IETF Logo Mail Archive

Re: [Lake] January lake wg virtual interim webex details

Göran Selander <goran.selander@ericsson.com> Fri, 20 December 2019 14:39 UTC

Return-Path: <goran.selander@ericsson.com>
X-Original-To: lake@ietfa.amsl.com
Delivered-To: lake@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E3BB412006F for <lake@ietfa.amsl.com>; Fri, 20 Dec 2019 06:39:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O1KKPdFGlhYT for <lake@ietfa.amsl.com>; Fri, 20 Dec 2019 06:39:47 -0800 (PST)
Received: from EUR03-AM5-obe.outbound.protection.outlook.com (mail-eopbgr30074.outbound.protection.outlook.com [40.107.3.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1BFAD12006E for <lake@ietf.org>; Fri, 20 Dec 2019 06:39:46 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Z/pOsUMrZ1WaltvSf3+hsrP3lCCN8CMPOpvJkvecGbAeXt138q+kTQXkFXywsRb2091w95T983hpRvErLtcU2mFeN4EDwZRVOQ/LPoIeWBwYJ3A0EROWFUpgp0/ap2Bx1ADXdiPmJNaL6bVwH1iwrakpNPo2DGsbyqBx/1eUsN8/Cp5ulhKhvTE0qFt/3hlwIcl6wITaMNvP/AG7BsRIMs0kJeabyuYuRETRPKCh1B4qIOKX4tyQ00CbqcVfUdOkzdzwzfQDmSrLbKQLWpckU76b3Ffw6sZ/bkl/wlMjne0HGRHaTCAajxCVhmY3P2vl+Lfx4KipzwAcnkxT5M4zjA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=5LlKm6acn9qhl/7l8Vo/qDypalSUaJ9atdftZu+AS4k=; b=bmuG4GKZKRa0tuvM7TqUPHd0E2MGLjulAatWKJ9pdE6IBfxmjl+lNMTNPXr8IV8I/wBmHbleS9kwW5bYRHibRhj5vRbh1P3r44+U6rqODbugw8aHWCIh6obKR6mt8Gj5UrIYpDhfbUPLaEFhKaTTK70RPt4Rh9k4rsWSscC1Rlm8vvRPqAxRTRpXxC89+GDeBZd3pPM7Bh8nmrHIK/MTflSYw5xjB3iHOLdurzQIsdpQ4atDF/p1yDj6gXH5fHK+DdBWaY9OTo/3JK1XkYQ4s6Z0KIJxVr4oR5+pczlkMlVO+L2mQWqu3va1oPFEK14mgcYitOW0Fy+ePh+T+ZN6Ag==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=5LlKm6acn9qhl/7l8Vo/qDypalSUaJ9atdftZu+AS4k=; b=F9h3t5zyyTeW3eN0g20J8BGSfkvh3C+QBphf9DkoAVXM6OE+wSYH1AkQiSrpSKfkV3SQgTmET6/fdQDRkAi6c0q4+Yq2mSOH2aoJlOJNUq2Y/g80sDuh35Ij9c7eGGCHOdgtp38560w5AAXvs6Y3xcBYJjMgM5xFWlCpuuoBlEQ=
Received: from HE1PR07MB4172.eurprd07.prod.outlook.com (20.176.163.140) by HE1PR07MB4412.eurprd07.prod.outlook.com (20.176.162.13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2559.10; Fri, 20 Dec 2019 14:39:44 +0000
Received: from HE1PR07MB4172.eurprd07.prod.outlook.com ([fe80::538:4bc2:5936:6252]) by HE1PR07MB4172.eurprd07.prod.outlook.com ([fe80::538:4bc2:5936:6252%3]) with mapi id 15.20.2559.012; Fri, 20 Dec 2019 14:39:44 +0000
From: Göran Selander <goran.selander@ericsson.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, "lake@ietf.org" <lake@ietf.org>
Thread-Topic: [Lake] January lake wg virtual interim webex details
Thread-Index: AQHVtRn8YVwfhvlN10qeZvLsfFU506fDLTMA
Date: Fri, 20 Dec 2019 14:39:44 +0000
Message-ID: <D0083AF6-A7E4-4E00-90A2-E4E38C269C12@ericsson.com>
References: <4cb9f698-d7b6-2f5d-c853-1679ea6ddd8f@cs.tcd.ie> <3d77de35-8a6a-82ee-bb05-4de0e716d731@cs.tcd.ie> <34e0d061-e826-6c9d-6fee-3ea81915fedb@cs.tcd.ie>
In-Reply-To: <34e0d061-e826-6c9d-6fee-3ea81915fedb@cs.tcd.ie>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.20.0.191208
authentication-results: spf=none (sender IP is ) smtp.mailfrom=goran.selander@ericsson.com;
x-originating-ip: [213.89.246.8]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: e40aa1ad-1ac1-4cb9-6663-08d7855a74c3
x-ms-traffictypediagnostic: HE1PR07MB4412:
x-microsoft-antispam-prvs: <HE1PR07MB4412ECCA4EB3AE2484B46326F42D0@HE1PR07MB4412.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 025796F161
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(136003)(39860400002)(376002)(366004)(396003)(346002)(199004)(189003)(66476007)(66556008)(45080400002)(6512007)(64756008)(66446008)(66946007)(76116006)(110136005)(71200400001)(5660300002)(296002)(316002)(26005)(86362001)(53546011)(6486002)(186003)(4001150100001)(36756003)(85182001)(8936002)(33656002)(6506007)(16799955002)(2616005)(966005)(478600001)(81156014)(8676002)(85202003)(81166006)(2906002); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR07MB4412; H:HE1PR07MB4172.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: zq+G7IQsfLdxiWAy0KMYl5MR/Y9tR+ONK8XYJd3s2eIlFgewhMJlMRm9mdoM5dFl+bZIXHxlw9qve+MK52MvPAFJeajyrzaxRycHRO39WWv4o5nTlay9CtDlmezLSu8vUjB0aYJRY7cT86IbRW8UoR3FSfn15U4ej5cjnxj4gUXCqtjhkWBzwHMtnPR1jMJTyqlJtnNQuJ3RssjlQhwdN9fMKqpiWTzhG6BfOKERHcN+CSfauisUubRKOsFyxv5QJSkkS6uEI+0+MdcuVf72WXBvWYtJLjNSLOcQsRaXGk5MPJyJUN8GpUFBuhuh+FgxzkJQEEwBitk9NHII/BCaZdbxxyLRtX0BZ41D6/fPzkwnvA14vyrj85i3Qgzu1XXHal7X2rdgifDvyxFRIt1DJb5fLHpSp1Gwyr1fui1RQdiEtWnjPYXpstRqAAU4HeDPVbogzQCt6XrwYg2LFl3t22IaCOth6k5un7ZikjI20+w=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <3A4E83954AD5FB49B04368E8597E76FD@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-Network-Message-Id: e40aa1ad-1ac1-4cb9-6663-08d7855a74c3
X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Dec 2019 14:39:44.5889 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: IHi7v5IQD2YNWY+l5COYN4cxpevmkoML8CkSDf4RGiY2uMGG1fhwC1GhmWxWVl9si57WGoup48EoqksDJCBs63X4tbmr6Phci5eCpusxcdE=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR07MB4412
Archived-At: <https://mailarchive.ietf.org/arch/msg/lake/_WlRS3MM8tcGaGqeAe6xXXu05XI>
Subject: Re: [Lake] January lake wg virtual interim webex details
X-BeenThere: lake@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Lightweight Authenticated Key Exchange <lake.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lake>, <mailto:lake-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lake/>
List-Post: <mailto:lake@ietf.org>
List-Help: <mailto:lake-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lake>, <mailto:lake-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Dec 2019 14:39:51 -0000

Hi,

To stimulate further discussion, here are some things that have been discussed and are addressed in latest version of the requirements draft [00].


1. Public key credentials
    
Both public key certificates and raw public keys need to be supported. Certificates are needed for generic zero-touch deployment. Raw public key is a significant message size optimization if the public key is already trusted. Two different public key types have been discussed: public signature keys and static Diffie-Hellmann keys. In the latter case signatures are replaced with MACs leading to a significant reduction of message size. Hence static DH keys are desirable to support.
    
Working assumption: support for signature based and static DH based authentication.


2. Mixed credentials
  
Mixed credentials, one party certificate and the other RPK, are motivated by a use case. Because of 1 we also need to support mixed types of public key credentials.

Working assumption: support for mixed signature and static DH based authentication.

    
    
3. PFS against compromise of which key material?
    
Examples:
    - protection against the loss of long-term keys at the initiator
    - protection against the loss of long-term keys at the responder
    - protection against the loss of ephemeral keys
    - protection against a bad RNG at initiator or responder
    
Working assumptions:
    - Protection against loss of long-term keys at initiator and responder.
    - Protection against bad RNG using randomness improvements such as draft-irtf-cfrg-randomness-improvements and analogously for symmetric keys
    
    
4. Number of round trips/messages and frame sizes
    
Mutual authentication requires at least 3 AKE messages. In radio technologies such as 6TiSCH and LoRaWAN performance is affected by AKE messages fitting into radio frames. The amount of data available for AKE messages is not fixed but depend on radio configuration such as scattering factors, data rates, number of hops etc.

    - The AKE could be spread out over 4 messages of smaller size (compare SIGMA-I and SIGMA-R). In principle, for certain AKE message sizes and radio configuration, the number of radio frames could be smaller with 4 AKE messages instead of 3. In practice, the number of radio frames may be either smaller or larger with 4 AKE messages instead of 3. 

    - With 3 AKE messages, the OSCORE request may be sent together with AKE message 3 resulting in 1 round trip before sending encrypted traffic data. If the AKE has 4 messages, then the protocol is never 1 RTT before traffic data, which increases the time for completing the protocol.
    
    - Experience from IKE shows that 4 messages are preferred for unreliable transport such as UDP. For LAKE, however, we assume transport over CoAP or other reliable transport.
    
Working assumption: The AKE shall have 3 messages.

    
5. Number of round trips/messages and identity protection
    
What identifying information shall be protected against what adversaries? As much as possible of the identifying information should be protected, but protecting all identifying information has impact on the properties, in particular number of messages/round trips.
    
    - Encrypting PSK identity with DH shared secret protects against passive network adversaries, but does not allow authentication of responder within 3 messages
    
    - Encrypting crypto algorithms does not allow negotiation of cipher suite within 3 messages
    
   - Encryption of connection identifier only works in asymmetric case and does not results in arbitrarily short identifiers
    
 Working assumption: The following data need not be encrypted:
    - PSK identifier
    - cipher suite
    - connection identifier
    
    
6. Application data
    
Applications may want to transport application data within the AKE to reduce round trips and number of messages. 

Working assumptions: 
   - The protection properties of the application data provided by the AKE depends on which protocol message (see Section 2.6 of [00])
   - The application data must not violate the AKE security properties. The assumptions on the application data needs to be detailed by the specification.
  
    
    
7. PAKE support
    
LAKE is focused on the setting of low latency, large number of devices, automated deployment, e.g. industrial IoT. The use of passwords has not been requested in this context.
    
Working assumption: PAKEs are out of scope for this version
    
    
8. PQC support 
    
There are currently no standardized PQC key exchange algorithms.
  
Working assumption: PQC is out of scope for this version

    
    
9. Selfie attack
    
The protocol is assumed to be two-party PSK, i.e. need not protect against attacks when more than two parties share keys.

Working assumption: The AKE need to protect against reflection attacks but need not protect against attacks when more than two parties legitimately share keys.


    
10. Extensibility
    
By supporting COSE, the AKE supports new algorithms, new certificate formats, ways to identify credentials, etc. The AKE may need to support new AKE methods, e.g. to later add PAKE support. Since simplicity is one objective with this work, care needs to be taken to avoid extensions working against this.
    

11. Support for different MACs in AKE and OSCORE
    
Longer MAC length for AKE than OSCORE may give better security properties.
    
Working assumption: The AKE shall support different AEAD/MAC algorithms for OSCORE and AKE
    


[00] https://tools.ietf.org/html/draft-ietf-lake-reqs-00




On 2019-12-17, 21:38, "Lake on behalf of Stephen Farrell" <lake-bounces@ietf.org on behalf of stephen.farrell@cs.tcd.ie> wrote:

    
    Hiya,
    
    Thanks all, I've scheduled meetings for:
    
    - Jan 16th 1600 UTC, and
    - Jan 23rd 1600 UTC.
    
    I've requested 2 hour slots for both but we might
    not need that long, we'll see closer to time.
    
    Webex stuff below.
    
    We can sort out agenda early in Jan and also figure
    out if we only need one of those two meetings as
    well, and which to keep if one's enough. It'd be
    great if people can raise issues on the list (or
    in github and then the list) between now and the
    new year to help with agendising and figuring out
    who really needs to be on the call.
    
    Cheers,
    S.
    
    PS: In case someone wonders: The 23rd has one more
    person who can attend, (10 vs. 11) but I figure it's
    better to schedule both for the moment as chances are
    someone's availability will change between now and
    then in any case;-)
    
    
    LAKE WG invites you to join this Webex meeting.
    
    
    Lake virtual interim
    Occurs every Thursday effective Thursday, January 16, 2020 until
    Thursday, January 23, 2020 from 4:00 PM to 6:00 PM, (UTC+00:00) Dublin,
    Edinburgh, Lisbon, London
    4:00 pm  |  (UTC+00:00) Dublin, Edinburgh, Lisbon, London  |  2 hrs
    Meeting number (access code): 645 835 024
    Meeting password: C4j4PgDJ
    
    
    
    When it's time, join the meeting.
    https://ietf.webex.com/ietf/j.php?MTID=ma39f9f8ea114844f79e2c962c6efdd52
    
    Add to Calendar
    https://ietf.webex.com/ietf/j.php?MTID=m31715fa29e54db30d0d7ce118716a7c0
    
    
    
    
    JOIN BY PHONE
    1-650-479-3208 Call-in toll number (US/Canada)
    Tap here to call (mobile phones only, hosts not supported):
    tel:%2B1-650-479-3208,,*01*645835024%23%23*01*
    1-877-668-4493 Call-in toll free number (US/Canada)
    Tap here to call (mobile phones only, hosts not supported):
    tel:1-877-668-4493,,*01*645835024%23%23*01*
    
    Global call-in numbers
    https://ietf.webex.com/ietf/globalcallin.php?MTID=mb28c544358b89779e001306dfd4fb04e
    
    Toll-free calling restrictions
    https://www.webex.com/pdf/tollfree_restrictions.pdf
    
    
    JOIN FROM A VIDEO SYSTEM OR APPLICATION
    Dial sip:645835024@ietf.webex.com
    You can also dial 173.243.2.68 and enter your meeting number.
    
    
    Join using Microsoft Lync or Microsoft Skype for Business
    Dial sip:645835024.ietf@lync.webex.com
    
    
    Can't join the meeting?
    https://collaborationhelp.cisco.com/article/WBX000029055
    
    
    
    
    On 16/12/2019 11:46, Stephen Farrell wrote:
    > 
    > Reminder:
    > 
    > On 10/12/2019 21:17, Stephen Farrell wrote:
    >> Please fill in the poll before the end of Dec 16th so we can pick a
    >> time before the holidays.
    > 
    > As of now, [1] it's looking like Thu Jan 16 1600 UTC is winning. If
    > that doesn't change by tomorrow I'll setup a webex thing for then,
    > and maybe a backup one for the same time the following week, in case
    > we run out of time or just like chatting a lot:-)
    > 
    > Cheers, S.
    > 
    > [1] https://dudle.inf.tu-dresden.de/dip-in-the-lake/
    > 
    >

v2.23.0 | Report a Bug | By Email