IETF Logo Mail Archive

Re: [Lake] Ways forward on MTI cipher suite text

"Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu> Wed, 26 January 2022 18:58 UTC

Return-Path: <prvs=9025edf923=uri@ll.mit.edu>
X-Original-To: lake@ietfa.amsl.com
Delivered-To: lake@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C56613A1BCA for <lake@ietfa.amsl.com>; Wed, 26 Jan 2022 10:58:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MIME_QP_LONG_LINE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lFZPQ_XHmNM8 for <lake@ietfa.amsl.com>; Wed, 26 Jan 2022 10:58:22 -0800 (PST)
Received: from MX3.LL.MIT.EDU (mx3.ll.mit.edu [129.55.12.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A10F93A1BC1 for <lake@ietf.org>; Wed, 26 Jan 2022 10:58:18 -0800 (PST)
Received: from LLEX2019-2.mitll.ad.local ([172.25.4.124]) by MX3.LL.MIT.EDU (8.16.1.2/8.16.1.2) with ESMTPS id 20QIwElp094890 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Wed, 26 Jan 2022 13:58:14 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector5401; d=microsoft.com; cv=none; b=XEqFADyCR6CqQ5dRGX28qfULgKzjOpuCJckUuY1klOKrAM88ZP1NBCGgZ9OaeoELfK5DxwwgQewrupbXBb3MGlgt16XROowQKQLAwQhC/6TLJMyqUdOGYIqAdIOqLPOZJT4Sgv81foMO+G0A+0dnc7UWABscoOcgK+nrvd9lzI9kNiAsm9yWGoxlj4/X0DvNxRxv4E25pGOKT9gx4IpR6pvIPVZW8jlj3E8a2EtgQa1yjfIYZOJd31SU8twWPkhOmUcZLIb0+Ss0LaZ8z8lyDKE0QX+rlqt4nuDoNCRgPooIc6qpFCOg0WT2rNy2riC7h9/v6HRwtNF5e/soR1jnqA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector5401; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=tJLwx07zlilH0JW1cx6+HiZZzPe//hNGAWNnT0tNpDE=; b=iVvzJH40bV3ADAwPCu8//8Ox4K96YG5cOjgxIyREICK/3iUrrHfkJcDLpOJN7ChyJTC4gFl3SFMb4aklqY6PQWRsNklNfVg1ZlTWMsP0VIAKQydSIbg3z2qt2D+eKN3WCPlBBqgcQaAqJRdQxEOK8DqHNaDCEUfbC+DOnFpAC3oTrDcy0/BJzzfMYAKLwr0PIP1IlI7hl5F31gjOidMl1GR6E4X3V6vzHLw8FxXfin1lk6ZFzF0CPGm9Ik9b3nmON5dx1KmvY7UoLfvSa6AzPAqMgXkvumtEQxTOpAo1QrPRfemDCofcyvVq/VYjY0f02EaJEzGplDFmYTSgtpt9Lg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ll.mit.edu; dmarc=pass action=none header.from=ll.mit.edu; dkim=pass header.d=ll.mit.edu; arc=none
From: "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>
To: Michael Richardson <mcr+ietf@sandelman.ca>, "lake@ietf.org" <lake@ietf.org>
Thread-Topic: [Lake] Ways forward on MTI cipher suite text
Thread-Index: AQHYDh/GZRAUUBYe10GAwxfnn8jhbqxyS9oAgAA9r4CAAFVlgIABG7sAgADpqICAAJQKAIAAA5CAgAAOTICAACVqAP//rZ+A
Date: Wed, 26 Jan 2022 18:58:11 +0000
Message-ID: <644FCD8F-60BD-4A56-92E0-0CE45C2B1F8A@ll.mit.edu>
References: <2A2081E4-BAAF-4292-925E-0B683AA6CD23@inria.fr> <24192.1643036826@localhost> <AM4PR0701MB2195208CA41C14108E5CD85AF45E9@AM4PR0701MB2195.eurprd07.prod.outlook.com> <14667.1643068411@localhost> <24988.1643129342@localhost> <HE1PR0701MB3050626ED7924371EC03DADF89209@HE1PR0701MB3050.eurprd07.prod.outlook.com> <27615.1643211310@localhost> <B61298B6-63FA-4CA3-A824-3D7D0E4A00EC@tzi.org> <HE1PR0701MB305061BD2AD2A8053B2EDBD889209@HE1PR0701MB3050.eurprd07.prod.outlook.com> <22578.1643223180@localhost>
In-Reply-To: <22578.1643223180@localhost>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.56.21121100
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 69ac60fe-da63-4c63-d9a1-08d9e0fdccaa
x-ms-traffictypediagnostic: BN0P110MB1210:EE_
x-microsoft-antispam-prvs: <BN0P110MB12103B2A7EBFA71A394A7B1990209@BN0P110MB1210.NAMP110.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 2POoTFNWYUOTC2puRlsNE80Y+wZbwQnLWLqHIvUuAcSYRsazbw9Lo+z4U4mTzQpsanCjj1T1aFlNKpQhjgFRukNl93lNZv8nTMGWG2WavITSfSPaIDhLM0GJhZifrq6KHo+X+2JbbUnaf8Tf3uJHa4zg7An54o29CUcciNxxfJb1BPZUoA0kajVyoOK2ZOUObRo196wwGajZzhJ/XagF47RILemtjJWzcsyOw5EkwdUKK7PXr2uXkWEyTqPsZtf3NQltttMh5EfS1hw6Mgb1y+fbfR+2Jbmn1/oiUWCEvxYwLzNGFmnBmPeqamzBG2JQRkTmC5PB4mA2xPNyDXSvJbzI0jTJi6Zu7Y7fMwLMncGYDYwuN1GjboRSRhX/E7AkH6cCPuzcE+XL5btmvDwH1Fe5sB/vdAP8x92aMnSqzEJkyhOHkxM4qsgM+Oca2X5zJDbSoF6Qo+k5v2+qiYMcgkmp2cTNGWPIqxrgvUssEv6Ef+18w7nunKokZn/It8B2+X178RMC/+aYpsemBilSyHJVVkBM4ayi3OkoTaxPdRWYpbcHUJdGRf81DCIWtJ+PRpOFA/EsSrC9+wtRuMNFlfwQu9NxHRs/WHikxf6QySR4qn9TG7yI/ilGPZMpRgBCjWWzr0CCUb6lHxd2e0SVYYa+e6KQiaDEV75vuwnwxDE=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN0P110MB1419.NAMP110.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(366004)(316002)(26005)(66476007)(6506007)(8936002)(64756008)(5660300002)(33656002)(71200400001)(38070700005)(508600001)(76116006)(2906002)(4744005)(6512007)(38100700002)(110136005)(99936003)(2616005)(122000001)(66946007)(75432002)(6486002)(86362001)(186003)(66446008)(66556008)(8676002)(45980500001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: aoSdQt+FiXxzX1w7vfNFj593l/UXogwpTj7GLX3df9K9H+9sujeOVXmkGoc3AQyiXumSP7zLkkhkJdINuIPMGbce+mumy4RbTNRnJ6s2jeGPEbhNGqld00u6PJ6OQxBA6d0P7guwYTlYAdFNwNl+YA==
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha256"; boundary="B_3726050290_283449681"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BN0P110MB1419.NAMP110.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 69ac60fe-da63-4c63-d9a1-08d9e0fdccaa
X-MS-Exchange-CrossTenant-originalarrivaltime: 26 Jan 2022 18:58:11.3638 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 83d1efe3-698e-4819-911b-0a8fbe79d01c
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN0P110MB1210
X-Proofpoint-GUID: LP1DV1p5pncLuh2G4oNlSdoTOwL5ew06
X-Proofpoint-ORIG-GUID: LP1DV1p5pncLuh2G4oNlSdoTOwL5ew06
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.425, 18.0.816 definitions=2022-01-26_06:2022-01-25, 2022-01-26 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 mlxscore=0 malwarescore=0 bulkscore=0 spamscore=0 phishscore=0 mlxlogscore=999 suspectscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2201110000 definitions=main-2201260113
Archived-At: <https://mailarchive.ietf.org/arch/msg/lake/IdWYBZa5Dcy1a3EqEECVOwhN9Oo>
Subject: Re: [Lake] Ways forward on MTI cipher suite text
X-BeenThere: lake@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Lightweight Authenticated Key Exchange <lake.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lake>, <mailto:lake-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lake/>
List-Post: <mailto:lake@ietf.org>
List-Help: <mailto:lake-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lake>, <mailto:lake-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Jan 2022 18:58:27 -0000

I concur that for real-time traffic shorter MAC should suffice.

I'd prefer ECDSA, considering attacks against EdDSA, especially within the IoT realm.

TNX
--
Regards,
Uri
 
There are two ways to design a system. One is to make it so simple there are obviously no deficiencies.
The other is to make it so complex there are no obvious deficiencies.
                                                                                                                                     -  C. A. R. Hoare
 

On 1/26/22, 13:54, "Lake on behalf of Michael Richardson" <lake-bounces@ietf.org on behalf of mcr+ietf@sandelman.ca> wrote:


    Based upon the discussion in this thread, I don't see a reason to include the
    longer MAC version.  Certainly not as a MTI, maybe not defined *at all*

    At this point, it's just a question of ECDSA vs EdDSA.

    I prefer EdDSA going forward, but acknowledge that the current state of
    hardware acceleration, library support, and provisioning system preferences
    means that ECDSA is here with us for some time.


    --
    Michael Richardson <mcr+IETF@sandelman.ca>   . o O ( IPv6 IøT consulting )
               Sandelman Software Works Inc, Ottawa and Worldwide

v2.23.0 | Report a Bug | By Email