Re: [Lake] checking we're not missing any draft inputs...
Dan Brown <danibrown@blackberry.com> Thu, 04 July 2019 13:54 UTC
Return-Path: <danibrown@blackberry.com>
X-Original-To: lake@ietfa.amsl.com
Delivered-To: lake@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D6E1012037A for <lake@ietfa.amsl.com>; Thu, 4 Jul 2019 06:54:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6AYIJ5m7tv_A for <lake@ietfa.amsl.com>; Thu, 4 Jul 2019 06:54:40 -0700 (PDT)
Received: from smtp-p01.blackberry.com (smtp-p01.blackberry.com [208.65.78.88]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DAAA7120033 for <lake@ietf.org>; Thu, 4 Jul 2019 06:54:39 -0700 (PDT)
Received: from xct102cnc.rim.net ([10.65.161.202]) by mhs212cnc.rim.net with ESMTP/TLS/DHE-RSA-AES256-SHA; 04 Jul 2019 09:54:32 -0400
Received: from XMB116CNC.rim.net ([fe80::45d:f4fe:6277:5d1b]) by XCT102CNC.rim.net ([fe80::2066:5d4f:8c45:af55%17]) with mapi id 14.03.0415.000; Thu, 4 Jul 2019 09:54:32 -0400
From: Dan Brown <danibrown@blackberry.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, "lake@ietf.org" <lake@ietf.org>
Thread-Topic: [Lake] checking we're not missing any draft inputs...
Thread-Index: AQHVMk/tpDKBAp0x+02EBnRogpN4SKa6dhEg
Date: Thu, 04 Jul 2019 13:54:31 +0000
Message-ID: <810C31990B57ED40B2062BA10D43FBF501E02736@XMB116CNC.rim.net>
References: <ca3f2c84-5de7-dc58-dc3d-5d79327054e8@cs.tcd.ie>
In-Reply-To: <ca3f2c84-5de7-dc58-dc3d-5d79327054e8@cs.tcd.ie>
Accept-Language: en-US, en-CA
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [10.65.160.250]
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="2.16.840.1.101.3.4.2.1"; boundary="----=_NextPart_000_0008_01D5324E.79360940"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/lake/HjCXjNbrGx1uHUxjVRUt8CUIxJA>
Subject: Re: [Lake] checking we're not missing any draft inputs...
X-BeenThere: lake@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Lightweight Authenticated Key Exchange <lake.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lake>, <mailto:lake-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lake/>
List-Post: <mailto:lake@ietf.org>
List-Help: <mailto:lake-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lake>, <mailto:lake-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Jul 2019 13:54:43 -0000
Hi, Perhaps ECMQV might be part of solution meeting of the LAKE goals (less bits sent, less time spent). I would guess that ECMQV could also meet the other LAKE goals (specific formatting, code re-use, etc.), for the reasons below. For code re-use, ECMQV, compared to ECDH, just needs a few extra bit ops, and to access the EC point addition operation, which is often quite do-able (e.g. EC signature verify often needs EC point add). For formatting, ECMQV sends the same type of data as ephemeral ECDH, and also has static EC certs (much like signing keys), so it seems that formatting with ECQMV should not have any extra cost. Recall that ECMQV aims to have the same effect signed ephemeral ECDH, but without the cost of signature (and without the undeniability of signatures). So, in theory, ECMQV has potentially smaller code size than ECDH + signature, since the signature code can be dropped (though sig verify might be needed for the PKI part of the system). * * * Perhaps out of LAKE scope (more towards lightweight PKI): There's also a tech called ECQV implicit certificate, which saves the cost of signature in a cert (not in an AKE). I raise this because an AKE often has to interface with some kind of PKI. Also in the ECQV, the public key is reconstructed from the cet, and the calculation to do this can be merged with the key agreement calculation for potential extra time savings. Best regards, Dan Brown BlackBerry, Security in Motion +1 (289) 261-4157 > -----Original Message----- > From: Lake <lake-bounces@ietf.org> On Behalf Of Stephen Farrell > Sent: Thursday, July 4, 2019 6:05 AM > To: lake@ietf.org > Subject: [Lake] checking we're not missing any draft inputs... > > > Hiya, > > Yoav and I should have a draft agenda for the lake BoF to post here shortly > and we already have a set of I-Ds as inputs for that and folks who are > willing > to present. > > However, I just wanted to check that there aren't any other possible > solutions or drafts lurking out there of which we're not aware. > > So, if there's a relevant draft that's not mentioned at [1] or the obvious > links > from [1], please post to the list before next Tuesday (the I-D cutoff is > Monday) saying why you think we ought include that draft in the BoF > discussions. > > I'm not expecting new inputs btw, so this is really just to check. > > Thanks, > S. > > [1] https://trac.tools.ietf.org/bof/trac/wiki#LAKE >
- [Lake] checking we're not missing any draft input… Stephen Farrell
- Re: [Lake] checking we're not missing any draft i… Dan Brown
- Re: [Lake] checking we're not missing any draft i… Stephen Farrell