[Lake] FW: 1 week 2nd WGLC on requirements and scoping text

Göran Selander <goran.selander@ericsson.com> Tue, 02 June 2020 07:15 UTC

Return-Path: <goran.selander@ericsson.com>
X-Original-To: lake@ietfa.amsl.com
Delivered-To: lake@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CFFF93A0878 for <lake@ietfa.amsl.com>; Tue, 2 Jun 2020 00:15:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.101
X-Spam-Level:
X-Spam-Status: No, score=-2.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bz4IWF9umc1E for <lake@ietfa.amsl.com>; Tue, 2 Jun 2020 00:15:30 -0700 (PDT)
Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-eopbgr60059.outbound.protection.outlook.com [40.107.6.59]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3409D3A0870 for <lake@ietf.org>; Tue, 2 Jun 2020 00:15:30 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=cfCMTB+j9G2gPxd1zVISonvl04gGw7+yD55voVxcans5HDdnC5Vx0Sy8WH9IjxQ88+D9MpT3GbGZF9N+TMetQydog0FHGKdibSfDoTfzojqmhlcw00ihF9pcPcVx8m551NsAhqOPxQAjYed0wzStx0X6jYXw3KKo7GhKEgoC7r8ssoST8knSZbHMquGU2fqcADs1MITdqtptHQ842DBMKnGjMK3OG76l2tET+smrbm4ZmEIp4n5fJJDrQkAyRjxZoWB4uUiTnkORHNgYGLxkks63p8EBMxStwuwj5hbRx1T5xUAthKSCFrCxvpZt43S8208cIFiPAZHI0Oj10fAK0Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=RfGioYPT6M8OQkZEKhEo462NcBze+hAgpBtz8PGVQ20=; b=LUnk/KZU/tGZoJjAQQBHJ/qmPxKeX75/7vCb8rjU81DSUax5TNLQ/E4A+A8JtnDe0YgD74ptj1v4IpjgD4Erc/Ul/nSedlEkZAUg3qxhtvjjR+BOgHKyneCZY0koKxF0kYshAdbvj3hXB1zif1iJFU42SeWCsMmu+BPMPgqbbbLH0ninkgDdXHAt6ccL4KygwV+/AlejStGzOq6WlktcrLtVhto7TPpMDWoNvjeL9PXlM7ydK0FC4evwxunUmS4RmXZSQHnddVk6mhj3PphLoGUuQpiW4aIKeGgGy99BVlWbPrTNnwjKA/osj75qwn2ir4vq1jq1XjyGOp2zfI054A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=RfGioYPT6M8OQkZEKhEo462NcBze+hAgpBtz8PGVQ20=; b=K8P5l5JYphfGsg5SntaVb92ORwixkgIbPpfbu81AMKnPmcnPBtD18vs/AN41GwzblgeXzD8fsVYp0v1LNqyPdWAQuXENcpnhVRhiEvdYyWQt29yIuNCbzu5c46HBoEHuepkZ3hccggyxhcjmBV+DykK6+QQn+Mj3cd0hYpe6+wc=
Received: from AM7PR07MB6945.eurprd07.prod.outlook.com (2603:10a6:20b:1bf::11) by AM7PR07MB6359.eurprd07.prod.outlook.com (2603:10a6:20b:139::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3066.8; Tue, 2 Jun 2020 07:15:27 +0000
Received: from AM7PR07MB6945.eurprd07.prod.outlook.com ([fe80::55ba:3006:67fc:f931]) by AM7PR07MB6945.eurprd07.prod.outlook.com ([fe80::55ba:3006:67fc:f931%7]) with mapi id 15.20.3066.017; Tue, 2 Jun 2020 07:15:27 +0000
From: =?utf-8?B?R8O2cmFuIFNlbGFuZGVy?= <goran.selander@ericsson.com>
To: Eric Rescorla <ekr@rtfm.com>, Stephen Farrell <stephen.farrell@cs.tcd.ie>, "lake@ietf.org" <lake@ietf.org>
Thread-Topic: [Lake] 1 week 2nd WGLC on requirements and scoping text
Thread-Index: AQHWMg9uMV+gY2/qvkeRxlvFCW+VBajEk1yAgACFOoA=
Date: Tue, 2 Jun 2020 07:15:27 +0000
Message-ID: <47998971-8781-46E2-930E-21C2A774FA18@ericsson.com>
References: <3ca570db-8509-04cf-1878-291b28e00842@cs.tcd.ie> <CABcZeBMTQQkcXj+vpRZkZc1ZCpK+LfL_hG7-W2gNk+OFr-Q5Vw@mail.gmail.com>
In-Reply-To: <CABcZeBMTQQkcXj+vpRZkZc1ZCpK+LfL_hG7-W2gNk+OFr-Q5Vw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.37.20051002
authentication-results: rtfm.com; dkim=none (message not signed) header.d=none;rtfm.com; dmarc=none action=none header.from=ericsson.com;
x-originating-ip: [213.89.246.8]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 9461c3c8-81c2-4daf-97c3-08d806c4ba08
x-ms-traffictypediagnostic: AM7PR07MB6359:
x-microsoft-antispam-prvs: <AM7PR07MB635965F0A346DA453263ED2DF48B0@AM7PR07MB6359.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0422860ED4
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 9ur0FNKssFzdakPQym+PUHEj+ppzdCfcoIY77Dug4LqWu9CiAi0QxKDUZq3iyKYFA4LTDGzqXYDeVxto1/ix1oPtbcyOqogaH876uV6LznjatASXTss2aWHaHB56+4Dk0kfr7D1cx17NtuUx3u4kOtWFJaqluQlnVb/Cyee2G1PKSJIdQ+8LBE9+S5qo0rUAmF3eps03G7Gbb9U4Zr6VZnUY0x3/mqjm7b4/GGQHDVyoTP6+7N8/Nj4/er4yvePX9k7gcsMzBLFjGH2kcUg1tSqCSuFDfjPdYpXQgrrNkQwSnpALcvrMWANPcSlq/2SuvXFUYVliSVYzJxZA5P/273SwhfZQ1OYQhh9Bp2yFWf4K8Hq6F1NLy1WuNdwhIPOa+DUNiPVZ+O7VFdM3UMZ56A==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM7PR07MB6945.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(396003)(366004)(39860400002)(376002)(346002)(136003)(2616005)(53546011)(6506007)(186003)(2906002)(26005)(33656002)(6486002)(5660300002)(8676002)(478600001)(966005)(110136005)(316002)(8936002)(166002)(66574014)(83380400001)(6512007)(99936003)(85202003)(71200400001)(64756008)(66616009)(86362001)(66446008)(76116006)(66556008)(36756003)(66946007)(91956017)(66476007)(85182001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: E3CQ3RjRqZBI/fGr+J8Vf6olW+kLNlz9oofsHl0oGcWpLz11i9kVv2xfl5FOjqTG5BoEtqDViuuLO1afmiJ0RP38jjeP2jfTw7Vd2xrU78PGzfE+IqgdJ2FRd9hhacRuM8XI0Fs1KA3MChL7piX3Z2n6aad35mKGlxRYKCk2945o3gk/FXz5Bi2F4fJXpjKx4G1+YVaw1hIC09G2ovVawvd/4iJmz8DlOpwhzognEbZ6YSJ4GA0/2vCr0JTpX+srkwyyHU5fueZlulvkp4ALyzIBaIHS9CAaL1NdaI7Ncszagxto+5qk9QZmxIsI0vtzQwbUtn8x5G2fyjtnRYAOWgwwKwTRa4AdMJF+tBX++BsiohjWBLCOJ7EuvQygVavkW3YF9dV5epNQhhVqZqYt+xj/+othHx4P7BlzlD6yLMq2a62sm5cOlKJ5glIBIBY9ufB6lwhJzqZRjQGimurGdRsjE9C14e1uU5F7Gq/oPfE=
x-ms-exchange-transport-forked: True
Content-Type: multipart/mixed; boundary="_004_47998971878146E2930E21C2A774FA18ericssoncom_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 9461c3c8-81c2-4daf-97c3-08d806c4ba08
X-MS-Exchange-CrossTenant-originalarrivaltime: 02 Jun 2020 07:15:27.6471 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: IIbuEEDLCf52AC9RyIN06EzMPilmWAgjdOAyj6euGKwEheE61TCmfdHfKRdLxC6CuM8qsvjW9dA/TK55kZPvrFWB9i8nE+ZEKhL0M6zklKE=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM7PR07MB6359
Archived-At: <https://mailarchive.ietf.org/arch/msg/lake/HgEeZRGFRQWkDZagXmbfrDsa5UE>
Subject: [Lake] FW: 1 week 2nd WGLC on requirements and scoping text
X-BeenThere: lake@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Lightweight Authenticated Key Exchange <lake.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lake>, <mailto:lake-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lake/>
List-Post: <mailto:lake@ietf.org>
List-Help: <mailto:lake-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lake>, <mailto:lake-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Jun 2020 07:15:33 -0000


From: Lake <lake-bounces@ietf.org> on behalf of Eric Rescorla <ekr@rtfm.com>
Date: Tuesday, 2 June 2020 at 03:19
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Cc: "lake@ietf.org" <lake@ietf.org>
Subject: Re: [Lake] 1 week 2nd WGLC on requirements and scoping text



On Sun, May 24, 2020 at 2:08 PM Stephen Farrell <stephen.farrell@cs.tcd.ie<mailto:stephen.farrell@cs.tcd.ie>> wrote:

Hi all,

First: my apologies for taking so long on this. (I got
sidetracked by an unexpected project.)

ISTM we have pretty good, if rough, consensus on enough of
the text to proceed, but with one important part that needs
checking. (See below.)

I'd like to start a 1 week 2nd WGLC with the main focus
being to establish whether we have rough consensus on the
scoping text below. (Which can be see in context at [2].)
That text was the main outcome of our virtual meeting last
month.

So, please send mail to the list saying if you are happy
enough to proceed on this basis. If you are not, then I'd
appreciate if you could suggest alternate text with as
few changes as possible.

This 2nd WGLC closes on June 1st. If I see rough
consensus to proceed at that point, I'll plan to start a
call for adoption for the edhoc draft. If not, we'll have
to discuss how to proceed with our AD, as I think that
would mean that the WG is very badly stuck.

The scoping text added was:

   As illustrated above, the setting is much more diverse
   in terms of credentials and trust anchors than that of
   the unconstrained web.  In order to deliver a timely
   result, there is a need to initially focus on what is
   considered most important at the time of writing: RPK
   (by reference and value) and certificate by reference.
   Information about validity of a certificate may be
   omitted from the AKE if available over unconstrained
   links.  The case of transporting certificate validation
   information over the AKE may be specified in the initial
   phase if there is a lightweight solution that matches
   existing standards and tools.

   A subsequent extension beyond the initial focus may be
   inevitable to maintain a homogenous deployment without
   having to implement a mix of AKE protocols, for example,
   to support the migration path described above.  The AKE
   needs to make clear the scope of cases analysed in the
   initial phase, and that a new analysis is required for
   additional cases.

Stephen

It's not clear how to read this in the context of other parts of
the document, for instance: https://tools.ietf.org/html/draft-ietf-lake-reqs-03#section-2.2
which says:


   In order to allow for these different schemes, the AKE must support

   PSK- (shared between two nodes), RPK- and certificate-based

   authentication.  These are also the schemes for which CoAP is

   designed (see Section 9 of [RFC7252]<https://tools.ietf.org/html/rfc7252#section-9>)9>).

How is one supposed to interpret this text?




[GS] Since OSCORE is an extension to CoAP it is expected to support the schemes for which CoAP is designed. But in the discussion following the virtual IETF 107 LAKE WG meeting we restricted the initial focus, leading to the addition of section 2.2.1 and the following text in the paragraph after the one you quoted:

”In order to provide a clear initial effort, Section 2.2.1<https://www.ietf.org/id/draft-ietf-lake-reqs-03.html#initial-focus> lists a set of credential types of immediate relevance; the mechanism for selecting credential scheme is presumed to enable future extensibility if needed.”

The ability to extend beyond the initial focus is also repeated in the text from Section 2.2.1 which Stephen quoted in his mail:

”A subsequent extension beyond the initial focus may be inevitable to maintain a homogenous deployment without having to implement a mix of AKE protocols, for example, to support the migration path described above.”

It seems to me that the working group has a sufficient good understanding and support for where to start this work and to allow for extensibility, so I propose we do just that.

We may in parallel make clarifications to the requirements as needed. In fact, I expect we will revisit the requirements throughout the work as more insights are gained, potential inconsistencies discovered, etc., but that should not stop us from moving the work forward now.

Göran


-Ekr


Thanks,
Stephen.

[1] https://tools.ietf.org/html/draft-ietf-lake-reqs-03
[2] https://tools.ietf.org/html/draft-ietf-lake-reqs-03#section-2.2.1

--
Lake mailing list
Lake@ietf.org<mailto:Lake@ietf.org>
https://www.ietf.org/mailman/listinfo/lake