[Lake] Review EDHOC-v12

"Hristozov, Stefan" <stefan.hristozov@aisec.fraunhofer.de> Thu, 04 November 2021 11:43 UTC

Return-Path: <stefan.hristozov@aisec.fraunhofer.de>
X-Original-To: lake@ietfa.amsl.com
Delivered-To: lake@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A30603A1042 for <lake@ietfa.amsl.com>; Thu, 4 Nov 2021 04:43:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=fraunhofer.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PelL0USN6uJ2 for <lake@ietfa.amsl.com>; Thu, 4 Nov 2021 04:42:56 -0700 (PDT)
Received: from mail-edgeKA24.fraunhofer.de (mail-edgeka24.fraunhofer.de [153.96.1.24]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 009413A104B for <lake@ietf.org>; Thu, 4 Nov 2021 04:42:54 -0700 (PDT)
IronPort-SDR: zYSEJw75U2lHFHPVmxlJ+u3vS+hvzdIFliz1+OAddUcOxr6ngbJQK2TBo+4zeKTF4arWkL0J70 Y+1mevWiS4vN15l2LX4zbOfJFkBniqwyC7zr+u4ME8BfGZezR48TEFaT1k6vh8UWg6mQMQcY7B 3tEc+/L0Zevqo2NSWAsqB1HVuudBygWF0O6J5kBPOgEAi9mc66q9enVsUAclLne7FY94TdDVx/ D0b9mVO/Zbb3Cgn0Zw6DTxgvDiWGSgZX4v77u0Dw6lJnyvR82JgRPmhNgs51UT7xfzZR/eXz9E hPU=
X-IPAS-Result: =?us-ascii?q?A2GEGwDwxoNh/xoBYJlQChwBAQErCwYBAQQEAQECAQEHA?= =?us-ascii?q?QEVgVuBHxsCAQESIy5+WWmIDQIDhTmFDV2CJZp5glMDGA4IJgsBAQEBAQEBA?= =?us-ascii?q?QEHAQESAhEMDgIEAQEDBIR7AoJVASU4EwECBAEBAQEDAgMBAQEBBQEBBgEBA?= =?us-ascii?q?QEBAQUEAgKBIIUvOQEMgnBjTQM4AQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBA?= =?us-ascii?q?QEBAQEBAQEBAQEBBQIIPBYuD0cVGQEBOBEBgQAnBBMIGoJQgX5SBQMuAg6gO?= =?us-ascii?q?QGBOgKLF4EBMoEBgggBAQYEBIUKGII1CQkBgS4CAQEBAYMChBWCAXyEBCeBZ?= =?us-ascii?q?kOBFUOCZ4MhAoEzL4NNgi6PAwVPGhQeEQ8hNkk/LAUEGQU1oDCceIEkAwQDg?= =?us-ascii?q?giBLIpMlE0Vg2yBSYoohhWRNpYPH4xVk16FMAIEAgQFAg4BAQaBeIF+cYM4C?= =?us-ascii?q?UgZD5ISM4orQzECNgIGAQoBAQMJhUmKTgEB?=
IronPort-PHdr: A9a23:Q9C3dxfeDL1rAyzSU0OyyHNylGM/o4qcDmcuAtIPh7FPd/Gl+JLvd Aza6O52hVDEFYPc97pfiuXQvqyhPA5I4ZuIvH0YNpAZURgDhJYamgU6C5uDDkv2ZPfhcy09G pFEU1lot3G2OERYAoDwfVrX93Sz9jMZXBvlPBdzJuP7F5SUg8nkv90=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos; i="5.87,208,1631570400"; d="scan'208,217"; a="36932418"
Received: from mail-mtaka26.fraunhofer.de ([153.96.1.26]) by mail-edgeKA24.fraunhofer.de with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 04 Nov 2021 12:42:51 +0100
IronPort-SDR: 49JwY91c/MwfcWJzFpNZ9GmDB66HO5FUxer9kFaCZPRnw4zfLqJpVcQ4iMhxHQiN1UjlR+zMzp ayIxIkZlcZbOxD4QydWo36OvxWYBzSRHc=
X-IPAS-Result: =?us-ascii?q?A0DcCwA1xoNhlz6wYZlQChwBAQErCwYBAQQEAQECAQEHA?= =?us-ascii?q?QEVCYFSgR8bAgEBEiMuflgBJkOIDAIDhTmFDV0BgiQ7AZo9glMDVAsBAwEBA?= =?us-ascii?q?QEBBwEBEgIdDQECBAEBhQICglICJjgTAQIEAQEBAQMCAwEBAQEFAQEFAQEBA?= =?us-ascii?q?gEBBQQUAQEBAQEBAQGBImRogU+BYRMLNAEMhlsVGQEBFCQRAYEAByAEEwgag?= =?us-ascii?q?k8BgX5SBQMuAg6gOQGBOgKLF4EBMoEBgggBAQYEBIUKGII1CQkBgS4CAQEBA?= =?us-ascii?q?YMChBWCAXyEBIINQ4EVQ4JngyECgTMvg02CLo8DBU8aFB4RDyE2ST8sBQQZB?= =?us-ascii?q?TWgMJx4gSQDBAOCCIEsikyUTRWDbIFJiiiGFZE2lg8fjFWTXoUwAgQCBAUCD?= =?us-ascii?q?gEBBoF4IoFbcYM4CUUBAgECDQECAgMBAgECCQEBAo42g1kziitCATECNgIGA?= =?us-ascii?q?QoBAQMJhUcBAYpOAQE?=
IronPort-PHdr: A9a23:QilYvhESbu/1o424sOYtsp1GfjAY04WdBeZdwpYkircbdKOl8tyiO UHE/vxigRfPWpmT8PNLjefa8sWCEWwN6JqMqjYOJZpLURJWhcAfhQd1BsmDBAXyJ+LraCpvG sNEWRdl8ni3PFITFtz5Ygjbo2a/5ngcABziMwpyKOnvXILf3KyK
IronPort-Data: A9a23:T3dlGaAEXgAOFRVW/2Xlw5YqxClBgxIJ4kV8jS/XYbTApGsl1GEHz mVJXTyOP6nZNzaneNF/Ydy2oB8EusWHzdZlOVdlrnsFo1CmBibm6XR1Cm+qYkt+++WaFBoPA /02M4KGcYZoJpPljk/F3oLJ9BGQ7onVAOqjYAL4EnopH1Y9EX990UsLd9MR2+aEv/DpW2thh vuv+6UzCHf9s9KjGjtJg04rgEoHUMXa4Fv0jHRnDRx4lAO2e00uMX4qDfrZw00U4mVjNrXSq +7rlNlV945ClvsnIovNfr3TKiXmTlNOVOSDoiI+ZkSsvvRNjnYj7rkAc9AdU0t0kS+jnfNal O5CjYPlHG/FPoWU8AgcexxfGSB6MOtL6LTHZ3aluNGVz0rIfmGqz/gG4EMeZNBDvLcoRzgRq 7pGcljhbTjb7w6y6KmnR+dlgIIjNsjwIIQNvW9IxDDCAP1gT4rKXqPK4tFVxnE8i6iiGN6HN pNBOWMHgBLoZjkfH10PNK4Hs+6YnmbfbiNpsGuwuv9ii4TU5FYoi+G2YIu9lsaxbcFcnUuwp 2/a8SL+GB5yCTCE4WPYqTf92aqWwn2+BthUCrj+/bhkmlSOwGwUBhAME1e2yRWktqKgc4hOF 1MvvQAvl6QR7laBTPrWAya3mGHR63bwROFsO+E97QiMzI/d7ACYGnUIQ1Z9hDoO6ZNeqdsCi gDhoj/5OdB8mODMEyPMrd94uRvjZXlMdQfucAdeFVNt3jX1nG0kpj7iJuuP/Ybs04awSG61m m/U6XZkwasWy8VN2b+y4FbHhDyhvN7FQ2bZBzk7vEr7smuVh6b/POREDGQ3C94cc+51qXHa7 RA5dzC2trxmMH10vHXlrB8xNL+o/e2ZFzbXnERiGZIsnxz0pSX+LN4MumkmeRY2WirhRdMPS BCO0e+2zMALVEZGkYctPNLZ5zkCnfG7ToS1Bpg4kPIVOMgpKmdrAx2ClWbKhju0yxh9+U3OE ZuWbNq3BnYXEuxpyyCtTOcA17AwwC0i1wvuqWPTkHyaPU6lTCfNE98taQLWBshgtf/siFiFo r53aprRoz0CAbKWSneMq+Y7cwtVRUXX8Lir8qS7gMbYeVE4cIzgYteMqY4cl3tNxfsJxrmTo yjiBye1CjPX3BX6FOlDUVg7AJuHYHq1hShT0fUEMQn61n49T5yo6atDJZI7caN+pb5qzOV5R L8LYcydBPRIRDndvTgQNMGvoItnfRWtpASPIyv8PGlhJcE9HVSR94+2ZBbr+QkPEjGz6Zk0r Yqm216JWpEEXQljUJvbZav3nVO8tHQQgsxoWE7MLoUBcUng6tE7eSXwlfI8Zc8WIAjFxjyU2 hzQDRpB/bvBpIo88d/og6GYrt71QrUkQRcARzHWtO/kOzPb82yvxZ57fNyJJT2NBnnp/KiCZ PlOy62uOvMwmlsX4ZF3FKxmzP5j6tbi++1awwBjECmZZlinEOk9cHyB18hLu+tA1rRZ/wWsU 1+J+t5UNK/PNM68SAwdIw8sb+Ki0/AIm2COvKpvfxigvHd6rOidTEFfHxiQkygBfrF7B4Uon LU6s8kM5g3j1xcnboScgiZP+zjeJ3AMSf595MhHW8q61U9ylQ8HP8aaFCqw69eBcdxRNEktL DKOwqbP3uwOyk3Hens1NH7MwesE2cVQ4k8XlgdaKgTbgMfBi982wAZVrWY9QDNTw0gVyOl0I GVqaxB4KKjmE+2EXySfs71Awz18OSA=
IronPort-HdrOrdr: A9a23:EgWk26444o4MzppLFwPXwWqBI+orL9Y04lQ7vn2ZFiY7TiXIra yTdaoguCMc0AxhIE3I6urwQ5VoIEmsv6KdhLN+AV7MZniBhILFFvAA0WKA+UysJ8SdzJ8l6U 4IScEXY7eQbWSS5fyKpzVQeOxQpeVvhZrY4ts2uE0dKT2CBZsQjTtRO0K+KAlbVQNGDZ02GN 63/cxcvQetfnwRc4CSGmQFd/KrnayGqLvWJTo9QzI34giHij2lrJTgFQKD4xsYWzRThZ8/7G n+lRDj7KnLiYD19vac7R6c031loqqg9jJxPr3OtiHTEESvtu+cXvUhZ1RFhkFxnAjg0idvrD CGmWZbAy060QKtQojym2qq5+Co6kdQ11b51VGXjWH/rcHOTC8mA8BBgY5fby3C51A7vNd65q JHtljpy6Z/HFfOmj/w6MPPUAwvnk2ooWA6mepWlHBHV5ACAYUh5LD30XklZ6voJhiKnrzP0d Mef/309bJTaxeXfnrZtm5gzJilWWkyBA6PRgwHttaO2zZbkXhlxw9ArfZv1Uso5dY4Ud1J9u 7EOqNnmPVHSdIXd7t0AKMETdGsAmLATBrQOCaZIEjhFqsAJ3XRwqSHqIkd9aWvYtgF3ZEykJ POXBdRsnMzYVvnDYmU0JhC4nn2MRGAtPTWu7RjDrRCy8zBrYvQQF++oQoV4rWdSt0kc73mZ8 o=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.87,208,1631570400"; d="scan'208,217";a="191081"
Received: from 153-97-176-62.vm.c.fraunhofer.de (HELO mobile.exch.fraunhofer.de) ([153.97.176.62]) by mail-mtaKA26.fraunhofer.de with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 04 Nov 2021 12:42:49 +0100
Received: from XCH-HYBRID-01.ads.fraunhofer.de (10.225.8.57) by XCH-HYBRID-01.ads.fraunhofer.de (10.225.8.57) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.858.15; Thu, 4 Nov 2021 12:42:49 +0100
Received: from EUR04-VI1-obe.outbound.protection.outlook.com (10.225.8.37) by XCH-HYBRID-01.ads.fraunhofer.de (10.225.8.57) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.858.15 via Frontend Transport; Thu, 4 Nov 2021 12:42:49 +0100
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=VxYH4NeDHgW7AaxWylFeInx/X6NylX+jqOKu1pM/37BdEBe2EPKtVPOxpAtL+QTvHL2NUy4ljJFgFHFShkqIqx6J/4eN1oS05gHM6wzH9N/ms1hWQZkYcs82YiU/fmlvkX262DIiVkXMFXvb9RJ33YRTMKEdi1hj4/DFPGV+WnFMwNqj5DhqI2xajXFGTdCqzgdGwHtDeoEqz24hVVy8Ihult1RW1pB52ejVfHvnawcMPYtG7gmABHNAepPZLzZPcU/zrMP1KzpzLRDegFS7QeCPo1pc5jcxHTu9gTZHjo8jh3sPKKNP3Ps8wzzeZz2h5gN0AtNm7ZlhL6uHzFJ+2w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ZhNm5XRUxxSlTpuh/ujThp+AyKu9RbR5tF0KNnm1byw=; b=FO47chz8VNgdAYwhpyIs0K5+WKcNLf6h+2mXU1JLwuuk+azdax/4p7nmGaLm+2SIzGa7vTAXL740aC2qF3wfqMFrnl6XD2STjQUb7htt9VnnI9F4rsm3/cqigO/CKL1wWfrUaz3AGCeJXNRdMH1LMLucmB2eA2mhXgAh3sVQiXbTJd6whSUxeCG3XrG2ZZPPfO17LluBwh6Mf2AP1n7VzY3A4M3M0V32w0qPybLUjExoJ4fjaiKFVqOnjfnEgQu/JGY3JuDyBIbHebLkYonOMnsQDWNhjfcsRqPMk4FiQGC0dUih7p5hy12i1aMOFLlxswcUVtOiQrsDOw0YEH/EaA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=aisec.fraunhofer.de; dmarc=pass action=none header.from=aisec.fraunhofer.de; dkim=pass header.d=aisec.fraunhofer.de; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fraunhofer.onmicrosoft.com; s=selector2-fraunhofer-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ZhNm5XRUxxSlTpuh/ujThp+AyKu9RbR5tF0KNnm1byw=; b=hq8tEcN3BKSzMUUkppfdXZdUQDI8+wON51vwMzbh4s7ssmPMRwMCkE0GteKmF6AagZFZmOK4YIxUixNerRgaRSqN7KBSVe2PHnQwCexB84lKifrPAe99DFwhU68D4EHaQIbqfOE1Th5f29AcwrIhZ2HywPOdqWpGOUleFl1/XTY=
Received: from AM9P194MB1442.EURP194.PROD.OUTLOOK.COM (2603:10a6:20b:3a7::13) by AM0P194MB0340.EURP194.PROD.OUTLOOK.COM (2603:10a6:208:67::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4669.11; Thu, 4 Nov 2021 11:42:48 +0000
Received: from AM9P194MB1442.EURP194.PROD.OUTLOOK.COM ([fe80::556d:f411:e5bc:4129]) by AM9P194MB1442.EURP194.PROD.OUTLOOK.COM ([fe80::556d:f411:e5bc:4129%6]) with mapi id 15.20.4669.011; Thu, 4 Nov 2021 11:42:48 +0000
From: "Hristozov, Stefan" <stefan.hristozov@aisec.fraunhofer.de>
To: "lake@ietf.org" <lake@ietf.org>
Thread-Topic: Review EDHOC-v12
Thread-Index: AQHX0W9vPW87iAHERUCkfmEyZh8LBQ==
Date: Thu, 4 Nov 2021 11:42:48 +0000
Message-ID: <AM9P194MB14421943CE1C8378C2A62CE6C38D9@AM9P194MB1442.EURP194.PROD.OUTLOOK.COM>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
suggested_attachment_session_id: f952c13f-45c9-8da9-f5ac-170d4ba38408
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=aisec.fraunhofer.de;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: cda5c2c3-7e3d-459e-8c6b-08d99f8839d3
x-ms-traffictypediagnostic: AM0P194MB0340:
x-microsoft-antispam-prvs: <AM0P194MB034054C71357ED33E2B40B0AC38D9@AM0P194MB0340.EURP194.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: SyKSoyaFL1VDMttoxTXsuokD8LDSyHAOQfmusDWDd4ubEynIHt3nvU0b2xpxtqafbfxnr0nqC6sc3ITAxKugGRNbjd0L9+8QLPjMohS9Z0I2n6vjuiIOydaDEFR0fQghGLOn+9i+shrmQ+6dvwHxiJZTecqUybc9QM9f0AUTGp5SBQkCMOFWF0RYfEdutD5ZIMbq4Y/PkE15NNvyG2hi2MC8H7xLP/KaLd34nvBmGCRGKPUU2pW1qkiwK2tlkH5ZkgZdJW/bS1sdFyepMbWWiAYURVPPDsuFwOVxcDpXS+IeFl5ywMagL+IrVOVY4n1h1XgWT82gle6qUxEL02OdMU/FfHmsi13LaKVMkjHq2Lih/UV8w8vx0mkK0VTvnLbB3Oua8iuCjQWGUNun7NbuwrXqc6AgYjjDXsRaQyicBh1Uao01X7jgvYrPc7ApP/iXkB/LMrGEsa2+Fk3pkoGc2YirV0riELtGeIULdoGlQx9jAoJSUHbz2O4MlB43BmYZA5C8FJ/SBtZsakdqdDQYv0LQhbt2gUqLcqELi7h9YX52yCTAY/TcS3cc7QXUxatZMN66mwA67vB6hANt1Q7mLLI3moScb/VMgSw/2laUsUK/x4L528E0FvsofBCAYFIznwo+X1frOgvS7LIIpsJylxUE30D4/Mvm2KjmVhHjbCCmEfaGuNoATzkuf413mg27xz/Y3u/r97+MjYBMHpeOZynJ3EhEioneKSiDr5q7VkJOm/6G6rG8HdI/sVeutmWlc1SQ10yWdTYphe2MfT5rq2NzMB+eNrTm17sCaa5UJxsyBLrKcESqD08mxHyibmUnFq60h+p8CKfV22NNpQbieA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM9P194MB1442.EURP194.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(4636009)(366004)(6506007)(66946007)(966005)(66476007)(82960400001)(66556008)(6916009)(508600001)(86362001)(76116006)(91956017)(8676002)(5660300002)(9686003)(66446008)(64756008)(55016002)(38100700002)(33656002)(52536014)(66574015)(122000001)(83380400001)(2906002)(7696005)(186003)(19627405001)(316002)(71200400001)(26005)(8936002)(38070700005); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?iso-8859-1?Q?Jrnsj1HrrAaa1f92ZpSL5LyHtLPHxQilvOZEiSpcdayWc3EbrnwVbjNyTs?= =?iso-8859-1?Q?UAETMHSmJAjU5tbQ9/H6qb8VZ9uBf4Lx9nTUaHQvyjyh5Ehx39WHCSmCXo?= =?iso-8859-1?Q?X3UClUmhQigUE8/6mx2fjtxkVLAFw/JLM4Qf5TWpgWWDjUtVyjLdkX3Eqm?= =?iso-8859-1?Q?ahRM4yXp4BcChowlxcRNI/oOCisFLq8rqR86XA1/Vr94aJHN5yESyobmNT?= =?iso-8859-1?Q?acigALlzJMgwMUpIn9/FHxeHtXkE4ISd1+UN+3K01N5aZO6MVu63THwrKp?= =?iso-8859-1?Q?3BzQu+jTCxeiCT6ue3ikn5RxCH2TVRO+q3jabs0m8DvsB76t6jSn63Dtkl?= =?iso-8859-1?Q?2bk2XaOxgU9mHReDQf89GG5jZmWEF0xE9bqc+TU/S0OnqmMXc7zHdD3+8B?= =?iso-8859-1?Q?lspMchvrrnIwrm6C0GVyxhPPxkrqImJJ7EUU8AH2EeUvFq1rxhYIfZ74PT?= =?iso-8859-1?Q?ABf0Tq1Q+rJXG9X/RxYmA+ClbKXYnTiqUShoOzJGE09uSod9hHXWSPTF2c?= =?iso-8859-1?Q?/2mofjNFBZzkXu7yIrEQ8Nwy0zEF8jjmkmJwDjhKFI3P6UeO7qrTcUypIx?= =?iso-8859-1?Q?TgoZNgdNn9RUZkMEltfk5YQbr0vfUmSbL9f1dhFqTFm74C3KWBe+JPO63Y?= =?iso-8859-1?Q?Du0HH8HeFpWmuBPpaNZpalkqSLAv1+pRkJsh7OxOOUZhdcTz0Omr6wkKS0?= =?iso-8859-1?Q?j5zXNMTD02uFQ15LzLHz6vxoQO1rZtgFziKonDZMj/8OTEZwQ2HZUlm+yJ?= =?iso-8859-1?Q?WHa6thOm9HMiWmfhGxn0y+HXlhtnxG8q2DAmvFKO+m9aqdSYoKmB6oMoPU?= =?iso-8859-1?Q?qw4gy9aMKiAK+vI2KtK5hpusBveyflRYgTyhxssFBhDNpBFeS9Lp9wPgo7?= =?iso-8859-1?Q?gW5Oc04fOuOnoEtakIwjg39vTXU+Qn+dJxFbRbwXRLmmyIkh2Z8X0CzAMq?= =?iso-8859-1?Q?DSQmPSbaACRqQK4CJ+HJklOSD81Nci+lGmzf8xOvvh3xksJT1xjso+5mHp?= =?iso-8859-1?Q?M4vLM0tOq1nZnrlJxZLHqms4EyCEIOX38fEsShdY+M64NuTMmfm1gRiYQp?= =?iso-8859-1?Q?fN/pfJWVCnGifvN1hBnMd3BJQI8A2N1RD/JACeTOGvHwoJ+x2/cAk9CNsU?= =?iso-8859-1?Q?jC5ta1COUqwPay0AhuL/5BkfryW48B5nLj44iAuxdyyziRE3cJOiGYFXIN?= =?iso-8859-1?Q?FoLOYVEeJn5GIFONqYOr8woo2e2R8VduuT7ejdLP5tugA9b9yKJ+Hl+F3h?= =?iso-8859-1?Q?dX2um0+QzOuZwYt4tqsDLJIKpE7lyddGfRAHGBCaOGswhf1tGT6niYmrge?= =?iso-8859-1?Q?hwoTgfJMxcjmBdiXAkfzcSaWRTiEGtFi4nyb5eIg71ulVhZGahjph3cAyY?= =?iso-8859-1?Q?mpJoED4BDhAyo/oWzTlG8mrBxPb/bSUKc8mHSAyigz3rmXpVfnPoWSmOdP?= =?iso-8859-1?Q?Vl/gaWFLCwY1ezY34iKVOgSKGy5gm7PmozWS0n11zUDKTaTRogOmoPlW0X?= =?iso-8859-1?Q?/L8d89zj7fBbl7ogGMtGDD9rweZKBEm0rxPbb/BZT1VNh0mex6i0utwUOA?= =?iso-8859-1?Q?UCicaMchbXN2dVM/uAifq6dCkhV36IrqKtSjVTyxWeNEyu7M2WMFGNjiAW?= =?iso-8859-1?Q?sx2Z13x2w7w6yyoGTUX6GFZl36fmVi9hN60LPD0BCxlSKNOSKH/Wfa3E9v?= =?iso-8859-1?Q?nYxeVZLO8rNViUPlh8bsZNuJ8x8VPYLWDj32pEAO7Vp4qusxA6mAAGDE0X?= =?iso-8859-1?Q?OXM9Fl+OZckjV229O4esFKvFE4oAVvwfvuK6MY9O99BRd2?=
Content-Type: multipart/alternative; boundary="_000_AM9P194MB14421943CE1C8378C2A62CE6C38D9AM9P194MB1442EURP_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AM9P194MB1442.EURP194.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: cda5c2c3-7e3d-459e-8c6b-08d99f8839d3
X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Nov 2021 11:42:48.2885 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f930300c-c97d-4019-be03-add650a171c4
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Sn2/s/HTsPmERmgXRvg12LwojXCSmPD5zK8qFGmQo7b7LYTUWLfv94M9h85nE3X8CAJxsyCHxxAEaK32NTT5gScZkd9pyf/rm/hzcU2dMLC49ogZyGLgrTRqEh+ZPBNV
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0P194MB0340
X-OriginatorOrg: aisec.fraunhofer.de
Archived-At: <https://mailarchive.ietf.org/arch/msg/lake/Od5HG1M9TtOytpJ4Iblsc_2xsE0>
Subject: [Lake] Review EDHOC-v12
X-BeenThere: lake@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Lightweight Authenticated Key Exchange <lake.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lake>, <mailto:lake-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lake/>
List-Post: <mailto:lake@ietf.org>
List-Help: <mailto:lake-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lake>, <mailto:lake-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Nov 2021 11:43:02 -0000

Hi all,

please find below my review of draft-ietf-lake-edhoc-12.

Best regards,
Stefan


2. Outline
"ID_CRED_I and ID_CRED_R are credential identifiers enabling the recipient party to retrieve the credential of I and R, respectively."
I will replace this definition with something like:
ID_CRED_I and ID_CRED_R are used to identify and optionally transport the authentication keys of the Initiator and the Responder, respectively.




3.8 EAD
Is EAD data generated by the application or data that is pre-provisioned or obtained from somewhere. If the former is true I would like to suggest that the specification allows for implementations where all inputs and output that are generated at run time by the application are provided in non-encoded form to the EDHOC implementation. In this way, the interface to the application will be simpler and CBOR encoding and decoding can be completely hidden from the application developer. This applies especially for EAD, see issue #186. The general question is who is supposed to encode/decode EAD? The application or the EDHOC implementation? As far I understand the specification now only the application knows how to encode and decode EAD.



5.2.1
"If the most preferred cipher suite is selected then SUITES_I is encoded as that cipher suite, i.e., as an int."
Am I understanding that correctly: If other suites are supported in addition they are not sent, e.g., if the initiator supports suites 1,2,3, where 1 is preferred and selected, 1 is sent as int and 2,3 are not sent? If so I will suggest making this sentence more clear.




6 Error Handling
What is the use case for a success error code? Probably it is good to give some example or reference why it is useful to log successes using a predefined error code and encoding. Is logging the only use case for the success error code? For example, my implementation logs many things for debugging purposes. However, I never needed a success error code.

The spec says that success error code must not be sent, therefore the sentence "Error code 0 MAY be used internally.." needs to be "Error code 0 MAY be used _only_ internally.."?

"ERR_INFO can contain any type of CBOR item", see figure 7. Who decides what is the type of the CBOR item? Is this the EDHOC implementation developer?




7 Mandatory-to-Implement Compliance Requirements
"Constrained endpoints SHOULD implement cipher suite 0 or cipher suite 2."
The difference between 0 and 1 and between 2 and 3 is only the size of the tag, i.e. the used algorithms are the same. -> I will suggest changing to "...suite 0/1 or cipher suite 2/3" or similar.

Error messages with which error codes are mandatory to implement? Is only an error message with ERR_CODE 2 mandatory to implement?




8.7 Implementation consideration
"The selection of trusted CAs should be done very carefully and certificate revocation should be supported."

Is OCSP (RFC6960) what should be used for certificate revocation checking? How revocation can be accomplished with C509? How OCSP and EDHOC interact? Can OCSP stapling be used with EDHOC? Can we combine OCSP stapling with EAD?

Additionally, to verify a certificate the device should be aware of the time, which is often problematic on constrained devices, i.e. when certificates are used the device must have a Real-Time Clock (RTC).




Stefan Hristozov
Department Hardware Security
Fraunhofer Institute for Applied and Integrated Security AISEC
Lichtenbergstraße 11, 85748 Garching near Munich, Germany
Tel. +49 89 32299 86 157
stefan.hristozov@aisec.fraunhofer.de
http://www.aisec.fraunhofer.de
http://twitter.com/FraunhoferAISEC