[Lake] Clarifications regarding deterministic CBOR encoding needed?
John Mattsson <john.mattsson@ericsson.com> Mon, 04 September 2023 08:02 UTC
Return-Path: <john.mattsson@ericsson.com>
X-Original-To: lake@ietfa.amsl.com
Delivered-To: lake@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9E101C1516EA for <lake@ietfa.amsl.com>; Mon, 4 Sep 2023 01:02:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.108
X-Spam-Level:
X-Spam-Status: No, score=-2.108 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id X3URPT1FcwEh for <lake@ietfa.amsl.com>; Mon, 4 Sep 2023 01:02:10 -0700 (PDT)
Received: from EUR05-VI1-obe.outbound.protection.outlook.com (mail-vi1eur05on2075.outbound.protection.outlook.com [40.107.21.75]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 75720C1516F2 for <lake@ietf.org>; Mon, 4 Sep 2023 01:02:09 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=LExF0Yz9TVUA0MTd1j7wLxlC2efWcftoXh7g2vwZ6bGn5jDuzHqga1N1f1bQuwA8OmZiOXRTCPq5rLGWQlHyAM2LTFewu5IW3higeX4EZx5RVCUXCx8vgsXMqF9Z/bypzrJimxZW/BbBxVBlsZn2NKUAVysxtChBQl/xZMtHFek1xni6mzO5u1Q1Qk3th6yFDjkI64YiHrU1eQn7TUxfSLi2xD1pup5fkDicyYxImyWmHoD1hlO7ENRrrQ2gwkRD78mAl/0zu67RxtYtDQQ3rYj3yMGeqLvL/cnSxSGKD/mGwDP2SZPXsgyvGnQ1YZ4meDWq6d3bWfz/vv5BNSAshQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=U0tP+LTXjuTteclr341moJcLV/aOMkW1xpu0+UlvAac=; b=ZvD/b/OdpTlR+NIZkUQVYiJ9ycaiobHiaZzkoAJ0bqJpuIA0wIhH5BuVI3gVGciFIROztYJ8mRo7C4P2fitwOsvmOxRsZUnZi4ykbGZvwDvbVfOZ8xxJ0C/U7U98G7Ca+XECwzRkRdf1VCOMi2L+9XhEB9HZrNCYqIBOJ/PvMNdG+Yhgl2JC4F+9qgoWh9VfXmkbR+Wgd5g8yRlLG3MMPev7qaX8UlQHU7yy4fTt0sY7mabCONRdVilCOBct7GADlaaJDrNpM0TL1mby1rqvKk+tdUwSx39zQgywXe9/F9jWB5mY8vDLfrvoooiW77OZLti+A2JbVNt8W5p4V+zmig==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=U0tP+LTXjuTteclr341moJcLV/aOMkW1xpu0+UlvAac=; b=DvW+9MGe+ig8CJkrHfcfX9Bc2+jvTZ1lwIlL9MfQooH2dCJ6Gpv9etosQNjh2kCIXAeAgMNFb59HvjQ9Ns1Dn2A7xS3f/D7VfztWwfafbiPtAorM8EDiBmr/6WiCfHjOqx6s/BUXNArAC5HAKwqgE+DgfBG5kNQapQ70Mmh0gk4=
Received: from GVXPR07MB9678.eurprd07.prod.outlook.com (2603:10a6:150:114::10) by DB9PR07MB9740.eurprd07.prod.outlook.com (2603:10a6:10:4c3::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6745.21; Mon, 4 Sep 2023 08:02:06 +0000
Received: from GVXPR07MB9678.eurprd07.prod.outlook.com ([fe80::cf5e:848b:9613:bfd]) by GVXPR07MB9678.eurprd07.prod.outlook.com ([fe80::cf5e:848b:9613:bfd%7]) with mapi id 15.20.6745.030; Mon, 4 Sep 2023 08:02:06 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: "lake@ietf.org" <lake@ietf.org>
Thread-Topic: Clarifications regarding deterministic CBOR encoding needed?
Thread-Index: AQHZ3wXnkAo+IdeUN0ymnp7/BCY1qA==
Date: Mon, 04 Sep 2023 08:02:06 +0000
Message-ID: <GVXPR07MB96786E89654927055C14EE1D89E9A@GVXPR07MB9678.eurprd07.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: GVXPR07MB9678:EE_|DB9PR07MB9740:EE_
x-ms-office365-filtering-correlation-id: ce3de801-5750-4e8f-3811-08dbad1d3b21
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: HFK5uB4284u3AP0wtvrA+O+2x4YhLZgEwKKOXaQZ9JFjy4u/jtogBRjO2YOClNJDmRJxCJmGu3f0aTcl76isRJgrcgKVz13KLzs8LYrRUb+X4Xa69xbgafm+lbraoJuULKyGoasFaXnzzPB7h0mXgFH5TyT+ep+3Yzu+bdP6mADveR6WQM6D3H3gAOp3lnjtWhFuYKuz5OGA56/EVCbKAxB3Kk3HjB+TZhPeGGOMEMpFvGZLtGQ3q/e+yI4VsEgdtQQfTl7SV14VSdAjZndMeJlMojoZ2AK7SHe6aNfkdEU1SetqKIdj6OYdj4pFnGDKSDylQzw/IqCO1fKUpHsxd1RNsJLBdyNZwW/Yx35R1y/m3N0GuljoaPkC6iirVwN7zr1ROh5iZxW933zte716AokOU/mtLEXt7ZfTTRomxra/tEw/mk8azwALPveaduPwFJijo6ASHY8vqwLoja/UrXZi6VMJztq6M+CGsbWoDusDsCv175QyX1sdg4J8op1XmwiIpE3/PHkITx4vTp/fB/FB5d5S4bDTSquk0yq2IF43KKff8ogtA9YRWf6ksRsWPfMk/luzLxo8kWFj4FNSIfyqNQM9Wc7EnR6yQbvTusm6m+R0Sv16Z4lcvVJPym/MC7yj/NQZIB905n4VBXZrfHbG27/zD7EG2pQcSGbIrQA=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:GVXPR07MB9678.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(39860400002)(376002)(396003)(366004)(346002)(136003)(1800799009)(451199024)(186009)(41300700001)(122000001)(71200400001)(33656002)(38070700005)(82960400001)(86362001)(83380400001)(38100700002)(478600001)(9686003)(7696005)(6506007)(26005)(55016003)(66556008)(64756008)(66946007)(2906002)(66446008)(76116006)(316002)(6916009)(66476007)(5660300002)(52536014)(8676002)(8936002)(44832011); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: SW9NGG6XA9vo1DKq0ob9E16AUWRkWfGiRHIIzGU0KudnRNFyQtoKkxgHVRoJbM9UqPzCE00iTy655vPU9PMK6YwSz+JnLwxSIh6T3geS+ufbCa26eYT0HE15oUqZxvOEp2AtW86w7zuE7TeRsk4Tt+aFUdPNBQtYV3CVfaWGpFqbomCXvKlJRlomobBcUxPXMyqcyJJqOnFQBEJkNYV6sEmMMFzIjizzAYU+R2x6DcljENt6kyI9puVy0KcGikBKsZ3F5z2fdQJvmJe35blnE5aYpvXsi4xlhlHxFMrKwpuuStpg5EbiiR2M1oMp8MF+qe6Q5Rs6dtk5CC/lcludrzR9l+iNP6SudufXO+o6tZfndLwTdSPpT/DUh5WnTaxYs/6jr+GrEbvjvjbuzaxV9lVYeg6rWMWtOkfez3x8QudvLlV/hvTbr+EyZl2ieZptG/aeUipUxN7tz7v3uAgU2yyuFg7y3D06EP88BfWo2Qo5uEOPeqhyyNjA9HvIOSkLExd9paKeYwtwBzNlM3LCgfMPbcQ3lZB3+nZka+mCCz0yXLTbH4fHExrYFWFQ2+VQuHeTqPPI4qYViqN//vN+EiCnMCSd9s6+sjbZTlLc3ysChkDw1MUQMzqC8XlopgOoE95lntG5nIWPpB/P+jGOX5RNlT/+j1f+JK6H7fxH1Dppk8/XOJPys8lhUhkyQ16zwEPh4V18dEDwJna0QxLEYA+JpOlmO0WTRsFTrp+K7NIXszF2qUlMh0YySYzv9+Xbpv7SCD+QUeN2My1Syz5H3zIT9gr/Z6TZHxdmnkLOmKdpzsieI5HCNc5WDqJEG3h3bb3xu7/Dd/0iQwEHsbnn5iCPFCtrJ1CFHESj6lfQn74Gafw0C5pzZZzevikMjFL/chQSwvAdgUPm0I0pU+ggDdP9WsT+ZaAnkVQRf8v5UnY/NW+hu1zsM3NYx7ej6fE7T8zPV3aK/iZBOcxpKxMDxrd3vd9xDCx9hCB3Z0Ifdc37AyU7Ff6WP5pIJVUq1mBZGqb79p7HQ1GHECQGCd3YXzKMaT5Rhlcp57plVi2CkNfY0iULScriz4dFxYbnzKyGS6M+uf4L6nbQWqtdkvtGoEH8tTzbG4x4NK26kd/sGytPsQDLufp2qhLVCFHiR7AW7fx09BdL3xxdboGzirsZbBMGuEp6ivDRq8b9qbr2X0j37WUYpxahsVN/GbjjSZzHg+mrmWKHoa2wJXfefdfZcZyEsRD4jTXdDhe7ivKnYzy6vEcLge+moja6sLuZJhHoH+VUtF1oGKdorGMbBdtlgvM1SyINBGN4TGqp0JcgE3xe3LEhRW7Pxd2xTlig1kJaDm1tsHxLOfdeaezVPJGLh3RUn3tHr3zp5iAEAUars2/ZWfkbIwkREyASAJzDxw6s9HW025oa0b+sXFld1FaOxduCU1xo+awzomNIm0AjPzoOctWMk7psg7yRzqo8og/tB3Mto77GD7sqsjDlkCgF5bOGovuM2cLMnY6gny2LaOdsczkTsfCodiNrV706EJPIDIw3zHg4k92rK9vNYqpB2O3ynD1kCFW7TtHs77U7ef1zzkPUPiSN4g0G/A6DJt7tft45WsPGeLrJ+fjX0FR+x322SXvxXRdRD8Y1mGUI/p8=
Content-Type: multipart/alternative; boundary="_000_GVXPR07MB96786E89654927055C14EE1D89E9AGVXPR07MB9678eurp_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: GVXPR07MB9678.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: ce3de801-5750-4e8f-3811-08dbad1d3b21
X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Sep 2023 08:02:06.0481 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: ypRbwJJjEbLXTHxmxNAbm37kjZy50QdZV7Ula17u+dPwEcB21pc3QsIjAyNGR4fJgUqymEl6QRmDnwCPvw3bZxQ+OIwnHzNWQLlZUrzdfy4=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB9PR07MB9740
Archived-At: <https://mailarchive.ietf.org/arch/msg/lake/EQfuHZaCp_XNwZ290bM4OguhBCc>
Subject: [Lake] Clarifications regarding deterministic CBOR encoding needed?
X-BeenThere: lake@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Lightweight Authenticated Key Exchange <lake.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lake>, <mailto:lake-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lake/>
List-Post: <mailto:lake@ietf.org>
List-Help: <mailto:lake-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lake>, <mailto:lake-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Sep 2023 08:02:14 -0000
Hi, While working on invalid test vectors with the implementors it has been suggested by Marco that explicit reminders about deterministic CBOR should be added in e.g., 3.5.3 of the EDHOC specification. I agree that this is a good idea. Background: - Section 1.4 states "When referring to CBOR, this specification always refers to Deterministically Encoded CBOR as specified in Sections 4.2.1 and 4.2.2 of [RFC8949]." - Section 3.1 states "All EDHOC messages are CBOR Sequences [RFC8742], and are deterministically encoded." - Section 3.5.2 states "If for some reason re-encoding of the authentication credential may occur, then a potential common encoding for CBOR based credentials is bytewise lexicographic order of their deterministic encodings as specified in Section 4.2.1 of [RFC8949]." - Section 9 states "It is RECOMMENDED to abort the EDHOC session if the received EDHOC message is not encoded using deterministic CBOR." Some notes and thoughts: - The sentence in 3.1 should be changed to "encoded using deterministic encoded CBOR as specified in Section 4.2.1 of [RFC8949]." With randomized algorithms, EDHOC is not deterministic. - I don't think 4.2.2 of [RFC8949] is relevant for EDHOC. I suggest only refering to 4.2.1. Stating that 4.2.2. is not relevant and that 4.2.3 shall not be used. dCBOR is not references and not needed here. - Deterministic CBOR encoding affects all integers and all maps. Maps occur in ID_CRED_x and CRED_x. - I note that there is no normative RFC2119 terms to use deterministic CBOR, but there is a SHOULD abort. This is a bit strange. - The reason deterministic CBOR was introduces was to limit an attackers possibilities in the case the hash funtion has weaknesses. Does deterministic encoding cause implementation complexity? Not sure it makes sense to mandate if the ECDSA signatures are randomized anyway. - It is not clear when a CCS is deterministicly encoded. That should be fixed. My understanding is - EDHOC does not mandate deterministic encoding of the kccs value - When receiving a kccs the kccs value is used as CRED_x without reencoding. - When identifying a CCS with a kid and there is risk for different encodings, both sides need to encode deterministically. Happy with any thought, feedback, and suggestions on this topic. Cheers, John
- [Lake] Clarifications regarding deterministic CBO… John Mattsson
- Re: [Lake] Clarifications regarding deterministic… Carsten Bormann
- Re: [Lake] Clarifications regarding deterministic… John Mattsson