Re: [Lake] Ways forward on MTI cipher suite text
John Mattsson <john.mattsson@ericsson.com> Sat, 29 January 2022 08:23 UTC
Return-Path: <john.mattsson@ericsson.com>
X-Original-To: lake@ietfa.amsl.com
Delivered-To: lake@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9E0AB3A138C for <lake@ietfa.amsl.com>; Sat, 29 Jan 2022 00:23:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.676
X-Spam-Level:
X-Spam-Status: No, score=-2.676 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.576, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 31-YELV80EQ0 for <lake@ietfa.amsl.com>; Sat, 29 Jan 2022 00:23:37 -0800 (PST)
Received: from EUR04-HE1-obe.outbound.protection.outlook.com (mail-eopbgr70051.outbound.protection.outlook.com [40.107.7.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6EE073A138B for <lake@ietf.org>; Sat, 29 Jan 2022 00:23:37 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=SAIa76dqruVC4jqVoX34citswShf0c8RK3sWTff7OK9plyfhvrQV/kMmYeH7Lp7GbuSAHt06138ihrlacQBHItI1oQdOFhv+aCmX7nAMD0RxokqN0/qrm3zCLU6lptfeH47AjeLaD1fHibWHqH9gx5oyo6/8aO/Q07JUyB+5QleaEYqlcOB8iQWduraSc3InIwuNPZtLGpGig3m9R91X1vCMAaOqsctjWIEk4wmAVdbsWQhnj+kiqwTyAsEF/DajNaSKQ7CFcSlG5aT2ipxD3fD2bhygAaFKWeB8TJKq+khqh0cLwYx+MCrVzlyFcjmmrr2FgdrGe3nZ9pvwm6n/jw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=fQLbvxCEIrf/V2l/yt58ugvMrIv6JyORcT8R/luQz38=; b=d/w7t/7ji52rqOvezhDWTTly1ToX2Qt2LJwXJzwKzPG4OTMejTOCBMvHC13qCArrTigj/kdOnEG+MExhNkY8AREnnvbiqJQDKZMl30hkcVzzydV7n72NJjWmNk4pE/JdI8kcO6ReSftfCzm1RThpPVsEVe/L6npahJO7pKNc44U53/NOTnPs9BUw4/8vEAj2arl0uo1F1cr2m3XoAml16RGAjT4D8xEq2miW+s9d6z0/fZ9MDR6T45FqEKkGlQ5K26ktmilXRdmlXbbktigt55jvEk9Ln/2pKjoxSBbDOZ5cj+++J7Gc3ZcHyem6YHntiz+jbkKV0C4dDQYMuq3Rng==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=fQLbvxCEIrf/V2l/yt58ugvMrIv6JyORcT8R/luQz38=; b=Ymasfltmiz+Vv2OQOhP1qMEfTZUcgcrC1E+PcqRgCczilzQs190YKwJMbZbNJszxE6X+A2/nwTPp4fTS+laoJJ1tRWO3k+V4MgR50gRy1zkfrH2CIVGIqVF78eXUOx/kyJNJmiPRrbMlmS0clYWzLDBCe4YckCw95F2AyCvKmdc=
Received: from HE1PR0701MB3050.eurprd07.prod.outlook.com (2603:10a6:3:4b::8) by AM8PR07MB8169.eurprd07.prod.outlook.com (2603:10a6:20b:320::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4951.5; Sat, 29 Jan 2022 08:23:34 +0000
Received: from HE1PR0701MB3050.eurprd07.prod.outlook.com ([fe80::b462:480e:b937:c62c]) by HE1PR0701MB3050.eurprd07.prod.outlook.com ([fe80::b462:480e:b937:c62c%7]) with mapi id 15.20.4951.007; Sat, 29 Jan 2022 08:23:33 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: "lake@ietf.org" <lake@ietf.org>
Thread-Topic: [Lake] Ways forward on MTI cipher suite text
Thread-Index: AQHYDh+3etYVtTz/9UintzI3aLxfhqxyS9oAgAA9sICAAFVkgIABG7wAgADmgoWAAJcvAIAAA5CAgAAMSgOAACdsAIAAAXOAgADdKYCAAyblnA==
Date: Sat, 29 Jan 2022 08:23:33 +0000
Message-ID: <HE1PR0701MB30502C8685463806EC3B063C89239@HE1PR0701MB3050.eurprd07.prod.outlook.com>
References: <2A2081E4-BAAF-4292-925E-0B683AA6CD23@inria.fr> <24192.1643036826@localhost> <AM4PR0701MB2195208CA41C14108E5CD85AF45E9@AM4PR0701MB2195.eurprd07.prod.outlook.com> <14667.1643068411@localhost> <24988.1643129342@localhost> <HE1PR0701MB3050626ED7924371EC03DADF89209@HE1PR0701MB3050.eurprd07.prod.outlook.com> <27615.1643211310@localhost> <B61298B6-63FA-4CA3-A824-3D7D0E4A00EC@tzi.org> <HE1PR0701MB305061BD2AD2A8053B2EDBD889209@HE1PR0701MB3050.eurprd07.prod.outlook.com> <22578.1643223180@localhost> <644FCD8F-60BD-4A56-92E0-0CE45C2B1F8A@ll.mit.edu> <AM8P193MB0979023CA554A7CBA5AA1ADE83219@AM8P193MB0979.EURP193.PROD.OUTLOOK.COM>
In-Reply-To: <AM8P193MB0979023CA554A7CBA5AA1ADE83219@AM8P193MB0979.EURP193.PROD.OUTLOOK.COM>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 4102fc2d-9c57-4701-e5fe-08d9e300a3e4
x-ms-traffictypediagnostic: AM8PR07MB8169:EE_
x-microsoft-antispam-prvs: <AM8PR07MB81691DCC0FC28A5D4AF249CE89239@AM8PR07MB8169.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: GG5x4BOSxj3XIfbgR9CfwV42n3ZzsBDJ2Lk8aM0vlhoxJ3WW3VV3EpaZyCQWR8nR6QYfxIYJoGPOtn8b0/5nPYwmvzIMLn313tmxDctPdEHHGCUPl2SiIORO972YQdzdPaxfK7vxDpW+HhS12+pIt29I5l0Jq6TugvdrqChuQrkjLttHajqrlGUGAmd5Mh44+xztSqsehMJd3FxtK7x55T5GMC8STTymOcb36ud5BdswKBauT9s1FCDf0tDHYaM8OqMrbvA5ObIcsfGOIINMLqgpeSNOEvf2SncEAVIGjkw6IdaTETDUG4l/vE25QV+JeEOFc4pChu9a12NLbn1RtTO9b4zbl4JTIFsLSBdb5yBMAyi26XoJkh5Qe9vrGXYiwVsRNJQXHBushGCL98IbGMv8k5vcA9Ufem78GY8uXuBe7kk1G+5DlRzFYiBIYS552IVsImRHzMM7kBBKlzTlBpNd92x7ZuDeEsNL/athLxgqT0JhmR5RU8QLSjZ3UdqqVSCqXwCpLcBt3sS0BDKKAiR0/J8ZWWdfAGecMa8YyDd7yimS9Y838ir4ZmG1bSQaTfkWdobcyssYTYu3VQOipJGT1y9EBQrXRS7rquL0dzn2fXdzjp/BUHL27E2DyhGp1GgHLTdkHc30ZxhCE80I/g1zpEDh/lkWgQ8aUu3qCU8Cnjgr308OECFM4Fo7daP1iCHZUgXd3rPl4+YMqp2C/l3Rmd0ZdTOK1NzmVyWNPSgsRMzuOph6pL5qv/ykVWfkbUhsu3SpeNoHv5UiWArt45q+MOdbEN9rqMGlufN6jis=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:HE1PR0701MB3050.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(4636009)(366004)(122000001)(9686003)(6506007)(44832011)(5660300002)(52536014)(64756008)(76116006)(66946007)(38100700002)(8936002)(53546011)(8676002)(7696005)(38070700005)(2906002)(166002)(55016003)(86362001)(82960400001)(66446008)(66556008)(966005)(66574015)(66476007)(83380400001)(91956017)(26005)(6916009)(316002)(508600001)(71200400001)(33656002)(186003)(20210929001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 0NslQoplp7VvbKFfgt/mF6Fmrrh7rGjR/x6XOYelXP09I6/89BMFTsLPQ1ksiu8HXBss7leSfULdW4K43LItnkxZb9C6RyV1zNiFqZmLuOMpBG0cwyeqRwYP4htEe8zWkhRhp+FIqPsdBgz0aZBHEgCMsuKYJKY2NKGD4lf5zSq3YpwPdPD5AHIa/8Qjh1uit+ishkucrBoot952NIH8sW8JOeqdp/JiARaMamg2ygO1jz3u+6c/Cu2ySAWGfWGX8ke2ztfkiSB0HdvGsfEF6WNdTe971g1NkZ1eh/qus8TG4+YTfYyOsQrxPwYRdCZJKsfZOegZJq34KebmaL/Yja0Q8StE3inwnCsgdrMcoOsYHqoWw2ks49QP4P+K+/PfzJs6wIq1/LFMHVMn5izsu/6WUox4hyDh0dbyndlFmJ3BBl007ed5DrH7V4jgw9oWsz+qnWPyPYFb1yhKphujRDs0Qy6kBOU6lRlKxG2BcCnFZg4k4/HMKfJ/XiCTeNA5TUGb5GjxEZ1Q0si7U4kmRrSLOhejfMrrirWb/7ZWZGkX0ld8Iep3thsqnXgE3q7XsuA9kd42UJx6I/8o1HofTycl+hRK7HVLPToSePwR+p/j7qnQBlnfbtUJejxR199Cgchp/81858j1pSoGkri8+7vESZYJ1pux1heg/dw6crPUNnHEZ+r24IleMXGuJlQUwMomE244MwBNbsFuXW3BPLV9J+Re4Oq3XMk3O4QYWze6LT1aUyrG5QJugKJ9afoUWtSadsSvdY+ecYw0MJfx2BX4KDJGT7crO3ArtGdiOHptrYrfOjsKaXoeyjq8JhOo7F5zAofZogkEzfqAd4IzBXx02Ff9KyDHfiYjIcsTnEgniobqjz7dMmlbG2yjJkBjmOfgsy09Hq3V8UXKAKRmLaS5cstU3riuMoI/1KIkGeNlqcb2hqezZ1x8D4IBOtfI/cu1Dr7axIXtF2ZIYHTLfXsUa0iv7At8dYCXSwMEyaeH3UZqDnlw82PxOvgAI4fzxLKtwgUYtUKSegYB8DFNlz2CR9fSLZ7Uno0RIwap7sBqH6T1Ywi/PwRsm4aOej6Wz0avKKf8J8jun70ebgf9Epx7eVFotwF3UpmxCLb3D4t2mgc/6rb2obpZmlO+qinjpsRZ8UZHnqWADTCR5X3erwl6fVAOArxp6U8zVfosV5E9/YEvhcLzrLHBYNKpvd7adG585vibxm/FiV9rw7nig5QLYkw1CKBySKCnpcoT90z6YtMb/yaeQcfbGPB4zrOS7duQDB/sNaIBn+koe+sbbzskvNfcaMXbrueBcyAz4lrUuqU1zWEzj1Vxai1yJ4rqWTCrb/SgRrhdkhSgx3KriBqLAhqMYUANa+AnlkNonqVll/fHR4kETwWOg4iyG9L8EiZeBZci4/UazaE07iwpSsvwVTkX69fIFMQ5GylVD7F9rqGdkPcargudkwHZQVuXbis2ETl0kSVYTvbqz4IobryxPRWDGLycmPW31ZMdekeNNGjQI9mpL/ph8cZ/OPFpn1ScuRhB0SljJZgrnSVZ6LLAEuzypOQIlMvN+XQYryDSZ2XlJvEwx1G8ijIkES4q4aAjvCv2XdrWjIHFx7Oe0hJz8K5w1CdOyr+sL3r2V1plg7cTyhRUwEYB300YEYc+yXJz+CmPH4wmh3GIVC2aAIq87DbOPwrTwB803XhukP8=
Content-Type: multipart/alternative; boundary="_000_HE1PR0701MB30502C8685463806EC3B063C89239HE1PR0701MB3050_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: HE1PR0701MB3050.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 4102fc2d-9c57-4701-e5fe-08d9e300a3e4
X-MS-Exchange-CrossTenant-originalarrivaltime: 29 Jan 2022 08:23:33.6329 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: IRj2hbTZPuwCRNM0T5A8O+9XABVqeRo/bd5VGctELI+lzxzjtGFUuSXKjiOa+6xCuQqTy5DPGSJ4Ju9qnlOfA+BBgi9jOM6vgzVnYVtFVRo=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM8PR07MB8169
Archived-At: <https://mailarchive.ietf.org/arch/msg/lake/HzCD7fFtzPolzCsyrVahr9d20Nw>
Subject: Re: [Lake] Ways forward on MTI cipher suite text
X-BeenThere: lake@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Lightweight Authenticated Key Exchange <lake.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lake>, <mailto:lake-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lake/>
List-Post: <mailto:lake@ietf.org>
List-Help: <mailto:lake-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lake>, <mailto:lake-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 29 Jan 2022 08:23:43 -0000
Note that TLS 1.3 (RFC8446) does not have any mandatory to implement cryptographic algorithms. The Compliance sections (9.1 and 9.2) start with: “In the absence of an application profile standard specifying otherwise:” I think that would be a good formulation for EDHOC as well. Not only for cipher suites but for Section 7 in general. Cheers, John From: Lake <lake-bounces@ietf.org> on behalf of Peter.Blomqvist@sony.com <Peter.Blomqvist@sony.com> Date: Thursday, 27 January 2022 at 09:10 To: lake@ietf.org <lake@ietf.org> Subject: Re: [Lake] Ways forward on MTI cipher suite text Yes, For deployments running TSCH with RPL non-storing mode and link layer security a short MAC would be preferable. Best Peter -----Original Message----- From: Lake <lake-bounces@ietf.org> On Behalf Of Blumenthal, Uri - 0553 - MITLL Sent: den 26 januari 2022 19:58 To: Michael Richardson <mcr+ietf@sandelman.ca>; lake@ietf.org Subject: Re: [Lake] Ways forward on MTI cipher suite text I concur that for real-time traffic shorter MAC should suffice. I'd prefer ECDSA, considering attacks against EdDSA, especially within the IoT realm. TNX -- Regards, Uri There are two ways to design a system. One is to make it so simple there are obviously no deficiencies. The other is to make it so complex there are no obvious deficiencies. - C. A. R. Hoare On 1/26/22, 13:54, "Lake on behalf of Michael Richardson" <lake-bounces@ietf.org on behalf of mcr+ietf@sandelman.ca> wrote: Based upon the discussion in this thread, I don't see a reason to include the longer MAC version. Certainly not as a MTI, maybe not defined *at all* At this point, it's just a question of ECDSA vs EdDSA. I prefer EdDSA going forward, but acknowledge that the current state of hardware acceleration, library support, and provisioning system preferences means that ECDSA is here with us for some time. -- Michael Richardson <mcr+IETF@sandelman.ca> . o O ( IPv6 IøT consulting ) Sandelman Software Works Inc, Ottawa and Worldwide -- Lake mailing list Lake@ietf.org https://www.ietf.org/mailman/listinfo/lake
- [Lake] Ways forward on MTI cipher suite text Mališa Vučinić
- Re: [Lake] Ways forward on MTI cipher suite text Russ Housley
- Re: [Lake] Ways forward on MTI cipher suite text Mališa Vučinić
- Re: [Lake] Ways forward on MTI cipher suite text Russ Housley
- Re: [Lake] Ways forward on MTI cipher suite text Blumenthal, Uri - 0553 - MITLL
- Re: [Lake] Ways forward on MTI cipher suite text Peter.Blomqvist
- Re: [Lake] Ways forward on MTI cipher suite text Marco Tiloca
- Re: [Lake] Ways forward on MTI cipher suite text Göran Selander
- Re: [Lake] Ways forward on MTI cipher suite text John Mattsson
- Re: [Lake] Ways forward on MTI cipher suite text Peter.Blomqvist
- Re: [Lake] Ways forward on MTI cipher suite text Michael Richardson
- Re: [Lake] Ways forward on MTI cipher suite text Göran Selander
- Re: [Lake] Ways forward on MTI cipher suite text Michael Richardson
- Re: [Lake] Ways forward on MTI cipher suite text Stephen Farrell
- Re: [Lake] Ways forward on MTI cipher suite text Carsten Bormann
- Re: [Lake] Ways forward on MTI cipher suite text Stephen Farrell
- Re: [Lake] Ways forward on MTI cipher suite text Ira McDonald
- Re: [Lake] Ways forward on MTI cipher suite text John Mattsson
- Re: [Lake] Ways forward on MTI cipher suite text Göran Selander
- Re: [Lake] Ways forward on MTI cipher suite text Claeys, Timothy
- Re: [Lake] Ways forward on MTI cipher suite text Michael Richardson
- Re: [Lake] Ways forward on MTI cipher suite text Michael Richardson
- Re: [Lake] Ways forward on MTI cipher suite text Michael Richardson
- Re: [Lake] Ways forward on MTI cipher suite text John Mattsson
- Re: [Lake] Ways forward on MTI cipher suite text John Mattsson
- Re: [Lake] Ways forward on MTI cipher suite text Peter.Blomqvist
- Re: [Lake] Ways forward on MTI cipher suite text Blumenthal, Uri - 0553 - MITLL
- Re: [Lake] Ways forward on MTI cipher suite text Michael Richardson
- Re: [Lake] Ways forward on MTI cipher suite text Carsten Bormann
- Re: [Lake] Ways forward on MTI cipher suite text John Mattsson
- Re: [Lake] Ways forward on MTI cipher suite text Michael Richardson
- Re: [Lake] Ways forward on MTI cipher suite text Blumenthal, Uri - 0553 - MITLL
- Re: [Lake] Ways forward on MTI cipher suite text Peter.Blomqvist
- Re: [Lake] Ways forward on MTI cipher suite text John Mattsson
- Re: [Lake] Ways forward on MTI cipher suite text Göran Selander
- Re: [Lake] Ways forward on MTI cipher suite text Stephen Farrell
- Re: [Lake] Ways forward on MTI cipher suite text Mališa Vučinić
- Re: [Lake] Ways forward on MTI cipher suite text Rene Struik