Re: [Lake] Call for adoption for draft-selander-lake-edhoc - respond by June 22

Göran Selander <goran.selander@ericsson.com> Tue, 23 June 2020 08:11 UTC

Return-Path: <goran.selander@ericsson.com>
X-Original-To: lake@ietfa.amsl.com
Delivered-To: lake@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 580B53A0B94 for <lake@ietfa.amsl.com>; Tue, 23 Jun 2020 01:11:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.102
X-Spam-Level:
X-Spam-Status: No, score=-2.102 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id J4eckXbhK79v for <lake@ietfa.amsl.com>; Tue, 23 Jun 2020 01:11:28 -0700 (PDT)
Received: from EUR05-VI1-obe.outbound.protection.outlook.com (mail-vi1eur05on2085.outbound.protection.outlook.com [40.107.21.85]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B351D3A0B88 for <lake@ietf.org>; Tue, 23 Jun 2020 01:11:27 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=IJp088eIcw9ehdSOI245lKpiDQosT2bZNno1CTXZEUx2UobkX0TBql/GTXcuGq819pZPqBdXy297b2ZBKW1/ZBU/k0qtyrXIpbtmMNhd+/vnpRH2+Lv5bD3K5AfWCQ1yDqSPquLKoG+BDAZ6T4ZH189K0QvBYrM6/gaD7crvfr2ZMtEAt6QHxYxs5LVrwis8Twq27I/KXhfuTRyTNy6R1Llq8A8PYdNmSK0bE4VgljwXFJ6htarczZuG4Q4efuO8RYKuBLdc0W62uwJHLJM6u3Vwv6uMuDRqXc6twK74eU0HjaRhx+fDFHL6dYON1/z/P0atDoU76FwDKbODjITLuA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=4F/NRmYHLvqrWkXhzOJrOnYsted5Gv5ToKROoVIAlI4=; b=kZKTcY3WtNdlaTY8qT4/SkT2f+uf04ToxyORUORHL7ZtKK0t7k2FwX4DXCzZWe6clJa9goOzT10eSTYHkZ681zoM5vqzv96BiGU0306qB65MHMRwzRgL0yvLZ+zqk4lAQuq0jJMSCB65vsj8ptFFqD3JmtmbtNumUvf8o3M8tD009HUXQBcnzwNWMDUxx5FEr+/QimhAvwqOmxsNtUe+kcqURnPdyxngkYItyK4aa7gY8OdChmkdxG0ocrY0A0obUKaKcVX17XmAJE9QV0gqgfn74Ynk4S8Tdzq79JjpK3HGfcr/JpoB2hlJNR+i+WnisWYoOHkk2OjSEtQUf6rL2Q==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=4F/NRmYHLvqrWkXhzOJrOnYsted5Gv5ToKROoVIAlI4=; b=h8lPEZuxgEx/oOaJcxtvfc8SdUMYhRqnXL7aP0NO3t/sYAJ3gYFlpmJAQxAHD4pkyMLt7QdeacpALlbK7Dg6mw+q5ZrGh3KSFRmi1TzKOnvmawmLQ2W78jKjlpvrCyrKwEfGazDKQvBHMR5sEiSfLg36JZnQDdlWsIMFFbpAztY=
Received: from AM0PR0702MB3665.eurprd07.prod.outlook.com (2603:10a6:208:1e::21) by AM0PR07MB6323.eurprd07.prod.outlook.com (2603:10a6:20b:156::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3131.11; Tue, 23 Jun 2020 08:11:25 +0000
Received: from AM0PR0702MB3665.eurprd07.prod.outlook.com ([fe80::75ea:232a:4132:452e]) by AM0PR0702MB3665.eurprd07.prod.outlook.com ([fe80::75ea:232a:4132:452e%4]) with mapi id 15.20.3109.018; Tue, 23 Jun 2020 08:11:25 +0000
From: Göran Selander <goran.selander@ericsson.com>
To: "lake@ietf.org" <lake@ietf.org>
Thread-Topic: [Lake] Call for adoption for draft-selander-lake-edhoc - respond by June 22
Thread-Index: AQHWPZxniZaxBah8QU2iXxvMrkafv6jlpjeAgABr0AA=
Date: Tue, 23 Jun 2020 08:11:25 +0000
Message-ID: <C4E5CAED-4849-4E8B-BC43-702D19D002C4@ericsson.com>
References: <89EA6A63-AB99-4649-9F08-D6FBDE1DEF2F@inria.fr> <45709E7D-F538-4107-9078-DDC8DA670F58@sn3rd.com>
In-Reply-To: <45709E7D-F538-4107-9078-DDC8DA670F58@sn3rd.com>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.38.20061401
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=ericsson.com;
x-originating-ip: [95.204.51.62]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 13bcc170-1548-417f-c0d7-08d8174d062c
x-ms-traffictypediagnostic: AM0PR07MB6323:
x-microsoft-antispam-prvs: <AM0PR07MB6323DCFD38F15FEAA1667D66F4940@AM0PR07MB6323.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 04433051BF
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: fpZRmch2p4hwjpPSQDBYrAuGk3dTxWsWDFB5Ntho3WZgtB7XHiidP0RDex8INdzeijejyRGiLt4VPtX6uf7H2hIYLP5WZdkdVI1OUvnhIpA4F6Kzo1JSaN85nAvkTmMbbgedr9hGP4lP4plJFK9uPmqZ+KMSphHIlp0BiOEuh/5yn7PMB7LpCx78J8cCPB3hPaFaCGU67WQjR5ZekvsctjkhQKLw+euBnE9AJQY408JPcvD+6CLKP1Rx8nw7I0UhQsr/mUdgbuMLr5wAvh4RPtkLMIPSgCjLhNW2R5FCr27iAtp2EykP6MD4lmaio5PupLjyY9eRRkR3yuPkJ3x7ga2hlY3LBnuBm3jxiBadE0GzWN4arXEtEryGW7xvPD9tRnk5WDfjtpmzqHlJKC9sQA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM0PR0702MB3665.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(376002)(366004)(39860400002)(396003)(136003)(346002)(2616005)(33656002)(6486002)(53546011)(8936002)(5660300002)(86362001)(6506007)(6512007)(2906002)(85182001)(6916009)(186003)(71200400001)(966005)(64756008)(316002)(85202003)(478600001)(26005)(83380400001)(36756003)(66574015)(66476007)(8676002)(66946007)(66556008)(91956017)(76116006)(66446008); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: 8gwZXuuulHhyZWTV9+IU/VaHeVrjxd5nPrFM89YofdvRbEEU+wAYq5wrZDsz8jTjxWaQYPYeLGfySAzfvLiQ1bOkoV38E6ti3AbhWLrtvCnbdeVFa3uU32Wg/ZHO8+PBFB0cdb/qh+dxvR9fZQV2hPdNpgd0i0sRXr2WlzxU+oxyBa+H3dAbGfUlt4cN7WzI80XBlWmuyBJx726pr8vosOEr6nsUu/whROCbkBktJaPq2dGi/49+X+OLkmgaQcnGHqEwqSPUO23WJYE0zKmiabcmk/8OHLQF2YR7F1zytztpjpGS76grdytVBucPqiD0rT+317I3xNHaB0qUZLul4z1LKMlcii7J6UCnFivF55Vr3oMaIeVoyU9KhLw6y81PMLBsairrcqIqY4j0yc98H/FGFO9u+DtBcwBBuHz0+pK3bO5Jj9yt5yfhV2gePeyd9oa0QZAQ6LvvCAQuLEV/hDiLQN0i9z0+O4DCMVWrdmk=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <CDCABFE027DD1040B3FC6576CC69DCF6@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AM0PR0702MB3665.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 13bcc170-1548-417f-c0d7-08d8174d062c
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Jun 2020 08:11:25.4723 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: BU/AIRooaeBAWl5SB+Ip1GA2258e6ZlaNaOpFgdqlgzeRnrUrXfTuqCgkGywYW1LLO/rHB/Xa4GZuRy5l729lTXF0X7Yb7TrjW4h9EW0F5Q=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR07MB6323
Archived-At: <https://mailarchive.ietf.org/arch/msg/lake/PKV55YoH2NZ8Yamz46thdM2SLFg>
Subject: Re: [Lake] Call for adoption for draft-selander-lake-edhoc - respond by June 22
X-BeenThere: lake@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Lightweight Authenticated Key Exchange <lake.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lake>, <mailto:lake-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lake/>
List-Post: <mailto:lake@ietf.org>
List-Help: <mailto:lake-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lake>, <mailto:lake-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Jun 2020 08:11:29 -0000

Some reflections on the responses to the adoption call.

LAKE is about designing an AKE for OSCORE. 

We have heard from of the order of 10 people from different organisations who have worked with OSCORE implementations and some also with EDHOC, and they all support the adoption of EDHOC. 

We have heard a number of statements from people or organisations who are documented against OSCORE, because it is competing with solutions they are promoting or for some other reason.  In deciding about what draft to base the AKE for OSCORE, how should we weigh the advice from people/organisations who do not want OSCORE to be deployed at all?  For all I know, they could promote an AKE which is not at all suitable for the purpose.

We have not heard a single witness from someone who actually have tested OSCORE with cTLS, let alone testing with good performance, despite cTLS has been around for 15 months.  There is a good reason why: no one wants to use that combination.

While in theory it sounds like a good idea to re-use a slimmed TLS handshake, this has been a theory for such a long time that we can now add the lack of proof points to the list of reasons why this is not a good idea.  The burden of proof to demonstrate that cTLS is suitable for OSCORE rests with cTLS.  Yes, we have recently concluded the requirements phase, but the requirements on how to make an AKE for OSCORE has been unchanged for as long as cTLS has existed. 

It is also claimed by several that cTLS fulfils the LAKE performance requirements. Yet others make assessments about adoption based on that assumption.  I may have missed it, but I have have not seen any text making plausible, for example, that running a complete handshake messages over CoAP for RPK by reference in (1,1,1) fragments.  Note that this is not just a detail, it is one major reason for "L" in LAKE.  It is my understanding that re-engineering TLS to the point where it meets the LAKE requirements is no longer TLS, neither in terms of analysis nor implementation. 

As a summary, I think many of the arguments against adoption are based on assumptions that may be incorrect, or at least, despite the long time this has been debated, for some reason have not been shown. 

Göran


On 2020-06-23, 05:45, "Lake on behalf of Sean Turner" <lake-bounces@ietf.org on behalf of sean@sn3rd.com> wrote:

    I totally get Melinda’s point that in the past we have let the market decide. Here there is already an AKE that is very widely deployed does what is needed. The AKE just needs to be slimmed, everything needs to be slimmed in the constrained space apparently ;}, so I really think we ought to just do the slimming because of the KISS principle. So, I tend think LAKE could use cTLS and call it day.

    spt

    > On Jun 8, 2020, at 09:54, Mališa Vučinić <malisa.vucinic@inria.fr> wrote:
    > 
    > Hi all,
    > 
    > Since we now have a rough consensus on the requirements document, we are proceeding with the selection of the LAKE for OSCORE our working group is chartered to work on. Given:
    > 
    > - the LAKE working group charter,
    > - a wide community support over an extensive period of time for draft-selander-lake-edhoc,
    > - adoption of the cTLS draft by the TLS working group where it will be further developed,
    > - that no other drafts have been submitted for consideration of the LAKE working group, 
    > 
    > we are now launching a call for adoption for https://tools.ietf.org/html/draft-selander-lake-edhoc-01.
    > 
    > Please reply to this thread whether you support the adoption, and indicate if you are ready to review if this draft becomes a working group document.
    > 
    > The call for adoption ends on June 22nd, 2020.
    > 
    > Your LAKE chairs.
    > -- 
    > Lake mailing list
    > Lake@ietf.org
    > https://www.ietf.org/mailman/listinfo/lake

    -- 
    Lake mailing list
    Lake@ietf.org
    https://www.ietf.org/mailman/listinfo/lake