IETF Logo Mail Archive

Re: [Lake] Ways forward on MTI cipher suite text

John Mattsson <john.mattsson@ericsson.com> Mon, 24 January 2022 14:55 UTC

Return-Path: <john.mattsson@ericsson.com>
X-Original-To: lake@ietfa.amsl.com
Delivered-To: lake@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7D5113A0CF0 for <lake@ietfa.amsl.com>; Mon, 24 Jan 2022 06:55:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.576
X-Spam-Level:
X-Spam-Status: No, score=-7.576 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.576, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OAXQSswe_n5H for <lake@ietfa.amsl.com>; Mon, 24 Jan 2022 06:55:51 -0800 (PST)
Received: from EUR01-DB5-obe.outbound.protection.outlook.com (mail-eopbgr150058.outbound.protection.outlook.com [40.107.15.58]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 329D73A0CE7 for <lake@ietf.org>; Mon, 24 Jan 2022 06:55:51 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=dbCfwey9elXnaLBIuCMBh+TxEHFZPgtwlRcLaEeSZPoDaJTps0BPxaZ8jIEY4WIjQwH/R7DHTrPBpdwkL9d5j6IDEhVAT7jRHoAGpPky89PdNd1SNXbmCvgUHNWWcD18n6H4BdKiV7nBrV5wVwMqzXNPmKaV04pYPM/VaHr5/al6oh2gTiNIl8hu52wZ3QN0ZcdY/8cH8Ht4MVna4McuZ+y1cFmVu0AUlxW/CTkNRqm4DcZ1B9V+9BpFyEE6VdcBtWVh6RfwqnUCnkkXAmiRLIqQLxqWy7oknh7g6yBMwEViZRx2mX4WdPqSB0496sxNZnvgD0urB7vzqgxR6bVDbg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=UP/D+cwMBh9UYDgSrBUO79ROxTqW0EtIBVVmmIz2IHQ=; b=AIsmWFXqJGJvXeK3OM5RRdIMfvK4dc7J4ill+P+/7tnaNw6nwuZbh06/eJTBAyGBlTbyGNlakSOObWH+vBrkztSMhCVJ3vYl1RxHUvgum5U3TACvsvFqQPRm0rdHk/Noq/yeF1zSfxGK1eoyQLgiN6lqkSUktDSaj2/YZqIC0B9pUSDtaQxFl2hN0xkZfmE1Dke1ryC0ktWJh7ZOxRDqC4DSbTjjpSZh8vTuC9QQXFcyIBLIn0TW7ONJxC7c4e+Aa+9wJ8g9jXGJevKh0IbZNdo/5fpohV/2fGza7CmWIhIrA1CkZHW1c4DUTscrLmyvfF8bWVds7CRnugV9ExO2xA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=UP/D+cwMBh9UYDgSrBUO79ROxTqW0EtIBVVmmIz2IHQ=; b=Vli7vJlAX9FPtkTCWIRVbZgJ9WAWKW5rkZVg4WIfjOaI2UUVGez5kjupTQCBKg/XM73xRetW2kandTeTjxAAYfj0ix2qnJQmrggDgbM4PYzYdhDna3gLCVFcGwAKPSG0MqySg4mkCZeZzJS00triet8B4Z7cnClkRVEN1HllE+8=
Received: from HE1PR0701MB3050.eurprd07.prod.outlook.com (2603:10a6:3:4b::8) by HE1PR0701MB2345.eurprd07.prod.outlook.com (2603:10a6:3:6c::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4930.14; Mon, 24 Jan 2022 14:55:47 +0000
Received: from HE1PR0701MB3050.eurprd07.prod.outlook.com ([fe80::ec63:344f:ebbc:a251]) by HE1PR0701MB3050.eurprd07.prod.outlook.com ([fe80::ec63:344f:ebbc:a251%10]) with mapi id 15.20.4930.009; Mon, 24 Jan 2022 14:55:47 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: Göran Selander <goran.selander=40ericsson.com@dmarc.ietf.org>, "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>, "lake@ietf.org" <lake@ietf.org>
CC: Mališa Vučinić <malisa.vucinic@inria.fr>, Russ Housley <housley@vigilsec.com>
Thread-Topic: [Lake] Ways forward on MTI cipher suite text
Thread-Index: AQHYDh+3etYVtTz/9UintzI3aLxfhqxsWo2AgAAEBhSAABIQAIAFlz0AgABAb0Y=
Date: Mon, 24 Jan 2022 14:55:47 +0000
Message-ID: <HE1PR0701MB3050AA43345FF0230EB2BFA8895E9@HE1PR0701MB3050.eurprd07.prod.outlook.com>
References: <F4461112-A859-4647-B4D5-85E83A77803B@vigilsec.com> <C7D041C5-0BA9-4C1B-908B-883EE015F4E9@ll.mit.edu> <AM4PR0701MB2195B935724D8DF4EE9257D4F45E9@AM4PR0701MB2195.eurprd07.prod.outlook.com>
In-Reply-To: <AM4PR0701MB2195B935724D8DF4EE9257D4F45E9@AM4PR0701MB2195.eurprd07.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: cb096c47-72b7-4a17-3d9e-08d9df499b06
x-ms-traffictypediagnostic: HE1PR0701MB2345:EE_
x-microsoft-antispam-prvs: <HE1PR0701MB2345BFDB59F166F7798B5A4E895E9@HE1PR0701MB2345.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: by8tCqrNr7RAL+zfvK/KyUpYKyEUcNGz94LrD9VhiUi9QM1DqRIJMUxpqJK2s9fAosIR9U066S/23U7tuj90HRKmspJ6Ha9qyNij8s804vjUPIuDyQKWoMds6F2eb0WdThP7M4a2esn5jxIPbE0csFVczypsejrk3TQw2kiJcrk483L0TpfbuNOcIwVi64ErvEEfeW1jCq8BxcbQaq3RxFq95v5HiineJnxFCyLWK2TuWn8+pov3n8a/NVb8Cn09EYe1M8Qcqts055IFoIovKiHuArZ/LqzGpyTQhFITEkiiqxVNa+6mLXhzU+IUYsiew+ZajyF5E1QduPpsC5ITPJTeW4pkKCb6UHiIAjq0b2qFaA4fhYPoBwUZWAzTl1shRumlQuATQBjfZtKLTL4Mocm2uPGUUMRdg2kaKYMX7ofo5Zl5l8SqUIQ5EuV+JjrA/92dRlK56y8xnymHO8ekoQO0nDRYK8b4wYNlT9XkCiepTaYJpigXZj4W4D6z5cNAbEFGkS8BOhwZl5FTiEiYP1fAVOzsM0sfmcehxAAP5eP6gEFyPfH9TfvaPoPrr54w2/or0Rs3FmVw6kenG2iT2Ua9ECAkpeBxMyEthn7CgPoH+lw8VKZdJWPi4pWIsHUHyXeMnzh4yG9wSx4/ogQ0PzYXLqJ2r/H8IIwS72Hx5V+jLFEE9LzX6Accnn+hovRsueJ0A+ooBn8eVcbM34DdQhQlyccEDhJmwvJU7kCK7b+2ddcW9icL2qeaaTothBLW1UT8ERwfkAROZHCWGIjpOYW+mwRAD4mRNwm5Yw0LxcCgbOEvHJZcvSA9d5I7GBxdvXuM7vejx9mQYu6gdfUl4dSp++AWY0ypLfoUc4j2OJUPBiTWARIEilDet1rLrZ4Z
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:HE1PR0701MB3050.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(4636009)(366004)(44832011)(316002)(82960400001)(122000001)(110136005)(66446008)(9686003)(76116006)(38070700005)(91956017)(55016003)(54906003)(38100700002)(86362001)(66946007)(4326008)(8676002)(166002)(8936002)(53546011)(66476007)(66574015)(5660300002)(52536014)(66556008)(26005)(64756008)(33656002)(966005)(186003)(6506007)(83380400001)(71200400001)(7696005)(34290500002)(508600001)(2906002)(20210929001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: sVpI+je2BRXsl/DD65HWicTpZ1gElTr+XfzZUJRWpwKIgsaLrOJI3JnxEUSTqpYVqENQvTNjxww1DPGGMWhhZ/bwommSmJzV2YmwiM+aHrTpiMXl0aT8g4DV2suGXfnsJ55u1R8DyJWFNaxvBnOwu8jo3eOQSZHxwUmgudphzCD3SvYO0cy6M6MwCOl0zKAoVzvsNzvNX7+npzR14+4mskSBxHe/8nKEPF1j4VxRcmhWrb6MeszWghPb5eUNru0FQErOCR4PfCvP/dNYZEpJanDDhOu4uGaM7fB6194bfTGVdSmwaCt3NvNGflaCeqKmRWRyoTHmGdAu8JWbU+ESMOvIR6tXzYmRhTBgaKFHdxyDEASuldbI5ShnI2QvxGZ748O9SklX21KKquYgPh2fKVLm2nnsZOEmjW9je6t767ctpYJi1EElv04vPg3sJBUaLp1UP2fyPAVOMh4oeS2jdGSo8W9n2L1MSCjY3uCheQzJWVlCtYZGh9CAvDyVhoXFVrZCiIKFUKzT4OLCwzjelQPxI1RgR4pUxoFWHexIgE8YCuk9fZuSynqYCnLVjV6qVpGvb7F1DARroUJl9UzBA0sg7UNIyFIcr4oL2S3O5nsreknEp5ejcp2nByjTBqJ/1ZEuSaAo4AEKffNj/kfryekbe/UbVj7P+eURX4muuwF//e1vyV52XEYvOsu/JqF9MRp11XfvdZ6+JkaK1YUl+Wwh8vr9XsJQ8OBRlslPMiaDUTdIJD0F03vWRBaeQljpPGtVXSbYoCoz2i+bn+Na/K3qCckOg8hOxCgelCpPAb5/6Pm5wEmxXyZ7PfdUrVoltlQkooB9rMetIDCdgxlGyf/PiKaylwe7D+y0V0+1Xp+cdzl6xiRAluXMg1svdeEn+Les2yeyzGFbqSlE8IVgID9PsvDiOG/tQIIAqegGaM5ztFvqG6xNzsYb2B8z0h1Cla7Mford+H/E1JHLDtwIvC7wx4srHxs0wMuU79ty1IxywQnrz0R8Lc+/+xiwy0uZDCowhF0icSrNaKNejSJR6j7JAEXFww0J6/ejhbTOlGS4fMHNnSMenVBXLYqDx2SE2lzlxxKu+QwhAu/lcnaYivNfRdBzRU4sko15WEufrO5LKPiFKQ9oFEFPZaB5MuwNMcMIsmY4J1qpjYxbVSJuz64SM/UNRb5gcdrD+8VyVNwucgFCK0xLjF/hQfv71AYRrjCaAgKfZC/zJ2IeXqGoOtEmgZyZXI3PZcL7I9j32YnyUMlOo25XRGfNj5CCB9OFc66QPWhAH07G1QYRK5kLbDclweJsJuXp5mNsIN7AYETb/+Q+PrXBEQsBHSPuu/YZ+ECWMv08/9YfM2nwSd+iUTgZYf1R/P3CN8mmkKRD5ibpH52qgshYUOc7AdX4bJQA9PN7RiDpTZnQ0TMbqMoaxFUo6LRorC7BkPpwCGCFdr1SGS+WNSKhjlqYKY2z9CHoSUyXF3yE4cXoeRBYMI8R9lI3/OcGUlis+8eZR/o3CM/9rQMMcZiawXt9D88WDZGCDFaSEDSvMr8COSo8CYMYR/71kwg4TPHQuO8bVqqfSAy5WpmmuSIx0N2T0/xhxRJMVQGV6+9M6/UxA/K2CT151qou20QMG63jeGahS370ioY7UfVAgdCqXbZM9+LfRB6FeE9IPwg7l2EE8blSLk4/Qw6qJDqaeQcVR086OsqCuiU=
Content-Type: multipart/alternative; boundary="_000_HE1PR0701MB3050AA43345FF0230EB2BFA8895E9HE1PR0701MB3050_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: HE1PR0701MB3050.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: cb096c47-72b7-4a17-3d9e-08d9df499b06
X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Jan 2022 14:55:47.4870 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: JGXZeDK9LykMzWWXqlhn4t+JjvuPzSixZOiebuQnJSelMWf8zrK3l1wD25M83BJ3vtJjBqeeHzDIQyankbbJV+pz+Zcbw7yon8z2cy0us8M=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0701MB2345
Archived-At: <https://mailarchive.ietf.org/arch/msg/lake/ZH0dsXciX5SAFIw0raIoEE1LMvU>
Subject: Re: [Lake] Ways forward on MTI cipher suite text
X-BeenThere: lake@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Lightweight Authenticated Key Exchange <lake.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lake>, <mailto:lake-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lake/>
List-Post: <mailto:lake@ietf.org>
List-Help: <mailto:lake-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lake>, <mailto:lake-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Jan 2022 14:55:57 -0000

Hi,

I think the most important thing is that this MTI discussion does not take up too much time. It would be good to get this over with. I can live with both options. If we go with option 2. the only viable choice seems to be 2/3, which seems to be the most common in current implementations.

- As I said before I think a MTI cipher suite does not improve interop much. The cipher suite is just one of many parameters needed for interop.

- If we go for option 2. I think the the MTI requirement should be on the software implementation and possible to disable when compiling for a specific device. Constrained IoT is different from non-constrained TLS/IPsec in that closed ecosystems are very common and that supporting several different algorithms on a device might not be feasible due to storage limitations. Closed ecosystems with devices using 0, 1, 24, or 25 should not be forced to use storage for 2/3 that is never used. There are existing implementation of 0, 1, and 24.

Cheers,
John

From: Lake <lake-bounces@ietf.org> on behalf of Göran Selander <goran.selander=40ericsson.com@dmarc.ietf.org>
Date: Monday, 24 January 2022 at 12:04
To: Blumenthal, Uri - 0553 - MITLL <uri@ll.mit.edu>, lake@ietf.org <lake@ietf.org>
Cc: Mališa Vučinić <malisa.vucinic@inria.fr>, Russ Housley <housley@vigilsec.com>
Subject: Re: [Lake] Ways forward on MTI cipher suite text
Hi Uri,

Just to see if I understand your comment, I compared your recent response with the mail from December:

https://mailarchive.ietf.org/arch/msg/lake/1ifhkgxtqIHgt2AuQ6UMytkbY-o/

I thought Option 1, i.e. having recommended by not MTI cipher suites, matched the position in the referenced email better.  Maybe I misunderstood something?

Göran


From: Lake <lake-bounces@ietf.org> on behalf of Blumenthal, Uri - 0553 - MITLL <uri@ll.mit.edu>
Date: Thursday, 20 January 2022 at 22:41
To: lake@ietf.org <lake@ietf.org>
Cc: Mališa Vučinić <malisa.vucinic@inria.fr>, Russ Housley <housley@vigilsec.com>
Subject: Re: [Lake] Ways forward on MTI cipher suite text
I agree with Russ, and support “sole“ MTI 2/3.

TNX

Regards,
Uri

> On Jan 20, 2022, at 15:37, Russ Housley <housley@vigilsec.com> wrote:
>
> Selecting one MTI provides the broadest possible interoperability.  I think it would be harmful at this stage to divide the implementers into 0/1 and 2/3.
>
> Russ
>
>> On Jan 20, 2022, at 3:33 PM, Mališa Vučinić <malisa.vucinic@inria.fr> wrote:
>>
>> Russ,
>>
>> Thanks for your feedback. Could you state any technical arguments why do you believe that would be the best way forward?
>>
>> Mališa
>>
>>>> On 20 Jan 2022, at 21:22, Russ Housley <housley@vigilsec.com> wrote:
>>>
>>> I would prefer to see one MTI (Option 2).  I can live with that MIT being 0/1 or 2/3, and I have a mild preference for 2/3.
>>>
>>> Russ
>>>
>>>
>>>> On Jan 20, 2022, at 12:03 PM, Mališa Vučinić <malisa.vucinic@inria.fr> wrote:
>>>>
>>>> Dear all,
>>>>
>>>> During the last LAKE interim meeting, we discussed the issue
>>>> of an MTI cipher suite and we agreed for the chairs to open a
>>>> thread on the subject. As a reminder, the previous discussion
>>>> points on this topic are summarized in github [1] and in
>>>> John’s mail dated 13 May 2021 [2].
>>>>
>>>> We’d like to see if there is rough consensus in the WG on
>>>> this topic, at this moment in time. Knowing that the formal
>>>> analysis of the EDHOC-12 specification is under way, we
>>>> should keep in mind that additional input may arrive down the
>>>> road from teams working in the computational model.
>>>>
>>>> As a reminder, the most recently discussed text for this
>>>> is in a PR [3] and states:
>>>>
>>>> “For many constrained IoT devices it is problematic to support several crypto primitives. Existing devices can be expected to support either ECDSA or EdDSA. Cipher suites 0 (AES-CCM-16-64-128, SHA-256, 8, X25519, EdDSA, AES-CCM-16-64-128, SHA-256) and 1 (AES-CCM-16-128-128, SHA-256, 16, X25519, EdDSA, AES-CCM-16-64-128, SHA-256) only differ in size of the MAC length, so supporting one or both of these is no essential difference. Similarly for cipher suites 2 (AES-CCM-16-64-128, SHA-256, 8, P-256, ES256, AES-CCM-16-64-128, SHA-256) and 3 (AES-CCM-16-128-128, SHA-256, 16, P-256, ES256, AES-CCM-16-64-128, SHA-256). To enable as much interoperability as possible, less constrained devices SHOULD implement all four cipher suites 0-3. Constrained endpoints SHOULD implement cipher suites 0 and 1, or cipher suites 2 and 3. Implementations only need to implement the algorithms needed for their supported methods.”
>>>>
>>>> The options we see at this moment in time are:
>>>>
>>>> Option 1: Keep current text as-is unless/until more feedback
>>>> is provided that motivates re-opening this issue
>>>> Option 2: Proceed with selecting a single MTI cipher suite
>>>>
>>>> We'd like to know if the WG can live with Option 1. Note that
>>>> doesn't mean you think option 1 is perfect, just that it's
>>>> something with which you can live. If you prefer option 2 or
>>>> some other option please suggest specific text.
>>>>
>>>> Mališa and Stephen
>>>>
>>>> [1] https://github.com/lake-wg/edhoc/issues/22<https://protect2.fireeye.com/v1/url?k=31323334-501d5122-313273af-454445555731-ff26b0af930d12f4&q=1&e=2f7b2843-fdd9-4462-98d5-2e3b1dea8354&u=https%3A%2F%2Fgithub.com%2Flake-wg%2Fedhoc%2Fissues%2F22>
>>>> [2] https://mailarchive.ietf.org/arch/msg/lake/75nRaD6czYG6RqLT06Qe8C_lsaM/
>>>> [3] https://github.com/lake-wg/edhoc/pull/225/files<https://protect2.fireeye.com/v1/url?k=31323334-501d5122-313273af-454445555731-9795506a0cfc96b8&q=1&e=2f7b2843-fdd9-4462-98d5-2e3b1dea8354&u=https%3A%2F%2Fgithub.com%2Flake-wg%2Fedhoc%2Fpull%2F225%2Ffiles>
>>>
>>
>
> --
> Lake mailing list
> Lake@ietf.org
> https://www.ietf.org/mailman/listinfo/lake

v2.23.0 | Report a Bug | By Email