IETF Logo Mail Archive

Re: [Lake] Ways forward on MTI cipher suite text

Göran Selander <goran.selander@ericsson.com> Mon, 14 February 2022 09:48 UTC

Return-Path: <goran.selander@ericsson.com>
X-Original-To: lake@ietfa.amsl.com
Delivered-To: lake@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 844693A0E00 for <lake@ietfa.amsl.com>; Mon, 14 Feb 2022 01:48:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.576
X-Spam-Level:
X-Spam-Status: No, score=-7.576 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.576, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RTgwZpIvOkVC for <lake@ietfa.amsl.com>; Mon, 14 Feb 2022 01:48:48 -0800 (PST)
Received: from EUR01-DB5-obe.outbound.protection.outlook.com (mail-eopbgr150075.outbound.protection.outlook.com [40.107.15.75]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D25FE3A0DFF for <lake@ietf.org>; Mon, 14 Feb 2022 01:48:47 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=K4cQ4Hd9Dw6ggQEWMX4lUIX1WCxYwg5q2Kuj5QkOS8T4iOyXh6UCVDklM1pdgdnYEe3ikatmnTqzbE5+gd+BnfFzMKJPFTqUc0XxjjFWGHi48nMYXt6EAjKMhKhJWXYZ6lIVjJpqZibh9Z9Gq8+rEkeUBdU7PHLXLT5Hutlij9wuzljyanR4pTQbiGcpDixHUZ8FPvFRvZZezZxtHH+b3awcehP1GSzZ4Qut+e8eGV6RakFsky1Mkdh9bJoH+F+MuOyaOJW70exRhlwq5sIBRAer36HtFYVm6COpTGTqOYqA/SN9QTNoLZdGjBpDl6jFT0sqBU7dFo1x0x5FBmyc3A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=lm+V7yn/9gIxXnonpKwD9dZarzpEXuW9nN6WHM2C55Y=; b=S+n6wikko1Q1KmfRau0NHQpW+I6TSfjUTVtYBQuAqH2SeH6xOK5mC31L22dwg2zN+q8UA76Hv5WvVNG6xCtHc123BY9xCfXG4WXy21tZ0EwGDHnuRKBte8ATWGfaHFufoUYp133ESmGnqCk7GMOk3CrVZhNQl3/H287gzS3WC9vizf9fv28BvNVAChBEZVA9Zdd0YBU8wEwGOEieH4Cuk8uM9c/04gjPEBHLgmOCV0HWdZWkGdf2Q0WT72va7p6BTSjp8KZU15VnKyIFUYHu45tkDJDmhn/7joqyuiAeseYjLzUZz4VDaYRwPrXkdJGqZIrCpLFcl847TuQbuHGl/A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=lm+V7yn/9gIxXnonpKwD9dZarzpEXuW9nN6WHM2C55Y=; b=YAhPjtvP/KdQZFeucNGIP9aqZs+lUI0ZYMzuN6tshmppgP7GsOY0IRJMzpDyPTt5AXne1Ihf0YiH3MSbhX/UjUIY/zfTKL/IYB7lpm3ZgL5YtHKG3PJwnQD935dZB72TVafZ9hRrj70h0Ylnr4f52mKSVhUvQPQq8FPxhobJqGM=
Received: from AM4PR0701MB2195.eurprd07.prod.outlook.com (2603:10a6:200:45::6) by VI1PR0702MB3631.eurprd07.prod.outlook.com (2603:10a6:803:3::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4975.10; Mon, 14 Feb 2022 09:48:44 +0000
Received: from AM4PR0701MB2195.eurprd07.prod.outlook.com ([fe80::7c02:9e9:ecd3:ed36]) by AM4PR0701MB2195.eurprd07.prod.outlook.com ([fe80::7c02:9e9:ecd3:ed36%7]) with mapi id 15.20.4995.013; Mon, 14 Feb 2022 09:48:44 +0000
From: Göran Selander <goran.selander@ericsson.com>
To: "lake@ietf.org" <lake@ietf.org>
Thread-Topic: [Lake] Ways forward on MTI cipher suite text
Thread-Index: AQHYDh/KgYuIcFc38kyxyL1WH2d6e6x06Z6AgAAdg4CAABERAIAd7GyA
Date: Mon, 14 Feb 2022 09:48:43 +0000
Message-ID: <FB0757A5-69F0-45E0-B9EA-35CE7BAACF46@ericsson.com>
References: <2A2081E4-BAAF-4292-925E-0B683AA6CD23@inria.fr> <HE1PR0701MB30505089ECEB11415901D15789209@HE1PR0701MB3050.eurprd07.prod.outlook.com> <AM8P193MB0979A9D4407FB221A738BCB983209@AM8P193MB0979.EURP193.PROD.OUTLOOK.COM> <2F92EA32-DABB-4B39-811F-F8B7738BADA9@ll.mit.edu>
In-Reply-To: <2F92EA32-DABB-4B39-811F-F8B7738BADA9@ll.mit.edu>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.57.22011101
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 81618edc-c6c7-4ca0-4c91-08d9ef9f3067
x-ms-traffictypediagnostic: VI1PR0702MB3631:EE_
x-microsoft-antispam-prvs: <VI1PR0702MB3631AE7328D7EAB21418BE72F4339@VI1PR0702MB3631.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 0DgH+2czgwft1zf1OAbQb7NWOovNhTczhjQy+R6R9LBoflBGSFKP2hnXS6vkMihRnPWYCcPCJzwQx5xWN/2Fh2LP4bPtirp4krOopuTODN4qSbGDGnVyTlrbNa0qziPlHb+xP5gjbbeS387byxIEZjsADOVQI1OETq7/QLT6CTXGGVcgDfY+BiRDHxErGh2opHjmzXfVSPGIueoO6V23azw7XtC1Xzye8T5X2IqK6mIrVR+fbE1V0gYNlRcYQV+9kStClzxNpDYflNoXIp4MwgpMYHt8551JV3kyiPCBhy24715yVA4pL+n5WbhUPfm6rYMy8isKG+G0fj1D4mNuytraQIQv4Q/ppgRb5+ZE+QkB/N4hhrO8PROZQFZXvTZ6wdb5VIOq+FeMAG3Od3m8Roaiwe4cd1wVp6elf6iEzJnnUG5dw0JXOZdperNkJJ4ZwteFrN1NGwwxOgt3DUvwadIgPKtpllFkpRxFTMEbcVK5bQMtgAwt/dN296wzd4aXViURmL3WwUIBcdoZC2Ch+e3jXZBwNMvlRcgWL5TkKciboR09iiSlkhTAteFQjmsY9ARkcgPazt8fxEbBHZwcjmW5rjmD4SgQPJ1PvV8NbchN4HD/4fIrJTzj5NcS7/+Gyz96FDzZQXmzcSmYdJX0Jt2Oo33zEVKadvojLl72a5AfVUXLvtgh1z4U7cUysc4OJV4XGB8pl416l8H+h8WYRgZvCbdxIcgm5aXS1jN0jiFtzGM3gH/RMutgmtI7jZxxWhpYUKWSJY82Ql4TSH90DqfvHn8dO72Vv4096m1JGVV8oboBjHjgn2vhQeeXBEKVzzRvAwxWgRvpc0beUsLconk/I83+CrVu0hdN6lDPcdE=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM4PR0701MB2195.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(4636009)(366004)(166002)(71200400001)(38100700002)(186003)(2616005)(83380400001)(26005)(66574015)(82960400001)(122000001)(8676002)(2906002)(36756003)(76116006)(85182001)(91956017)(6916009)(66446008)(8936002)(316002)(64756008)(66476007)(85202003)(66946007)(66556008)(5660300002)(53546011)(6512007)(38070700005)(86362001)(966005)(6486002)(508600001)(33656002)(6506007)(45980500001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 6asgLDqCfColKtuBtnUiO3YikulDNsn/OsI0Eqm7i3V3QhN0wTkAXSvYBq7s2zdxNkoi8j3letfK2qo+s+omBfFui1I3+rp+7+tsyJV8LnE7iCDEhwCHrTi7nLYNmxrebV/tBhWxj9dQ9ZjZufYmb6AZyFhrqbnri2iFGdPy5XCMBqzt+WVm3Aidu+0oVgpFGoWwZAq+RovB6ymxHytXB81KpPLupekF23RIVDG61aMIram6jXhg9i59L8tqz1GUpVC7EVK5me/bMwZBAlfwBNr7/riND0Bu0jju/7fhX6egzkhR5yBojwh8vrppetDKObfzImI0x4ebXU5scmM8F4kEPETMaJA/RPnhTumgzUaeqLVAUHYYmx5iN+pV6YMzYs5qWqFH2LiC+XiwHyUhoz6lJ7SMYMoqxI0/7ftRBXMJljlo8ZGr8o+J7wdGWBasUxoCmZvkBSzTeW8TqIg90/PWgCZVzDIKapy6OyFukxdP/Jw8cGCDHo5y3SB8vtNUtMW9V/55uRbsffI5z83G8EyFvWzaB5dP+u5RHWDWoFTh9UPSmKxIDS3MS+e1uOSSY9dtF8o37w669PR+elwHVflF7N4sbHHmhSlBGAgURITSJVlB/Dhl33y4prdoH6OuEDBUwAu9k4ZYYWRRGzTIr+t203MbwM5ZLGYgT2Xq5IP4J22gPbbvdZnRlphB9b+qYppEFex1VjQIerCYRkttqVWwzSPtoF9SjEIo3dfqfq3mD+KRiiUuGp1BeybeqOB9Vo+kWGXtz0DUjNsON6qz7FY7r7bAruMpLawGDu9ufNUBLzhQdyVCu79WR/kQXmO34dPsER04oTwnIa1F8tyuErQxKODB226DY3U3xSa0sNTnAnQkKDovRrFyrwt6BlGuJjIZXy2frF1o1Mixg1v7EAc8dA2x/UIw8PCZXaPrtSAaE1XCmEkT7mYOXt8uwRzpdHynwrz1NzGDV4uq2gDVuExBmTPrsPFm0rKArjkXwHUq/3vL8z3LtZtC2tBgGIIh46hm7g5udYLlN/cHgFEtxT44RRX9o0r5nO+W21od6G5xVsgCcwXIS47JYDPnwYAwgj1HHXahGXLhd56kFDi7zVeJ5tn7nLAj+1qCtFL3VEtDJXN+CCwjarVq2isxlFXPwUDaII/SsPkxcVkn0LAWUK3+CuPgcqCiPuWAY3dbNA82G7gshL3ZjE3ApgBSGwHjfy9jBLolh4KlDXwsa0DF96hzvRcFa0CRuSiAs8OJOXRCrRWM8f27Eqq7N69q/ZdaNHMGEyzrZ6U+lYUS0zbnso4CxehJ3X7vZvgpXNds9Ia3XzcbiI6HP+KUAQzzMfbPuovAn1PxFjye+W9M+HtteCtRKqeigRGCDYDNeBrOgJku/4FloCoSBj5Svz/Pw08WvZ9aACX///xib3ecWJ3y4Wdz6VhlfD4WjusqsqoaeVBY9apYJjG7ebrGYLI5rgCmHkuoyN1LDEZM2GMvNYKYwpncRaviJs0Fq5S0pdou9AMqBAAJEET7KM2UeM9/FrDNhEHac1URgNOqfE/RPM0xGPNImJVQl2MDyn/jFvDTq9zevEabgrMP4/miCR8grslz/A9fQaC70n424+UGbau3h20xLXjVsjljLXuoBFVJMMMIoZrQD9CM+zX/nqlDfUJW8lGmJzMN/QvosMX+jig1AGwN+L/Ie0gKK9WGj9roWlw=
Content-Type: multipart/alternative; boundary="_000_FB0757A569F045E0B9EA35CE7BAACF46ericssoncom_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AM4PR0701MB2195.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 81618edc-c6c7-4ca0-4c91-08d9ef9f3067
X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Feb 2022 09:48:43.9769 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: cd3sYZxXF5EOVB8/G4/kED6NDXxnZ4xrIpLe+WgTHcJmatHawx/74fazj7KSmt1eegxVmSWH6GX8QxB225r+p/rLuqrBm9/z8sojS1Nxu+U=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0702MB3631
Archived-At: <https://mailarchive.ietf.org/arch/msg/lake/EXxIzj1C4QNZ1H82H-aBHKGJWQg>
Subject: Re: [Lake] Ways forward on MTI cipher suite text
X-BeenThere: lake@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Lightweight Authenticated Key Exchange <lake.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lake>, <mailto:lake-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lake/>
List-Post: <mailto:lake@ietf.org>
List-Help: <mailto:lake-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lake>, <mailto:lake-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Feb 2022 09:48:54 -0000

Hi,

As discussed in the design meeting last week there seemed to be an agreement for a similar formulation as TLS (see #238), in this case to prepend the cipher suite requirements with:

"In the absence of an application profile specifying otherwise:"

This also considering that the term "applicability template" used in the draft is replaced by the more intuitive "application profile" (#250).

With this in mind, we have the option to be more strict in terms of cipher suites, since it may be overridden by an application profile.
One proposal is in PR #239.

https://github.com/lake-wg/edhoc/pull/239/files

Note that in PR #239 this condition is added at the top of the section, i.e. prepending not only the cipher suite requirements.

Further comments are welcome.

Göran


From: Lake <lake-bounces@ietf.org> on behalf of "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>
Date: Wednesday, 26 January 2022 at 10:51
To: "Peter.Blomqvist@sony.com" <Peter.Blomqvist@sony.com>, "lake@ietf.org" <lake@ietf.org>
Subject: Re: [Lake] Ways forward on MTI cipher suite text

I have had a preference to EdDSA, but In light of presentation from Rene I don’t think it is reasonable to make EdDSA an MTI.
I concur.

From: Lake <lake-bounces@ietf.org> On Behalf Of John Mattsson
Sent: den 26 januari 2022 08:04
To: lake@ietf.org
Subject: Re: [Lake] Ways forward on MTI cipher suite text

Hi,

I noticed to nobody has argued for EdDSA in the recent discussion. One potential way forward would maybe be to reformulate the current text without cipher suites 0 and 1. There has been several people expressing that they want the requirement to implement one or more cipher suite to be stronger. This would lead to Option 3 below.

- Option 3: Remove cipher suites 0 and 1 from the current text. Reformulate according to current discussion. Make implementation requirements for cipher suite 0 and 1 stronger for some types of implementations such as maybe less constrained devices, software libraries, non-closed deployments....

People typically have strong opinions on details. It is sometimes easier to agree on nothing. Option 4 below would align with what COSE is doing.

- Option 4: Just remove current text and replace it with nothing.

(I ignored the “2, 3, or 2 and 3” issue above, that also need to be discussed)

Cheers,
John


From: Lake <lake-bounces@ietf.org<mailto:lake-bounces@ietf.org>> on behalf of Mališa Vučinić <malisa.vucinic@inria.fr<mailto:malisa.vucinic@inria.fr>>
Date: Thursday, 20 January 2022 at 18:03
To: lake@ietf.org<mailto:lake@ietf.org> <lake@ietf.org<mailto:lake@ietf.org>>
Subject: [Lake] Ways forward on MTI cipher suite text
Dear all,

During the last LAKE interim meeting, we discussed the issue
of an MTI cipher suite and we agreed for the chairs to open a
thread on the subject. As a reminder, the previous discussion
points on this topic are summarized in github [1] and in
John’s mail dated 13 May 2021 [2].

We’d like to see if there is rough consensus in the WG on
this topic, at this moment in time. Knowing that the formal
analysis of the EDHOC-12 specification is under way, we
should keep in mind that additional input may arrive down the
road from teams working in the computational model.

As a reminder, the most recently discussed text for this
is in a PR [3] and states:

“For many constrained IoT devices it is problematic to support several crypto primitives. Existing devices can be expected to support either ECDSA or EdDSA. Cipher suites 0 (AES-CCM-16-64-128, SHA-256, 8, X25519, EdDSA, AES-CCM-16-64-128, SHA-256) and 1 (AES-CCM-16-128-128, SHA-256, 16, X25519, EdDSA, AES-CCM-16-64-128, SHA-256) only differ in size of the MAC length, so supporting one or both of these is no essential difference. Similarly for cipher suites 2 (AES-CCM-16-64-128, SHA-256, 8, P-256, ES256, AES-CCM-16-64-128, SHA-256) and 3 (AES-CCM-16-128-128, SHA-256, 16, P-256, ES256, AES-CCM-16-64-128, SHA-256). To enable as much interoperability as possible, less constrained devices SHOULD implement all four cipher suites 0-3. Constrained endpoints SHOULD implement cipher suites 0 and 1, or cipher suites 2 and 3. Implementations only need to implement the algorithms needed for their supported methods.”

The options we see at this moment in time are:

Option 1: Keep current text as-is unless/until more feedback
is provided that motivates re-opening this issue
Option 2: Proceed with selecting a single MTI cipher suite

We'd like to know if the WG can live with Option 1. Note that
doesn't mean you think option 1 is perfect, just that it's
something with which you can live. If you prefer option 2 or
some other option please suggest specific text.

Mališa and Stephen

[1] https://github.com/lake-wg/edhoc/issues/22<https://protect2.fireeye.com/v1/url?k=31323334-501d5122-313273af-454445555731-8d8739cc42e1d2b1&q=1&e=7f8ca305-4d94-4316-99c0-3b8e69e4bd77&u=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2Fgithub.com%2Flake-wg%2Fedhoc%2Fissues%2F22__%3B%21%21JmoZiZGBv3RvKRSx%21oMZFCrrtaAFUdL_LPHRBXf_uvG-p-6Y0b9jHb6jNGAPkgHq66wHpNbRb-twIjtmwJiui%24>
[2] https://mailarchive.ietf.org/arch/msg/lake/75nRaD6czYG6RqLT06Qe8C_lsaM/<https://protect2.fireeye.com/v1/url?k=31323334-501d5122-313273af-454445555731-8ee72b0658755668&q=1&e=7f8ca305-4d94-4316-99c0-3b8e69e4bd77&u=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2Fmailarchive.ietf.org%2Farch%2Fmsg%2Flake%2F75nRaD6czYG6RqLT06Qe8C_lsaM%2F__%3B%21%21JmoZiZGBv3RvKRSx%21oMZFCrrtaAFUdL_LPHRBXf_uvG-p-6Y0b9jHb6jNGAPkgHq66wHpNbRb-twIjmVyYhuw%24>
[3] https://github.com/lake-wg/edhoc/pull/225/files<https://protect2.fireeye.com/v1/url?k=31323334-501d5122-313273af-454445555731-1c35d0ff14ead9d4&q=1&e=7f8ca305-4d94-4316-99c0-3b8e69e4bd77&u=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2Fgithub.com%2Flake-wg%2Fedhoc%2Fpull%2F225%2Ffiles__%3B%21%21JmoZiZGBv3RvKRSx%21oMZFCrrtaAFUdL_LPHRBXf_uvG-p-6Y0b9jHb6jNGAPkgHq66wHpNbRb-twIjjrL_38v%24>


--
Lake mailing list
Lake@ietf.org<mailto:Lake@ietf.org>
https://www.ietf.org/mailman/listinfo/lake<https://protect2.fireeye.com/v1/url?k=31323334-501d5122-313273af-454445555731-bbc313f3e273f8b1&q=1&e=7f8ca305-4d94-4316-99c0-3b8e69e4bd77&u=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Flake__%3B%21%21JmoZiZGBv3RvKRSx%21oMZFCrrtaAFUdL_LPHRBXf_uvG-p-6Y0b9jHb6jNGAPkgHq66wHpNbRb-twIjtnfowyW%24>

v2.23.0 | Report a Bug | By Email