Re: [Lake] Call for adoption for draft-selander-lake-edhoc - respond by June 22

"Blomqvist, Peter" <Peter.Blomqvist@sony.com> Fri, 26 June 2020 16:37 UTC

Return-Path: <Peter.Blomqvist@sony.com>
X-Original-To: lake@ietfa.amsl.com
Delivered-To: lake@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BCECA3A0966 for <lake@ietfa.amsl.com>; Fri, 26 Jun 2020 09:37:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.995
X-Spam-Level:
X-Spam-Status: No, score=-1.995 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=sony.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WSL5bPSwRoHS for <lake@ietfa.amsl.com>; Fri, 26 Jun 2020 09:37:04 -0700 (PDT)
Received: from mx08-001d1705.pphosted.com (mx08-001d1705.pphosted.com [185.183.30.70]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 447923A0958 for <lake@ietf.org>; Fri, 26 Jun 2020 09:37:03 -0700 (PDT)
Received: from pps.filterd (m0209318.ppops.net [127.0.0.1]) by mx08-001d1705.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 05QGSOuV029495; Fri, 26 Jun 2020 16:36:59 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sony.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=S1; bh=/LNO0pL/Al9IM0FMhSvnaHmZ02vfgsebfnZerQCqh5o=; b=I54Z0HK2Vpm9iH5OCvaFGGX+pfEWX9uJIZ0nB73/XtnOrsXVTfVjv6QcdbGwQXCkgtZ7 3xe61xqEZBJxCs8OeHw4u/YOCo9ewTqDslOD5FTeBcXGYKozgFA7ppDYCg0WIICvGKOb EYXb+DVSlHVQZ3AO05csJJhvZExqNTlRgcJhNtH+dI3G3p+svTMkb76h68R9APr6vtsM k7XmK0X3hjdx9K82OdXS9iKuKxKyo9bpUEQq6eUX9nHI+0XUE2c4rbNrAOIrCawz/EYM 8+gJ4GRcd+1Y2Tayg1DiSieNmAFZet/SQFwoWhGaiSBKfIAwYwNiErGMCJnlUaaDIN+i IQ==
Received: from eur05-db8-obe.outbound.protection.outlook.com (mail-db8eur05lp2105.outbound.protection.outlook.com [104.47.17.105]) by mx08-001d1705.pphosted.com with ESMTP id 31uuv4h6gq-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 26 Jun 2020 16:36:59 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=le7kolHDyYPSWVDU7USFGg60VjmENU0CwfQMuQn58TjaJf23L22nA1NUB93suHbPjk9gD4hJvfjzKBY7Nd3DXteSQOlCOEBON9JrfZVV+GamCUai0j/pxwLWKEGXqJYEHJ1U6U5dnWdIqTOW9GUGy3jxHBNAik/k/QvyhzPVzbsklXmaCxGAu3fuCPGHhGK3GaHS0ynrdDt7xz6lQ3dJBfWq2bTbN/vdK91mhHaY9rn78I7l3Ix5Rq/kfKYWAel46DIkkLmzqDNlQn73/louFDDq0ZSMoMCdrIEpD89+BMqMZ8vATwq0yhLib9B8bS/IxeUSUhuXN6RftURB/9feGg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/LNO0pL/Al9IM0FMhSvnaHmZ02vfgsebfnZerQCqh5o=; b=Liz63pCvKC+CLyWPZGDDi15EZ2k3tQzw+EjuzeXtq0i07Vpe/2q6naMZBwQ5I02/vVNPgEJKwBJw5ZljRHxRotNinESgqhSNRADLOgJPoa0vHMgA8BncW4q78HdhMnf0dzdnJD9TmLpvMXejMNvTCKNJUEV82ELOI0SErSi4p5FUfI16MQ4RVjZiVNjE+K1z6n1+Z+nyoegQGFRK6wojVoxJD50Pe2cxxADVxhgD0gnUEDVerhLFEeIoYdQ0i6mqeQlp3RxmxFPSIG8gRbCICPBYaon42umIS1qg2igx9k/oEFuURpycaUuVDfvxCruF74SO6QZ1TU/DVL04q9nGNA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=sony.com; dmarc=pass action=none header.from=sony.com; dkim=pass header.d=sony.com; arc=none
Received: from PR3P193MB0505.EURP193.PROD.OUTLOOK.COM (2603:10a6:102:33::16) by PR3P193MB0505.EURP193.PROD.OUTLOOK.COM (2603:10a6:102:33::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3131.21; Fri, 26 Jun 2020 16:36:57 +0000
Received: from PR3P193MB0505.EURP193.PROD.OUTLOOK.COM ([fe80::942c:7082:d9f8:c404]) by PR3P193MB0505.EURP193.PROD.OUTLOOK.COM ([fe80::942c:7082:d9f8:c404%8]) with mapi id 15.20.3131.021; Fri, 26 Jun 2020 16:36:57 +0000
From: "Blomqvist, Peter" <Peter.Blomqvist@sony.com>
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
CC: "lake@ietf.org" <lake@ietf.org>
Thread-Topic: [Lake] Call for adoption for draft-selander-lake-edhoc - respond by June 22
Thread-Index: AQHWPZxrkhasfTMcb0+WH9BedgUczajlpjeAgABKVoCAAKrlAIAAK86AgACMToCAAFv4gIABVrQwgAAitQCAAAnMwIAAB+QAgABCw5CAACF0cIABlcWk
Date: Fri, 26 Jun 2020 16:36:56 +0000
Message-ID: <PR3P193MB0505ADA53E0602880951E45483930@PR3P193MB0505.EURP193.PROD.OUTLOOK.COM>
References: <89EA6A63-AB99-4649-9F08-D6FBDE1DEF2F@inria.fr> <45709E7D-F538-4107-9078-DDC8DA670F58@sn3rd.com> <C4E5CAED-4849-4E8B-BC43-702D19D002C4@ericsson.com> <3867DDE5-2B74-4272-8080-D62A57AA0FEA@inria.fr> <082e49cf-d83f-3e02-ae0d-6b3ac334c3d1@gmail.com> <55D3EA37-6F03-4655-AF49-F57B474F1B97@inria.fr> <AM0PR08MB3716C3513D30F207B103BABEFA950@AM0PR08MB3716.eurprd08.prod.outlook.com> <VI1P193MB0511743F823CCB176F78CD9E83920@VI1P193MB0511.EURP193.PROD.OUTLOOK.COM> <AM0PR08MB37167B95E2633DA95C9AEB76FA920@AM0PR08MB3716.eurprd08.prod.outlook.com> <VI1P193MB05116132BEE59E830A08853C83920@VI1P193MB0511.EURP193.PROD.OUTLOOK.COM> <AM0PR08MB37167CFEA6322F28A8B48D92FA920@AM0PR08MB3716.eurprd08.prod.outlook.com> <VI1P193MB0511DAD083A645869DCA006E83920@VI1P193MB0511.EURP193.PROD.OUTLOOK.COM>, <VI1P193MB0511A12B34EF2D38D50DB61683920@VI1P193MB0511.EURP193.PROD.OUTLOOK.COM>
In-Reply-To: <VI1P193MB0511A12B34EF2D38D50DB61683920@VI1P193MB0511.EURP193.PROD.OUTLOOK.COM>
Accept-Language: en-GB, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: arm.com; dkim=none (message not signed) header.d=none;arm.com; dmarc=none action=none header.from=sony.com;
x-originating-ip: [213.67.22.41]
x-ms-publictraffictype: Email
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: 14f05205-a9bd-4a56-d35c-08d819ef2458
x-ms-traffictypediagnostic: PR3P193MB0505:
x-microsoft-antispam-prvs: <PR3P193MB05059D4BCB9D011B4ACC204983930@PR3P193MB0505.EURP193.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0446F0FCE1
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: tOoFkA9t1gdmAEUCgDubPQ/jfwcv01RgohHtQ+C6d244R2PjURFLAQYRzy6xgANzMRgjIfoRhAr/319loO12p7y9zniP8vFHvZx3FQGa0xaPsGGhq9WuNQiWicEeE6bBHwi6pmBRJiwzUMf+xRanPT2C7pH1VJ9uaSpsNXGHOI29Od7XgQnt+7ud5jmmpDodQ+Po0EcTppRdD8LASY8Q2pS3P46rrbXjWgcf2mmuQAzZCH12JILvELjtdPUagrx5G65kSyhrz2INDKKu6qHzxMqc/TCg868/oXAEXKlj2+eZTvUVcoxpyp1AK0gebJUGt45pR8rbbhjVwBl17OeNNiO6LHzrPdx0IdRwbZ6JjnvaP4wQEdOWpTKWDzrUXlLR0Vqdu/csA8ZUUyWxx40wLA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PR3P193MB0505.EURP193.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(366004)(346002)(39860400002)(136003)(396003)(376002)(33656002)(26005)(66574015)(83380400001)(53546011)(6506007)(4326008)(7696005)(186003)(478600001)(966005)(166002)(2906002)(66946007)(52536014)(8936002)(316002)(66556008)(66446008)(64756008)(19627405001)(6916009)(5660300002)(86362001)(9686003)(8676002)(19627235002)(76116006)(55016002)(30864003)(71200400001)(66476007); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: iSlhD+NTQEkqWBC99EBBXgwPLm6FXVSqQsXdG/7WdIhboBqCmCuFenh3QNug6cSOgrl2w942G63DL8a98bsb7MrMHhrfr4jzFEyxXRU8h6FRfqDKyZcK25S5d72eX9FQGvr2GfaCmvqKDLHW0iwnLuD+k1lGf+A488xPh/G/L4rcE3xbF1vurOlKoofTQEt0JbFzTm445tQA10wjbPnMZiIJfRJ2WB4GDhdU3+yM5K+DSzLdiwS3/1rGjXBjoc4EEAP2PGuMlfv1mZSYYF+o0kC7/Sjg1qhZXpBxTSJP63KGdNmpnhM/Ccpmu13r4OWj2pjocvMvsFjcRG23yYNwH+rYCNDibjYW0UordJgQx0PfmKNN+iOOnvIqXmxWcjNdJzobcHiOCQOMiRyIcL9VpRkx57DD6t1MBsyUdmVY7qQEtDl57mzpGbavK2XdakbNmFxIQ6ONKkBgGDdCrvmd44UWT0r4uck+y9EoeZJTwnQ=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_PR3P193MB0505ADA53E0602880951E45483930PR3P193MB0505EURP_"
MIME-Version: 1.0
X-OriginatorOrg: sony.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: PR3P193MB0505.EURP193.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 14f05205-a9bd-4a56-d35c-08d819ef2458
X-MS-Exchange-CrossTenant-originalarrivaltime: 26 Jun 2020 16:36:56.9081 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 66c65d8a-9158-4521-a2d8-664963db48e4
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: OQ2hsd3bYOb0vqvWgD1y5H+3ZFwoqQU91xcYsJViDCUqeHE6QnqGRycSeq3T3sojZUrqUjuSNFSudkmgKEltIHN1pJCZO49piA2+MJamscA=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PR3P193MB0505
X-Sony-Outbound-GUID: bmgfX8Y5o05yHPhkZNSe8k4_krfmn3_f
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.216, 18.0.687 definitions=2020-06-26_08:2020-06-26, 2020-06-26 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 lowpriorityscore=0 priorityscore=1501 suspectscore=0 mlxscore=0 malwarescore=0 phishscore=0 spamscore=0 clxscore=1015 cotscore=-2147483648 adultscore=0 impostorscore=0 mlxlogscore=999 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2004280000 definitions=main-2006260115
Archived-At: <https://mailarchive.ietf.org/arch/msg/lake/mJYH9yAzE-aGnHEC79iCZM8wCy4>
Subject: Re: [Lake] Call for adoption for draft-selander-lake-edhoc - respond by June 22
X-BeenThere: lake@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Lightweight Authenticated Key Exchange <lake.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lake>, <mailto:lake-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lake/>
List-Post: <mailto:lake@ietf.org>
List-Help: <mailto:lake-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lake>, <mailto:lake-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 26 Jun 2020 16:37:07 -0000

Hi Hannes,

Thanks for the references. I was aware of an earlier version of ATLS but have not read the details. However, this does not seem to match the performance requirements of LAKE.


Coming back to use-cases I mentioned earlier, one scenario is “edge” where we are interested in the Group OSCORE functionality, for which we want to reuse the OSCORE code (We are in a project where at least three parties have started integrating OSCORE into their device/cloud platforms).

Let’s talk more after the vacations.

Best

Peter

________________________________
From: Blomqvist, Peter
Sent: 25 June 2020 18:27
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
Cc: lake@ietf.org <lake@ietf.org>
Subject: RE: [Lake] Call for adoption for draft-selander-lake-edhoc - respond by June 22


Just to clarify my previous mail: Throughout the discussion it has been claimed that cTLS is a solution to LAKE but I have not seen any mention in the discussion or in draft-ietf-tls-ctls how cTLS is used with OSCORE.



We can continue discussing the other, unrelated mbedTLS topics I had in mind, outside the list, and preferably after vacation.







Best

Peter





From: Blomqvist, Peter
Sent: den 25 juni 2020 16:27
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
Cc: lake@ietf.org
Subject: RE: [Lake] Call for adoption for draft-selander-lake-edhoc - respond by June 22



Hannes,





We can provide some input on use-cases and current issues we face with (D)TLS:.

Also please clarify “cTLS” – is that for key export or full replacement of OSCORE?







Best

Peter



From: Hannes Tschofenig <Hannes.Tschofenig@arm.com<mailto:Hannes.Tschofenig@arm.com>>
Sent: den 25 juni 2020 12:25
To: Blomqvist, Peter <Peter.Blomqvist@sony.com<mailto:Peter.Blomqvist@sony.com>>
Cc: lake@ietf.org<mailto:lake@ietf.org>
Subject: RE: [Lake] Call for adoption for draft-selander-lake-edhoc - respond by June 22



Hi Peter,



I actually opposed also to the standardization of OSCORE for a number of reasons but that is history now.



I agree that the handshake had to be optimized and the standardization effort in optimizing has produced a number of results already. Sadly, only a small number of them got implemented.

If I try to take a positive aspect out of the entire LAKE discussion then it is the start of the cTLS work (as Carsten phrased it).



I would like to investigate whether cTLS is all that is needed to cover your use cases and other use cases brought up in the group. Doing that using some recent embedded hardware and an off-the-shelf software stack would be interesting. Happy to collaborate with you on such a project.



Ciao
Hannes



From: Blomqvist, Peter <Peter.Blomqvist@sony.com<mailto:Peter.Blomqvist@sony.com>>
Sent: Thursday, June 25, 2020 12:07 PM
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com<mailto:Hannes.Tschofenig@arm.com>>
Cc: lake@ietf.org<mailto:lake@ietf.org>
Subject: RE: [Lake] Call for adoption for draft-selander-lake-edhoc - respond by June 22



Hi Hannes,



I agree AWS IoT can quickly be deployed – much thanks to ARM!



But it’s a bit inconsistent to recognize CoAP but not OSCORE – both sprung from same IETF process driven by IoT needs.

The session establishment is definitely a large contributor in cellular especially in bad conditions:

We are trouble shooting a product where one location yields magnitudes worse stamina than nominal.





Best

Peter



From: Hannes Tschofenig <Hannes.Tschofenig@arm.com<mailto:Hannes.Tschofenig@arm.com>>
Sent: den 25 juni 2020 11:22
To: Blomqvist, Peter <Peter.Blomqvist@sony.com<mailto:Peter.Blomqvist@sony.com>>
Cc: lake@ietf.org<mailto:lake@ietf.org>
Subject: RE: [Lake] Call for adoption for draft-selander-lake-edhoc - respond by June 22



Hi Peter,



Amazon IoT is in fact a good example that supports my argument.



When the IETF decided that HTTP and MQTT does not work well for IoT devices it created CoAP. Fine so far. Neither MQTT nor HTTP went away – actually the opposite happened. Both protocols got enhanced to become more performant. Luckily all three use the same underlying security mechanism (at least up to the point when OSCORE came along).



What does this mean for us (Arm): we now have to support HTTP, MQTT, and CoAP. Nothing goes away.



To give you a recent example of what we are doing see the talk by my co-worker Reinhard Keil:

https://www.embeddedonlineconference.com/session/How_to_Rapidly_Develop_IoT_devices_with_Arm_and_AWS<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.embeddedonlineconference.com_session_How-5Fto-5FRapidly-5FDevelop-5FIoT-5Fdevices-5Fwith-5FArm-5Fand-5FAWS&d=DwMGaQ&c=fP4tf--1dS0biCFlB0saz0I0kjO5v7-GLPtvShAo4cc&r=ReOhyTHbHxF59rwa6NKLJmWnWtc32YE99Fj4rlHBZBM&m=oujvoWU2nRItujg2zR6614hOgqQRjbghWr0oRj4ensY&s=pE7rIsFQCwezdNhtsMj7pvV8F32C17hPMbxSJ_29RQk&e=>



On the note about power consumption: this is a complex topic on embedded system and very often it has little to do with the actual key exchange protocol but rather with the crypto, with the underlying OS, with the features you are using on the MCU, etc. Happy to talk more about Mbed TLS, if you are interested. There are many configuration settings (as with all embedded stacks) and you need to select what is most appropriate for your environment to get the maximum out of it.



Ciao

Hannes



From: Blomqvist, Peter <Peter.Blomqvist@sony.com<mailto:Peter.Blomqvist@sony.com>>
Sent: Thursday, June 25, 2020 9:27 AM
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com<mailto:Hannes.Tschofenig@arm.com>>
Cc: lake@ietf.org<mailto:lake@ietf.org>
Subject: RE: [Lake] Call for adoption for draft-selander-lake-edhoc - respond by June 22



Hannes,



There is one quite prominent counter example of “IoT actually re-using protocols”:

Amazon IoT. The MQTT/TLS protocols can be supported on our device platform ” using standard components such as mbedTLS.



Disregarding battery life this works fine:

This particular stack does not work very well for battery powered devices in high latency power save modes or conditions with marginal signal strengths.





Best

Peter





From: Lake <lake-bounces@ietf.org<mailto:lake-bounces@ietf.org>> On Behalf Of Hannes Tschofenig
Sent: den 24 juni 2020 12:51
To: Karthik Bhargavan <karthikeyan.bhargavan@inria.fr<mailto:karthikeyan.bhargavan@inria.fr>>; Rene Struik <rstruik.ext@gmail.com<mailto:rstruik.ext@gmail.com>>
Cc: lake@ietf.org<mailto:lake@ietf.org>
Subject: Re: [Lake] Call for adoption for draft-selander-lake-edhoc - respond by June 22



<rant start>



I would like to point out that it also takes a while to produce high-quality, embedded implementations and to deploy these protocols.



While there was the desire within some part of the IoT community to re-use as much as possible from the available IETF protocol stack, this idea was been forgotten over the years. As a result, a parallel world of specifications was created solely for IoT. In most cases, not even the authors (or the companies they work for) bother to implement and deploy the protocols they are creating.



As this email thread shows there is little incentive for most IETF participants to object to anything. It costs time & energy and only leaves unhappy people behind. Nobody wants that. Area directors are not of much help either because they want to get re-elected. Hence, some of them have actually helped to create the situation we are currently in. On the positive side, most of you will move on after finishing your current research project and so you do not have to deal with the collateral damage.



<rant end>



From: Lake <lake-bounces@ietf.org<mailto:lake-bounces@ietf.org>> On Behalf Of Karthik Bhargavan
Sent: Wednesday, June 24, 2020 7:22 AM
To: Rene Struik <rstruik.ext@gmail.com<mailto:rstruik.ext@gmail.com>>
Cc: lake@ietf.org<mailto:lake@ietf.org>
Subject: Re: [Lake] Call for adoption for draft-selander-lake-edhoc - respond by June 22



Hi Rene,



I don't think you intended it this way, but your note seemed to suggest that support for another twist of a protocol by academia is motivated by, at least partially, "because it is a nice academic paper generator"...



Quite the contrary. Perhaps my email was unclear, but we usually prefer to have a few stable protocols that we can analyze with multiple subtly different models over several years.



Analyzing an IETF protocol standard takes a lot of time, and is largely a thankless task. Most of my colleagues could write 3 papers in the time it takes them to fully specify a single protocol standard.

This is certainly not an efficient paper generator. We do it, like all of you, because we think it is important for the Internet community.



My main point is that if we want similar levels of assurance for EDHOC that we obtained for TLS 1.3, we need to budget some time for this, and cannot rush towards standardization.

Of course, the WG may decide that LAKE does not need the same level of rigor as TLS 1.3, which would be unfortunate.



Best,

Karthik





                                Anyway, my two cents: let’s not forget the time needed for formal analysis before deploying a protocol on a billion devices.

I would encourage everyone to look beyond one's own niche and consider wider scale ramifications and considerations as well.

There is still lots of new stuff to work on or to dream up, rather than analyzing things people write up in internet drafts... {I hope you agree -- if not, contact me and we can discuss some topic areas to consider and that I would love to spend time on if having sufficient time for this}


Best regards, Rene

On 2020-06-23 2:23 p.m., Karthik Bhargavan wrote:

Hello all.

I don’t have a strong personal opinion on this adoption call.

However, whichever protocol the working group chooses to work on, it is important that we leave sufficient time for multiple comprehensive security analyses,
including both symbolic analyses and cryptographic proofs that cover all corners of the protocol.

I cannot speak for all my academic colleagues, but in general, we prefer to work on a single stable protocol that we know will have a high impact.
Historically, this has meant TLS, which is why there are dozens of papers covering every aspect of TLS under multiple security models.
These analyses don’t just covert the cryptographic code, they also account for non-core features like negotiation and resumption.
My sense is that it will probably be easy to adapt many of these results to apply to cTLS, but this still needs to be done.
But we also need to make sure we get similar levels of assurance for EDHOC, and we are only at the early stages of this analysis.

In my team, we are planning to build a comprehensive analysis of both cTLS and LAKE using F* and this will take some time.
I see there are other efforts on analysing EDHOC using Tamarin, which is great, and I don’t know if some team is planning a cryptographic proof of the protocol.
Anyway, my two cents: let’s not forget the time needed for formal analysis before deploying a protocol on a billion devices.

Best,
-Karthik

On 23 Jun 2020, at 10:11, Göran Selander <goran.selander=40ericsson.com@dmarc.ietf.org<mailto:goran.selander=40ericsson.com@dmarc.ietf.org>> wrote:

Some reflections on the responses to the adoption call.

LAKE is about designing an AKE for OSCORE.

We have heard from of the order of 10 people from different organisations who have worked with OSCORE implementations and some also with EDHOC, and they all support the adoption of EDHOC.

We have heard a number of statements from people or organisations who are documented against OSCORE, because it is competing with solutions they are promoting or for some other reason.  In deciding about what draft to base the AKE for OSCORE, how should we weigh the advice from people/organisations who do not want OSCORE to be deployed at all?  For all I know, they could promote an AKE which is not at all suitable for the purpose.

We have not heard a single witness from someone who actually have tested OSCORE with cTLS, let alone testing with good performance, despite cTLS has been around for 15 months.  There is a good reason why: no one wants to use that combination.

While in theory it sounds like a good idea to re-use a slimmed TLS handshake, this has been a theory for such a long time that we can now add the lack of proof points to the list of reasons why this is not a good idea.  The burden of proof to demonstrate that cTLS is suitable for OSCORE rests with cTLS.  Yes, we have recently concluded the requirements phase, but the requirements on how to make an AKE for OSCORE has been unchanged for as long as cTLS has existed.

It is also claimed by several that cTLS fulfils the LAKE performance requirements. Yet others make assessments about adoption based on that assumption.  I may have missed it, but I have have not seen any text making plausible, for example, that running a complete handshake messages over CoAP for RPK by reference in (1,1,1) fragments.  Note that this is not just a detail, it is one major reason for "L" in LAKE.  It is my understanding that re-engineering TLS to the point where it meets the LAKE requirements is no longer TLS, neither in terms of analysis nor implementation.

As a summary, I think many of the arguments against adoption are based on assumptions that may be incorrect, or at least, despite the long time this has been debated, for some reason have not been shown.

Göran


On 2020-06-23, 05:45, "Lake on behalf of Sean Turner" <lake-bounces@ietf.org<mailto:lake-bounces@ietf.org> on behalf of sean@sn3rd.com<mailto:sean@sn3rd.com>> wrote:

   I totally get Melinda’s point that in the past we have let the market decide. Here there is already an AKE that is very widely deployed does what is needed. The AKE just needs to be slimmed, everything needs to be slimmed in the constrained space apparently ;}, so I really think we ought to just do the slimming because of the KISS principle. So, I tend think LAKE could use cTLS and call it day.

   spt

On Jun 8, 2020, at 09:54, Mališa Vučinić <malisa.vucinic@inria.fr<mailto:malisa.vucinic@inria.fr>> wrote:

Hi all,

Since we now have a rough consensus on the requirements document, we are proceeding with the selection of the LAKE for OSCORE our working group is chartered to work on. Given:

- the LAKE working group charter,
- a wide community support over an extensive period of time for draft-selander-lake-edhoc,
- adoption of the cTLS draft by the TLS working group where it will be further developed,
- that no other drafts have been submitted for consideration of the LAKE working group,

we are now launching a call for adoption for https://tools.ietf.org/html/draft-selander-lake-edhoc-01<https://urldefense.proofpoint.com/v2/url?u=https-3A__tools.ietf.org_html_draft-2Dselander-2Dlake-2Dedhoc-2D01&d=DwMGaQ&c=fP4tf--1dS0biCFlB0saz0I0kjO5v7-GLPtvShAo4cc&r=ReOhyTHbHxF59rwa6NKLJmWnWtc32YE99Fj4rlHBZBM&m=d3Mmx53LDWYEWoMTH08XP8Cu4vwNl7xEqapJd86MoY4&s=i-HANYX-4HPpyDRjnTigxGmpz3tksgEfYQdodrKNfpo&e=>z3tksgEfYQdodrKNfpo&e=>.

Please reply to this thread whether you support the adoption, and indicate if you are ready to review if this draft becomes a working group document.

The call for adoption ends on June 22nd, 2020.

Your LAKE chairs.
--
Lake mailing list
Lake@ietf.org<mailto:Lake@ietf.org>
https://www.ietf.org/mailman/listinfo/lake<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_lake&d=DwMGaQ&c=fP4tf--1dS0biCFlB0saz0I0kjO5v7-GLPtvShAo4cc&r=ReOhyTHbHxF59rwa6NKLJmWnWtc32YE99Fj4rlHBZBM&m=d3Mmx53LDWYEWoMTH08XP8Cu4vwNl7xEqapJd86MoY4&s=H_Jzab9FgwA_l1j1k-Ec87XO1gOgA9NDw8eG-_NAQ80&e=>

   --
   Lake mailing list
   Lake@ietf.org<mailto:Lake@ietf.org>
   https://www.ietf.org/mailman/listinfo/lake<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_lake&d=DwMGaQ&c=fP4tf--1dS0biCFlB0saz0I0kjO5v7-GLPtvShAo4cc&r=ReOhyTHbHxF59rwa6NKLJmWnWtc32YE99Fj4rlHBZBM&m=d3Mmx53LDWYEWoMTH08XP8Cu4vwNl7xEqapJd86MoY4&s=H_Jzab9FgwA_l1j1k-Ec87XO1gOgA9NDw8eG-_NAQ80&e=>

--
Lake mailing list
Lake@ietf.org<mailto:Lake@ietf.org>
https://www.ietf.org/mailman/listinfo/lake<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_lake&d=DwMGaQ&c=fP4tf--1dS0biCFlB0saz0I0kjO5v7-GLPtvShAo4cc&r=ReOhyTHbHxF59rwa6NKLJmWnWtc32YE99Fj4rlHBZBM&m=d3Mmx53LDWYEWoMTH08XP8Cu4vwNl7xEqapJd86MoY4&s=H_Jzab9FgwA_l1j1k-Ec87XO1gOgA9NDw8eG-_NAQ80&e=>


--
email: rstruik.ext@gmail.com<mailto:rstruik.ext@gmail.com> | Skype: rstruik
cell: +1 (647) 867-5658 | US: +1 (415) 287-3867



IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.