IETF Logo Mail Archive

Re: [Lake] [core] 🔔 Working Group Last Call (WGLC) of draft-ietf-core-oscore-edhoc-06

Christian Amsüss <christian@amsuess.com> Tue, 28 February 2023 11:59 UTC

Return-Path: <christian@amsuess.com>
X-Original-To: lake@ietfa.amsl.com
Delivered-To: lake@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 22317C151AE7; Tue, 28 Feb 2023 03:59:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id N2EdDXwgHtgk; Tue, 28 Feb 2023 03:59:48 -0800 (PST)
Received: from smtp.akis.at (smtp.akis.at [IPv6:2a02:b18:500:a515::f455]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3D5FAC1516E9; Tue, 28 Feb 2023 03:59:47 -0800 (PST)
Received: from poseidon-mailhub.amsuess.com ([IPv6:2a02:b18:c13b:8010:a800:ff:fede:b1bd]) by smtp.akis.at (8.17.1/8.17.1) with ESMTPS id 31SBxfMo009655 (version=TLSv1.2 cipher=ECDHE-ECDSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 28 Feb 2023 12:59:42 +0100 (CET) (envelope-from christian@amsuess.com)
X-Authentication-Warning: smtp.akis.at: Host [IPv6:2a02:b18:c13b:8010:a800:ff:fede:b1bd] claimed to be poseidon-mailhub.amsuess.com
Received: from poseidon-mailbox.amsuess.com (poseidon-mailbox.amsuess.com [IPv6:2a02:b18:c13b:8010:a800:ff:fede:b1bf]) by poseidon-mailhub.amsuess.com (Postfix) with ESMTP id 1FCA21C497; Tue, 28 Feb 2023 12:59:35 +0100 (CET)
Received: from [127.0.0.1] (unknown [213.143.112.4]) by poseidon-mailbox.amsuess.com (Postfix) with ESMTPSA id 7A7A91E6B1; Tue, 28 Feb 2023 12:59:34 +0100 (CET)
Date: Tue, 28 Feb 2023 12:59:28 +0100
From: Christian Amsüss <christian@amsuess.com>
To: John Mattsson <john.mattsson@ericsson.com>, Carsten Bormann <cabo@tzi.org>
CC: "core@ietf.org" <core@ietf.org>, "lake@ietf.org" <lake@ietf.org>
User-Agent: K-9 Mail for Android
In-Reply-To: <HE1PR0701MB3050C697D14B8B87B002092C89AE9@HE1PR0701MB3050.eurprd07.prod.outlook.com>
References: <F02C5E48-A196-45EC-8576-6BC67EC26AD3@tzi.org> <Y+1b4qX6Ya7BCbvk@hephaistos.amsuess.com> <7A07B432-3DD7-4517-B22D-C5C58E9910E6@tzi.org> <HE1PR0701MB3050C70FC1FE5487A9F4D8A489A99@HE1PR0701MB3050.eurprd07.prod.outlook.com> <DD9413CD-9613-4991-9402-B6F385B979A3@amsuess.com> <HE1PR0701MB3050C697D14B8B87B002092C89AE9@HE1PR0701MB3050.eurprd07.prod.outlook.com>
Message-ID: <98F49E51-61F7-4521-AA69-C1A5E1EB6978@amsuess.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/lake/EdUTGwfpjMDyE5Sxon0Z-6ix_2A>
Subject: Re: [Lake] [core] 🔔 Working Group Last Call (WGLC) of draft-ietf-core-oscore-edhoc-06
X-BeenThere: lake@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Lightweight Authenticated Key Exchange <lake.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lake>, <mailto:lake-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lake/>
List-Post: <mailto:lake@ietf.org>
List-Help: <mailto:lake-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lake>, <mailto:lake-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Feb 2023 11:59:51 -0000

On 28 February 2023 12:54:02 CET, John Mattsson <john.mattsson@ericsson.com> wrote:
> and then there are authentication errors (X.509 identity not authorized, X.509 cert expired, X.509 issuer not trusted, certificate revoked, database oflline, OCSP server offline, etc.).
5
Ok, I see where this comes from now.

Then maybe "[on error], OSCORE key material MUST NOT be derived from the EDHOC exchange, let alone be used to protect the respone"?

BR
c

v2.23.0 | Report a Bug | By Email