[Lake] Re: I-D Action: draft-ietf-lake-edhoc-psk-03.txt
"elsa.lopez-perez@inria.fr" <elsa.lopez-perez@inria.fr> Mon, 10 March 2025 15:25 UTC
Return-Path: <elsa.lopez-perez@inria.fr>
X-Original-To: lake@mail2.ietf.org
Delivered-To: lake@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 8B8D199CEC9 for <lake@mail2.ietf.org>; Mon, 10 Mar 2025 08:25:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -4.384
X-Spam-Level:
X-Spam-Status: No, score=-4.384 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, T_SPF_TEMPERROR=0.01] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (1024-bit key) header.d=inria.fr
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oxGEKrTPpI9u for <lake@mail2.ietf.org>; Mon, 10 Mar 2025 08:25:47 -0700 (PDT)
Received: from mail3-relais-sop.national.inria.fr (mail3-relais-sop.national.inria.fr [192.134.164.104]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id AA86199CEC2 for <lake@ietf.org>; Mon, 10 Mar 2025 08:25:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=inria.fr; s=dc; h=from:to:subject:date:message-id:references:in-reply-to: mime-version; bh=khhY0TIhsFIqAZd2Fddm1h7soWroh7gAAaRRCuzV2LA=; b=KfiAYRHVIWfyU/j8mNsjWxM7xynVj0VI5ETDLIxIJtGbftVUSK86/Tb2 kBC1oCAQvOZqNwLapKsDr9PzYcYC+nOcZZaBWsAACIEsgE9SCZAu7R2wQ 0zBAyDJqxHTcXA5PrYChL5tmA0XgiDEIvuJev7pQBaZiPuwFyK7U8fj9z Y=;
Authentication-Results: mail3-relais-sop.national.inria.fr; dkim=none (message not signed) header.i=none; spf=SoftFail smtp.mailfrom=elsa.lopez-perez@inria.fr; dmarc=fail (p=none dis=none) d=inria.fr
X-IronPort-AV: E=Sophos;i="6.14,236,1736809200"; d="scan'208,217";a="111165961"
Received: from unknown (HELO AS8PR08MB9600.eurprd08.prod.outlook.com) ([40.99.208.197]) by mail3-relais-sop.national.inria.fr with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 10 Mar 2025 16:25:46 +0100
From: "elsa.lopez-perez@inria.fr" <elsa.lopez-perez@inria.fr>
To: GABRIEL LOPEZ MILLAN <gabilm@um.es>, "lake@ietf.org" <lake@ietf.org>
Thread-Topic: [Lake] Re: I-D Action: draft-ietf-lake-edhoc-psk-03.txt
Thread-Index: AQHbj3HSOlVUK6XKlkinzn3r1c/4kbNsgEX7
X-MS-Exchange-MessageSentRepresentingType: 1
Date: Mon, 10 Mar 2025 15:25:44 +0000
Message-ID: <AS8PR08MB9600833F5D9D16FCBEB64395AAD62@AS8PR08MB9600.eurprd08.prod.outlook.com>
References: <174083756785.99372.1434952046745592229@dt-datatracker-5dd67b77bb-4k4zh> <8210AFA4-B4A6-4B67-8F1E-770E6899E72B@um.es>
In-Reply-To: <8210AFA4-B4A6-4B67-8F1E-770E6899E72B@um.es>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-Exchange-Organization-SCL: -1
X-MS-TNEF-Correlator:
X-MS-Exchange-Organization-RecordReviewCfmType: 0
msip_labels:
Content-Type: multipart/alternative; boundary="_000_AS8PR08MB9600833F5D9D16FCBEB64395AAD62AS8PR08MB9600eurp_"
MIME-Version: 1.0
Message-ID-Hash: 24UD4CYDEULHPB4ZCVCUWJ4VLW7J4FSD
X-Message-ID-Hash: 24UD4CYDEULHPB4ZCVCUWJ4VLW7J4FSD
X-MailFrom: elsa.lopez-perez@inria.fr
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [Lake] Re: I-D Action: draft-ietf-lake-edhoc-psk-03.txt
List-Id: Lightweight Authenticated Key Exchange <lake.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/lake/Fjvys0sen9JG3iYlH91l1aT0rjk>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lake>
List-Help: <mailto:lake-request@ietf.org?subject=help>
List-Owner: <mailto:lake-owner@ietf.org>
List-Post: <mailto:lake@ietf.org>
List-Subscribe: <mailto:lake-join@ietf.org>
List-Unsubscribe: <mailto:lake-leave@ietf.org>
Hello Gabriel, I corrected some of the things you mentioned. Shouldn't the names of the PRK_* be updated to the PSK workflow? I mean PRK_3e2m should be renamed as PRK_3e, and PRK_4e3m should be renamed as PRK4e Regarding the indexes of the PRK, we have been discussing if we should change the names or not, since there is no MAC being used. However, as it is right now, this draft specifies the differences with respect to RFC9528, and by changing the names, we would need to redefine all the keys, i.e., write it as an independent document (which is indeed an option and something to be discussed during the IETF). where do the “resumption_psk_length” and “id_cred_psk_length” values from come from? from the “external” PSK? So, they should have enough length to avoid collisions. Rafa commented the following: the rID_CRED_PSK should have "enough" length to reduce the probability of a collision but the drawback is that we may want to have a really short rID_CRED_PSK Another option for this would be that the Responder chooses the new ID_CRED_PSK and include this in message_4. If the new ID_CRED_PSK is sent in message_4 , this also can signal that resumption PSK must be generated. Best, Elsa ________________________________ From: GABRIEL LOPEZ MILLAN <gabilm@um.es> Sent: Friday, March 7, 2025 4:01 PM To: lake@ietf.org <lake@ietf.org> Cc: GABRIEL LOPEZ MILLAN <gabilm@um.es> Subject: [Lake] Re: I-D Action: draft-ietf-lake-edhoc-psk-03.txt Hi. Just a few comments about the edhoc-psk-03 drafts …. 1. Introduction s/nodes nodes/nodes "EDHOC with PSK authentication benefits systems where .." --> Does suit the term "systems" in this senteces? Shouldn't be better to talk about uses cases? In fact, the next paragraph begins with "Another key use case...". "In this case, the PSK is provisioned after the establishment of a previous EDHOC session by using EDHOC_Exporter (resumption PSK)." --> What is the meaning of "(resumption PSK)" here, Does it means that this paragraph describes the concept of resumption? or just points out that this PSK is the resumption PSK"? in this case I suggest: "In this case, the PSK (resumption PSK) is provisioned after the establishment of a previous EDHOC session by using EDHOC_Exporter. 3. Protocol s/a COSE_Key compatible authentication credential that contains the PSK/a COSE_Key compatible authentication credential that contains the external or resumption PSK 4. Key Derivation Shouldn't the names of the PRK_* be updated to the PSK workflow? I mean PRK_3e2m should be renamed as PRK_3e, and PRK_4e3m should be renamed as PRK4e Probably the whole key derivation process description should be included here. 6.2 s/foruth/fourth 6.5 s/that that/that s/The EDHOC protocol complies with this NIST requirement/The EDHOC-PSK protocol complies with this NIST requirement. 7 The resumption process implies a new EDHOC-(resumption)PSK exchange. Although obvious, It should be mentioned in the text. where do the “resumption_psk_length” and “id_cred_psk_length” values from come from? from the “external” PSK? 7.1 s/Implmentations/Implementations Have a nice weekend. Best regards, Gabi. El 1 mar 2025, a las 14:59, internet-drafts@ietf.org<mailto:internet-drafts@ietf.org> escribió: Internet-Draft draft-ietf-lake-edhoc-psk-03.txt is now available. It is a work item of the Lightweight Authenticated Key Exchange (LAKE) WG of the IETF. Title: EDHOC Authenticated with Pre-Shred Keys (PSK) Authors: Elsa Lopez-Perez Göran Selander John Preuß Mattsson Rafael Marin-Lopez Name: draft-ietf-lake-edhoc-psk-03.txt Pages: 17 Dates: 2025-03-01 Abstract: This document specifies a Pre-Shared Key (PSK) authentication method for the Ephemeral Diffie-Hellman Over COSE (EDHOC) key exchange protocol. The PSK method enhances computational efficiency while providing mutual authentication, ephemeral key exchange, identity protection, and quantum resistance. It is particularly suited for systems where nodes share a PSK provided out-of-band (external PSK) and enables efficient session resumption with less computational overhead when the PSK is provided from a previous EDHOC session (resumption PSK). This document details the PSK method flow, key derivation changes, message formatting, processing, and security considerations. The IETF datatracker status page for this Internet-Draft is: https://urldefense.com/v3/__https://datatracker.ietf.org/doc/draft-ietf-lake-edhoc-psk/__;!!D9dNQwwGXtA!SyHYdZ-gkvWueYwUCUZ6VuzjV4QIf6wL2_w5nKKNgfnxujt9lR2pZh87KMm35PpRZZ7XCt7DSmpjQvJ1S6L9uQ$ There is also an HTML version available at: https://urldefense.com/v3/__https://www.ietf.org/archive/id/draft-ietf-lake-edhoc-psk-03.html__;!!D9dNQwwGXtA!SyHYdZ-gkvWueYwUCUZ6VuzjV4QIf6wL2_w5nKKNgfnxujt9lR2pZh87KMm35PpRZZ7XCt7DSmpjQvKZ1D4BgQ$ A diff from the previous version is available at: https://urldefense.com/v3/__https://author-tools.ietf.org/iddiff?url2=draft-ietf-lake-edhoc-psk-03__;!!D9dNQwwGXtA!SyHYdZ-gkvWueYwUCUZ6VuzjV4QIf6wL2_w5nKKNgfnxujt9lR2pZh87KMm35PpRZZ7XCt7DSmpjQvIW-Mvjfg$ Internet-Drafts are also available by rsync at: rsync.ietf.org<http://rsync.ietf.org>::internet-drafts -- Lake mailing list -- lake@ietf.org<mailto:lake@ietf.org> To unsubscribe send an email to lake-leave@ietf.org<mailto:lake-leave@ietf.org> ----------------------------------------------------------- Gabriel López Millán Departamento de Ingeniería de la Información y las Comunicaciones University of Murcia Spain Tel: +34 868888504 Fax: +34 868884151 email: gabilm@um.es<mailto:gabilm@um.es>
- [Lake] I-D Action: draft-ietf-lake-edhoc-psk-03.t… internet-drafts
- [Lake] Re: I-D Action: draft-ietf-lake-edhoc-psk-… GABRIEL LOPEZ MILLAN
- [Lake] Re: I-D Action: draft-ietf-lake-edhoc-psk-… elsa.lopez-perez@inria.fr