] Ways forward on MTI cipher suite text Göran Selander
- Re: [Lake] Ways forward on MTI cipher suite text Stephen Farrell
- Re: [Lake] Ways forward on MTI cipher suite text Mališa Vučinić
- Re: [Lake] Ways forward on MTI cipher suite text Rene Struik