IETF Logo Mail Archive

Re: [Lake] Ways forward on MTI cipher suite text

Peter.Blomqvist@sony.com Fri, 21 January 2022 07:33 UTC

Return-Path: <Peter.Blomqvist@sony.com>
X-Original-To: lake@ietfa.amsl.com
Delivered-To: lake@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 050C53A128E for <lake@ietfa.amsl.com>; Thu, 20 Jan 2022 23:33:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.671
X-Spam-Level:
X-Spam-Status: No, score=-2.671 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.576, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=sony.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id heVRcyeFpEuy for <lake@ietfa.amsl.com>; Thu, 20 Jan 2022 23:32:56 -0800 (PST)
Received: from mx07-001d1705.pphosted.com (mx07-001d1705.pphosted.com [185.132.183.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 774073A127C for <lake@ietf.org>; Thu, 20 Jan 2022 23:32:55 -0800 (PST)
Received: from pps.filterd (m0209326.ppops.net [127.0.0.1]) by mx08-001d1705.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 20L11WI4021621 for <lake@ietf.org>; Fri, 21 Jan 2022 07:32:52 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sony.com; h=from : to : subject : date : message-id : references : in-reply-to : content-type : content-transfer-encoding : mime-version; s=S1; bh=0Z9inKyOxs5zcDuhUdnaKudIKKC17X0IEK4O6VuQBIM=; b=klYUyvXc7w+z4VOHI88oXhIdEphCg71QQAyaMq+jka0B8slQpLcVRCVdr0GHvyVh93bs J2hzMt/PkNbHP723dLr3zH/g+6pmXsUeou/j+juI67LKA3EbjOh8AHiIMkzrXrtAwULb Ystwwsl4AO0/Xy2AFfvczT1wUUafXREoSUAoUqoP611U/KBc9zQh5qC2+yh+jzRZGWXN 3mahk6rWYv8cTRG2p2BKrSjydPC3bAdaiByDcX8g/P+6w9iq6KG9hCV2Ugdnh2RDY/3a zo7MChbHl6giSIwLNK90/s/jPIJr2W5CzZuFYIjLcpqVYNwU+6VEMscMahqH2aHP8E3z xw==
Received: from eur05-vi1-obe.outbound.protection.outlook.com (mail-vi1eur05lp2170.outbound.protection.outlook.com [104.47.17.170]) by mx08-001d1705.pphosted.com with ESMTP id 3dqjsrgdry-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for <lake@ietf.org>; Fri, 21 Jan 2022 07:32:52 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Xh375VxQpQOA+NLmOg2oJ6Ml+fxKBOkUXZ51+gENjfAIOV+AC/Wnoy0IwkUGr1GQZWG4/9dMCufnCjXFU+AMvCRPEmUfmb7h6Fx4xfdYMvshQ6qlYWVjW3jWV742ZXJVYydGYxdCClf6vknjGKY5LY8lE4Qo218Dso6q1s5l4O/YGuWpVZU0XZcF7vQGga/TaGjnsByB3+kcVHopilFtrdputgcrSX5YcRea1SGIkUivjJi0/DjZkQbya/z9cqNYI697Ksi/507DZ7Lo8TCqbedFFcY9zFtxNfzOg2K3ucKLHrLu3zYHaUel0wFTPNgoykCvfYgH4XhIkulVlnJ6fw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=0Z9inKyOxs5zcDuhUdnaKudIKKC17X0IEK4O6VuQBIM=; b=SCpOLmeX7qRY9GJYW6QzatiXEYACyQ2UCNihuV7bUFPS4dCgUhXriRf0IEZu9SqPwiRFRnvLmP4COcXe06tT0r1sOln1CzEmpjaLJJ6C1epPuAMdL+1798hI/qoD+o+QWlpqyWK/wxiSpQNfqS/LZshuhL4e/e1j6rqcNxSZdJpbYrlsxOvNh0+GqSv8ggWxFQHIbP7XB4+6u/NSku8MAFlzm0tYnSWgVy3hzVSv4AuVGBTCoVknVELVjVeJZXUEmQvCo+tsYxmG//mVzvyh3D0MhGcvLN9mnoPQnqIq4hqNkw/3mITO+br6vkxPaLsv+mAykzoLOPbyu4UQ8+bWJA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none
Received: from AM8P193MB0979.EURP193.PROD.OUTLOOK.COM (2603:10a6:20b:1ea::23) by AM0P193MB0468.EURP193.PROD.OUTLOOK.COM (2603:10a6:208:58::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4909.8; Fri, 21 Jan 2022 07:32:48 +0000
Received: from AM8P193MB0979.EURP193.PROD.OUTLOOK.COM ([fe80::d04d:f233:cb7f:35e6]) by AM8P193MB0979.EURP193.PROD.OUTLOOK.COM ([fe80::d04d:f233:cb7f:35e6%5]) with mapi id 15.20.4909.012; Fri, 21 Jan 2022 07:32:48 +0000
From: Peter.Blomqvist@sony.com
To: lake@ietf.org
Thread-Topic: [Lake] Ways forward on MTI cipher suite text
Thread-Index: AQHYDh+7dGT3LKZJvEyDUzfSJbWbxaxsWo2AgACzOYA=
Date: Fri, 21 Jan 2022 07:32:47 +0000
Message-ID: <AM8P193MB0979287A6652658C65E8B24D835B9@AM8P193MB0979.EURP193.PROD.OUTLOOK.COM>
References: <2A2081E4-BAAF-4292-925E-0B683AA6CD23@inria.fr> <F8E1F91B-FEEB-44E9-B87F-1F0767123523@vigilsec.com>
In-Reply-To: <F8E1F91B-FEEB-44E9-B87F-1F0767123523@vigilsec.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: a7b95c08-73d5-4552-8b02-08d9dcb0391c
x-ms-traffictypediagnostic: AM0P193MB0468:EE_
x-microsoft-antispam-prvs: <AM0P193MB0468F7000796808B3DB0F883835B9@AM0P193MB0468.EURP193.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 93801nDcC5ngUK0JCxCt3B65HHb6lqUFrBL8LNbOk7UDjYVLLjS1fprla8ykdNtcUFIG8yC5XandLzeDFt52KF5yLeHOgSuWrc8mlm5cCN42IqIZZ426SdByNnP/wPSfj18Vr3mdP3SBi59eVUp+8bwQDIQ10sR3LDPWURydOPDKK5/+IZlQEOHX5WZJX/O+gAWe2TDYMpQ9ATM1QCvN5yDGacyMk1j+7E5LHlSbUETnyLAY0xWf8EgWN6eHH1OMQFdmZHNPFt0WIFSDguBItA6638OyFXwyQd9L4+qsmXcmFIm2+zLs4eok3p3PnHZutGiDhRk4B2CLFvAI7OHK+EBLlseGcEbTHD1BI5UjNVqpeO1BEI82+PEm4ZFQFtOQ8AP8lIql0XxD50rNc72herbhRXltRAlgYalySxyxELFOUBCZIC7gTvrxlu6WIudJzD+RX0UnWSoHkFR5BaUPA9n/34tGenngdFCd2KEyyRgBAnEpuQSLHDTYTParwCkoGtLxpf0eEp9QbuNLfT8HFmPecex8do4KEoZpnk6JVkb9VBa9fL+q3jPc0zE4cM920CcvtATyh+vSP5/sXGlFMN+j0+rLRs0z70PRQ5PXOYeJiiVkkKwr/3lCnlf1kstg4OtQogB/g7C9xoSXsdspFXJfvkW/gCM2obpGlyXttTD+w42eAWOfgBOCwOJstZ063LlKY/5pu4GOttmqpA8A6+ZD1tDdfaGvRE5eG6K1j0sz3lHlT49YIoRNq93Emiy8iT8NAkczZjtocOII4T5/ZbHqxINCHUrvDndoMuxy7aCtF1SIrWeAlj3sfKuBThUwZH3Q4GfPQxw//RJcS2V9EA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM8P193MB0979.EURP193.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(4636009)(366004)(8676002)(5660300002)(6506007)(66574015)(7696005)(8936002)(55016003)(83380400001)(2906002)(52536014)(71200400001)(9686003)(66946007)(66476007)(64756008)(66446008)(66556008)(33656002)(53546011)(966005)(38100700002)(316002)(508600001)(26005)(86362001)(38070700005)(82960400001)(186003)(76116006)(122000001)(6916009); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 5Q5ushVmN8ZlgJMqF1QL70fsaMRj+LJGLEfIrs2QrgJpaE18uphLLkgID3FF3H3107p5LZRJDYCMSAHJZwx7s000ldc0XuoMqNPhDCssi/L/eR5Vhh6t7MQrHC7IRCPV96DJPt5qRXQQmPivh41IdkQFEQGJzZj5nwJN+by/1D2EPIoapDI8kvIg7usbPQcJaHBUAj7n11+c0KZUA4o64QdGw2J190r6jgyxYsaK7Yf8rjB/lHG1XxS4zHEifmzekG227c5WS++eZM1McqiWT7SK/93hGevMXXyFIRe0xq0HWTzP/MFD3FL6UmNjsOww0DY4i4cI6LVBEfkCsrrENKxGSB174zVxWAGcbO7DEdNzh0vJ7+1LDVnxu+Y8vvGe0uG448Awwr4NWQfcfTckQDXQl2+4lFGegjQkEzeY34DxdteIhFEZQZvXtehp+n+NotzKn0tovDjJyHoyzBvdFyMB0N/iPO/38FUMGO1MbHvdIT9ggdmYvjL34vrkgOF0951Bz4Vv/03TMJ9Z3ch+J+avZxBB/HYhALuSonzn50SSpQaifFLDqY5fc6uFpS+Jgek3cCr2i4EPK4qobVz/nvGbSFTpoUmJ1TFUSz6CxEZvNBOcHjCms+xw2YmB3wd6gJ43CXMgfC5EiNa74sJQadmocqW4jt0reAMF5+XDz2iJn66M9Vy0fyuKqtTYAeniYUa0c6D9XNR380tIaqp4T89wgPYxZ0Qhq6n+2Jskhl7VxgKZ8RE0dzWdCN6DbnOu1mVtutBPrvGnIyvAIMkkM1E+nt2kHxCBfRNBXsppEi28qLYaZ6/xucYg+Mvw4RNGoKSrirOFu06DV6adKhVBBWiv4pFsoGTHHIpenNp7zu5FIUpB1Px96S/Nr/fkrcc7CXL/y7TrK1jmXGciarPmmtwza0JVxMSi2U1V4RalKXtlHsJcb6qgbOzCpTw6+GawHLsI8ST/aSI6ccR3oUnlghQ2SBE6U/fzJD7GbFMiJpdD7Dom6W2P5GsxsY5eMNOIkePV+EBoWiGEtpi/+eNpBCKGY+Ir2OQUoCqt2lOnv/yyK6mj15QE04ut4I+1tAmfb2yvKybJNAe+JZVFORlIr7rLsZ2Y1D4W0311vujdCGKBoQDiL86dJ2d/fF1kSBCnXIVhFYw5MC/3L++viqmX+e+JumnDZyuWR4C2aXb2Hj1StxeqFL38LSDJNn2MQCeXk218d99p5nYzyYUqLbIO1C6GzGkWgBVypZy81ScqOJ/gotLe3iPiq40jKuZUot1kcFjGNoa/DU2exLtv9v2tLjNcRVUzOjO++ecnuQdTFn7DDZp+3YFmvs7uTIfq3/ws+8SB+pA3Ld5cDvHnwoF1vjhud/E+s9l7xEw+QmzB0CoTPPymKf0PH2W8OvYwYHMANzQ9DG2aGjDbY9kK27YA5M7W9OAwWRRkiljuo3hii+tnKMzf6kj32EYdOEJt10r3sPgGg3TQCPXPLHd0nrB9RIYwOE2OxWu8UyMtU7HuKtFcJA8YStdzMf5YlRGmTZCQzw39q7gDf17T2OPmaFF5a+zqv97vxvKfVN2DOweQ/EsqGVH3DkJajDx251rz00Vyp5aUvxnytB9Py7Er9pWU69BQ9J+BboWZrS/dvm66vnM45mxP4bdvf8pFr3BluWopJ+EeWKJvxuQWnH8+R1HDQw==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: sony.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AM8P193MB0979.EURP193.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: a7b95c08-73d5-4552-8b02-08d9dcb0391c
X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Jan 2022 07:32:47.9225 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 66c65d8a-9158-4521-a2d8-664963db48e4
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: VmG1XenXMRopK7GI3fTa6nObfWSYzAd/hSWWvG5IJYFW7dub4tGK6pzAlrpFXVbOU7C3YfOhVW/l16H4Vg82hXKkD4TBawPVMCMZHeCL5KI=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0P193MB0468
X-Proofpoint-GUID: Nhsma54dYVxDeIRXT_Nx0BVllGQHuUYx
X-Proofpoint-ORIG-GUID: Nhsma54dYVxDeIRXT_Nx0BVllGQHuUYx
X-Sony-Outbound-GUID: Nhsma54dYVxDeIRXT_Nx0BVllGQHuUYx
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.816,Hydra:6.0.425,FMLib:17.11.62.513 definitions=2022-01-21_02,2022-01-20_01,2021-12-02_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 suspectscore=0 adultscore=0 bulkscore=0 impostorscore=0 lowpriorityscore=0 spamscore=0 mlxscore=0 clxscore=1011 malwarescore=0 mlxlogscore=999 phishscore=0 priorityscore=1501 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2201110000 definitions=main-2201210047
Archived-At: <https://mailarchive.ietf.org/arch/msg/lake/XSiqd9Uv4D62EpTVxv-Scu5hqcQ>
Subject: Re: [Lake] Ways forward on MTI cipher suite text
X-BeenThere: lake@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Lightweight Authenticated Key Exchange <lake.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lake>, <mailto:lake-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lake/>
List-Post: <mailto:lake@ietf.org>
List-Help: <mailto:lake-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lake>, <mailto:lake-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Jan 2022 07:33:01 -0000

To really guarantee interoperability the MTI cipher suite needs to be unambiguous and I think the set should be  minimalistic to account for device constraints.  
I can live with  0/1 OR  2/3. 


Best
Peter
 
 
  

-----Original Message-----
From: Lake <lake-bounces@ietf.org> On Behalf Of Russ Housley
Sent: den 20 januari 2022 21:22
To: Mališa Vučinić <malisa.vucinic@inria.fr>
Cc: lake@ietf.org
Subject: Re: [Lake] Ways forward on MTI cipher suite text

I would prefer to see one MTI (Option 2).  I can live with that MIT being 0/1 or 2/3, and I have a mild preference for 2/3.

Russ


> On Jan 20, 2022, at 12:03 PM, Mališa Vučinić <malisa.vucinic@inria.fr> wrote:
> 
> Dear all,
> 
> During the last LAKE interim meeting, we discussed the issue of an MTI 
> cipher suite and we agreed for the chairs to open a thread on the 
> subject. As a reminder, the previous discussion points on this topic 
> are summarized in github [1] and in John’s mail dated 13 May 2021 [2].
> 
> We’d like to see if there is rough consensus in the WG on this topic, 
> at this moment in time. Knowing that the formal analysis of the 
> EDHOC-12 specification is under way, we should keep in mind that 
> additional input may arrive down the road from teams working in the 
> computational model.
> 
> As a reminder, the most recently discussed text for this is in a PR 
> [3] and states:
> 
> “For many constrained IoT devices it is problematic to support several crypto primitives. Existing devices can be expected to support either ECDSA or EdDSA. Cipher suites 0 (AES-CCM-16-64-128, SHA-256, 8, X25519, EdDSA, AES-CCM-16-64-128, SHA-256) and 1 (AES-CCM-16-128-128, SHA-256, 16, X25519, EdDSA, AES-CCM-16-64-128, SHA-256) only differ in size of the MAC length, so supporting one or both of these is no essential difference. Similarly for cipher suites 2 (AES-CCM-16-64-128, SHA-256, 8, P-256, ES256, AES-CCM-16-64-128, SHA-256) and 3 (AES-CCM-16-128-128, SHA-256, 16, P-256, ES256, AES-CCM-16-64-128, SHA-256). To enable as much interoperability as possible, less constrained devices SHOULD implement all four cipher suites 0-3. Constrained endpoints SHOULD implement cipher suites 0 and 1, or cipher suites 2 and 3. Implementations only need to implement the algorithms needed for their supported methods.”
> 
> The options we see at this moment in time are:
> 
> Option 1: Keep current text as-is unless/until more feedback is 
> provided that motivates re-opening this issue Option 2: Proceed with 
> selecting a single MTI cipher suite
> 
> We'd like to know if the WG can live with Option 1. Note that doesn't 
> mean you think option 1 is perfect, just that it's something with 
> which you can live. If you prefer option 2 or some other option please 
> suggest specific text.
> 
> Mališa and Stephen
> 
> [1] 
> https://urldefense.com/v3/__https://github.com/lake-wg/edhoc/issues/22
> __;!!JmoZiZGBv3RvKRSx!vR_zYuCKuM5OOd8c4klrvqgMTmgbSQ2HVUgsasnpK2W4f4zZ
> c88K6QeGZ9L6HbSdy47x$ [2] 
> https://urldefense.com/v3/__https://mailarchive.ietf.org/arch/msg/lake
> /75nRaD6czYG6RqLT06Qe8C_lsaM/__;!!JmoZiZGBv3RvKRSx!vR_zYuCKuM5OOd8c4kl
> rvqgMTmgbSQ2HVUgsasnpK2W4f4zZc88K6QeGZ9L6HZMhMsjh$
> [3] 
> https://urldefense.com/v3/__https://github.com/lake-wg/edhoc/pull/225/
> files__;!!JmoZiZGBv3RvKRSx!vR_zYuCKuM5OOd8c4klrvqgMTmgbSQ2HVUgsasnpK2W
> 4f4zZc88K6QeGZ9L6HQ_9_h3C$

--
Lake mailing list
Lake@ietf.org
https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/lake__;!!JmoZiZGBv3RvKRSx!vR_zYuCKuM5OOd8c4klrvqgMTmgbSQ2HVUgsasnpK2W4f4zZc88K6QeGZ9L6HTKkJ6oR$

v2.23.0 | Report a Bug | By Email