Re: [Lake] Zaheduzzaman Sarker's No Objection on draft-ietf-lake-edhoc-20: (with COMMENT)
Göran Selander <goran.selander@ericsson.com> Fri, 25 August 2023 08:12 UTC
Return-Path: <goran.selander@ericsson.com>
X-Original-To: lake@ietfa.amsl.com
Delivered-To: lake@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5EB32C14CE54; Fri, 25 Aug 2023 01:12:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.109
X-Spam-Level:
X-Spam-Status: No, score=-7.109 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mEB4BNblle4U; Fri, 25 Aug 2023 01:12:47 -0700 (PDT)
Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05on2083.outbound.protection.outlook.com [40.107.20.83]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BEF84C14CE4D; Fri, 25 Aug 2023 01:12:46 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Fc24Q/DviO5qXs9UV7rktQHqYiwAu4na5MnFSmk3W6tLDHdAoqWfqxENJ8UFHddhAj33TTcGS02rXh0sIgH1Zr+oK3VHdu7iyr7fdZf4u//prBmB1yMfpyfuMmZFk5glGtFaQBYTn8kAUIxSNMb7NL1YgXh/tDRRVZnl3vEuPEnY3KCfSKOLQbd0hyK5I7DMDEnBzBb0tko9Nn8HJIUd8yFe2sEk+crKRpFFtyjFBgd6WhC7wNO8L2nr0wdLPu/J1n2nbHPtXXMKoyZ+h4/6nlUDuyQcCA0vzCsyo62KkaMYI64qR/E6U/hO36zPcM8/Jk/wrF9bZ+8UppGr2XdLGg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=0JijPU+LI8YL/U0pmgpKxWKVW4yRO692Wlu8zbxRdF8=; b=fchVR6g1kO54RWwHXJgvR4sgwyhIIiVXPxhUbrQGffyI6Azp8ohsCLDrv7b6Ruci/cCug3gWFBSKKz9AmdEXowQ8dN4oitAqatnVdw9Hkce+n8hjrUGbqZBZNl1ZCq9nwqE/lRO+bbswxnLiFnDJH4SrHDV+IQ8XdGKUytK7eoCW5phMEJt0lfwdOvr8SeRT9X5tq6oaS33Nwir3th11gDPtypa7fpfhf6RHmp+V/TCWBbdRXbT7RdplJ6e7szT6iMDMxcy5CMYZ21risaTMAu5lGlVpdVEPVtQ0fs6R8wNfJKoNPOQRpJmGAhOOwUsIICLgFYUpGWYRQLTG2DPu8Q==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=0JijPU+LI8YL/U0pmgpKxWKVW4yRO692Wlu8zbxRdF8=; b=BQBcv3Do5P4s/3sSZShbcKvl+TW3GN8j6upcw1WqImrzmMpEhlmc18MjOPfP4BAtzbgtMlj3JdK1DLd/00tQ7OuQsczqf4D5e6FNLbwKuDJOPqJVWYIrNAwK/y51cqjgVfySMkupmUIaGGPJoNLlOlKf4ZM9PpOggurq1zsfnPo=
Received: from PAXPR07MB8844.eurprd07.prod.outlook.com (2603:10a6:102:24a::19) by DBAPR07MB7016.eurprd07.prod.outlook.com (2603:10a6:10:198::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6699.29; Fri, 25 Aug 2023 08:12:43 +0000
Received: from PAXPR07MB8844.eurprd07.prod.outlook.com ([fe80::b794:71e5:df86:cced]) by PAXPR07MB8844.eurprd07.prod.outlook.com ([fe80::b794:71e5:df86:cced%4]) with mapi id 15.20.6699.027; Fri, 25 Aug 2023 08:12:43 +0000
From: Göran Selander <goran.selander@ericsson.com>
To: Zaheduzzaman Sarker <zahed.sarker.ietf@gmail.com>, "lake@ietf.org" <lake@ietf.org>
CC: The IESG <iesg@ietf.org>, "draft-ietf-lake-edhoc@ietf.org" <draft-ietf-lake-edhoc@ietf.org>, "lake-chairs@ietf.org" <lake-chairs@ietf.org>, "malisa.vucinic@inria.fr" <malisa.vucinic@inria.fr>
Thread-Topic: Zaheduzzaman Sarker's No Objection on draft-ietf-lake-edhoc-20: (with COMMENT)
Thread-Index: AQHZ1QddWftZ1niZTEaYExM1fR4Oo6/3+Gz+gAEwHQCAAAiQBIABeebZ
Date: Fri, 25 Aug 2023 08:12:43 +0000
Message-ID: <PAXPR07MB8844D6FEC406380F4E0A0DCBF4E3A@PAXPR07MB8844.eurprd07.prod.outlook.com>
References: <169271555219.5723.8616031040868994897@ietfa.amsl.com> <PAXPR07MB884467F6BD8B342AB46730D3F41CA@PAXPR07MB8844.eurprd07.prod.outlook.com> <CAEh=tcfaABK+d5+kKq62GbOZnKkL2vV_L6chEd9NLkkfj1FSgQ@mail.gmail.com> <PAXPR07MB8844A494FB7FE3868A130F8DF41DA@PAXPR07MB8844.eurprd07.prod.outlook.com>
In-Reply-To: <PAXPR07MB8844A494FB7FE3868A130F8DF41DA@PAXPR07MB8844.eurprd07.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: PAXPR07MB8844:EE_|DBAPR07MB7016:EE_
x-ms-office365-filtering-correlation-id: b661fd1a-0eb3-4459-c633-08dba5430ee2
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: u7diyDmMy8Cky+OlAwpCFbOV22foXVaijpe6Q66WePqRQ3Nmzk4RJKs3kFQCDyD5RroVyl8qdV6c8EEga3/M66XfWmXZn4UuwzPBKy1woAiJHo6JgIWgSAo13oteG5xEHNo8ahNFZUpDo1nqf0TpJPr1LosVde9FYVF28t0kFQd+YJQQKLPMfykf47zEbAzvPTkSLgWauGvjxwVtPNeXHkmnQy4v1g8pZXKfXJjiooIZpyWmj5+sByttVUjVr+Kxft560BCtxb1bxMX+WlZdk8/nzXGgx9C4wHzUIEiGCYvNUGw8dvPGLH2c1pLAMYow8MPolVF4XtLEqrzerjUzpheqczZRcHyabVCim5KxmlmbUVP9hC8rcaU0Rk9y/fbgjEb1wie2YRfLACxjgjAaQBQm8aj8Lxg5H1JTxE817TNwfsv13IXIN/aK7r0Pyw4PatKvQ4gCvPOBIr+PvaxaaKNEyCI/vlJEeHW4O7uybjElP45oqyiHxa/A46Vz/mqYR4y6N6YPSerzLIq5CNLBRvi2Zc7LasxTkGXYtCUy5jHF+FHVCNgeMEseV7h1XCDsVO89i0PE1FohUdsgT8G/FTYzPqrlBlB/PvqN0bfGpdapy9t4rZf81aOyeZycZZrUDer5lOuu8BklhA5NDfUXzywN493xmPLXpD4PicuDTJHNvzzZepQsomauN76oISds
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PAXPR07MB8844.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(366004)(396003)(136003)(346002)(376002)(39860400002)(1800799009)(186009)(451199024)(122000001)(7696005)(82960400001)(71200400001)(53546011)(316002)(6506007)(5660300002)(41300700001)(9686003)(86362001)(66946007)(66556008)(66476007)(76116006)(54906003)(64756008)(110136005)(66446008)(33656002)(26005)(66574015)(55016003)(38070700005)(38100700002)(52536014)(83380400001)(166002)(478600001)(12101799020)(966005)(8676002)(4326008)(2906002)(8936002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: RUvcC5Jl+Dph1TU4A5EDjSqiz6ULJb+rChzDDQyPr5Xr/KFzBZAXW6B5q1sCicq0298cMVpq1NP62COpwmtAZIYRExVhEqLK3WoS8VyB62SI0hsrCU5tfFkzF6kpCQs1wZP6i/CdzwMMv2+nGdbEASW4aorvJep26P2JS+5Qkr/XjicSyqA1qesKolgjibNhiilvrq9PU+tEEnva3hJ/cFsu45Ua7932rtkE6dcg6maWnITm56bF2I1jr/7kInCpB/RmxC3eHti3ZvHYXLuZUro/PYOby4bah7MsAtJJFSP9c3fpkRi3M3wTrNL5UV6z3tPJAJmr2BSdVyq+cVVD0vNigvJGXYOJdssVMizsCiOelk6z5opWlJvCbIgFwkizBh8Flq43+Mj0GRB3uSqmDxCGejuTqwZvKAGfPkidLPryQd0FCHSVwl+WoUWMgFJi/hA3QpOoxMmeUnH56GW+TChkiucJXzlJN8gm0Jq7yVuFSWlmyOJmIJxb5E0C73SuP8ugHMRChogRv8R+hoQxzMDDw6fdRPLphuO69stu1xJ9Pd9/HmD7lecmHC2GR75UpLlTErN9yapA7+7MHTxtXbi/upRpMmLDR5yMm3N9+QNyvOLiQ7GSdBhss8d/TWlNoLWJaAVhauXWa6KNvINB9YKS+SNLWpeRUHWDe6B7wvt/D1qnfW/bLZKH775v2Ya+r5Gamj8smneZQbvVQtBcc6OkxkCqkPUNYmw0gTQdVGkosDL+ttD+eabYy61u6uU9O3yCptTATIFrwcQNDMCSMCRpz2zgW5PrkgJwGwHFFkW+DPwXWiCb+0gUVv9sNtBk7BhVQXjsjrSwbEUoBvJilxk8RQuQBDrDP2W5eevp5nLKtBcs74u/oS/OtxhFFMx7mpJ82zQYrXLkpY71sJd3uqkSEhITlg/f2V5WHv9UGASgGw8W4jF//7Rnu4HgsC2i5ELjsfxoQrdLQKxFio+SBkn2uZ9H0SZI0lmJ8FlU2HG45Kz/7T3d+ckr+I4vidh8t7vnhJC+iopa/T8jzOjby/gOv4enbdfhAA1ajz7T/IolDYk96+gXMXnDpQRuT9F1aC0WHrfs8B5YW6jBWwY+q2/krJzn9ZKXA4Zq1r9SSoErJ/GJos2P2L2vx87T0q+tEYTpCyUjVR0XF3gEXwEmZnuKQqz0t8bSqAj5n2Zicw9ai2XAcgi+jMeMlC82qYKSfBXUH4fhU2eenAwntebUwSqw9m566ivbnmI7edYlw5w6UvZdm+yvEXjoAdSR8iTCBchV/GXWC6pTzob9xtbEZtCVQsfRrAT9rLMfxX2InX8xiZos/oVjTKW3lL1JacNZ9HluYZrHuOu2xpuHWw72jyklJOgmLWiti0MGwUERFSl7+ayEszt8jhOjfXYzhKwD/0w14+uYnMMUP0e2uIVk6nYGUzHBm/WNm1nWkqu5JykUHNFFsM4pg/b6l635N9sMn7DrXrLHupNz3nYr3EAfoVeUacMmHhcHCbE9MfRyd81agech37VPYeKP+et/9gl7bxEM0gmdOhtiIASww1YI1tNNOioc912PtdAXY7zOk6FwslOClPptW3J6rj14VAXNnvFbLF/w4jEW76lIaxq+ZJLBZKQjE7Q8ai1S//R5yQg=
Content-Type: multipart/alternative; boundary="_000_PAXPR07MB8844D6FEC406380F4E0A0DCBF4E3APAXPR07MB8844eurp_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: PAXPR07MB8844.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: b661fd1a-0eb3-4459-c633-08dba5430ee2
X-MS-Exchange-CrossTenant-originalarrivaltime: 25 Aug 2023 08:12:43.3590 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 1fOvstIKFDi7LMKAWn7JL2O7qhEEr4zF1yv3AoHz9xTm1wImGxs/ctZNILAmiJVwLyrbGl4uPDZ4EN8LBMx3nW5eJOke+WHeoPVtwkAc6z4=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DBAPR07MB7016
Archived-At: <https://mailarchive.ietf.org/arch/msg/lake/HsWwAJMg1PcywmJMges98bwQehE>
Subject: Re: [Lake] Zaheduzzaman Sarker's No Objection on draft-ietf-lake-edhoc-20: (with COMMENT)
X-BeenThere: lake@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Lightweight Authenticated Key Exchange <lake.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lake>, <mailto:lake-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lake/>
List-Post: <mailto:lake@ietf.org>
List-Help: <mailto:lake-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lake>, <mailto:lake-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Aug 2023 08:12:51 -0000
Hi Zahed, and all, We made a small PR on top of -21 clarifying the preference for reliable transport: https://github.com/lake-wg/edhoc/pull/434/files Please let us know if this change is preferred and if there is anything missing. Thanks, Göran From: Göran Selander <goran.selander@ericsson.com> Date: Thursday, 24 August 2023 at 13:08 To: Zaheduzzaman Sarker <zahed.sarker.ietf@gmail.com> Cc: The IESG <iesg@ietf.org>, draft-ietf-lake-edhoc@ietf.org <draft-ietf-lake-edhoc@ietf.org>, lake-chairs@ietf.org <lake-chairs@ietf.org>, lake@ietf.org <lake@ietf.org>, malisa.vucinic@inria.fr <malisa.vucinic@inria.fr> Subject: Re: Zaheduzzaman Sarker's No Objection on draft-ietf-lake-edhoc-20: (with COMMENT) Hi Zahed, and all, Thanks for quick response. Inline. From: Zaheduzzaman Sarker <zahed.sarker.ietf@gmail.com> Date: Thursday, 24 August 2023 at 10:59 - I also like section 3.4, however, it is not clear to me if the list provided, is a "must to meet" criteria for any transport or fulfilling any subset of features is good enough. If the later then this specification should describe how the missing criteria should be fulfilled or ignore or describe the impact. [GS] The security protocol does not depend on any of the transport criteria listed in section 3.4. The consequence of the transport producing something else than the next message according to protocol state is that the session will be aborted. OK. The application decides on transport to use and which criteria in the list to fulfil, and thereby what risks it is prepared to take for potential termination of the protocol due to shortcomings of the transport. This is however, still not clear in the text in 3.4. Lets say, for some reasons the application just opens up an UDP socket to send the EDHOC messages, in that case the transport protocol would not be able to provide those listed as expect in the specification - "In order to avoid unnecessary message processing or protocol termination, the transport is responsible to handle", so either the application take cares of all the transport responsibilities or does not select UDP, but there is nothing in the specification that prohibits the application to pick UDP in the socket. This is to me is not a good situation and need clarification. (As I wrote in the my previous comment, the specification seems to prefer reliable transport and may be that should be default ask). [GS] I’m open for guidance here (from IESG, LAKE WG/chairs, or others). Section 3.4 in #429 is intended to explain (may be improved!) that · if you just run UDP then your EDHOC session may be aborted, because the message received is not always the expected next message according to protocol state. · If you add CoAP in reliable mode it should work just fine. · If you don’t use CoAP then you need to use something else that handles the listed transport properties or risk the session unnecessarily being aborted. In A.2 we recommend using CoAP in reliable mode. We could make that recommendation more general. Not sure how to best do that in the context of the existing list. Is your view of the problem with the current text that people may get wrong expectations, or that we allow settings where the EDHOC session sometimes doesn’t complete due to limitations in the transport? Thanks, Göran
- [Lake] Zaheduzzaman Sarker's No Objection on draf… Zaheduzzaman Sarker via Datatracker
- Re: [Lake] Zaheduzzaman Sarker's No Objection on … Göran Selander
- Re: [Lake] Zaheduzzaman Sarker's No Objection on … Zaheduzzaman Sarker
- Re: [Lake] Zaheduzzaman Sarker's No Objection on … Göran Selander
- Re: [Lake] Zaheduzzaman Sarker's No Objection on … Göran Selander
- Re: [Lake] Zaheduzzaman Sarker's No Objection on … Zaheduzzaman Sarker