Re: [Lake] proposed scoping text

Göran Selander <goran.selander@ericsson.com> Wed, 29 April 2020 06:57 UTC

Return-Path: <goran.selander@ericsson.com>
X-Original-To: lake@ietfa.amsl.com
Delivered-To: lake@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 64A153A0045 for <lake@ietfa.amsl.com>; Tue, 28 Apr 2020 23:57:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.921
X-Spam-Level:
X-Spam-Status: No, score=-2.921 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.82, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id alsjJpq2DgVl for <lake@ietfa.amsl.com>; Tue, 28 Apr 2020 23:57:18 -0700 (PDT)
Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-eopbgr60070.outbound.protection.outlook.com [40.107.6.70]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1EB383A005C for <lake@ietf.org>; Tue, 28 Apr 2020 23:57:17 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=I8yM9B9LGM+uNw6ngPy6ob2GR8HSmAZe9vs7nAExFIere5hFipL9mU6TF8Y2m1ku13Je2whFVCWaibCDjxQA3EFcGxDC5jVKyYm1+jM0i/bDk6igPTCLp6c/sqPzcrf/hc7StscyEuKiXU0TAGZO0vactFVRU3AVM9oNAosvOa6b13/eMnXIW0AFTAJQP56JfxGFY58RBiY/5d4IE3R/vGRlzjKz9wtJf7boxQaj+yldjSE/cE5X2pkFrnsf8odQsZ4S3nBfGbbJOZLHEGJ14Z2hWQJ6QMXXgMt1txYTBGWGzYlI13nALJ8JQCWnbkEsnm/ApJ81JS6aFG2x9X4SwA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=B6QYiHAgLbsp9lmeOZPu/9VIlTdIUn6QDC9YAq16wDk=; b=nAyAWGNQxQz6E3eP+gmSsorxc5onQ9ITf2nfsm/l477y9B24IWiIIU5U06CK2+j/nZ7355ryPzQWPBCOdXz0TEZjpMHA4OYq3LZ/tMuGPSTL3nHkCTEqPYv6DBuwNoReNM0KadOfv5ussZ1+euIsIqBHHSL3Vp7T+n25ykob0m9+01Vrg0tq75NPywrDkPtBWhfOxhSmOyBi79rRnrwS7dSI8bfZYm6+gCgM44BsmcZK1SA0ZM4QMUfzSjVDgNxBepjaXr0KlHIRMLbry6BjBReE4ZPKZdesFfLUnCKAk9k9WdbgQa26f7Rvu/7EN00g615wc1wlLMEdhO8/YhwxAg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=B6QYiHAgLbsp9lmeOZPu/9VIlTdIUn6QDC9YAq16wDk=; b=s7K0/zexBNlYZPZcxGEnvdnXf4GOZK0cIfHKeOUCGsC9C7NrfFjhCPI+rXAhhaXKgGeG1JKbx6kNcqFHKzL6tvODplg8u164iJr4mo33lFCd6PmZuXa8Nc0aWG8V3a+ATuUgsRFgQHiz3XlUHXSdFmQH6SKKAqlpOo1sJOnI/2k=
Received: from VI1PR07MB5023.eurprd07.prod.outlook.com (2603:10a6:803:9e::13) by VI1PR07MB5840.eurprd07.prod.outlook.com (2603:10a6:803:d9::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2958.9; Wed, 29 Apr 2020 06:57:14 +0000
Received: from VI1PR07MB5023.eurprd07.prod.outlook.com ([fe80::7c90:eb1a:e7da:2321]) by VI1PR07MB5023.eurprd07.prod.outlook.com ([fe80::7c90:eb1a:e7da:2321%7]) with mapi id 15.20.2958.020; Wed, 29 Apr 2020 06:57:14 +0000
From: =?utf-8?B?R8O2cmFuIFNlbGFuZGVy?= <goran.selander@ericsson.com>
To: Christopher Wood <caw@heapingbits.net>, "lake@ietf.org" <lake@ietf.org>
Thread-Topic: [Lake] proposed scoping text
Thread-Index: AQHWDbwwxw6VdyVM3EK090880yrRXKhws8wAgAmSdICAB7vjgIAHECQAgAPetoCAAB23gIAARXiA///ifYCAArY4AA==
Date: Wed, 29 Apr 2020 06:57:14 +0000
Message-ID: <1A9902C8-EECC-4F6B-BE1B-063A247E45C1@ericsson.com>
References: <3780afd5-7012-d808-9584-07e04913cd19@cs.tcd.ie> <239BEC0D-240F-4830-A7A4-0172B62BD6AC@ericsson.com> <B620C5B0-8DE0-489F-B0B0-2548F3C83B49@ericsson.com> <F3B1DD90-2ACB-41FA-9A41-4ADE2D929A7A@inria.fr> <c1037af3-c48f-40fd-8fb3-5c7d4f549798@www.fastmail.com> <B0DD7218-A4C2-460A-9060-59EFEA1113F7@ericsson.com> <19199e5b-5372-4651-b90b-8a688fba9b19@www.fastmail.com> <89186C99-B479-4FFF-8C28-987EB00F8CC4@ericsson.com> <f6cd0bac-c66a-4bc3-91d2-da68d3833643@www.fastmail.com>
In-Reply-To: <f6cd0bac-c66a-4bc3-91d2-da68d3833643@www.fastmail.com>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.36.20041300
authentication-results: heapingbits.net; dkim=none (message not signed) header.d=none;heapingbits.net; dmarc=none action=none header.from=ericsson.com;
x-originating-ip: [192.176.1.85]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 707da14d-533c-46e9-ac44-08d7ec0a8c82
x-ms-traffictypediagnostic: VI1PR07MB5840:
x-microsoft-antispam-prvs: <VI1PR07MB5840B50BE2718AC12598C499F4AD0@VI1PR07MB5840.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 03883BD916
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: fHqbzYCEYEpAYthvBHBgvc9QsUlbHpyMv/zX296asX5kNFxZppNEi/T4SuJcAjOwBc1FHsbnuotVGV6IQaZCDcrVOd2YjgwmuL4fMy2KQPQIRGQ6fCMmfETMyymNaTUwurY8JhVph98y+YjkV9g5hwt8cYcoZyz09hrq2ll6D9U8qgSVDbIo6T+r9uY/IzppLkI/iJxvnZocXHvr6nxNQSQGPS7qHMupyXUzX7Nnv46QjkCYkuSPYk0/IUCa1qguFdYmas6ksFjGzjJzAOgu6MRwDLWROJBbRuV1Ja8x7k3N+Ffo+edf7EexlX0w8Lvn3Eril1r3p7oOGmakz5vIOj6R+mNSmiUg38xsugWmVesGWB9GQym0WOI+sIVBoyLgD8wC3Ll1N47CCgpvSQTig571P8SGtg9aLuyeUa/96/XsLH6y6WwAUwJu/ZEPMz8V
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:VI1PR07MB5023.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(39860400002)(376002)(346002)(396003)(136003)(366004)(8936002)(26005)(91956017)(36756003)(66556008)(33656002)(64756008)(6512007)(86362001)(85182001)(76116006)(2616005)(5660300002)(85202003)(110136005)(478600001)(6486002)(186003)(66574012)(66446008)(316002)(66476007)(8676002)(2906002)(71200400001)(66946007)(6506007); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: VeFXWOKeOvXdKPzTzHviO5ZjY0otgH4iltXNEsob7oL8ya3K0fGM5zrMEGJ5+P+gznzgGq7NEKlERs4fHoH41Rj2oCl9lgqJm1QrrI1V1Nexbqtgi5dNi9yB8TpXXL2GQFX8yzSWrK9SQLUqc26/qRNoFmCN5Tk9Wt897ooPcZWAjwiV4mGx7LFPXfm4xnJwtkZ6alw8NjALD1mN4V8JbBLdpfgj1LFN5e9rpU10TivKkbKUKLvxWa3XWvORCpObJso2q/LyxXomqDPD7xFsPVHfRQ1l1dXUllW0IyNVw+V5tirQldMNto3DYWrzVA94HDOc7/PojXHd+enCST+QtH9nnEykVeM2mEQrylx79T76JP835q5XsN6TT3qQL3JLZ5O0bsz2E6qX3WD426rGXFC/rledwoRdghguqtkACg61Y67pT+98N5w9aH63tmRvKK48BnNBW7I5Pfjg9uCEH7MASxaF4IdsjYTSElCV3D5tC0YZsM6K/d/nmzbPtdOOW2ZEY+lcndg0zJE9xbcOD/VR2uVJ7DMSu/g+Hx3e1Qjxu3bjTYjsa6Chur/z5qiphYD43OLJ7YOcGKw0JMyNRG/1dj0VtCokeyqCbm+ymiFUFYiWaeMLYmc5x39zyGDiSvlYf+g4711Q7rBnoXbUUgV0kIMrH+Q7pvvrX93uOjJMdbjvJrw4p7BDzJwU0yS0AZmDmGYgTPqNmbT5oIGrVG7JKNkeaJMJklkl+h0I8o8mBVgpLHXJ+z02zU8tuyYKWG6KHKG2DeEY9huEFsk2dZZ19sfojiWqtQydJqkAZns=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <70851A27EDE2754590F8FA686CAB009A@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 707da14d-533c-46e9-ac44-08d7ec0a8c82
X-MS-Exchange-CrossTenant-originalarrivaltime: 29 Apr 2020 06:57:14.5797 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: MnG5RXFFnextRtGOpwa/ahrlgCNc00LKg1+B26f4z65rYCyiLleIfVOiPNa8ikCnLZCqRkSz6euo9DuRAZeqn1z7vfRl2W/SEvCN8jzhSb0=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR07MB5840
Archived-At: <https://mailarchive.ietf.org/arch/msg/lake/cj5enVDttuV5hWc3qSGDzFEwBzY>
Subject: Re: [Lake] proposed scoping text
X-BeenThere: lake@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Lightweight Authenticated Key Exchange <lake.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lake>, <mailto:lake-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lake/>
List-Post: <mailto:lake@ietf.org>
List-Help: <mailto:lake-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lake>, <mailto:lake-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Apr 2020 06:57:21 -0000

Hi Chris, 

Please see response inline.

On 2020-04-27, 17:33, "Christopher Wood" <caw@heapingbits.net> wrote:

    >     > So, this is in fact good news for those who are concerned 
    >     > about complications, since removing the PSK based authentication 
    >     > protocol is a significant simplification of design, specification, 
    >     > analysis, implementation and testing. 
    > 
    >     Are you suggesting that the holistic design and implementation of 
    > an AKE that uses certificates is less complicated than use of PSKs?
    > 
    > [GS] I was thinking about the part which we need to specify in LAKE, 
    > not the use of existing protocols for outside the AKE. We could compare 
    > the case of passing a reference to a device certificate to that of 
    > passing a reference to a device public key. What does the receiver have 
    > to do in the different cases? Both certificate and public key needs to 
    > be "validated" by the receiver. If the public key is pre-provisioned 
    > and never revoked that is of course a simpler case, but also has 
    > management and security implications. For the certificate reference it 
    > could be a simple validation request similar to or simultaneously with 
    > the certificate retrieval. Although the security considerations of the 
    > AKE need to prescribe validation, the validation step can be outside 
    > the AKE (assuming case 1 in my previous email). I don't know how to 
    > measure the difference but I was thinking that part to be not so 
    > complicated in comparison to a separate PSK based protocol. For the 
    > case of passing revocation information in the AKE (case 2 in my 
    > previous email) that is of course an additional effort, but there may 
    > be some low hanging fruit in that context.

    Surely if we're considering the cost of implementing the AKE, we ought to consider all its dependencies too, right? That is, if we support certificates, we should probably consider the cost in doing so, and that cost is a measure of the AKE and whatever else is needed to "validate" them. 

[GS] Yes, there is a cost associated to a PKI. But there is an even higher cost associated to managing PSK, in terms of provisioning, managing secret keys, etc.  If we consider all dependencies we should also add the costs associated with a compromise, the damage to the asset which is intended to be protected, the loss of brand value, etc., and that the risks associated with PSK-based deployments are much higher. Total cost of ownership is in fact one of the reasons why companies want to move away from manual provisioning towards automated certificate based trust management.

I think it would be hard to prove that the total cost associated with PSK is lower than with certificates, which is the difference between your proposal and what is currently in the requirements draft.

Göran


    >     > But, again, I think we should 
    >     > refrain from the "complication" argument and instead focus on 
    > what we 
    >     > need to solve (and to get started!). 
    >     > 
    >     > In contrast to removing certificates from the AKE, removing PSK 
    > seems 
    >     > not to notably impact the desirable scenarios where this can be 
    >     > applied, since RPK by reference can perform as good as PSK. 
    >     > Furthermore, I interpreted Ben's mentioning of PSK and RPK as 
    > just an 
    >     > example, based on the discussion we had at the latest LAKE 
    > virtual 
    >     > interim about the cases where a candidate protocol can perform 
    >     > optimally. Not that this subset necessarily was the subset we 
    > should 
    >     > restrict to. 
    >     > 
    >     > > it assumes some type of PKI in which these certificates exist 
    > and through 
    >     > > which endpoints handle tasks such as revocation and 
    > transparency. 
    >     > > That may impose requirements on the AKE. TLS had to carve out 
    >     > > extension support for CT and OCSP. Is that something we want to 
    > take 
    >     > > on when starting down the path towards an efficient AKE?
    >     > 
    >     > The efficiency of the AKE need not be restricted by allowing 
    > validation 
    >     > of certificates. This discussion really belongs to the design 
    > phase but 
    >     > starting it anyway, there are two cases:
    > 
    >     I think the important bit here is that the AKE (TLS) had to be 
    > extended to support these emerging technologies after-the-fact. This 
    > suggests the AKE should minimally be extensible if things such as 
    > revocation are not in scope for an initial certificate-focused design.
    > 
    > [GS] Good suggestion. I think allowing some simple mechanism for 
    > verifying validity should be in the initial scope, but having it as an 
    > extension would be the backup plan.

    That might work. I'd like to hear from others about what they think here.

    Best,
    Chris